I use (as both a programmer and buyer) most of the major freelance sites. Scriptlance (scriptlance.com) is another major one.
The market is so flooded I moved to Asia with a can't-beat-em-join-em mentality and its worked out rather well for me, I can offer the assurance of having non disclosure agreements actually binding and enforce-able and folks like cheap Americans.
There is *no way* I could feed myself / family freelancing while living in the US. Absolutely no way. The whole idea behind going Freelance was so I could be at home with my 1 year old and not miss her growing up being an IT slave droid.
While I'm not recommending all US coders get up and move to Manila, I am cautioning you that freelancing should be considered a second, not primary source of income if you have dependents to worry about and live in the US.
I miss the States, terribly.. but I had very little choice if I want to see my kid grow up.
Consider that the attention span of the person accepting the telemarketing call (if they accept it) is about 5 minutes at best.
Now formulate a sales pitch that highlights what Unisys has to offer within that time frame in a way sure to grab the attention of the call taker, and convince the call taker to relay information and interest up stream to the person who signs the checks. CIO/CEO's often don't take marketing calls:)
Furthermore, within that 5 minutes, convince the call taker to give you information about their existing infrastructure so you had the info you need to show the value of the product you want to sell as it relates to them.
While this approach is rather unorthodox, I don't see many other ways they could go about it considering the price tag of their systems and amount of data someone has to ingest to understand their use and cost effectiveness.
Unisys has been rather active in the Xen community testing the latest builds and features on their machines and relaying the output on the lists, which I think is designed to entice people into the vaule of a Virtualized Unisys platform (32 processors / 64 GB is rather enticing virtualized via Xen).
I guess that didn't work out so well, because I haven't seen a peep from them on the lists.. and now this.
So its not like they didn't explore alternative advertising schemes prior to this one.
How would *you* market their stuff? I'm not saying this is the best way, but some major out of the box thinking and technique would have go to into it.
You mean to tell me a terror attack would stop porn viewing?
Har, porn sites have more backups than NORAD has blinking lights. In fact, I'd venture that after hearing of a terror attack, your average/. reader would be heading to the nearest available free porn TGP for a 'confidence boost' prior to driving home in rush hour 'post-terror-attack' traffic.
Re:That's not like any BASIC program *I* ever wrot
on
Why Johnny Can't Code
·
· Score: 1
>> 10 FOR X=0 TO 15
If you want to see 15 pairs of tits, you better change that to a 16.. don't forget one will match the output to the screen color.
Considering it is tits, I think you could have PEEKed instead of just going poking. Sheesh, she if she ever shows them to YOU again:P
The host is never out of it. You're using their IP and bandwidth, for which the pay their upstream provider or data center. I get a half dozen ofthese a week folks, trust me on this one :
We have to yank until there has been a court ruling in favor of the site in question, 99.9% of the time.
Sometimes, upstream providers if they feel the DMCA complaint is foundless will allow it to stay on-line, but if the ruling goes the other way said upstream provider is then in the can to get sued for damages too, which has happened.
DMCA / Copyright is the silliest thing in the world, I agree.. and there really is no clear cut leigislation regarding it or at what point a site should be taken down, or even if. It seems like the carriers (ones I mentioned like Level3 / Verio / etc) kind of just made this accepted procedure and nobody questioned it.
Goes to show that its still kind of a legal 'wild west' , and that we need people in congress who aren't out of touch with all of this to give us some more difinitive guidelines. I , and others I'm sure wish we could just cite legislation to our clients when these things come in so they don't see us as the bad guys too. "Hey man, its the law sorry I had no choice" goes over a lot better than "Well, we have to wait and see what the mindless legal drone at sprint says... "
I hope this gets enough publicity to call some attention and criticisim on all of these 'sketchy' areas of the dmca laws.
On a final note.. I and many people here helped to build what our kids now call The Internet. I don't think this crap was what any of us had in mind when we were first getting the bugs out of uucp & store and forward.
If these guys even glanced at the DMCA laws they would kick themselves in the legal checkbook. Anyone who operates a hosting company , even one on the side knows when the formal DMCA notice arrives, you must yank the site unless the owner can furnish a court ruling allowing it to exist. Depending on your upstream provider, some will go to bat if you can show your client is at least in litigation with the complaining party.. and wait for the outcome, but that's rare. Anyone hosted in infomart (or on level3, cogent, willtell , etc bandwidth) or any other 'cafeteria style' DC is under a yank-first-and-ask-questions-later policy.
That being said, such a court ruling would almost be automatic. Parody sites are protected, I helped one of my clients stand up against the big bad e-bay and they won. I'd post a link, but.. well I don't feel like going to the DC with a fire extinguisher to put out the nic:)
I've never, ever seen someone threaten to go to the isp *last*.. how did this feeble gray matter manage to cook up something that took over children's television for years?
At this point their lawyers saying anything other than "Duh!" would be almost as comical as the parody itself.
VMWare and Xen are just tools that are made available for people with curiosity or need to re-invent their own wheels (with some skill and patience). Xen is just that, a set of tools - just like VMWare, its not meant to be any kind of stand alone solution. You use Xen (or VMWare) in conjunction with a well thought out plan to help you :
1 - Come closer to squeezing out every drop of resources your racks have to give 2 - Make your racks easier to manage and recover (adding failover and high availability) 3 - Maximize your R&D dollars whenever possible.
Why ask the tool companies to build the buildings... isn't that the job of the builders?
I think most/. readers at least once in their life played with Leggo building blocks, yes? Well, did anyone actually build the toy that was pictured on the front of the box? or did you just chuck all your cool new pieces in the box with the rest of your blocks and use everything at your disposal?
Oracle is way off and is asking Xen and VMWare to shift focus and bastardize their producs, which is only going to serve to make a lesser product. Let Xen keep going , read the Xen devel list - they be jammin.
Whining for the sake of whining? Oracle - stay outta my toolbox please:)
Installing Windows from a year and a half old install CD and jumping right to an old version of Internet Explorer (to sites like myspace) before running any updates is akin to a white dude walking naked through harlem with half of a racial slurr painted on each butt cheek... generally, a dangerous thing to do.
In a perfect world nobody makes bad code and we all sing kum-by-yah and watch the lights on the routers blink. But until then.. well, software licensing should be made to refer certifying the operators capability to not be a moron.
I love to put blame on people who make more money than I do off the Internet. But this time I really can't find much fault with myspace. If it was a zero day exploit, well , then.. still - its understandable that a million got infected as they get that many page views in 15 minutes.
You really have to look at it scaled. Myspace is huge, they have to watch thousands of servers. You (the home user) have one freaking PC to keep updated.
And people are saying myspace are the ones to blame? Cmon, whats the problem?
>> Makes me question myspace, you'd think they have people watching for these sorts of attacks.
Yes, and you're 100% right. Since they are syndicating it, showing 'due diligence' in making sure they aren't syndicating harmful code is their responsibility.
The question comes down to , reasonably, what is a good percentage to equate with 'due diligence' in checking what they syndicate. They have a few million pages, videos and photos to police, as well as watching what their advertisers are using their network to display.
So even if they go way above and beyond the 80% catch rate of abuse prior to it leaving their network, stuff like this is still going to happen. I'd imagine they only catch about 70% of illegal use involving their network, and considering its size and attractiveness to bad-doers, that's not bad.
Of course its an age old argument, who is most at fault. The person who shot the gun or the company that provided it?
I am also noting a rather old vulnerability was exploited, and people not updating their systems need to share some of the blame.
Well, not exactly. The key words is 'after its posted' . So since its new news to slashdot, the cycle repeats itself, only this time its slashdot we're metering, not the article.
What they are talking about is something most of us already know, and understand.. however can't quite articulate.
Their accomplishment then is not realizing the trend, but finding a way to illustrate it, which led with being able to articulate and substantiate it.
I understand lots of things that I couldn't possibly hope to articulate. All of us do.
Found TFA to be quite interesting because they took a very mythotical approach to making an abstract tangible.
Mod that up +5 informative. I checked, and you're absolutely right, and now I'm also wondering how the word got twisted 180 degrees.
Now I need to find a new insult. Douchebag just doesn't read well to me, Dumbass is too generic and I can't find a proper spelling for nincompoop, however I think I have it right.
Retard isn't politically correct, whipper snapper is too old fashioned and dolt is too condescending to imply humor.
I think the key words are "Reasonable Expectation Of Privacy" , Your local PD will have to base their decisions on if a search warrant is needed to obtain something from that phrase.
Another one is "Plain View" vs "Concealed".
If you post something on a public forum, open chat room, newsgroup or other medium where you can't possibly have any expectations that what you write will only be viewed by one, or a select group of people, then you really can't complain when the cops come and bust you for it, if you're describing or conspiring to commit an illegal activity. The charge would of course be conspiracy, unless you were bragging about something you already did.
Really no different than bragging to your buddies in a bar about it, or planning a crime in "plain view".
I think where they are going to the extreme is really stretching what is "a normal expectation of privacy" , i.e. now its "Well you know we're listening randomly, so you can't expect phone calls to be private" , which is a very scary precident.
We cooked up one of those to look for some of our IP's / hostnames on undernet. Its really, really easy to code, the trick is keeping your bot connected, and not bringing a DOS attack on yourself by trying to monitor for eminent DOS attacks.
So you really need like 20 or 30 of them, and a wide range of class C IP's that aren't swip'ed to you.
But yeah, quite easy to do. We even had one watching Yahoo rooms with a skinny text / Linux client for Y! chats, when the user rooms still existed.
After a few months it was really obvious that trying to monitor rooms to anticpate hassles caused more hassles than we were preventing.
But for something like the FBI would use it for, I guess its worth the hassles.
Really and honestly, I'm glad they do it. I only bitch when they cross the line of what I would consider to be a reasonable expectation of privacy. Eavesdropping on an open chat is much different than broad logging and analysis of bank transactions, phone conversations, etc.
I think (lately) anyway, they're realizing the latter is causing more hassles than it prevents.
I was thinking 'now this was obviously staged' when reading TFA, but then I thought about how stupid the plot uncovered was.. and I'm beginning to think.. yeah, well the truth is stranger than fiction. I find it easier to believe a few dumbasses were trying to cook something up in open chat (something incredibly stupid at that) than the FBI is drumming up successes for an upcoming election.
>> To be honest, I haven't read this article. The comments about it in Slashdot have been very informative, and I >> don't feel the need!
That's sort of like farting in an elevator and taking credit for it on the spot. While some may quietly chuckle to themselves and admire your bravery, publicly they are compelled to bitch-slap you.
>> The question for me: Is it better to launch a thousand techies enthusiastically at a new technology, or 500 of >> them with mis-givings? The article may have left out some warnings, but I've come to expect that from this type >> of publication.
If it wasn't a slashvertisement to begin with, I probably wouldn't have posted. However the only thing they appear to be driving a thousand techies at are the advertisements on the pages, hence why the article is broken up into so many sections. More clicks = more banner rotations. They're doing this at the expense of Xen, by driving new users to the lists with questions about why things don't work based on mis-information they gathered from what they feel is an authoritative source on the subject.
>> Sounds like it was a virtual writer, writing a virtual article. He insulated himself in a virtual reality
If you had RTFA, I'd say you hit the nail right on the head. However since you didn't , and got that impression.. that just strengthens the point I made originally. And, yeah.. thats basically what it was.
You didn't miss much, however - reading the ingredients on the back of a lysol can while taking a dump would be more entertaining than TFA, and a more productive use of time.
>> The guy he interviewed about Xen probably got five minutes to talk about it a starry-eyed manner.
I think they just ripped a bong and started typing, It wasn't constructed in a manner cohesive enough to suggest an interview took place (with anyone sober and involved with Xen, anyway.. )
Sorry for the double bang, I forgot to comment on the author mentioning Migrating NetBSD dom-u's using the loop-n-go method.
You can't mount bsd slices as a loop device. You need a utility like lomount. Here's a copy if you read the article and want to play with Xen/NetBSD. Compiles easily with gcc.
Just another example of how you can frustrate people with mis-information, and give the topic of your article the bad rep.. when it was really a lack of research on your part.
I read the article about Xen, because Xen is what interests me. I'll go back and read the others later. Looks like more of a slashvertisement than anything useful, esp on the Xen writeup.
From TFA:
>> Use the "dd" command to copy the boot drive from another server to a local file, point Xen at that file, and boot >> the VM (virtual machine). Who needs consultants?
Apparently, the author does, and they have not been reading the Xen devel or user's mailing lists.
File backed virtual block devices can be very problematic for high volume services and applications such as MySQL, Apache and others. Most of us really using Xen on deployments that 'matter' have switched to SANS and using either LVM or real partitions.
Think about how long it takes to create a 3 GB loop device, then copy over the contents over a 10 or 100 meg switch (as you'd find on a hobbyist's desktop).
Migration only takes a few seconds once that's done.. but I am asking the author.. Please don't make something very amazing like Xen disappoint people because you're publishing information you really have not researched that is not accurate.
If you want to write information on hot topics to draw readers and slashvertise it, great - go for it. Just be sure its accurate.
They also barely touched on what is so magic about running 32 bit guest kernels inside of a 64 bit host, the new Xen credit scheduler, and other really cool things going on with Xen.
If you're going to present yourself as an authority, please present fact, and all of the facts. Please don't setup something like Xen (which many people are working very , very hard on, HP, IBM, Novell, Redhat to name a few) to just dissapoint new users. Nobody would say "Wow that article must have been wrong", they'll say "Wow, Xen is too hard to get working like that article said". Be careful what you capitalize on to sell a few ad clicks;)
>> Also, ANYTIME someone has unrestricted access to A government computer system it could be dangerous. What if a >> member of this committee grabs the FBI File for their opposition in the next election? Then goes willy-nilly with >> CIA records?
Well, it seems like that's just what happened, doesn't it? Well, minus the willy-nilly part.
>> American separation of powers mean that outside well-defined limits, Congress cannot interfere with the Executive >> branch (like the FBI, CIA, and other institutions).
Seems to me that would fall under "checks and balances" inbetwixt the branches, as is commonly done now with senate oversight hearings and subpoenas.
The problem is we have gaping holes in our national IT security, and following conventional courses will not get them patched quickly enough to avert major problems.
The president is inisiting that the government have special powers over the people, well we the people *own* those insecure systems. We need to insist on better checks and balances, as the scales are really tipped to one side.
Congress should have the power to clean house, thats why we elect them. Not just power to complain but power to actually do something. You don't need full access to a network to know its insecure, a quick look at the planet tells you that.
We need CCIP / CCIE's in congress. Not MCSE's, not RHCE's (I.e. forget the "worthless paper" certs), real certified internet professionals who can not only help to plug our own holes but bring sanity to the leigslation that threatens net neutrality.
Regular access audits would have picked this up much sooner. End of story. By hanging this poor bastard out to dry, they've basically exposed even more lack of security.
I call for this every time something like this gets published , and I'll call for it again :
We need (real) IT professionals in Congress, they need to form an oversight committee, and they need to have pretty much unrestricted access to most systems so they can be effective.
These holes have *got* to get plugged. Its not only embarrassing, its media porn and its going to encourage hacks that *do* result in something bad happening.
The mice will play. Mysteriously, the blog link is a 404. I'm sure it was just a typo:) Kind of interesting timing, as Bill goes off to spend billions of someone else's dollars and now has to deal with packing as much as possible into PC's that will ship to developing countries.. all of a sudden an about face.
Not sure if this is him realizing just how difficult a lack of interoperability was making things in the real world, or his way of saying "Folks, I'm really (honestly) hands off now, see?"
So... on the list of probably wont happen... :
[21] hell freezes over . . [24] MS Supporting ODF plug-in . . [28] Cheney on TV without makeup
You may be used to Virtuozzo, which does not truly separate a VM's access to memory. I'm not going to go into a bunch of detail about it, as we'd go way off topic.
Denial of service attacks generally result in the shared host's main shared IP needing to be null routed, which means they have to change it.. and you end up waiting 72+ hours for it to propagate before you enjoy the full services you pay for.
An insecure forum hosted by your "neighbor" can give me access to everything in your home directory, easily.
There are golden apples who are somewhat picky about who they'll sell an account.. and they actively watch the servers to make sure they intercept, or at least quickly deal with interruptions.
The point is, you take a major gamble with what (could) be important by purchasing something advertised safe with a 99.9 % uptime guarantee, and sadly.. you lose much more than the SLA says they need to credit you when disruptions occur.
At least host your email on your own box , or a Xen dom-u (VPS), if its important to you. I've worked for some of the larger US hosts, and I can tell you - you're in a sardine can, even if you don't realize it.
Good place to research hosts (and bitch about them) is web hosting talk
One of the better moderated hosting related forums available.
Take a look at unixshell, or someone like them. Its cheap enough to play with for a month.. I think you'll see why I'm saying shared hosting all together is about to become a thing of the past.
No, we actually hire outsourced support agencies and make them do everything. Not as fast as a USB 2.0 jack from your brain to the box, but it is one.
Honestly folks with the advent of Xen I suggest avoiding shared web hosting at all costs. No matter how grand dios the control panel is, or how cleverly they've been able to transcend text descriptors into arguments for simple shell scripts, you have the following issues :
1 - Popular scripts require functions enabled in php which have corresponding popular vulnerabilities, if your script itself is vulnerable. Who's to say your neighbor is uploading a secure version of phpBB ? Your host can't disable functions needed to secure the box against what *could* get uploaded or they'd cripple 60% of what people want to use the hosting for in the first place.
2 - You don't get the resources you pay for.
3 - You're paying way too much. You can lease your own box for the cost of a typical re-seller account.
4 - Email from hundreds of domains all using one outgoing mail IP
5 - You suffer from your neighbor's DOS attack because he posted something offensive on his forum or blog
The list goes on , and on.. and on..
Find yourself a provider like provps, unixshell, or someone else offering a xen dom-u at a reasonable price. Then install whatever you like to help manage it, or hire someone to do it.
IMHO, a jazzy hosting CP, if on shared hosting is like laying a tird in a basket with fluffy green easter grass. No matter how much you dress it up, its still a tird, and something anyone can make themselves.
C-Panel, Ensim, Plesk, Hsphere, All of them, are over hyped, over resource taxing pieces of shit. I know this because I have the gross misfortune of having to manage a few hundred shared hosting servers.
This one actually bent the needle on my fud-o-meter. Musta been a slow news day.
Well not so good depending on if it gets pushed back again. They're really hoping for a daytime launch because they need to keep an eye on foam, if they are forced to launch too early the cameras they have all over the SRB's aren't going to get the data they hoped for.
If there is another problem with that foam, and no camera data because of launching at night (or pre dawn), well thats going to be a major obstacle.
Its really, really important for the whole space station program that this launch happens, without a hitch. The shuttle program costs too much to keep going beyond the 10 years that are slated for it, without interfering with programs that could (possibly) take us to mars. Those programs hinge on a completed space station.
So even a 1 month delay now.. could have a very negative impact 9 years down the road when the plug gets pulled on the shuttle program. NASA has already said, that plug gets pulled no matter what.. so if you have a few fingers not doing anything else when the launch is scheduled, cross them:) We've almost exhausted our margin for error in the 'grand scheme' of the entire program, and there is quite a ways to go.
Slashdot Mirror
I use (as both a programmer and buyer) most of the major freelance sites. Scriptlance (scriptlance.com) is another major one.
.. but I had very little choice if I want to see my kid grow up.
The market is so flooded I moved to Asia with a can't-beat-em-join-em mentality and its worked out rather well for me, I can offer the assurance of having non disclosure agreements actually binding and enforce-able and folks like cheap Americans.
There is *no way* I could feed myself / family freelancing while living in the US. Absolutely no way. The whole idea behind going Freelance was so I could be at home with my 1 year old and not miss her growing up being an IT slave droid.
While I'm not recommending all US coders get up and move to Manila, I am cautioning you that freelancing should be considered a second, not primary source of income if you have dependents to worry about and live in the US.
I miss the States, terribly
Consider that the attention span of the person accepting the telemarketing call (if they accept it) is about 5 minutes at best.
:)
.. and now this.
Now formulate a sales pitch that highlights what Unisys has to offer within that time frame in a way sure to grab the attention of the call taker, and convince the call taker to relay information and interest up stream to the person who signs the checks. CIO/CEO's often don't take marketing calls
Furthermore, within that 5 minutes, convince the call taker to give you information about their existing infrastructure so you had the info you need to show the value of the product you want to sell as it relates to them.
While this approach is rather unorthodox, I don't see many other ways they could go about it considering the price tag of their systems and amount of data someone has to ingest to understand their use and cost effectiveness.
Unisys has been rather active in the Xen community testing the latest builds and features on their machines and relaying the output on the lists, which I think is designed to entice people into the vaule of a Virtualized Unisys platform (32 processors / 64 GB is rather enticing virtualized via Xen).
I guess that didn't work out so well, because I haven't seen a peep from them on the lists
So its not like they didn't explore alternative advertising schemes prior to this one.
How would *you* market their stuff? I'm not saying this is the best way, but some major out of the box thinking and technique would have go to into it.
You mean to tell me a terror attack would stop porn viewing?
/. reader would be heading to the nearest available free porn TGP for a 'confidence boost' prior to driving home in rush hour 'post-terror-attack' traffic.
Har, porn sites have more backups than NORAD has blinking lights. In fact, I'd venture that after hearing of a terror attack, your average
>> 10 FOR X=0 TO 15
:P
If you want to see 15 pairs of tits, you better change that to a 16.. don't forget one will match the output to the screen color.
Considering it is tits, I think you could have PEEKed instead of just going poking. Sheesh, she if she ever shows them to YOU again
The host is never out of it. You're using their IP and bandwidth, for which the pay their upstream provider or data center. I get a half dozen ofthese a week folks, trust me on this one :
... "
.. I and many people here helped to build what our kids now call The Internet. I don't think this crap was what any of us had in mind when we were first getting the bugs out of uucp & store and forward.
We have to yank until there has been a court ruling in favor of the site in question, 99.9% of the time.
Sometimes, upstream providers if they feel the DMCA complaint is foundless will allow it to stay on-line, but if the ruling goes the other way said upstream provider is then in the can to get sued for damages too, which has happened.
DMCA / Copyright is the silliest thing in the world, I agree.. and there really is no clear cut leigislation regarding it or at what point a site should be taken down, or even if. It seems like the carriers (ones I mentioned like Level3 / Verio / etc) kind of just made this accepted procedure and nobody questioned it.
Goes to show that its still kind of a legal 'wild west' , and that we need people in congress who aren't out of touch with all of this to give us some more difinitive guidelines. I , and others I'm sure wish we could just cite legislation to our clients when these things come in so they don't see us as the bad guys too. "Hey man, its the law sorry I had no choice" goes over a lot better than "Well, we have to wait and see what the mindless legal drone at sprint says
I hope this gets enough publicity to call some attention and criticisim on all of these 'sketchy' areas of the dmca laws.
On a final note
Shame on that annoying purple bastard.
Probably because you're linking to fox news ...
If these guys even glanced at the DMCA laws they would kick themselves in the legal checkbook. Anyone who operates a hosting company , even one on the side knows when the formal DMCA notice arrives, you must yank the site unless the owner can furnish a court ruling allowing it to exist. Depending on your upstream provider, some will go to bat if you can show your client is at least in litigation with the complaining party .. and wait for the outcome, but that's rare. Anyone hosted in infomart (or on level3, cogent, willtell , etc bandwidth) or any other 'cafeteria style' DC is under a yank-first-and-ask-questions-later policy.
.. well I don't feel like going to the DC with a fire extinguisher to put out the nic :)
.. how did this feeble gray matter manage to cook up something that took over children's television for years?
That being said, such a court ruling would almost be automatic. Parody sites are protected, I helped one of my clients stand up against the big bad e-bay and they won. I'd post a link, but
I've never, ever seen someone threaten to go to the isp *last*
At this point their lawyers saying anything other than "Duh!" would be almost as comical as the parody itself.
What a world.
VMWare and Xen are just tools that are made available for people with curiosity or need to re-invent their own wheels (with some skill and patience). Xen is just that, a set of tools - just like VMWare, its not meant to be any kind of stand alone solution. You use Xen (or VMWare) in conjunction with a well thought out plan to help you :
... isn't that the job of the builders?
/. readers at least once in their life played with Leggo building blocks, yes? Well, did anyone actually build the toy that was pictured on the front of the box? or did you just chuck all your cool new pieces in the box with the rest of your blocks and use everything at your disposal?
:)
1 - Come closer to squeezing out every drop of resources your racks have to give
2 - Make your racks easier to manage and recover (adding failover and high availability)
3 - Maximize your R&D dollars whenever possible.
Why ask the tool companies to build the buildings
I think most
Oracle is way off and is asking Xen and VMWare to shift focus and bastardize their producs, which is only going to serve to make a lesser product. Let Xen keep going , read the Xen devel list - they be jammin.
Whining for the sake of whining? Oracle - stay outta my toolbox please
Thats exactly right.
.. well, software licensing should be made to refer certifying the operators capability to not be a moron.
.. still - its understandable that a million got infected as they get that many page views in 15 minutes.
Installing Windows from a year and a half old install CD and jumping right to an old version of Internet Explorer (to sites like myspace) before running any updates is akin to a white dude walking naked through harlem with half of a racial slurr painted on each butt cheek... generally, a dangerous thing to do.
In a perfect world nobody makes bad code and we all sing kum-by-yah and watch the lights on the routers blink. But until then
I love to put blame on people who make more money than I do off the Internet. But this time I really can't find much fault with myspace. If it was a zero day exploit, well , then
You really have to look at it scaled. Myspace is huge, they have to watch thousands of servers. You (the home user) have one freaking PC to keep updated.
And people are saying myspace are the ones to blame? Cmon, whats the problem?
>> Makes me question myspace, you'd think they have people watching for these sorts of attacks.
.. 'shit happens.'
Yes, and you're 100% right. Since they are syndicating it, showing 'due diligence' in making sure they aren't syndicating harmful code is their responsibility.
The question comes down to , reasonably, what is a good percentage to equate with 'due diligence' in checking what they syndicate. They have a few million pages, videos and photos to police, as well as watching what their advertisers are using their network to display.
So even if they go way above and beyond the 80% catch rate of abuse prior to it leaving their network, stuff like this is still going to happen. I'd imagine they only catch about 70% of illegal use involving their network, and considering its size and attractiveness to bad-doers, that's not bad.
Of course its an age old argument, who is most at fault. The person who shot the gun or the company that provided it?
I am also noting a rather old vulnerability was exploited, and people not updating their systems need to share some of the blame.
So I guess in essence
Well, not exactly. The key words is 'after its posted' . So since its new news to slashdot, the cycle repeats itself, only this time its slashdot we're metering, not the article.
.. however can't quite articulate.
What they are talking about is something most of us already know, and understand
Their accomplishment then is not realizing the trend, but finding a way to illustrate it, which led with being able to articulate and substantiate it.
I understand lots of things that I couldn't possibly hope to articulate. All of us do.
Found TFA to be quite interesting because they took a very mythotical approach to making an abstract tangible.
Mod that up +5 informative. I checked, and you're absolutely right, and now I'm also wondering how the word got twisted 180 degrees.
Now I need to find a new insult. Douchebag just doesn't read well to me, Dumbass is too generic and I can't find a proper spelling for nincompoop, however I think I have it right.
Retard isn't politically correct, whipper snapper is too old fashioned and dolt is too condescending to imply humor.
I think I'll go with bungler from now on.
I think the key words are "Reasonable Expectation Of Privacy" , Your local PD will have to base their decisions on if a search warrant is needed to obtain something from that phrase.
Another one is "Plain View" vs "Concealed".
If you post something on a public forum, open chat room, newsgroup or other medium where you can't possibly have any expectations that what you write will only be viewed by one, or a select group of people, then you really can't complain when the cops come and bust you for it, if you're describing or conspiring to commit an illegal activity. The charge would of course be conspiracy, unless you were bragging about something you already did.
Really no different than bragging to your buddies in a bar about it, or planning a crime in "plain view".
I think where they are going to the extreme is really stretching what is "a normal expectation of privacy" , i.e. now its "Well you know we're listening randomly, so you can't expect phone calls to be private" , which is a very scary precident.
We cooked up one of those to look for some of our IP's / hostnames on undernet. Its really, really easy to code, the trick is keeping your bot connected, and not bringing a DOS attack on yourself by trying to monitor for eminent DOS attacks.
.. and I'm beginning to think .. yeah, well the truth is stranger than fiction. I find it easier to believe a few dumbasses were trying to cook something up in open chat (something incredibly stupid at that) than the FBI is drumming up successes for an upcoming election.
:)
So you really need like 20 or 30 of them, and a wide range of class C IP's that aren't swip'ed to you.
But yeah, quite easy to do. We even had one watching Yahoo rooms with a skinny text / Linux client for Y! chats, when the user rooms still existed.
After a few months it was really obvious that trying to monitor rooms to anticpate hassles caused more hassles than we were preventing.
But for something like the FBI would use it for, I guess its worth the hassles.
Really and honestly, I'm glad they do it. I only bitch when they cross the line of what I would consider to be a reasonable expectation of privacy. Eavesdropping on an open chat is much different than broad logging and analysis of bank transactions, phone conversations, etc.
I think (lately) anyway, they're realizing the latter is causing more hassles than it prevents.
I was thinking 'now this was obviously staged' when reading TFA, but then I thought about how stupid the plot uncovered was
So - good catch
Oh, bother.
.. that just strengthens the point I made originally. And, yeah .. thats basically what it was.
.. )
>> To be honest, I haven't read this article. The comments about it in Slashdot have been very informative, and I
>> don't feel the need!
That's sort of like farting in an elevator and taking credit for it on the spot. While some may quietly chuckle to themselves and admire your bravery, publicly they are compelled to bitch-slap you.
>> The question for me: Is it better to launch a thousand techies enthusiastically at a new technology, or 500 of
>> them with mis-givings? The article may have left out some warnings, but I've come to expect that from this type
>> of publication.
If it wasn't a slashvertisement to begin with, I probably wouldn't have posted. However the only thing they appear to be driving a thousand techies at are the advertisements on the pages, hence why the article is broken up into so many sections. More clicks = more banner rotations. They're doing this at the expense of Xen, by driving new users to the lists with questions about why things don't work based on mis-information they gathered from what they feel is an authoritative source on the subject.
>> Sounds like it was a virtual writer, writing a virtual article. He insulated himself in a virtual reality
If you had RTFA, I'd say you hit the nail right on the head. However since you didn't , and got that impression
You didn't miss much, however - reading the ingredients on the back of a lysol can while taking a dump would be more entertaining than TFA, and a more productive use of time.
>> The guy he interviewed about Xen probably got five minutes to talk about it a starry-eyed manner.
I think they just ripped a bong and started typing, It wasn't constructed in a manner cohesive enough to suggest an interview took place (with anyone sober and involved with Xen, anyway
Sorry for the double bang, I forgot to comment on the author mentioning Migrating NetBSD dom-u's using the loop-n-go method.
:)
You can't mount bsd slices as a loop device. You need a utility like lomount. Here's a copy if you read the article and want to play with Xen/NetBSD. Compiles easily with gcc.
Just another example of how you can frustrate people with mis-information, and give the topic of your article the bad rep.. when it was really a lack of research on your part.
Cheers
I read the article about Xen, because Xen is what interests me. I'll go back and read the others later. Looks like more of a slashvertisement than anything useful, esp on the Xen writeup.
.. but I am asking the author .. Please don't make something very amazing like Xen disappoint people because you're publishing information you really have not researched that is not accurate.
;)
From TFA:
>> Use the "dd" command to copy the boot drive from another server to a local file, point Xen at that file, and boot
>> the VM (virtual machine). Who needs consultants?
Apparently, the author does, and they have not been reading the Xen devel or user's mailing lists.
File backed virtual block devices can be very problematic for high volume services and applications such as MySQL, Apache and others. Most of us really using Xen on deployments that 'matter' have switched to SANS and using either LVM or real partitions.
Think about how long it takes to create a 3 GB loop device, then copy over the contents over a 10 or 100 meg switch (as you'd find on a hobbyist's desktop).
Migration only takes a few seconds once that's done
If you want to write information on hot topics to draw readers and slashvertise it, great - go for it. Just be sure its accurate.
They also barely touched on what is so magic about running 32 bit guest kernels inside of a 64 bit host, the new Xen credit scheduler, and other really cool things going on with Xen.
If you're going to present yourself as an authority, please present fact, and all of the facts. Please don't setup something like Xen (which many people are working very , very hard on, HP, IBM, Novell, Redhat to name a few) to just dissapoint new users. Nobody would say "Wow that article must have been wrong", they'll say "Wow, Xen is too hard to get working like that article said". Be careful what you capitalize on to sell a few ad clicks
>> Also, ANYTIME someone has unrestricted access to A government computer system it could be dangerous. What if a
>> member of this committee grabs the FBI File for their opposition in the next election? Then goes willy-nilly with
>> CIA records?
Well, it seems like that's just what happened, doesn't it? Well, minus the willy-nilly part.
>> American separation of powers mean that outside well-defined limits, Congress cannot interfere with the Executive
>> branch (like the FBI, CIA, and other institutions).
Seems to me that would fall under "checks and balances" inbetwixt the branches, as is commonly done now with senate oversight hearings and subpoenas.
The problem is we have gaping holes in our national IT security, and following conventional courses will not get them patched quickly enough to avert major problems.
The president is inisiting that the government have special powers over the people, well we the people *own* those insecure systems. We need to insist on better checks and balances, as the scales are really tipped to one side.
Congress should have the power to clean house, thats why we elect them. Not just power to complain but power to actually do something. You don't need full access to a network to know its insecure, a quick look at the planet tells you that.
We need CCIP / CCIE's in congress. Not MCSE's, not RHCE's (I.e. forget the "worthless paper" certs), real certified internet professionals who can not only help to plug our own holes but bring sanity to the leigslation that threatens net neutrality.
I'll get off the soapbox now.
Regular access audits would have picked this up much sooner. End of story. By hanging this poor bastard out to dry, they've basically exposed even more lack of security.
I call for this every time something like this gets published , and I'll call for it again :
We need (real) IT professionals in Congress, they need to form an oversight committee, and they need to have pretty much unrestricted access to most systems so they can be effective.
These holes have *got* to get plugged. Its not only embarrassing, its media porn and its going to encourage hacks that *do* result in something bad happening.
Nimrods.
I thought most FBI guys knew you used a bong or rolling papers to extract hash .. strange.
The mice will play. Mysteriously, the blog link is a 404. I'm sure it was just a typo :) Kind of interesting timing, as Bill goes off to spend billions of someone else's dollars and now has to deal with packing as much as possible into PC's that will ship to developing countries .. all of a sudden an about face.
... on the list of probably wont happen ... :
Not sure if this is him realizing just how difficult a lack of interoperability was making things in the real world, or his way of saying "Folks, I'm really (honestly) hands off now, see?"
So
[21] hell freezes over
.
.
[24] MS Supporting ODF plug-in
.
.
[28] Cheney on TV without makeup
Well, progress, anyway.
Three magic words :
:)
.. and they actively watch the servers to make sure they intercept, or at least quickly deal with interruptions.
.. you lose much more than the SLA says they need to credit you when disruptions occur.
.. I think you'll see why I'm saying shared hosting all together is about to become a thing of the past.
Xen credit scheduling
You may be used to Virtuozzo, which does not truly separate a VM's access to memory. I'm not going to go into a bunch of detail about it, as we'd go way off topic.
Denial of service attacks generally result in the shared host's main shared IP needing to be null routed, which means they have to change it.. and you end up waiting 72+ hours for it to propagate before you enjoy the full services you pay for.
An insecure forum hosted by your "neighbor" can give me access to everything in your home directory, easily.
There are golden apples who are somewhat picky about who they'll sell an account
The point is, you take a major gamble with what (could) be important by purchasing something advertised safe with a 99.9 % uptime guarantee, and sadly
At least host your email on your own box , or a Xen dom-u (VPS), if its important to you. I've worked for some of the larger US hosts, and I can tell you - you're in a sardine can, even if you don't realize it.
Good place to research hosts (and bitch about them) is web hosting talk
One of the better moderated hosting related forums available.
Take a look at unixshell, or someone like them. Its cheap enough to play with for a month
>> They're not facing charges. Police say there isn't enough evidence.
Its unavoidable that someone make a 'size' joke out of that. So I just did, without actually making one.
No, we actually hire outsourced support agencies and make them do everything. Not as fast as a USB 2.0 jack from your brain to the box, but it is one.
.. and on..
Honestly folks with the advent of Xen I suggest avoiding shared web hosting at all costs. No matter how grand dios the control panel is, or how cleverly they've been able to transcend text descriptors into arguments for simple shell scripts, you have the following issues :
1 - Popular scripts require functions enabled in php which have corresponding popular vulnerabilities, if your script itself is vulnerable. Who's to say your neighbor is uploading a secure version of phpBB ? Your host can't disable functions needed to secure the box against what *could* get uploaded or they'd cripple 60% of what people want to use the hosting for in the first place.
2 - You don't get the resources you pay for.
3 - You're paying way too much. You can lease your own box for the cost of a typical re-seller account.
4 - Email from hundreds of domains all using one outgoing mail IP
5 - You suffer from your neighbor's DOS attack because he posted something offensive on his forum or blog
The list goes on , and on
Find yourself a provider like provps, unixshell, or someone else offering a xen dom-u at a reasonable price. Then install whatever you like to help manage it, or hire someone to do it.
IMHO, a jazzy hosting CP, if on shared hosting is like laying a tird in a basket with fluffy green easter grass. No matter how much you dress it up, its still a tird, and something anyone can make themselves.
C-Panel, Ensim, Plesk, Hsphere, All of them, are over hyped, over resource taxing pieces of shit. I know this because I have the gross misfortune of having to manage a few hundred shared hosting servers.
This one actually bent the needle on my fud-o-meter. Musta been a slow news day.
Well not so good depending on if it gets pushed back again. They're really hoping for a daytime launch because they need to keep an eye on foam, if they are forced to launch too early the cameras they have all over the SRB's aren't going to get the data they hoped for.
.. could have a very negative impact 9 years down the road when the plug gets pulled on the shuttle program. NASA has already said, that plug gets pulled no matter what .. so if you have a few fingers not doing anything else when the launch is scheduled, cross them :) We've almost exhausted our margin for error in the 'grand scheme' of the entire program, and there is quite a ways to go.
:)
If there is another problem with that foam, and no camera data because of launching at night (or pre dawn), well thats going to be a major obstacle.
Its really, really important for the whole space station program that this launch happens, without a hitch. The shuttle program costs too much to keep going beyond the 10 years that are slated for it, without interfering with programs that could (possibly) take us to mars. Those programs hinge on a completed space station.
So even a 1 month delay now
Good luck !!!!!