That doesn't work so well if the archive is over 50GB, but at least one site I deal with is willing to give out copies of their >1TB collection if you provide them with a 1.5GB or 2GB USB drive to copy onto.
If they can fit 1TB onto a 2GB drive, why aren't they selling the compression technology? (OK, yes I know you meant 1TB).
Scenario. The Milky Way swallows a galaxy, and by extension, all the stars around the central black hole. Yet, the same gravity that causes the stars to amalgamate completely misses the biggest mass in that swallowed galaxy? Why would that make sense?
But what will you use instead? The emacs users are going to be the second against the wall when the revolution comes (first place is reserved already for the mindless jerks in the marketing division of Sirius Cybernetics).
Oh, um, yeah. So am I. Same story - no AV tools on my personal box (XP64), only on the kids' and wife's PCs. I don't trust the kids at all from that perspective... And the firewall/IDS shows no unexpected activity.
Ah, grasshopper, you missed the crucial component of the Google strategy (I'm watching it happening).
Talk to the CxOs (CIO, COO, CEO) of the company and ignore the project team working on the new desktop apps project.
Publicise how cheap it is and how wonderful it is that your entire company can do all of its work on the web with a standard browser.
<Jedi>There are no problems with Google Apps.</Jedi>
Take the CxO's on a trip to the local Googleplex with the kids chairs and the kindergarten walls, expressing how fun and easy everything is.
<Jedi>There are no problems with Google Apps.</Jedi>
Remind the CxOs that it's cheap and only a web browser is needed for everything
<Jedi>There are no problems with Google Apps.</Jedi>
Finally talk to the project team and explain how the CxOs have agreed to pilot 1000 users on Google Apps starting next month.
<Jedi>There are no problems with Google Apps.</Jedi>
Tell the CxOs that the project team is stalling and that they need to apply pressure.
<Jedi>There are no problems with Google Apps.</Jedi>
CxOs tell project team to migrate 1000 users to Google Apps as a "pilot".
Profit!!
See if you convince the CxOs, then the project teams, IT teams etc are dragged along whether the solution is appropriate or not. And that's why they're still pouring money into it.
While the maths is correct, it supposes that humans determine angles rather than distances when estimating "how far" to lead. I submit this is not the case.
We don't determine the angle by which we need to lead the target. We estimate the distance to the target, its speed, and the distance for the projectile to travel and ITS speed, and thusly determine the distance by which we must lead the target.
This leads inexorably to the conclusion that we must lead the target by a greater distance - which, holy crap, we must. The target really does travel further in the greater time. The runner runs further away before getting shot. And the journal guarantees more transactions before the originals are committed.
Hey those are interesting numbers. Where do they come from? I'd like to see where my country (Australia) comes in - though I'm thinking top 50 is a bit much to hope for.
Dude seriously, that was in 2006. This is 2009. I don't think it's the same incident (though it could be a related one). Would have been nice to point out that the article is over 2 years old.
Depends if you wrote them on company time. Better check your employment contract (here in Australia professional jobs usually have individual contracts - I assume perhaps incorrectly this is common in most countries).
The point was that you can have the policy, and police it rigorously, but the first time the insulted see it before the manager, you're going to get screwed anyway. Why not take away the opportunity in the first place?
I thought it was runlevel 2 on Tru64, where I last seriously admin'd a Unix system, and it was initiated from DECs NVRAM environment. But hey, that was a half-decade ago and my memory is shot. Thanks for the info.
On Tru64 the runlevel I remembered did not require the root password. Many times I used this to get into a system that a developer had mucked around with - they wrote and debugged daemons; sudo was not an option for us because the dev system had to match production, mandated by the Very Very Large customer. Lord knows I tried...
And yes, to remove group policy requires removing the box from the domain, which results in the user no longer being able to access their local profile.
Thanks for being intelligent and providing useful answers. Already I have learned about cfengine, bcfg2 and FreeIPA today - all of which look like bridging these gaps. Not that I want them to, really, since effectively Microsoft pays my salary;-)
$ sudo ~/vi... Password: :sh sh# <-- Bingo, a shell. As root, because he was able to sudo execute his own link to restricted vi, to perform a task required by his job.
You're after Group Filtering. Set the policy so that only a particular Group object has the Apply Group Policy permission and remove that permission from the Users group object.
The policy then applies to all group members (including nested security group members) who are also located in the OU or site to which the policy is linked.
Roll your own? Isn't that, you know, re-inventing the wheel? I know, I know, I had a UNIX background and I rolled my own stuff too. But man I was tired of that shit within a year or two. New job? Oh, better rewrite/reconfigure the backup scripts for this environment so I understand. New job again? Oh, more reconfiguration because the other 2 environments had subtle differences in code versions and the switches are changed.
If you have to re-write your administration tools all the time, where are you obtaining your continuous improvement? Don't pretend you take the scripts from the old company, you're ethical and you won't do that, right? Right?:-D
BTW, a "ssh for loop" and $1 will buy you a nice candy bar.
Please clarify how the ssh for loop will ensure the CEO's laptop is updated by the time he is off the plane? Or that at least it will automagically update when it has connectivity (SCCM updates do this in Windows-Land - the client hits the server over the Internet using HTTPS and downloads software with enforceable installation times).
Above, I'm seeing cfengine and puppet mentioned a lot - and I don't know these tools so forgive my ignorance - but if there wasn't a need and an ssh for loop was enough, would these tools exist?
Or, I don't know, boots into runlevel 2, remounts the root volume RW and adds themselves to/etc/sudoers. Or resets the root password. Or any number of other attacks. Yeah, probably take me about 2 minutes to Google successfully for:
Enable sudo for account - I know about sudo the first time I see the helpdesk droid use it;
Recover lost password
Physical access to the box trumps electronic security. Group Policy helps mitigate this (obviously not completely) because even if they do change membership of Administrators, GP can undo their change without the administrator even knowing.
I think the point of the G...GP post was that you can't easily push this out remotely, and on Linux you have to write it, support it and debug it yourself, including all the niggly corner cases.
Frankly Windows has some cool Enterprise stuff that makes this easier.
WSUS. Centrally administer the set of updates permitted to clients and servers. Linux version: Maybe set up a repository for your corp distro - but how to sync and manage the updates is what I don't know here.
SCCM / Zenworks / Others. Roll out an application to user desktops whether they're on-net or not. I can push Office to a machine 500mi from one of my offices. Well, OK the admins, I'm a consultant (a contraction of Con and Insult). I get reporting, auto retry, auto download with bandwidth optimisation. Linux version: I honestly don't know. I never hear about this and it's a major, major part of TCO for the desktop, so there must be SOMETHING - and I'd love to know about it.
Group Policy. Push out settings, apps, scripts without any admin access. Disable apps (or provide a white list of apps - hey no more goddamn spyware it's the single most sensible way to protect a Windows box from this crud). A single change in one location with enforced application to the desktop, when the desktop is on-net (those remote users have to change passwords eventually)! Marketing wants a new desktop background across the company (and the CEO has OK'd it)? Sure, give me the file, generally speaking it's on 95% of online machines in under an hour, with no user ability to turn it off. And hey, it's a company machine. Do you expect to repaint the company walls sky blue because you don't like puce?
It's worth noting that these policies aren't Microsoft deciding willy-nilly how you will use your computer. It's the Fortune 500+ companies, and their equivalents in Europe, Asia-Pac etc, who have requested this. They have very big wallets. They spend way more on MS than we do. And apparently some dorkwad once determined that allowing users to set their own desktop background wastes time and thus money, so they want to lock things down, protect themselves from lawsuits etc, and ensure they are paying people to work, not skive off typing long comments on/....
Ahem. As I was saying.
In these sorts of cases (desktop wallpaper, sound schemes), to me, the benefit is not time and money, it's the ability to avoid a lawsuit because Big Stu the ladies' man in the centre of the office decided to have some porno chick as his wallpaper and porno sounds for new emails et al. And the 30 women around him get offended and sue the company for letting him be a dickhead even though there's a clear policy in place.
Slashdot Mirror
That doesn't work so well if the archive is over 50GB, but at least one site I deal with is willing to give out copies of their >1TB collection if you provide them with a 1.5GB or 2GB USB drive to copy onto.
If they can fit 1TB onto a 2GB drive, why aren't they selling the compression technology? (OK, yes I know you meant 1TB).
Uncle Buck, 1989.
Scenario. The Milky Way swallows a galaxy, and by extension, all the stars around the central black hole. Yet, the same gravity that causes the stars to amalgamate completely misses the biggest mass in that swallowed galaxy? Why would that make sense?
But what will you use instead? The emacs users are going to be the second against the wall when the revolution comes (first place is reserved already for the mindless jerks in the marketing division of Sirius Cybernetics).
ZOMG! He's using VISTA! BAN HIM!!
Oh, um, yeah. So am I. Same story - no AV tools on my personal box (XP64), only on the kids' and wife's PCs. I don't trust the kids at all from that perspective ... And the firewall/IDS shows no unexpected activity.
Ah, grasshopper, you missed the crucial component of the Google strategy (I'm watching it happening).
See if you convince the CxOs, then the project teams, IT teams etc are dragged along whether the solution is appropriate or not. And that's why they're still pouring money into it.
Even better it was your fault you failed *snicker*
Dammit, I've posted already and I have mod points. Otherwise I'd have modded you Funny :)
While the maths is correct, it supposes that humans determine angles rather than distances when estimating "how far" to lead. I submit this is not the case.
We don't determine the angle by which we need to lead the target. We estimate the distance to the target, its speed, and the distance for the projectile to travel and ITS speed, and thusly determine the distance by which we must lead the target.
This leads inexorably to the conclusion that we must lead the target by a greater distance - which, holy crap, we must. The target really does travel further in the greater time. The runner runs further away before getting shot. And the journal guarantees more transactions before the originals are committed.
Dammit, where's the "+1, Despondently Truthful" option when you need it ...
Not true. At least where I live, every single ISP has network-wide blocks on FTP, SMTP, SSH, POP and WEB.
So no-one in your country can receive email or host your own web server? Not even large companies and government departments?
I call bulldust.
Hey those are interesting numbers. Where do they come from? I'd like to see where my country (Australia) comes in - though I'm thinking top 50 is a bit much to hope for.
Dude seriously, that was in 2006. This is 2009. I don't think it's the same incident (though it could be a related one). Would have been nice to point out that the article is over 2 years old.
I think GP meant to say something like "There is no software with a TCO of $0".
Depends if you wrote them on company time. Better check your employment contract (here in Australia professional jobs usually have individual contracts - I assume perhaps incorrectly this is common in most countries).
The point was that you can have the policy, and police it rigorously, but the first time the insulted see it before the manager, you're going to get screwed anyway. Why not take away the opportunity in the first place?
I thought it was runlevel 2 on Tru64, where I last seriously admin'd a Unix system, and it was initiated from DECs NVRAM environment. But hey, that was a half-decade ago and my memory is shot. Thanks for the info.
On Tru64 the runlevel I remembered did not require the root password. Many times I used this to get into a system that a developer had mucked around with - they wrote and debugged daemons; sudo was not an option for us because the dev system had to match production, mandated by the Very Very Large customer. Lord knows I tried ...
And yes, to remove group policy requires removing the box from the domain, which results in the user no longer being able to access their local profile.
Thanks for being intelligent and providing useful answers. Already I have learned about cfengine, bcfg2 and FreeIPA today - all of which look like bridging these gaps. Not that I want them to, really, since effectively Microsoft pays my salary ;-)
He ran it as he had previously.
$ sudo ~/vi ...
:sh
Password:
sh# <-- Bingo, a shell. As root, because he was able to sudo execute his own link to restricted vi, to perform a task required by his job.
You're after Group Filtering. Set the policy so that only a particular Group object has the Apply Group Policy permission and remove that permission from the Users group object.
The policy then applies to all group members (including nested security group members) who are also located in the OU or site to which the policy is linked.
Hey that toolset looks pretty good ... but you're an Anonymous Coward!
I better look away before my head explodes from the contradiction.
Roll your own? Isn't that, you know, re-inventing the wheel? I know, I know, I had a UNIX background and I rolled my own stuff too. But man I was tired of that shit within a year or two. New job? Oh, better rewrite/reconfigure the backup scripts for this environment so I understand. New job again? Oh, more reconfiguration because the other 2 environments had subtle differences in code versions and the switches are changed.
If you have to re-write your administration tools all the time, where are you obtaining your continuous improvement? Don't pretend you take the scripts from the old company, you're ethical and you won't do that, right? Right? :-D
Please clarify how the ssh for loop will ensure the CEO's laptop is updated by the time he is off the plane? Or that at least it will automagically update when it has connectivity (SCCM updates do this in Windows-Land - the client hits the server over the Internet using HTTPS and downloads software with enforceable installation times).
Above, I'm seeing cfengine and puppet mentioned a lot - and I don't know these tools so forgive my ignorance - but if there wasn't a need and an ssh for loop was enough, would these tools exist?
Or, I don't know, boots into runlevel 2, remounts the root volume RW and adds themselves to /etc/sudoers. Or resets the root password. Or any number of other attacks. Yeah, probably take me about 2 minutes to Google successfully for:
Physical access to the box trumps electronic security. Group Policy helps mitigate this (obviously not completely) because even if they do change membership of Administrators, GP can undo their change without the administrator even knowing.
I think the point of the G...GP post was that you can't easily push this out remotely, and on Linux you have to write it, support it and debug it yourself, including all the niggly corner cases.
Frankly Windows has some cool Enterprise stuff that makes this easier.
It's worth noting that these policies aren't Microsoft deciding willy-nilly how you will use your computer. It's the Fortune 500+ companies, and their equivalents in Europe, Asia-Pac etc, who have requested this. They have very big wallets. They spend way more on MS than we do. And apparently some dorkwad once determined that allowing users to set their own desktop background wastes time and thus money, so they want to lock things down, protect themselves from lawsuits etc, and ensure they are paying people to work, not skive off typing long comments on /. ...
Ahem. As I was saying.
In these sorts of cases (desktop wallpaper, sound schemes), to me, the benefit is not time and money, it's the ability to avoid a lawsuit because Big Stu the ladies' man in the centre of the office decided to have some porno chick as his wallpaper and porno sounds for new emails et al. And the 30 women around him get offended and sue the company for letting him be a dickhead even though there's a clear policy in place.