I write software that provides services over networks. I should not be prevented from attacking my programs using the same tools outsiders would use.
Absolutely. On an internal network, if you have a test server that is dedicated to your project, have at it. I'm not even a strong proponent of banning port scanning of random targets on the Internet. But on an Internal WAN, I have no problem recommending the termination of any employee running unauthorized scans of hosts outside of their direct responsibility.
My job, in part, is to run scans, and I still check with a 'C' level executive before doing anything that could be disruptive...
My take is merely that any notion that saying "I forbid your use of a pneumatic hammer" prevents someone using one. It let's you terminate them for it, which is admittedly a disincentive, but still..
One effect that such a policy has is that you don't have to filter out the noise from random employees using these tools. The moment you detect one starting up (and like a pneumatic hammer, most scans are VERY noisy) you can more easily track down the source, and investigate the activity.
If there are ten people on each floor of the building who use a hammer every few days just for the fun of it, tracking down the one guy who (intentionally or unintentionally) is removing a load-bearing wall is that much more difficult.
5.Allowing random 'good' employees to run scans will make it harder to detect the 'evil' employees.
5. By this, all you are saying is it makes your job harder. I can sympathize.
If the only scanning I see is the authorized scans from authorized machines, then I can treat every "unknown" scan originating from any internal host as an "incident" and react accordingly. I can assume that "J. Random support dude" running "nmap 10.0.0.0/8"
from a Linux laptop he brought in from home has "evil intent" (names and networks changed to protect the guilty).
6. How do you detect when a worm (Nimda?) or a trojan included in some shareware package starts scanning your network without the user's knowledge?
6. How does forbidding scanners prevent this?
It doesn't prevent this, but if there is no legitimate reason or excuse for any random host to scan the network, then we can treat any case where a host does start scanning as an "incident", and react accordingly.
9.Scanning random remote IP ranges can 'bring up' backup ISDN and other toll circuits, incurring a real expense.
9. So does "ping." Do you forbid "ping?" Do you take the socket library off your IS development machines?
Using 'ping' to a specific host won't trigger the backup circuit. Scanning entire subnets, which includes the 'numbered interface' of the ISDN backup circuit and/or the 'real' interface of HSRP devices, can bring up the Toll backup circuit for X minutes (eventually it will idle out and disconnect).
10.Do you encourage your average employee to check for unlocked doors and cabinets outside of their own work area, or do you have dedicated security personnel?
10. Do you assume this is NOT happening? If you do, how does that assumption enhance your security? My argument is merely that policy is NOT security. Any pretense that it is is an illusion.
My point is that if I discourage people from doing this, and official policy is that this is not acceptable behavior, then when a guard sees somebody snooping around, or an incident happens and the security tape shows an unauthorized employee open the (normally locked) supply cabinet, we can automatically treat them as a suspect, not just a "good samaritan" checking for security holes on their own.
If you tolerate random employees doing random checks (outside of their own direct responsibilities), then the level of "noise" makes it difficult to see real attacks.
In the case of public security (or Internet security), the police generally must tolerate a certain level of noise, a certain amount of random non-criminal mischief. This is not true in a private enterprise.
The "biggest threat to security" is almost always the folks working in the Security Department. This has been the case for more than 50 years.
This has been true for physical security since the beginnging of time.
Network security should be different. I know plenty of 'reformed hackers' who are now in the "Information Security" business, and none of them collect and keep customer data that they should not have.
A big part of the reason physical security is a cause of internal theft is that most of the guards have time on their hands and get paid not much more than minimum wage. Neither should be true for information security:-)
My father tells the story of a guy working at an auto assembly plant who took home an entire car -- piece by piece!
Anybody have a link to the old joke about they guy who worked in a government factory during the war and wanted his own jeep. So each day he would steal a different part, and after two years, he put it all together in his basement and had himself a beautiful new anti-aircraft gun?
Do you hand out hammer drills to random employees and let them have at the internal walls looking for weak spots?
Just how exactly does it improve the security of your systems to punish employees for exposing flaws? This guarantees that the only people scanning for vulnerabilities are outsiders and insiders with evil intent.
The only employee who should be 'scanning for vulnerabilities' here is me. Anybody we catch scanning without express written permission (generally from the CTO) is assumed to have 'evil intent'.
You can't just go off on your personal quest for vulnerable systems randomly on your employer's network, unless you actually want to end up like Randal Schwartz
Give scanning tools to employees and offer to pay them a bonus for reporting problems!
Speaking of 'wrongheaded thinking'. Consider the risks of encouraging random scans by non-security employees:
There are numerous reasons not to encourage random employeers to scan your network.
Some badly-written scanners will DOS even well-written OSes and applications.
Some legacy systems still running in corporate networks react badly to being scanned. This isn't good, but it is a reality.
Who needs 1,000 identical 'Tool X' scan reports of the same network?
Scanning generates extra network traffic and 'hits' on IDS systems. See previous item.
Allowing random 'good' employees to run scans will make it harder to detect the 'evil' employees.
How do you detect when a worm (Nimda?) or a trojan included in some shareware package starts scanning your network without the user's knowledge?
What happens when 'Tool X' is distributed with a trojan, or simply hacked to silently CC the report summary to scanreport2002@hotmail.com?
When 'Joe minimum wage' finds an easily exploited hole in the payroll server, you expect him to report it before trying it out for himself?
Scanning random remote IP ranges can 'bring up' backup ISDN and other toll circuits, incurring a real expense.
Do you encourage your average employee to check for unlocked doors and cabinets outside of their own work area, or do you have dedicated security personnel?
...
I agree that somebody should be scanning the internal network, just as somebody should be checking for unlocked doors. But that somebody should not be just any random employee who takes it upon themselves to test security.
There are production cars that get +40MGP, and they don't get this by "aerodynamic efficiency". They get this by reducing the vehicle weight and changing the engine, or using a gas+electric hybrid. And people generally do not buy these cars.
When the automotive industry in agreement with the petrolium industry decide that no car on the market will have an aerodynamic efficiency above a certain figure,
Extraordinary claims require extraordinary proof.
Have you not SEEN the latest SUV's on the road?
Seen them? I drive one of the least-aerodynamic new 4x4s produced. But the reason I get lousy city mileage is because the truck is heavy, not because it is boxy.
One reason people buy these big heavy SUVs is because you cannot buy a big, heavy steel CAR anymore. The automakers build huge, heavy, ugly and inefficient SUVs not because of some secret petroleum industry payoff, but for two simple reasons:
The government sets fuel standards such that they cannot make big heavy passenger cars anymore.
These are what people want to buy.
The reason people want to buy these big heavy SUVs isn't because of brainwashing or a "Control Reality". In my case, my first car was a big heavy (used) american-made "land yatch". My favorite memories are of the huge backseat of my grandfather's Cadillac. Bot mostly because a vehicle that cannot survive both winter and "pothole season" is worthless to me, no matter how aerodynamic or fuel efficient.
When the automotive industry in agreement with the petrolium industry decide that no car on the market will have an aerodynamic efficiency above a certain figure,
Extraordinary claims require extraordinary proof. If you're going to slander the auto industry, you should at least post a couple of links to (non-crackpot) supporting websites.
It's not impossible for non-auto-industry businesses to build their own cars, and it's actually trivial to re-configure the surface of a production car.
If changing the "aerodynamic efficiency" of a production car could reduce drag significantly, the racing and custom car industry would be all over it.
(so as to maintain a piggish rate of gas burning which might not otherwise be necessary), what can the average individual do?
I suppose the 'average individual' might start taking his Prozac as prescribed, and the problem will go away:-)
Aside from not owning a car, (which, btw, is an entirely viable option more people should look into), Joe-average can do very little.
Perhaps not owning a car is a viable solution for you, but it is not an option for me. It'd be worth my life to try to take public transportation to get home after staying late at the office to solve a network problem. And I mean that literally.
Why are Hackors demonized by the media?
...
Hackors get in the way of the plans of the Control Reality which are being implemented around our ears as we speak.
I am not a programmer. I am not a hacker.
I am a programmer. I am a hacker. I work for "the media".
The media does not understand hackers, but they understand big business press releases, and sensationalism sells newspapers. I'm proud to say that my employer does not intentionally "demonize" hackers -- but often the reporters and editors do not "get" hackers, and the evil intentions of a few (aka crackers) make us all look bad.
My "media" employer doesn't care about any "Control Reality". They care about reporting the truth, and maximizing shareholder value.
Looking up from the bottom, you see conspiracy. Looking at the problem from the inside, I see no sign of grand conspiracies, no intentional plot to beat down the "annoying burr".
Actually, we have had problems with Solaris 8 and 'snoop' sometimes missing traffic, data that we know is passing through that interface yet the sniffer never logs it.
All too often I see people respond to this sort of program by suggesting that making 'non-confrontational theft' less convenient for crackheads might drive them into commiting more confrontational crimes, so we shouldn't take steps like this. Making burglarly more difficult might cause more home invasions. Making auto theft more difficult increases car jacking. Allowing concealed carry will cause muggers to just pre-emptively shoot people in the back. This sort of thinking amounts to OSHA for criminals.
rtstyk writes:
More danger to people when they're entering/leaving the car if this gets really popular because the thieves will stop trusting the free standing car.
This has already come to pass. One reason for the surge in carjackings was that more and more cars have factory installed alarms and anti-theft systems that prevent quick hot-wiring of unattended vehicles.
I can imagine the thieves resorting to using a gun to get the person out of the way and then steal the car.
It's a big jump from stealing an unattended car while the owner is gone to armed robbery.
"You are assuming that most car thieves would make the step from GTA to Armed Robbery, Assault with a Deadly Weapon, and even murder. Most car thieves are looking to get in and out as quickly as possible with as little hassle as possible."
Microsoft knows people will think this way, one reason the new XP license control features make this a non-issue.
HiyaPower writes:
) Take a machine install windows on it.
) Take machine of #1 apart, evenly divide parts into two piles.
) Put enough extra parts into each pile to make a complete machine.
) Reassemble the 2 machines.
In US Federal firearms regulation, this is illegal. There is a single part that is the 'registered receiver', which is the piece that Federal registration requires to have a serial number and on which taxes are paid.
Interestingly, this same logic does not apply to firearms magazines. Manufacture and import of new "High Capacity" (10 rounds or higher) is banned, but technically you split your existing magazine down to four or so major components, buy "replacement parts", and assemble four "new" magazines, each having one component from the original legal magazine, and not violate the law.
Not that many people are in any rush to be a test case for this interpretation of the law...
To claim that you "created 2 licenses" is naive. There was one license, you split the hardware on which it ran, you still have one license, and one OpenBSD server.
It's not as simple as that -- as I recall, "The Giggler" was directly or indirectly responsible for at least one murder, as well as rape:
http://www.jabootu.com/deathwish3.htm
...
The next morning, Paul and Rodriguez are on patrol when the Giggler grabs another purse. They give chase, but are soon outdistanced. (We
only see Bronson running in very short clips. This helps imply that his character is running the whole distance, without causing Bronson's heart
to explode in his chest.) "This Wildey friend of yours," the disgusted Rodriguez asks, "can he catch this guy?" Kersey nods yes. Back at the
apartment, Bennett asks who Wildey is. "You'll see!," the impish Kersey replies. Next we see Kersey accepting a cake box sized parcel at the
mail service shop. Laying the package on his table at home, Kersey looks up, and we see that all his neighbors are in attendance. "Wildey's
here!," he tells them. Oh, boy! Finally, we're going to meet Wildey. Man, after all that build-up, this is going to be great!
Needless to say, it's not. Wildey turns out to be a gigantic semi-automatic pistol manufactured by Wildey, Inc. "Real stopping power," Kersey
notes. Then, like some transparent audience shill in an infomercial, Bennett pipes up. "Is that like a.44 magnum?," he asks. No, Kersey replies.
The.44 is a pistol cartridge, the Wildey magnum is, "a shorter version of the African big game cartridge." (Whatever that means.) You know what
that means, right? Kersey's packin' bigger than Dirty Harry! You go, Dude! ('Dude'? I've got to stop doing that.) Anyway, it's reassuring that
Kersey will be toting the kind of firepower that you'd use to nail a rhinoceros or elephant.
Now comes the movie's low point, surprisingly revolting even for a picture like this. Maria is assaulted by Fraker and three more of the gang.
Almost immediately, her shirt is ripped opened, as this scene is being used as an excused to bare some breasts. (This is why the almost
pathologically modest Maria isn't wearing a bra; it would get in the way of breast baring.) Frankly, I had thought that the reprehensible practice of
using rape scenes to inject some 'sex' into a picture had gone by the boards, even in exploitation flicks. Unfortunately, this film proved me
wrong. My only advice is to have your remote ready when this scene begins.
We cut to Rodriguez, crying in his apartment. You can tell that it's his because of the decorative sombreros (!) on the wall. Kersey and Bennett
are there to provide comfort. The report has come in: Maria was raped, but her physical injuries are restricted to a broken arm. Kersey orders a
taxi and takes Rodriguez to the hospital. Meeting with her doctor, they learn that Maria has in fact died. The arm was badly shattered, resulting
in blood clots that broke loose and made their way to the heart.
Back at Kersey's apartment, he's lovingly assembling new cartridges for his Wildey. Then, tucking the piece into his waistband, he heads out for
the street, grabbing a camera case. (Unsurprisingly, a big logo for Nikon is quite noticeable - this is a classic example of produce placement,
even though in this case I suspect it was arranged by the Pentax company.) Kersey walks down the block to the local grocery, and buys himself
an ice cream bar. He also tosses one to that kid who gave him the power salute earlier. Back on the street, he spots the Giggler, and lazily
hangs the camera case over his shoulder. Sure enough, the Giggler takes the bait. This time, however, Kersey is ready. He pulls out the Wildey
and blows him away. This leads to an uproar of applause and celebration from the locals, as 'triumph' music plays in the background.
The next morning the rest of the gang is bummed out. "They killed the Giggler!," one sensitive young hood cries. "They had no business doin'
that," Fraker agrees. Meanwhile, Shriker shows up to check out the crime scene. A woman, one of the celebrating citizens from the previous
evening, runs over to give him her two cents. "I'm glad he's dead," she shouts. "He took my pocketbook three weeks ago!" (Wow, talk about a
law and order mentality!) Shirker pulls back the sheet to examine the corpse, complete with a neat circular 'wound' through his chest. "There's
not much left of this sucker, is there?," he inquires. Well, yeah, actually. Pretty much all of him, save for the part of his chest through which the
bullet passed. I mean, they're not going to have to collect his remains with a sponge or anything.
It seems like everybody has some vendor that has burned them one or more times -- everbody I talk to seems to feel that Brand X drives are crap, but Brand X is different from person to person!
For example, I got burned by a bad lot of Maxtor SCSI drives (bought 10 identical drives, and 8 failed within 18 months) almost a decade ago, and ever since have been reluctant to purchase drives with the Maxtor logo.
Others have similar tales of woe about Seagate, IBM, Quantum (now merged with Maxtor) etc.
Regarding the message suggesting Seagate is good, I have had mixed results with them. The drives tend to become noisy within a year or so, and once the bearing noise gets really loud, it becomes a game of russian roulette -- every time you power down a system with a 'loud' seagate drive, you never know if it will ever come back up...
I don't have this particular problem with Quantum or Fujitsu drives. OTOH, I have around 100 Seagate drives, but only a dozen or so Fujitsu (Sun shipped every system with Seagate for years, only recently using IBM and Fujitsu branded drives).
IMHO, a 'good employer' does not bother to look unless the employee causes some other problem. The one case I had dealt with was related to using IRC from the office, and the abuser was fired that same day.
I've not heard of an employer that monitors Port 22, and even if they did, it's encrypted so they can't pick up what you said.
Every corporate site I have been at, will block port 22 outbound.
Best program for this is PuTTY (assuming you use NT at work)
If your employer is nosy enough to be sniffing your IM sessions, they are probably also nosy enough to install LanDesk and/or other software on the desktop for remote screen viewing, keystroke logging, etc.
The whole thing assumes you are using *n?x at home and can run an SSH daemon on it.
People that clueful generally have better things to do with their time than instant messaging.
(Says the guy posting to slashdot in the middle of the night)
Why would anyone be using any sort of instant messanger at work? I really am curious. Do these people have nothing better to be doing?
There might be a 'business case' for supporting IM at work, but just about every study I have seen admits that 80% of messaging done at work is non-work-related.
Generally slackers will abuse IM just like they will abuse 'free' phone calls -- to stay in touch with friends and family, make plans to go out after work, or just idle chat.
It can be difficult to implement a technical ban on instant messaging, webmail, etc. There are two many different services using different protocols and different servers to easily create firewall or filter rules to block them all.
AOL Instant Messenger is an interesting example. The AIM client is very persistent in trying to establish connectivity with their servers. First it tries the 'official' OSCAR protocol on port 5190, but if that fails, it tries a high port, and also FTP, SSL, and other protocols that many firewalls permit unrestricted outbound client access.
FYI, the Ethereal sniffer package includes a decoder module for AOL Instant Messenger traffic.
The text-interface equivalent is 'tethereal', which provides realtime decoding of AIM messaging traffic, and supports logging raw packets to a file.
One of the most common ways for AIM to work through a firewall is by pretending to be a SSL connection to the AOL 'oscar' server, and tunnel through a HTTP/SSL proxy. But in reality, that session is still cleartext, easily intercepted.
I am not sure if any similar software currently exists for MSN, Yahoo or ICQ. IRC is trivial, and Jabber's XML doesn't take much to extract to human readable dumps.
Even Jabber's SSL support only offers minimal protection, as (despite repeated requests to have the feature added) none of the Jabber client software implementations include any checking of the server certificate, so all Jabber clients are vulnerable to 'man in the middle' attacks.
If you are considering purchasing the IC-R3, it does not work well in this application.
The R3 is an all-band receiver with built-in video, and can receive broadcast TV, ATV, and wireless video, including 900Mhz and 2.4Ghz transmissions.
Unfortunately, the 2.4Ghz range only covers three of the four XCAM frequencies, and the receiver is deaf as a post above 2Ghz, even with a good antenna.
As reported by Fox News, the Isreali secret service (Mossad) has penetrated the CALEA infrastructure and uses it to their own ends.
What I have found particularly striking is the extensive effort made to suppress this story.
CARL CAMERON, FOX NEWS CORRESPONDENT (voice-over): The company is Comverse Infosys, a subsidiary of an Israeli-run private
telecommunications firm,with offices throughout the U.S. It provides wiretapping equipment for law enforcement. Here's how wiretapping works in the
U.S.
Every time you make a call, it passes through the nation's elaborate network of switchers and routers run by the phone companies. Custom computers
and software,made by companies like Comverse, are tied into that network to intercept, record and store the wiretapped calls, and at the same time
transmit them to investigators.
The manufacturers have continuing access to the computers so they can service them and keep them free of glitches.
This process was authorized by the 1994 Communications Assistance for Law Enforcement Act, or CALEA.
Senior government officials have now told Fox News that while CALEA made wiretapping easier, it has led to a system that is seriously vulnerable to
compromise,and may have undermined the whole wiretapping system. Indeed, Fox News has learned that Attorney General John Ashcroftand FBI
Director Robert Mueller were both warned October 18th in a hand-delivered letter from 15 local, state and federal law enforcement officials, who
complained that -quote - "law enforcement's current electronic surveillance capabilities are less effective today than they were at the time CALEA was
enacted."
Congress insists the equipment it installs is secure. But the complaint about this system is that the wiretap computer programs made by Comverse have,
in effect,a back door through which wiretaps themselves can be intercepted by unauthorized parties. Adding to the suspicions is the fact that in Israel,
Comverse works closely with the Israeli government, and under special programs,gets reimbursed for up to 50 percent of its research and development
costs by the Israeli Ministry of Industry and Trade.
But investigators within the DEA, INS and FBI have all told Fox News that to pursue or even suggest Israeli spying through Comverse is considered
career suicide.
And sources say that while various F.B.I. inquiries into Comverse have been conducted over the years,they've been halted before the actual equipment
has ever been thoroughly tested for leaks.
A 1999 F.C.C. document indicates several government agencies expressed deep concernsthat too many unauthorized non-law enforcement personnel
can access the wiretap system.
I'm not sure how much of this story I believe, here are some other (mostly right-wing) sites that covered this:
I wouldn't try this sort of thing around Chicago. The Scientologists do not have a monopoly on "Dead Agenting".
I've seen many of the following tactics in action myself:
CHICAGO RULES OF ELECTION FRAUD HOW TO STEAL AN ELECTION
VOTE EARLY AND VOTE OFTEN: Our election get-out-the-vote effort was
pioneered by Mayor Richard Daley in 1960 when he stole the election from
Richard Nixon.
CEMETARY VOTERS: Read the obituaries every day. One must keep track of
everyone who dies, so that they can be registered in the appropriate cemetary
precinct. We have voters in the Mt. Olive Cemetary who have been voting for 100 years. Relatives will often assist as keeping the dead voter on the rolls also keep the Social Security checks coming in. If you know of someone who used to live in Chicago and who died, they are still eligible to vote.
HOMELESS VOTERS: Register the homeless at the Cook County Courthouse instead of General Delivery. All they have to do is hang out at the courthouse one day a year to claim residency. Then round them up and give them free cigarettes to vote. We used to give them bottles of wine, but they couldn't remember to vote our way.
NURSING HOME VOTERS: Early (or absentee) voting has greatly expanded our capabilities of increasing the turnout. Take bags full of early ballots to nursing homes, and get everyone in the home to vote...especially the Alzheimer's cases.
COLLEGE STUDENTS: College kids like to screw the system, and they'll vote
more than once just for the sheer pleasure of it, especially kids at Catholic
universities.
Voters who have moved often can vote in the
precinct where they used to live, and then in their new precinct. They will not be on the rolls in the new precinct, so they'll vote a "Questioned Ballot". Not to worry.When the ballot is questioned after the election, we will have our political hacks permit the votes to be counted.
VOTERS PASSING THROUGH O'HARE: Many votes can be obtained bysoliciting voter registration at our airports. They are legally residents of Chicago,
at least for a few minutes.
MOTOR VOTERS: Take license plate numbers of out-of-state cars passing through on the freeways, run them through DMV to get their addresses, and
automatically reguister them in Chicago. Then vote them. They won't know, since they actually live in Wyoming.
ILLEGAL ALIENS: Some of our most reliable voters are the thousands of illegal aliens we have in the city. In exchange for not telling INS where they live or work, one can get a solid block of votes.
NEWBORNS: Our children are more and more precocious, so we register them at birth. Maternity wards are some of our best precincts.
RECOUNT THE VOTES: In the unlikely event our candidates don't win the first count, then demand a recount. Fill the recount room with loyal supporters, and tow away the cars belonging to the enemy. If you can't win a recount, then you arenot a Chicago Democrat.
Titanium blades vs titanium handles?
on
The Sexiest Metal
·
· Score: 1
Flarners writes:
Titanium may be as strong as steel, but it's far easier to bend when cut thin.
This is sometimes an advantage, such as when used for eyeglass frames.
Anybody who has one of the titanium PowerBooks will attest to the fact that if you try to pick them up from one end, the thing will bend disturbingly. This is why you won't see titanium in kitchen sinks, silverware or anywhere else where the metal needs to be thin, strong, and unflexible.
I finally got a new Seiko watch about a year ago, a simple analog kinetic model with a titanium band. Previously I've worn a big heavy steel-bracelet model.
Price and 'sexiness' aside, there are some real advantages to titanium watch bands. All of the strength of a steel band, at a fraction of the weight. I've also noticed that this watch doesn't feel as cold in winter.
I find that Plastic bands do not last, leather bands get sweaty. IMHO, a metal band with a good fit (not too tight, not too loose) works best for me, and they last forever with only minor scratches.
One drawback -- the dull "grayish" hued TI shows scratches more than my old (shiny steel) band. I like the less flashy look (compared to steel) and the lower weight... I've had plastic "sports watches" that weigh more.
on the other hand, most of the private companies i have worked at were run by borderline sociopaths who wouldn't think twice about slitting your throat and drinking your blood if they thought it would improve profitability.
You say that like it's a bad thing. This is exactly the attitude I want in the corporate executives of any company in which I have invested.
I'm not quite sure how "drink employee blood" can maximize shareholder value, but I wouldn't be too suprised to see it in certain people's DayPlanner.
Actually no. not much "downsizing" here. A few people fired (for cause) and a few quit to take better jobs elsewhere.
Management is in an interesting quandry. Due to a hiring freeze, if you fire somebody here, you have basically no chance of replacing them -- most of the time the position is eliminated.
This Catch-22 actually leads to managers holding onto borderline incompetent employees, as firing them just ends up cutting the manager's budget and number of direct report staff...
Is there a chapter about how we still want beanbag chairs and free soda?
I hope so, I won't work anywhere that doesn't have free soda.
I started working at my current employer in part because they had free soda. A couple of months after I started, they stopped stocking the fridge.
So now I make a trek (during work hours) to the local mega supermarket and stock my group's private mini-fridge with our choice of soda cans. Everybody who wants 'free soda' has to chip in five bucks once every few weeks.
$5-$10 a month is cheaper than quitting and trying to find a new job.
OTOH, it kind of pisses me off when management takes away perks without any sort of explanation or notice, and with little or no chance of ever getting them back when things get better.
Little things have all been cut off over the past year or so. Things like free soda, the office plant rental service, annual raises...
I'm no Einstein... but most managers suck.
on
Managing Einsteins
·
· Score: 3, Informative
Most of the ones I've had the displeasure of meeting are so self absorbed and into self-gratification so much that it makes working TOGETHER AS A GROUP with them in a structured development environment unbearable.
I work fine in a group, as long as I'm not forced to put up with incompetent idiots, either as cow-orkers or management.
I won't slow down my production or tolerate laziness just to avoid hurting the ego of others -- generally I work best when my peers are at least as smart as me, if not smarter. I've had the luck to work with some very bright people, and we work together as a group, and meet our deadlines -- not following the company clock on any given day, but still putting in a solid work week in the end.
They often work ALONE and the work that they do which others depend on go by their clock, not the companys.
I work very well with a small team of equally bright people. Some members of my team are morning people, some are not. But at the end of the week, we still get the work done.
I contribute much more value to the company than "any compitent engineer". I also am not a morning person, and making me follow a strict 8:30-5:00 schedule might make my manager look good to his superiors, but is only going to hurt my morale and productivity.
The worst possible manager is one who is more interested in looking good to his superiors than keeping his direct reports happy. My team has no problems with me starting later in the day and leaving later in the evening... the only people who complain are members of other groups who see me wander in at 10:30 and feel like I have a privilege they are missing. Of course, they go home at 4:30, and never see how late I stay.
While the later I can bear and bridge the communication gap to achieve OUR goals because it is worthwhile. The former can take a hike.
Sounds like you have some problems of your own.
There are way too many people in I.T. who are either stupid or lazy, and only put in the minimum amount of effort (plus plenty of sucking up to the boss) to avoid getting fired. This is encouraged by the tolerance of this behavior by management, who see a quiet employee who doesn't make any waves and value them as much or as more as the "Einsteins" who accomplish 10x as much in a given week, but also require a bit more flexibility and perhaps even a few perks every now and then.
Sparc hardware and Solaris makes it easy, but secure. Once you put the effort in to build a Solaris Jumpstart server, installing any number of machines is trivial.
My servers have Sun LOM/RSC serial consoles connected to a 'secure' (OpenBSD) serial console server, so forcing a re-install of the base OS is as simple as shuttting down, entering 'boot net - install' at the 'ok' prompt, and waiting 45 minutes or so. I can do this as easily from across the office or across the country.
I routinely build, hack, and rebuild test servers several times a day. Others report doing 500 machine rollouts with little or no human intervention.
Some of the features of the Sparc PROM and Jumpstart can be duplicated with a boot floppy, but many of the coolest features are not as easily imitated. The PC Weasel is a pale imitation of the boot PROM. APC remote power cycling doesn't come close to the functionality of Sun's Remote System Control. Linux 'netboot' is years behind Sun's Jumpstart software.
One of the many negative experiences that soured me on ever using Linux for 'real work' was trying to network boot a SparcStation LX a couple of years ago.
I had the process working perfectly with SunOS and NetBSD, but Debian was rumored to have the best support for the dBRI audio chipset...
I tried Debian, I tried RedHat, I read the HOWTOs and FAQ files, but Linux just would not work with network booting a Sparc and mounting a NFS root. There's been orders of magnitude more effort put into NetBSD's netboot support, to the point that I have better luck booting Linux from the 64K NetBSD tftp bootloader than the Linux method of tftp'ing a 1.6M kernel.
Eventually, I give up, and go back to NetBSD for these LX boxes. They boot, use NFS for root, and even swap to a file mounted on NFS. Works like a charm, boots fast and reliably, they just can't play music.
Slashdot Mirror
My job, in part, is to run scans, and I still check with a 'C' level executive before doing anything that could be disruptive...
One effect that such a policy has is that you don't have to filter out the noise from random employees using these tools. The moment you detect one starting up (and like a pneumatic hammer, most scans are VERY noisy) you can more easily track down the source, and investigate the activity.If there are ten people on each floor of the building who use a hammer every few days just for the fun of it, tracking down the one guy who (intentionally or unintentionally) is removing a load-bearing wall is that much more difficult.
5.Allowing random 'good' employees to run scans will make it harder to detect the 'evil' employees.
If the only scanning I see is the authorized scans from authorized machines, then I can treat every "unknown" scan originating from any internal host as an "incident" and react accordingly. I can assume that "J. Random support dude" running "nmap 10.0.0.0/8" from a Linux laptop he brought in from home has "evil intent" (names and networks changed to protect the guilty).6. How do you detect when a worm (Nimda?) or a trojan included in some shareware package starts scanning your network without the user's knowledge?
It doesn't prevent this, but if there is no legitimate reason or excuse for any random host to scan the network, then we can treat any case where a host does start scanning as an "incident", and react accordingly.9.Scanning random remote IP ranges can 'bring up' backup ISDN and other toll circuits, incurring a real expense.
Using 'ping' to a specific host won't trigger the backup circuit. Scanning entire subnets, which includes the 'numbered interface' of the ISDN backup circuit and/or the 'real' interface of HSRP devices, can bring up the Toll backup circuit for X minutes (eventually it will idle out and disconnect).10.Do you encourage your average employee to check for unlocked doors and cabinets outside of their own work area, or do you have dedicated security personnel?
My point is that if I discourage people from doing this, and official policy is that this is not acceptable behavior, then when a guard sees somebody snooping around, or an incident happens and the security tape shows an unauthorized employee open the (normally locked) supply cabinet, we can automatically treat them as a suspect, not just a "good samaritan" checking for security holes on their own.If you tolerate random employees doing random checks (outside of their own direct responsibilities), then the level of "noise" makes it difficult to see real attacks.
In the case of public security (or Internet security), the police generally must tolerate a certain level of noise, a certain amount of random non-criminal mischief. This is not true in a private enterprise.
Network security should be different. I know plenty of 'reformed hackers' who are now in the "Information Security" business, and none of them collect and keep customer data that they should not have.
A big part of the reason physical security is a cause of internal theft is that most of the guards have time on their hands and get paid not much more than minimum wage. Neither should be true for information security :-)
Anybody have a link to the old joke about they guy who worked in a government factory during the war and wanted his own jeep. So each day he would steal a different part, and after two years, he put it all together in his basement and had himself a beautiful new anti-aircraft gun?The only employee who should be 'scanning for vulnerabilities' here is me. Anybody we catch scanning without express written permission (generally from the CTO) is assumed to have 'evil intent'.
You can't just go off on your personal quest for vulnerable systems randomly on your employer's network, unless you actually want to end up like Randal Schwartz
Speaking of 'wrongheaded thinking'. Consider the risks of encouraging random scans by non-security employees:There are numerous reasons not to encourage random employeers to scan your network.
- Some badly-written scanners will DOS even well-written OSes and applications.
- Some legacy systems still running in corporate networks react badly to being scanned. This isn't good, but it is a reality.
- Who needs 1,000 identical 'Tool X' scan reports of the same network?
- Scanning generates extra network traffic and 'hits' on IDS systems. See previous item.
- Allowing random 'good' employees to run scans will make it harder to detect the 'evil' employees.
- How do you detect when a worm (Nimda?) or a trojan included in some shareware package starts scanning your network without the user's knowledge?
- What happens when 'Tool X' is distributed with a trojan, or simply hacked to silently CC the report summary to scanreport2002@hotmail.com?
- When 'Joe minimum wage' finds an easily exploited hole in the payroll server, you expect him to report it before trying it out for himself?
- Scanning random remote IP ranges can 'bring up' backup ISDN and other toll circuits, incurring a real expense.
- Do you encourage your average employee to check for unlocked doors and cabinets outside of their own work area, or do you have dedicated security personnel?
I agree that somebody should be scanning the internal network, just as somebody should be checking for unlocked doors. But that somebody should not be just any random employee who takes it upon themselves to test security....
One reason people buy these big heavy SUVs is because you cannot buy a big, heavy steel CAR anymore. The automakers build huge, heavy, ugly and inefficient SUVs not because of some secret petroleum industry payoff, but for two simple reasons:
The reason people want to buy these big heavy SUVs isn't because of brainwashing or a "Control Reality". In my case, my first car was a big heavy (used) american-made "land yatch". My favorite memories are of the huge backseat of my grandfather's Cadillac. Bot mostly because a vehicle that cannot survive both winter and "pothole season" is worthless to me, no matter how aerodynamic or fuel efficient.
It's not impossible for non-auto-industry businesses to build their own cars, and it's actually trivial to re-configure the surface of a production car.
If changing the "aerodynamic efficiency" of a production car could reduce drag significantly, the racing and custom car industry would be all over it.
I suppose the 'average individual' might start taking his Prozac as prescribed, and the problem will go awayThe media does not understand hackers, but they understand big business press releases, and sensationalism sells newspapers. I'm proud to say that my employer does not intentionally "demonize" hackers -- but often the reporters and editors do not "get" hackers, and the evil intentions of a few (aka crackers) make us all look bad.
My "media" employer doesn't care about any "Control Reality". They care about reporting the truth, and maximizing shareholder value.
Looking up from the bottom, you see conspiracy. Looking at the problem from the inside, I see no sign of grand conspiracies, no intentional plot to beat down the "annoying burr".
Always figured it was a bug in 'snoop'.
rtstyk writes:
This has already come to pass. One reason for the surge in carjackings was that more and more cars have factory installed alarms and anti-theft systems that prevent quick hot-wiring of unattended vehicles. It's a big jump from stealing an unattended car while the owner is gone to armed robbery.To quote RazzleFrog (http://slashdot.org/comments.pl?sid=31300&cid=336 7016):
HiyaPower writes:
In US Federal firearms regulation, this is illegal. There is a single part that is the 'registered receiver', which is the piece that Federal registration requires to have a serial number and on which taxes are paid.Interestingly, this same logic does not apply to firearms magazines. Manufacture and import of new "High Capacity" (10 rounds or higher) is banned, but technically you split your existing magazine down to four or so major components, buy "replacement parts", and assemble four "new" magazines, each having one component from the original legal magazine, and not violate the law.
Not that many people are in any rush to be a test case for this interpretation of the law...
To claim that you "created 2 licenses" is naive. There was one license, you split the hardware on which it ran, you still have one license, and one OpenBSD server.
http://www.jabootu.com/deathwish3.htm
The next morning, Paul and Rodriguez are on patrol when the Giggler grabs another purse. They give chase, but are soon outdistanced. (We only see Bronson running in very short clips. This helps imply that his character is running the whole distance, without causing Bronson's heart to explode in his chest.) "This Wildey friend of yours," the disgusted Rodriguez asks, "can he catch this guy?" Kersey nods yes. Back at the apartment, Bennett asks who Wildey is. "You'll see!," the impish Kersey replies. Next we see Kersey accepting a cake box sized parcel at the mail service shop. Laying the package on his table at home, Kersey looks up, and we see that all his neighbors are in attendance. "Wildey's here!," he tells them. Oh, boy! Finally, we're going to meet Wildey. Man, after all that build-up, this is going to be great!
Needless to say, it's not. Wildey turns out to be a gigantic semi-automatic pistol manufactured by Wildey, Inc. "Real stopping power," Kersey notes. Then, like some transparent audience shill in an infomercial, Bennett pipes up. "Is that like a .44 magnum?," he asks. No, Kersey replies.
The .44 is a pistol cartridge, the Wildey magnum is, "a shorter version of the African big game cartridge." (Whatever that means.) You know what
that means, right? Kersey's packin' bigger than Dirty Harry! You go, Dude! ('Dude'? I've got to stop doing that.) Anyway, it's reassuring that
Kersey will be toting the kind of firepower that you'd use to nail a rhinoceros or elephant.
Now comes the movie's low point, surprisingly revolting even for a picture like this. Maria is assaulted by Fraker and three more of the gang. Almost immediately, her shirt is ripped opened, as this scene is being used as an excused to bare some breasts. (This is why the almost pathologically modest Maria isn't wearing a bra; it would get in the way of breast baring.) Frankly, I had thought that the reprehensible practice of using rape scenes to inject some 'sex' into a picture had gone by the boards, even in exploitation flicks. Unfortunately, this film proved me wrong. My only advice is to have your remote ready when this scene begins.
We cut to Rodriguez, crying in his apartment. You can tell that it's his because of the decorative sombreros (!) on the wall. Kersey and Bennett are there to provide comfort. The report has come in: Maria was raped, but her physical injuries are restricted to a broken arm. Kersey orders a taxi and takes Rodriguez to the hospital. Meeting with her doctor, they learn that Maria has in fact died. The arm was badly shattered, resulting in blood clots that broke loose and made their way to the heart.
Back at Kersey's apartment, he's lovingly assembling new cartridges for his Wildey. Then, tucking the piece into his waistband, he heads out for the street, grabbing a camera case. (Unsurprisingly, a big logo for Nikon is quite noticeable - this is a classic example of produce placement, even though in this case I suspect it was arranged by the Pentax company.) Kersey walks down the block to the local grocery, and buys himself an ice cream bar. He also tosses one to that kid who gave him the power salute earlier. Back on the street, he spots the Giggler, and lazily hangs the camera case over his shoulder. Sure enough, the Giggler takes the bait. This time, however, Kersey is ready. He pulls out the Wildey and blows him away. This leads to an uproar of applause and celebration from the locals, as 'triumph' music plays in the background.
The next morning the rest of the gang is bummed out. "They killed the Giggler!," one sensitive young hood cries. "They had no business doin' that," Fraker agrees. Meanwhile, Shriker shows up to check out the crime scene. A woman, one of the celebrating citizens from the previous evening, runs over to give him her two cents. "I'm glad he's dead," she shouts. "He took my pocketbook three weeks ago!" (Wow, talk about a law and order mentality!) Shirker pulls back the sheet to examine the corpse, complete with a neat circular 'wound' through his chest. "There's not much left of this sucker, is there?," he inquires. Well, yeah, actually. Pretty much all of him, save for the part of his chest through which the bullet passed. I mean, they're not going to have to collect his remains with a sponge or anything.
For example, I got burned by a bad lot of Maxtor SCSI drives (bought 10 identical drives, and 8 failed within 18 months) almost a decade ago, and ever since have been reluctant to purchase drives with the Maxtor logo.
Others have similar tales of woe about Seagate, IBM, Quantum (now merged with Maxtor) etc.
Regarding the message suggesting Seagate is good, I have had mixed results with them. The drives tend to become noisy within a year or so, and once the bearing noise gets really loud, it becomes a game of russian roulette -- every time you power down a system with a 'loud' seagate drive, you never know if it will ever come back up...
I don't have this particular problem with Quantum or Fujitsu drives. OTOH, I have around 100 Seagate drives, but only a dozen or so Fujitsu (Sun shipped every system with Seagate for years, only recently using IBM and Fujitsu branded drives).
(Says the guy posting to slashdot in the middle of the night)
http://lists.dachb0den.com/pipermail/bat/2002-Apri l/000202.html
Generally slackers will abuse IM just like they will abuse 'free' phone calls -- to stay in touch with friends and family, make plans to go out after work, or just idle chat.
It can be difficult to implement a technical ban on instant messaging, webmail, etc. There are two many different services using different protocols and different servers to easily create firewall or filter rules to block them all.
AOL Instant Messenger is an interesting example. The AIM client is very persistent in trying to establish connectivity with their servers. First it tries the 'official' OSCAR protocol on port 5190, but if that fails, it tries a high port, and also FTP, SSL, and other protocols that many firewalls permit unrestricted outbound client access.
The text-interface equivalent is 'tethereal', which provides realtime decoding of AIM messaging traffic, and supports logging raw packets to a file.
One of the most common ways for AIM to work through a firewall is by pretending to be a SSL connection to the AOL 'oscar' server, and tunnel through a HTTP/SSL proxy. But in reality, that session is still cleartext, easily intercepted.
I am not sure if any similar software currently exists for MSN, Yahoo or ICQ. IRC is trivial, and Jabber's XML doesn't take much to extract to human readable dumps.
Even Jabber's SSL support only offers minimal protection, as (despite repeated requests to have the feature added) none of the Jabber client software implementations include any checking of the server certificate, so all Jabber clients are vulnerable to 'man in the middle' attacks.
The R3 is an all-band receiver with built-in video, and can receive broadcast TV, ATV, and wireless video, including 900Mhz and 2.4Ghz transmissions.
Unfortunately, the 2.4Ghz range only covers three of the four XCAM frequencies, and the receiver is deaf as a post above 2Ghz, even with a good antenna.
What I have found particularly striking is the extensive effort made to suppress this story.
I'm not sure how much of this story I believe, here are some other (mostly right-wing) sites that covered this:
I've seen many of the following tactics in action myself:
CHICAGO RULES OF ELECTION FRAUD
HOW TO STEAL AN ELECTION
VOTE EARLY AND VOTE OFTEN: Our election get-out-the-vote effort was pioneered by Mayor Richard Daley in 1960 when he stole the election from Richard Nixon.
- CEMETARY VOTERS: Read the obituaries every day. One must keep track of
everyone who dies, so that they can be registered in the appropriate cemetary
precinct. We have voters in the Mt. Olive Cemetary who have been voting for 100 years. Relatives will often assist as keeping the dead voter on the rolls also keep the Social Security checks coming in. If you know of someone who used to live in Chicago and who died, they are still eligible to vote.
- HOMELESS VOTERS: Register the homeless at the Cook County Courthouse instead of General Delivery. All they have to do is hang out at the courthouse one day a year to claim residency. Then round them up and give them free cigarettes to vote. We used to give them bottles of wine, but they couldn't remember to vote our way.
- NURSING HOME VOTERS: Early (or absentee) voting has greatly expanded our capabilities of increasing the turnout. Take bags full of early ballots to nursing homes, and get everyone in the home to vote...especially the Alzheimer's cases.
- COLLEGE STUDENTS: College kids like to screw the system, and they'll vote
more than once just for the sheer pleasure of it, especially kids at Catholic
universities.
- Voters who have moved often can vote in the
precinct where they used to live, and then in their new precinct. They will not be on the rolls in the new precinct, so they'll vote a "Questioned Ballot". Not to worry.When the ballot is questioned after the election, we will have our political hacks permit the votes to be counted.
- VOTERS PASSING THROUGH O'HARE: Many votes can be obtained bysoliciting voter registration at our airports. They are legally residents of Chicago,
at least for a few minutes.
- MOTOR VOTERS: Take license plate numbers of out-of-state cars passing through on the freeways, run them through DMV to get their addresses, and
automatically reguister them in Chicago. Then vote them. They won't know, since they actually live in Wyoming.
- ILLEGAL ALIENS: Some of our most reliable voters are the thousands of illegal aliens we have in the city. In exchange for not telling INS where they live or work, one can get a solid block of votes.
- NEWBORNS: Our children are more and more precocious, so we register them at birth. Maternity wards are some of our best precincts.
- RECOUNT THE VOTES: In the unlikely event our candidates don't win the first count, then demand a recount. Fill the recount room with loyal supporters, and tow away the cars belonging to the enemy. If you can't win a recount, then you arenot a Chicago Democrat.
http://www.bandersnatch.com/chicago2.htmCheck out the Boker site (www.bokerusa.com) for examples of both applications.
Price and 'sexiness' aside, there are some real advantages to titanium watch bands. All of the strength of a steel band, at a fraction of the weight. I've also noticed that this watch doesn't feel as cold in winter.
I find that Plastic bands do not last, leather bands get sweaty. IMHO, a metal band with a good fit (not too tight, not too loose) works best for me, and they last forever with only minor scratches.
One drawback -- the dull "grayish" hued TI shows scratches more than my old (shiny steel) band. I like the less flashy look (compared to steel) and the lower weight... I've had plastic "sports watches" that weigh more.
You say that like it's a bad thing. This is exactly the attitude I want in the corporate executives of any company in which I have invested.
I'm not quite sure how "drink employee blood" can maximize shareholder value, but I wouldn't be too suprised to see it in certain people's DayPlanner.
Management is in an interesting quandry. Due to a hiring freeze, if you fire somebody here, you have basically no chance of replacing them -- most of the time the position is eliminated.
This Catch-22 actually leads to managers holding onto borderline incompetent employees, as firing them just ends up cutting the manager's budget and number of direct report staff...
So now I make a trek (during work hours) to the local mega supermarket and stock my group's private mini-fridge with our choice of soda cans. Everybody who wants 'free soda' has to chip in five bucks once every few weeks.
$5-$10 a month is cheaper than quitting and trying to find a new job.
OTOH, it kind of pisses me off when management takes away perks without any sort of explanation or notice, and with little or no chance of ever getting them back when things get better.
Little things have all been cut off over the past year or so. Things like free soda, the office plant rental service, annual raises...
I won't slow down my production or tolerate laziness just to avoid hurting the ego of others -- generally I work best when my peers are at least as smart as me, if not smarter. I've had the luck to work with some very bright people, and we work together as a group, and meet our deadlines -- not following the company clock on any given day, but still putting in a solid work week in the end.
I work very well with a small team of equally bright people. Some members of my team are morning people, some are not. But at the end of the week, we still get the work done.I contribute much more value to the company than "any compitent engineer". I also am not a morning person, and making me follow a strict 8:30-5:00 schedule might make my manager look good to his superiors, but is only going to hurt my morale and productivity.
The worst possible manager is one who is more interested in looking good to his superiors than keeping his direct reports happy. My team has no problems with me starting later in the day and leaving later in the evening... the only people who complain are members of other groups who see me wander in at 10:30 and feel like I have a privilege they are missing. Of course, they go home at 4:30, and never see how late I stay.
Sounds like you have some problems of your own.There are way too many people in I.T. who are either stupid or lazy, and only put in the minimum amount of effort (plus plenty of sucking up to the boss) to avoid getting fired. This is encouraged by the tolerance of this behavior by management, who see a quiet employee who doesn't make any waves and value them as much or as more as the "Einsteins" who accomplish 10x as much in a given week, but also require a bit more flexibility and perhaps even a few perks every now and then.
My servers have Sun LOM/RSC serial consoles connected to a 'secure' (OpenBSD) serial console server, so forcing a re-install of the base OS is as simple as shuttting down, entering 'boot net - install' at the 'ok' prompt, and waiting 45 minutes or so. I can do this as easily from across the office or across the country.
I routinely build, hack, and rebuild test servers several times a day. Others report doing 500 machine rollouts with little or no human intervention.
Some of the features of the Sparc PROM and Jumpstart can be duplicated with a boot floppy, but many of the coolest features are not as easily imitated. The PC Weasel is a pale imitation of the boot PROM. APC remote power cycling doesn't come close to the functionality of Sun's Remote System Control. Linux 'netboot' is years behind Sun's Jumpstart software.
I had the process working perfectly with SunOS and NetBSD, but Debian was rumored to have the best support for the dBRI audio chipset...
I tried Debian, I tried RedHat, I read the HOWTOs and FAQ files, but Linux just would not work with network booting a Sparc and mounting a NFS root. There's been orders of magnitude more effort put into NetBSD's netboot support, to the point that I have better luck booting Linux from the 64K NetBSD tftp bootloader than the Linux method of tftp'ing a 1.6M kernel.
Eventually, I give up, and go back to NetBSD for these LX boxes. They boot, use NFS for root, and even swap to a file mounted on NFS. Works like a charm, boots fast and reliably, they just can't play music.