I'm thinking critically because Amazon, EMC, VMWare, etc bill The Cloud as a mystical place where you throw your shit and then it's universally available 100%. Nothing bad happens in The Cloud.
No, they don't. You're either being disingenuous, or idiotic.
Per http://aws.amazon.com/ec2/#highlights, Amazon is promising "Reliable Amazon EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned. The service runs within Amazons proven network infrastructure and datacenters. The Amazon EC2 Service Level Agreement commitment is 99.95% availability for each Amazon EC2 Region.
The irony here is that 6 hours in a year is 99.93% so they've already blown it for the year.
So what's the deal with having all copies of these VMs in one datacenter? That's not very The Cloud of them.
If it's only one instance running, its kinda hard to run it in multiple datacenters. They might be running clustering within a datacenter, but that can still be taken down by a power outages affecting multiple servers. As pointed out earlier, you can have instances in multiple datacenters (zones as they call it) if you're willing to pay for it.
One problem they are trying to address is a US citizen mailing their passport to an illegal friend, who then uses it to enter the US. In that regard, it does make sense to check credentials as people leave. If the passport never officially left, it should not be allowed in without some scrutiny.
The picture on the Passport is not a good identifier as peoples look can change. Another non-changeable identifying mark like fingerprints is desirable. Fingerprints are much easier to automatically identify too - just stick your finger on the button.
Passports do store the picture electronically now, with a digital signature. Just add the fingerprint. Military CAC cards already do this.
I wonder what the protocol is for a double arm amputee.
They do toe prints. Seriously. I don't see the big deal here. Having your all your fingertips looking like they've been sandpapered is suspicious, regardless of the cause. I'm glad they noticed and took some additional steps to verify his identity.
That's my impression of most large churches. When they have a board of directors, a CFO, run gift shops, have a private school, and invest in real estate its really hard not to call them a BUSINESS. A business that gets tax-free status just because they sell religious products and services.
How many folks destroyed their own cars with E85?
on
The Great Ethanol Scam
·
· Score: 2, Interesting
The article mentions a handful of cases where the tanks of some failed cars had more than 10% ethanol. One of the cases was cited as a station screw up, but how many were the owners fault for pumping E85 into a non-flex-fuel vehicle? It happens far more than people admit.
If the guys account was shutoff, why would he carry the phone with him? The article never said he had the phone with him either.
If he was carrying the phone, the telco is legally obligated to allow the phone to call 911. Curious - is the reverse true that 911 operators must be able to call his phone?
Since the phone must still work to make 911 calls, that means its still talking to the cell towers and Verizon can locate the phone regardless of whether the ability to dial other non-emergency numbers was disabled.
There are plenty of fun ways to mess with his computer though. Starting simple would be adding "127.0.0.1 offending website" to the hosts file. Most computer wizs would figure that one out as soon as they tried pinging the site. Much, much more difficult for the average computer user to figure out is setting an ipsec policy to block the server IP/ports the games uses. He'd still be able to ping it, but the game would mysteriously not be able to connect. Or figure out how to make the game just work crappy or slow enough that he gets frustrated and gives up.
This email also identifies the registry fixes which compromise security in the name of interoperability. The fixes (disable secure signing, dropping 128-bit req, and allowing ntlm and lanman auth) qualify as a Cat-I vulnerability findings if you happen to be subject to network vulnerability scanning.
What were those keys? I saw some traffic on the samba list about a known bug on the samba side, and some suggestions about keys to try on the Windows side (like disabling secure signing). I saw some folks were managed to successfully joined a samba domain, but it would stop working as soon as the windows client tried updating its machine account.
The registry settings I saw, dumbed down the security on the windows side a bit, which could potentially opened up some added vulnerability.
Group policies, better groups, software deployments, far more granular permissions, the ability to delegate permissions and roles, not requiring a linux weenie to run it, not constantly playing catchup when a MS update breaks the half-assed bandaid called samba, kerberos support, pki support, smartcard logon, multiple redundant domain controllers versus a pdc and non-redundant bdcs, etc.
But that's just off the top of my head.
So aside from emulating NT4 domain authentication, and a pared down version of a SMBFS file/print server - what is the big benefit of trying to replace a proper MS domain controller with a linux box? Cost? To me the added headaches aren't worth it.
It's Samba that needs to catch up, not Microsoft. Windows7 dropped support for the archaic NT4 domain structure that Samba emulates.
Samba is a poor substitute as a domain controller. Sure you can get an NT4 style domain working, but you're missing out on all the power that Active Directory gives you. For that matter, Samba leaves a lot to be desired as a windows file server as well.
This is an honest question. Aside from the hobbyist and novelty aspect, why would you want to run BSD on old SGI hardware?
The O2 was a low end SGI workstation that marginally outperformed the x86 platform when it was introduced. Unless you have a reason like hardware or system specific coding, why not move to BSD on a cheap x86 platform?
Yeah, I know about big endian versus little endian - had to rewrite a bunch of code when we dumped the Sun E3500s in favor of running Solaris x86.
I'm not against a hobby, just pointing out that he could have had just as much fun and produced something more useful to others. Just don't expect a world of praise for laboring (even if you like it) on something rather esoteric.
Why on earth would you invest time on such a project? Why not start with a more modern platform and work to improve something more than a handful of novelty SGI enthusiasts will use? Even with the hardware acceleration working, it is a dog compared to a 3 year old PC motherboard with onboard graphics. Linux could still use a lot of help getting hardware graphics working well.
Or maybe you could join the 2 or 3 people that have a penchant for reviewing Linux kernel code and finding all those huge gaping bugs? See CVE-2009-1265 for a great example of why Linux needs better code review (and that bug has been there for how many years?).
They don't carry the breathalyzer with them. Certainly not that one, anyway. They give you a standard field sobriety test. If you fail that you go downtown and blow in the little tube. Note that falling down drunk is failing the field test which requires you be be able to stand up.
It can't be that bad. Poor coding and bad design aside, it obviously passes some standard test and periodically get recalibrated. There's no mention of whether the errors such as incorrect flow measurements would cause low or high results.
Besides, the breathalyzer is usually only used to prove your drunk after its obvious by your mannerisms. Its a bit rare to test sober people ya know.
Certainly with closed software, its easier to lean on the company to get a backdoor inserted without anyone noticing. You still can't rule this out with open-source.
You think the NSA hasn't been trying to weasel a backdoor into Firefox? I'm willing to bet the NSA (or another foreign intelligence agency) has done their own review of the code, and they are saving a few exploitable bugs for future use.
Sorry open source fans. The cold hard reality is that once open source code is written and accepted into a project, nobody actually looks at it again unless it has a functional bug, they want to add a feature, or someone exploits the code. It's a myth that software, either closed or open source, gets any kind of periodic review out of good practice.
Slashdot Mirror
I'm thinking critically because Amazon, EMC, VMWare, etc bill The Cloud as a mystical place where you throw your shit and then it's universally available 100%. Nothing bad happens in The Cloud.
No, they don't. You're either being disingenuous, or idiotic.
Per http://aws.amazon.com/ec2/#highlights, Amazon is promising "Reliable Amazon EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned. The service runs within Amazons proven network infrastructure and datacenters. The Amazon EC2 Service Level Agreement commitment is 99.95% availability for each Amazon EC2 Region.
The irony here is that 6 hours in a year is 99.93% so they've already blown it for the year.
So what's the deal with having all copies of these VMs in one datacenter? That's not very The Cloud of them.
If it's only one instance running, its kinda hard to run it in multiple datacenters. They might be running clustering within a datacenter, but that can still be taken down by a power outages affecting multiple servers. As pointed out earlier, you can have instances in multiple datacenters (zones as they call it) if you're willing to pay for it.
One problem they are trying to address is a US citizen mailing their passport to an illegal friend, who then uses it to enter the US. In that regard, it does make sense to check credentials as people leave. If the passport never officially left, it should not be allowed in without some scrutiny.
The picture on the Passport is not a good identifier as peoples look can change. Another non-changeable identifying mark like fingerprints is desirable. Fingerprints are much easier to automatically identify too - just stick your finger on the button.
Passports do store the picture electronically now, with a digital signature. Just add the fingerprint. Military CAC cards already do this.
The simple answer to ensuring the returning person is not an imposter is simply encoding the fingerprint into the passport book or card.
I wonder what the protocol is for a double arm amputee.
They do toe prints. Seriously. I don't see the big deal here. Having your all your fingertips looking like they've been sandpapered is suspicious, regardless of the cause. I'm glad they noticed and took some additional steps to verify his identity.
That's my impression of most large churches. When they have a board of directors, a CFO, run gift shops, have a private school, and invest in real estate its really hard not to call them a BUSINESS. A business that gets tax-free status just because they sell religious products and services.
The article mentions a handful of cases where the tanks of some failed cars had more than 10% ethanol. One of the cases was cited as a station screw up, but how many were the owners fault for pumping E85 into a non-flex-fuel vehicle? It happens far more than people admit.
That depends on what country and state you're in, but yes failure to render assistance in a life threatening situation can be criminal.
http://wings.buffalo.edu/law/bclc/aals06/251-52.pdf
http://www.iuscomp.org/gla/statutes/StGB.htm#323c
Plus, if you ignore your civic duty and fail to take reasonable action you can be held civilly liable.
If the guys account was shutoff, why would he carry the phone with him? The article never said he had the phone with him either.
If he was carrying the phone, the telco is legally obligated to allow the phone to call 911. Curious - is the reverse true that 911 operators must be able to call his phone?
Since the phone must still work to make 911 calls, that means its still talking to the cell towers and Verizon can locate the phone regardless of whether the ability to dial other non-emergency numbers was disabled.
There are plenty of fun ways to mess with his computer though. Starting simple would be adding "127.0.0.1 offending website" to the hosts file. Most computer wizs would figure that one out as soon as they tried pinging the site. Much, much more difficult for the average computer user to figure out is setting an ipsec policy to block the server IP/ports the games uses. He'd still be able to ping it, but the game would mysteriously not be able to connect. Or figure out how to make the game just work crappy or slow enough that he gets frustrated and gives up.
Religious wars are really just arguments over who has the better imaginary friend.
I doubt they WINE much about it either.
I did some more digging. http://lists.samba.org/archive/samba-technical/2009-February/063187.html Amusing enough, the poster identifying the registry keys and the bugs in Samba works for Microsoft. So yeah MS did help fix the problem.
This email also identifies the registry fixes which compromise security in the name of interoperability. The fixes (disable secure signing, dropping 128-bit req, and allowing ntlm and lanman auth) qualify as a Cat-I vulnerability findings if you happen to be subject to network vulnerability scanning.
What were those keys? I saw some traffic on the samba list about a known bug on the samba side, and some suggestions about keys to try on the Windows side (like disabling secure signing). I saw some folks were managed to successfully joined a samba domain, but it would stop working as soon as the windows client tried updating its machine account.
The registry settings I saw, dumbed down the security on the windows side a bit, which could potentially opened up some added vulnerability.
Where did I call anyone names? You're the one with "anal-retentive" in your sig. :}
Group policies, better groups, software deployments, far more granular permissions, the ability to delegate permissions and roles, not requiring a linux weenie to run it, not constantly playing catchup when a MS update breaks the half-assed bandaid called samba, kerberos support, pki support, smartcard logon, multiple redundant domain controllers versus a pdc and non-redundant bdcs, etc.
But that's just off the top of my head.
So aside from emulating NT4 domain authentication, and a pared down version of a SMBFS file/print server - what is the big benefit of trying to replace a proper MS domain controller with a linux box? Cost? To me the added headaches aren't worth it.
Well, W7 does not support Samba yet
It's Samba that needs to catch up, not Microsoft. Windows7 dropped support for the archaic NT4 domain structure that Samba emulates.
Samba is a poor substitute as a domain controller. Sure you can get an NT4 style domain working, but you're missing out on all the power that Active Directory gives you. For that matter, Samba leaves a lot to be desired as a windows file server as well.
This is an honest question. Aside from the hobbyist and novelty aspect, why would you want to run BSD on old SGI hardware?
The O2 was a low end SGI workstation that marginally outperformed the x86 platform when it was introduced. Unless you have a reason like hardware or system specific coding, why not move to BSD on a cheap x86 platform?
Yeah, I know about big endian versus little endian - had to rewrite a bunch of code when we dumped the Sun E3500s in favor of running Solaris x86.
Nobody else wanted to bother. They all moved on to better platforms.
I'm not against a hobby, just pointing out that he could have had just as much fun and produced something more useful to others. Just don't expect a world of praise for laboring (even if you like it) on something rather esoteric.
According to http://bsd.slashdot.org/article.pl?sid=00/06/30/087234, BSD was ported to the O2 in 2000.
Why on earth would you invest time on such a project? Why not start with a more modern platform and work to improve something more than a handful of novelty SGI enthusiasts will use? Even with the hardware acceleration working, it is a dog compared to a 3 year old PC motherboard with onboard graphics. Linux could still use a lot of help getting hardware graphics working well.
Or maybe you could join the 2 or 3 people that have a penchant for reviewing Linux kernel code and finding all those huge gaping bugs? See CVE-2009-1265 for a great example of why Linux needs better code review (and that bug has been there for how many years?).
They don't carry the breathalyzer with them. Certainly not that one, anyway. They give you a standard field sobriety test. If you fail that you go downtown and blow in the little tube. Note that falling down drunk is failing the field test which requires you be be able to stand up.
It can't be that bad. Poor coding and bad design aside, it obviously passes some standard test and periodically get recalibrated. There's no mention of whether the errors such as incorrect flow measurements would cause low or high results.
Besides, the breathalyzer is usually only used to prove your drunk after its obvious by your mannerisms. Its a bit rare to test sober people ya know.
You could claim he already had access, and didn't commit act act to gain that access.
Certainly with closed software, its easier to lean on the company to get a backdoor inserted without anyone noticing. You still can't rule this out with open-source.
You think the NSA hasn't been trying to weasel a backdoor into Firefox? I'm willing to bet the NSA (or another foreign intelligence agency) has done their own review of the code, and they are saving a few exploitable bugs for future use.
Sorry open source fans. The cold hard reality is that once open source code is written and accepted into a project, nobody actually looks at it again unless it has a functional bug, they want to add a feature, or someone exploits the code. It's a myth that software, either closed or open source, gets any kind of periodic review out of good practice.