What about when the river floods??????
Huh???
What then???
I wonder if anyone planning this campus googled for 'Columbia River floodplain'???
I always shake my head in disbelief when I see multi-million dollar houses being built on historic floodplains. Sometimes people are so short sighted.
There is no way that this won't be hacked or compromised or a workaround documented in very short order. I mean really, if it plays (and I assume this will), there is inevitably some way to put something in-line and basically tee the video out to a save source - hard drive. From there it's simply a matter of recording to a DVD.
The reality is that there is always a way around these efforts to limit viewing or copying or whatever. The problem is that you have to be technically able to implement the workarounds. The unwashed masses will never be able to jump through the hoops needed to circumvent the copy protection or viewing limitations imposed by the manufacturers. So, in essence, their efforts pay dividends. 3% of the people circumvent and make copies while the other 97% happily plop down their 3 bucks to view a dvd once and once only.
I fully expected the site to be slashdotted and looked forward to reading (and posting) witty comments about the underpowered web server being run by steam...
I've been an advocate for MS software and OS's for some time now, but the prospect of charging to fix something that is a result of many of the flaws in their software just pisses me off!
It's really unfortunate that Linux isn't viable on the desktop yet because this would likely be the straw that breaks this camel's back.
Unfortunately, Linux is not ready for the desktop yet, and please, save your fingers from typing because I have been evaluating distros for the desktop for many years now, the most recent being Mandrake 10.0 and Fedora Core 3. Although there is slow and steady progress, Linux for the desktop still sucks compared to WinXP.
For now, for me and my clients, a firewalled network behind which lives a well patched XP machine (preferrably kept up to date with SUS) with Firefox, Spybot S&D (with Tea Timer), Ad Aware, Symantec AV corporate and (for my clients), the daily use account does not have administrator privileges. This will keep most any PC free from spyware and cruft and keep users happy.
Note: I neglected to mention XP Home on purpose; the lack of configurability with regards to disabling default services with known security vulnerabilities (Messenger, UPnP, etc.) make it unadvisable as a real consumer OS.
WTF? These are not limitations of XP Home. Anyone can turn off default services and UPnP, uninstall Messenger, etc... Stop with the FUD. You're wrong.
...They are the kind that after 10 hours of troubleshooting a job - because you couldn't talk the customer out of trying to put Wi-Fi in thier 4 story house and the WAP in the basement, you end up asking for $50 because...
Huh????
Why would you spend 10 hours troubleshooting a job that was the result of a bad purchase on the part of the customer? As an independant IT consultant, it's a *damn* good idea when confronted with a possibly nightmare situation like this to tell the customer:
"What you have here is something that will possibly take me ~10 hours to fix. Now I don't know for sure... Maybe I'll get it figured out in the first hour or two, but I'm going down a road that *might* lead to a 10 hour effort."
"Your options are:"
(insert sage, alternate solution advice here)
"Authorize me to spend the time and materials necessary to fix your problem up to x hours, at which point I will give you an update on the progress and other options."
People understand that sometimes it just doesn't make sense to fix a problem on their aging P120 Win95 box when the cost of the repair is 90% of the cost of a complete replacement.
It's just your job to tell them and offer sound alternatives.
Re:Lock Picking For fun and Profit???
on
Steel Bolt Hacking
·
· Score: 1
I don't think that there is a name for this phenomenon (a comment link getting/.'d). I mean it's not really the same as being/.'d.
If there is, I stand corrected. If there isn't, I would like to nominate "comment.'d" or "echo.'d".
Geez - That's Exactly how I feel about Windows. I am completely happy with XP and before that 2k (and not so much so before that with '98...). I have been able to deal with any and all issues that have arisen. Not that there are many to deal with...
My system sits behind a well configured firewall. I patch it when it's needed. My drivers are up to date My antivirus signatures are up to date. I'm not stupid about opening email.
I have very few issues with Windows.
It seems that in order to be productive and stable on either platform, all you need is a knowledgeable user running the system.
The problem with BOTH Windows and Linux is that it takes a knowledgeable user to keep the system tight... It's just that with Linux, the default behavior is to not let the user install apps willy nilly.
It wouldn't take nearly as much time. It would be relatively easy when one diffed the hacked code against the original.
I would also feel much more comfortable knowing that the source is open and available for anyone to review (not just myself). That in itself will stop the vast majority of those that would code such hacks from doing so, being found out and effectively ostracized by the community. Maybe I wouldn't spot the malicious code, but surely one of the hundreds of others that review it would.
I've got a WRT54G that I tried to install for a client to connect with her corporate PPTP VPN. It didn't work with PPTP VPN - apparently it was dropping GRE packets.
...I then tried various versions of the Linksys firmware to no avail. Eventually I stumbled across http://h.vu.wifi-box.net and found a hacked firmware upgrade that fixed the problem but I have serious reservations about using this for my client!
I have no access to the source code so how do I know whether or not this hacked upgrade monitors outgoing connections and passes interesting bits of information on to the author?
Certainly I could sniff the wire and find out for sure but I don't have time for this!!! There's tremendous potential for a malicious third party to monitor traffic using this. It just makes me leery when there's no source code to preview. Even if there was, I don't have the time to review it!
I've inherited a couple of networks like that and when other IT types like consultants, etc... and I start discussing addressing detail I feel compelled to tell them that *I* didn't choose the 10.x.x.x/24 - I inherited it. I promise!! Does this mean I'm insecure????
I don't normally rant about shit like this but this just irked me this time....
Why are you letting beginners write SQL to access your live database without any testing on your test system?
This kind of comment is so fucking presumptuous. I wish that some people would account for the possibility that their assumption is not accurate - i.e. This doesn't mean that beginners are writing SQL to access a live database without any testing (although granted, it *could* mean that)!!! What if it is a legitimate developer accessing the database in ways that legitimate developers do, running a legitimate query on a legitimate table that happens to not have an index on a column that should? Maybe the DBA forgot to index that column???
Forgive my nit-pickishness but I'm a little pissy today.
Good Golly, it's simple common sense...
on
Securing Your Network?
·
· Score: 5, Informative
Only allow those ports that are absolutely necessary - i.e. HTTP, FTP, SMTP,...
Review log files daily. Make it part of your religion. Log files. Review. Daily.
Err on the side of being too restrictive.
Review log files daily. Make it part of your religion. Log files. Review. Daily.
Absolutely keep up to date with your virus signatures and patches for your workstations and servers.
Review log files daily. Make it part of your religion. Log files. Review. Daily.
Find a few quality security web sites (securityfocus.com, cert and others - check out DMOZ for a nice list of links...) and put them on your daily visit list. Make sure to go to several sites daily and use them to triangulate on what's relevant and important.
Review log files daily. Make it part of your religion. Log files. Review. Daily.
Review log files daily. Make it part of your religion. Log files. Review. Daily.
Know that you're not ever going to secure everything 100% , but if you make security one of your daily duties and take a proactive approach to security instead of a reactive approach, you'll do better than 99% of the networks out there. Just be diligent, use common sense and stay on top of patches/updates and you'll be fine.
Review log files daily. Make it part of your religion. Log files. Review. Daily.
Time flies and the pace of change is ever increasing in this industry. Certainly the landscape of the computer world has changed dramatically since you were last able to lay your hands on a keyboard. Yours is a unique perspective - almost like a kid that has had full run of the candy store and was taken outside and forced to watch (face pressed to the glass). Now you're allowed back in to a drastically changed candy landscape. (Pardon the candy analogy, but I'm fond of sugary things).
In your opinion, what technology has changed the greatest since you were actively involved in the scene?
What will be your primary technology focus when you get back online - in terms of getting back up to speed?
Do you feel intimidated at the prospect of catching up on so many things? Are there areas that you will simply ignore out of necessity but would like to learn more about if you had the time?
Do you have any desire to hack just for the joy of hacking/discovery or have you been turned off of that in light of the consequences?
Study/learn all those things that I learned in college/high school but never deeply understood. Like Calculus. I learned it, knew when to use what method to solve an equation at what time and subsequently got A's.
The problem is that I never deeply understood it. I would learn more about physics, electricity and chemistry. I would learn COBOL just for the hell of it. I would take a classes on ADA and APL (if I could find any...). I would learn to write a compiler. I would learn more about XML. I would learn.NET. I would become really really good at security - taking classes on white hat hacking.
Why don't I just do that now you ask? Because I have a family and financial and time commitments that dictate that I spend my time and resources on more practical pursuits.
When it comes down to it, learning is what really, truly turns me on.
Oh and two chicks at the same time does quite a bit for me too...
Old P1* boxes with OpenBSD make stunningly great firewalls. Throw a couple of good, well-known NICs in one of these and install either using the net (which works very well) or by buying a CD from CheapBytes for $4.99. OpenBSD uses IPFilter and IPNAT (at least for now, but I understand that's going to change soon - perhaps next release...) which I think use a much easier to understand syntax than IPChains/masq. Plus, OpenBSD is pretty damn secure right out of the box without any configuration.
I love to use old P120/32/1.2G class machines as OpenBSD firewalls. I have bought numerous systems from companies for $20, installed and configured OpenBSD with ipfilter and ipnat and end up with a super firewall/NAT box that I can then sell for $200-$300.
Linux on the desktop is too hard for the typical Joe - hell using much less mastering windows is a major challenge for the vast majority of average users out there. Why do you think there's such a proliferation of for dummies and windows how-to training videos and books?
Imagine now, that one of these relatively clueless types has just managed to get past the idiot proof install of Yellow Dog or Mandrake. Unless they are completely happy with the installed base of software, they're going to have to learn how to download and install software. Some as RPMs, some as tarballs and some as binaries. Can you imagine taking a person who has difficulty with running setup in windows and explaining RPMs or heaven forbid, tar -zxvf;./configure;make;make clean;make install???? AAARGH!!! How 'bout explaining to them where they need to drop the binary files...What's a path? They'll run for the hills.....
Sorry, but until there is a graphical install standard (defacto or otherwise) that's as easy to use as the defacto windows standard setup, it doesn't stand a chance in hell on the desktop.
I can just imagine the first phones outfitted with this revolutionary sound that, according to the article, when heard, will render you "...virtually unable to resist turning to face the direction from which it is coming...".
Cut to alert driver, hands at 10 and 2, eyes straight ahead, driving dutifully 3 mph below the speed limit. ...chusssh ...chusssh ...chusssh
Hapless driver has an almost pavlovian urge to take his eyes from the road and face the direction from which it is coming.....
I've worked with technical types all of my professional life, and I too used to think that I was the ultimate shit. The one that not only knew it all, but had the capacity to learn something I didn't know faster and more thoroughly than anyone else. For the most part this is true, but what I came to realize is that while I am exceptional, I am held in generally high regard because of a couple of things:
I am in a field that is relatively new. The general populace hasn't gotten a chance to even begin to understand computers, what they *really* do, or how to use them to do their bidding. This will change in a generation.
This is (now) a fairly high profile field - lots of press is given to computers and those that master them.
What computer "geniuses" fail to realize is that the computer field is like any other to an extent. To gain expertise in a subject, you have to spend a great deal of time working on it.
How many of you can write a pro-forma tax return for even a small corporation? How many of you can set up a filing system for a law office that works? How many of you can set up the business processes necessary for a 10 million dollar company to handle shipping and returns? I think that we would all agree that individuals that can do these things are intelligent and talented, but when one of these otherwise talented, intelligent people can't manage to understand some computer concept, you think of them as stupid. Well if you're that short and narrow sighted, you're probably not that bright yourself.
There are always exceptional people within any field and many of them tend to be pompous about the fact - it's not a character flaw limited to programmers. Doctors, lawyers, chefs, interior designers, woodworkers, etc... In any of a these professions, you will find people that are arrogant because they're the best and know it, or because they aren't and they don't know it. By definition, the majority of arrogant people fall into the latter category. They've deluded themselves into thinking they're great. And in the computer field, this thinking is often reinforced because they're praised and looked up to by "mortals" for merely knowing what many other computer "geniuses" know.
Do yourselves a favor and do an honest assessment of your level of knowledge in the computer field you happen to dabble in. Are you *really* in the top 1% of all people that dabble in the same area? If not, give your ego a break and come back down to earth. You're not all that. And if you are, give your ego a break anyways. Nobody likes an asshole. If they appear to, they probably talk behind your back.
Slashdot Mirror
Rest in peace Roblimo. Your efforts helped to connect a whole lot of people.
What about when the river floods?????? Huh??? What then??? I wonder if anyone planning this campus googled for 'Columbia River floodplain'??? I always shake my head in disbelief when I see multi-million dollar houses being built on historic floodplains. Sometimes people are so short sighted.
There is no way that this won't be hacked or compromised or a workaround documented in very short order. I mean really, if it plays (and I assume this will), there is inevitably some way to put something in-line and basically tee the video out to a save source - hard drive. From there it's simply a matter of recording to a DVD.
The reality is that there is always a way around these efforts to limit viewing or copying or whatever. The problem is that you have to be technically able to implement the workarounds. The unwashed masses will never be able to jump through the hoops needed to circumvent the copy protection or viewing limitations imposed by the manufacturers. So, in essence, their efforts pay dividends. 3% of the people circumvent and make copies while the other 97% happily plop down their 3 bucks to view a dvd once and once only.
I fully expected the site to be slashdotted and looked forward to reading (and posting) witty comments about the underpowered web server being run by steam ...
Curses to you, BBC news. Curses to you.
Props to the folks at Trillian for their reference to myxomatosis
Never knew it was a bunny disease.
Radiohead rules.
Even a longtime MS user like myself...
I've been an advocate for MS software and OS's for some time now, but the prospect of charging to fix something that is a result of many of the flaws in their software just pisses me off!
It's really unfortunate that Linux isn't viable on the desktop yet because this would likely be the straw that breaks this camel's back.
Unfortunately, Linux is not ready for the desktop yet, and please, save your fingers from typing because I have been evaluating distros for the desktop for many years now, the most recent being Mandrake 10.0 and Fedora Core 3. Although there is slow and steady progress, Linux for the desktop still sucks compared to WinXP.
For now, for me and my clients, a firewalled network behind which lives a well patched XP machine (preferrably kept up to date with SUS) with Firefox, Spybot S&D (with Tea Timer), Ad Aware, Symantec AV corporate and (for my clients), the daily use account does not have administrator privileges.
This will keep most any PC free from spyware and cruft and keep users happy.
I was thoroughly expecting to see the server slashdotted and then to read all of the witty comments about holding a funeral for a dead webserver.
Alas, the server's up, so it's apparantly not meant to be.
*sigh*
Note: I neglected to mention XP Home on purpose; the lack of configurability with regards to disabling default services with known security vulnerabilities (Messenger, UPnP, etc.) make it unadvisable as a real consumer OS.
WTF? These are not limitations of XP Home. Anyone can turn off default services and UPnP, uninstall Messenger, etc...
Stop with the FUD. You're wrong.
Huh????
Why would you spend 10 hours troubleshooting a job that was the result of a bad purchase on the part of the customer?
As an independant IT consultant , it's a *damn* good idea when confronted with a possibly nightmare situation like this to tell the customer:
"What you have here is something that will possibly take me ~10 hours to fix. Now I don't know for sure... Maybe I'll get it figured out in the first hour or two, but I'm going down a road that *might* lead to a 10 hour effort."
"Your options are:"
- (insert sage, alternate solution advice here)
- "Authorize me to spend the time and materials necessary to fix your problem up to x hours, at which point I will give you an update on the progress and other options."
People understand that sometimes it just doesn't make sense to fix a problem on their aging P120 Win95 box when the cost of the repair is 90% of the cost of a complete replacement.It's just your job to tell them and offer sound alternatives.
I don't think that there is a name for this phenomenon (a comment link getting /.'d). I mean it's not really the same as being /.'d.
.'d" or "echo .'d".
If there is, I stand corrected. If there isn't, I would like to nominate "comment
Any other ideas?????
Geez - That's Exactly how I feel about Windows. I am completely happy with XP and before that 2k (and not so much so before that with '98...). I have been able to deal with any and all issues that have arisen. Not that there are many to deal with...
My system sits behind a well configured firewall.
I patch it when it's needed.
My drivers are up to date
My antivirus signatures are up to date.
I'm not stupid about opening email.
I have very few issues with Windows.
It seems that in order to be productive and stable on either platform, all you need is a knowledgeable user running the system.
The problem with BOTH Windows and Linux is that it takes a knowledgeable user to keep the system tight... It's just that with Linux, the default behavior is to not let the user install apps willy nilly.
It wouldn't take nearly as much time. It would be relatively easy when one diffed the hacked code against the original.
I would also feel much more comfortable knowing that the source is open and available for anyone to review (not just myself). That in itself will stop the vast majority of those that would code such hacks from doing so, being found out and effectively ostracized by the community. Maybe I wouldn't spot the malicious code, but surely one of the hundreds of others that review it would.
I've got a WRT54G that I tried to install for a client to connect with her corporate PPTP VPN. It didn't work with PPTP VPN - apparently it was dropping GRE packets.
...I then tried various versions of the Linksys firmware to no avail. Eventually I stumbled across http://h.vu.wifi-box.net and found a hacked firmware upgrade that fixed the problem but I have serious reservations about using this for my client!
I have no access to the source code so how do I know whether or not this hacked upgrade monitors outgoing connections and passes interesting bits of information on to the author?
Certainly I could sniff the wire and find out for sure but I don't have time for this!!! There's tremendous potential for a malicious third party to monitor traffic using this. It just makes me leery when there's no source code to preview. Even if there was, I don't have the time to review it!
Any similar thoughts/concerns?
10.x.x.x/24.
I've inherited a couple of networks like that and when other IT types like consultants, etc... and I start discussing addressing detail I feel compelled to tell them that *I* didn't choose the 10.x.x.x/24 - I inherited it.
I promise!!
Does this mean I'm insecure????
Sigh.
Damn!
I don't normally rant about shit like this but this just irked me this time....
Why are you letting beginners write SQL to access your live database without any testing on your test system?
This kind of comment is so fucking presumptuous. I wish that some people would account for the possibility that their assumption is not accurate - i.e. This doesn't mean that beginners are writing SQL to access a live database without any testing (although granted, it *could* mean that)!!!
What if it is a legitimate developer accessing the database in ways that legitimate developers do, running a legitimate query on a legitimate table that happens to not have an index on a column that should?
Maybe the DBA forgot to index that column???
Forgive my nit-pickishness but I'm a little pissy today.
Time flies and the pace of change is ever increasing in this industry. Certainly the landscape of the computer world has changed dramatically since you were last able to lay your hands on a keyboard.
Yours is a unique perspective - almost like a kid that has had full run of the candy store and was taken outside and forced to watch (face pressed to the glass). Now you're allowed back in to a drastically changed candy landscape. (Pardon the candy analogy, but I'm fond of sugary things).
In your opinion, what technology has changed the greatest since you were actively involved in the scene?
What will be your primary technology focus when you get back online - in terms of getting back up to speed?
Do you feel intimidated at the prospect of catching up on so many things? Are there areas that you will simply ignore out of necessity but would like to learn more about if you had the time?
Do you have any desire to hack just for the joy of hacking/discovery or have you been turned off of that in light of the consequences?
Thank you for your answers and welcome back!
I'll bet less than 5% of the people that visited this doomed box will revisit it on the day of its final processing.
I'm sure I'll forget all about this little tidbit of nerd news (even though this is stuff that matters) by the 12th...
My prediction is that the box will die a lonely death.
Study/learn all those things that I learned in college/high school but never deeply understood. Like Calculus. I learned it, knew when to use what method to solve an equation at what time and subsequently got A's. .NET.
The problem is that I never deeply understood it.
I would learn more about physics, electricity and chemistry.
I would learn COBOL just for the hell of it.
I would take a classes on ADA and APL (if I could find any...).
I would learn to write a compiler.
I would learn more about XML.
I would learn
I would become really really good at security - taking classes on white hat hacking.
Why don't I just do that now you ask? Because I have a family and financial and time commitments that dictate that I spend my time and resources on more practical pursuits.
When it comes down to it, learning is what really, truly turns me on.
Oh and two chicks at the same time does quite a bit for me too...
Search term: Musical.
1 6&mode=thread
First page link in results:
http://slashdot.org/article.pl?sid=00/06/23/16412
Old P1* boxes with OpenBSD make stunningly great firewalls. Throw a couple of good, well-known NICs in one of these and install either using the net (which works very well) or by buying a CD from CheapBytes for $4.99. OpenBSD uses IPFilter and IPNAT (at least for now, but I understand that's going to change soon - perhaps next release...) which I think use a much easier to understand syntax than IPChains/masq. Plus, OpenBSD is pretty damn secure right out of the box without any configuration.
I love to use old P120/32/1.2G class machines as OpenBSD firewalls. I have bought numerous systems from companies for $20, installed and configured OpenBSD with ipfilter and ipnat and end up with a super firewall/NAT box that I can then sell for $200-$300.
J
Imagine now, that one of these relatively clueless types has just managed to get past the idiot proof install of Yellow Dog or Mandrake. Unless they are completely happy with the installed base of software, they're going to have to learn how to download and install software. Some as RPMs, some as tarballs and some as binaries. Can you imagine taking a person who has difficulty with running setup in windows and explaining RPMs or heaven forbid, tar -zxvf;./configure;make;make clean;make install???? AAARGH!!! How 'bout explaining to them where they need to drop the binary files ...What's a path? They'll run for the hills.....
Sorry, but until there is a graphical install standard (defacto or otherwise) that's as easy to use as the defacto windows standard setup, it doesn't stand a chance in hell on the desktop.
I can just imagine the first phones outfitted with this revolutionary sound that, according to the article, when heard, will render you "...virtually unable to resist turning to face the direction from which it is coming...".
...chusssh
...chusssh
...chusssh
Cut to alert driver, hands at 10 and 2, eyes straight ahead, driving dutifully 3 mph below the speed limit.
Hapless driver has an almost pavlovian urge to take his eyes from the road and face the direction from which it is coming.....
Wonder what happens next?
- I am in a field that is relatively new. The general populace hasn't gotten a chance to even begin to understand computers, what they *really* do, or how to use them to do their bidding. This will change in a generation.
- This is (now) a fairly high profile field - lots of press is given to computers and those that master them.
What computer "geniuses" fail to realize is that the computer field is like any other to an extent. To gain expertise in a subject, you have to spend a great deal of time working on it.How many of you can write a pro-forma tax return for even a small corporation? How many of you can set up a filing system for a law office that works? How many of you can set up the business processes necessary for a 10 million dollar company to handle shipping and returns? I think that we would all agree that individuals that can do these things are intelligent and talented, but when one of these otherwise talented, intelligent people can't manage to understand some computer concept, you think of them as stupid. Well if you're that short and narrow sighted, you're probably not that bright yourself.
There are always exceptional people within any field and many of them tend to be pompous about the fact - it's not a character flaw limited to programmers. Doctors, lawyers, chefs, interior designers, woodworkers, etc... In any of a these professions, you will find people that are arrogant because they're the best and know it, or because they aren't and they don't know it. By definition, the majority of arrogant people fall into the latter category. They've deluded themselves into thinking they're great. And in the computer field, this thinking is often reinforced because they're praised and looked up to by "mortals" for merely knowing what many other computer "geniuses" know.
Do yourselves a favor and do an honest assessment of your level of knowledge in the computer field you happen to dabble in. Are you *really* in the top 1% of all people that dabble in the same area? If not, give your ego a break and come back down to earth. You're not all that. And if you are, give your ego a break anyways. Nobody likes an asshole. If they appear to, they probably talk behind your back.