I have a 2003 540i with the M package (stiffer suspension) and it rides fine. The handling is very predictable at the limit and steps out just like you would expect it to. I have driven cars with much stiffer suspensions including an S13 240SX with a full blown drift suspension. The 5 series is an absolute joy to drive. The engineers did a very good job of finding a compromise between ride stiffness and handling.
As other posters have stated, the maintenance sucks. I doubt I will ever buy another BMW for that fact alone. When the car is running I love it though. Unlike an Accord or Camry, it feels stable at 100mph+.
What do you mean? If the euro craters then German exports become too expensive for the rest of the continent. Their growth has come from providing cheap credit to the rest of the EU.
Goldman Sachs must be getting desperate to get this IPO off the ground if they are resorting to articles like this that promote supposed trickle down economics. They need to launch this IPO before the Euro completely craters and takes the rest of the world economy with it. Once the shit hits the fan, there will not be any money left over to piss away on a social networking site.
Just be glad that you learned this lesson with your data, and some company's. We've all been through it at one point or another. I've never lost multiple terabytes, but that's because I learned the hard drive reliability lesson in the early 1990s.
You are statistically luckier than just about everyone else. Seagate drives die just as much as any other drive. Manufacturers have good runs and bad runs. How many hard drives have you come into contact with in the last 10 years? I've been in contact with thousands of them. There is no such thing as a perfect HD manufacturer. They all fail sooner or later.
So let me get this straight, you had a multi-drive RAID0 array and you are upset that it crashed? Do actually know anything about hard drive reliability rates? Well, you do now.
RAID was invented for a reason. Controllers support hot spares for a reason.
Lesson for next time. Go with RAID5 or RAID6 and eat the loss of capacity. Parity is worth it. Granted, RAID is not a backup strategy but RAID0 is just a ticking time bomb waiting to go off. You will have a drive failure. It is inevitable.
If you were going to fire the missile, why not hit SuperNAP in Vegas? There are a whole slew of government contractors there. That would be the better target for anyone crazy enough to use a nuke.
What the OP did is no different than what you or I did. The environment is different due to the criminal statues on the books and the willingness of the authorities to prosecute them. Other than that, it is just a kid / young adult pushing the boundries and seeing what they can get away with.
Given that the OP had the good sense to post here and ask for guidance shows that they have their head on mostly straight. The phone phreaking that you did was more objectionable than what the OP did. You stole services. The OP just found a flaw, reported it and then realized that the vendor had no interest in taking the problem seriously. By doing that, they are exposing their customers to fraud.
I agree with you about needing to emphasize ethics. I think the OP has shown ethics and a conscious awareness of responsible disclosure. Back in the day, the exploit would have been all over various underground forums, and everyone and their mom would be poking around the site.
The metapoint was that I am good at my job because I enjoy it. When I was younger, it was a hobby that I could turn into a career. That aspect of it, the hobby to career transition opportunity is not realistic today. But enjoying what you do is so rare in adults who have to earn a paycheck that it seems criminal to suggest that the OP needs to find a whole new group of friends. What he should be doing is going to a college with a digital forensics and/or computer security program. His natural curiosity and talents will put him head and shoulders above everyone else in the class who is there on a whim, or because they think it will get them a "good job".
You're being a bit harsh on the guy. A lot of people started their IT careers in the computer underground, myself included. If it were not for LA 2600 meetings and the first few Defcons, I would not have developed the skills and background that landed me my first job as a sysadmin fifteen years ago. More recently (within the last year), the head auditor for my company told me that my background reassured him because he knew that I had a better perspective on computer security and the threat landscape than most "professionals" who picked up all of their knowledge in a classroom.
WRT the OP, it was dumb for him to go to the company. As everyone else stated, he exposed himself to some liability. Any information that he provides to the company could be used to build a case against him for computer trespass, unauthorized access, etc.
To call the OP morally and ethically criminal is overboard. He did not do any damage to them and did not profit from his activities. It was a real world learning exercise. It was not the brightest move in the world, but doing a security audit on a random computer system does not make someone morally bankrupt. If he had taken the data and sold it for profit, or even just posted it for fame and notoriety, that would be a different story. Instead he naively did "the right thing" without fully understanding the liability it exposed him to.
We deal with this on a daily basis. Our clients (large Fortune 500 corporations) are requesting that we do not store data in the US. I personally think it has more to do with the fact that they are up to shady financial maneuvers than terrorism, but the end result is the same. It is just another nail in the economic coffin of the United States. The oft claimed, "It is too expensive/risky to do business in the States" rears its ugly head again.
The article talks about "cloud" providers, which we are not. We are more of a SaaS shop, but the regulatory challenges are the same. It all comes down to the client wanting to feel like their data is safe, and that they will have some expectation of privacy. With the United States government declaring the right to come in and seize data (the life blood of any company in this day and age) without any form of real due process, corporations are deciding that they do not want to subject themselves to that unnecessary liability.
I am not a geneticist, so I might be way off base here. But isn't DNA data a grouping of ATCG bonds in various arrangements? It seems like the nature of the data itself would lend to effective compression and/or de-duplication.
It was more advanced than Doom though. Quake maybe? I just remember the LAN play aspect of it. I didn't own a Mac so the only time I played it was with friends going head to head.
It's not all that. It just gets talked up because it was one of the few FPS games that the Mac guys could play. I seem to remember it came out around the same time as Unreal and was popular because it leveraged the right-click for alt-fire.
WTH are you talking about? The article is talking about ISP level traffic monitoring and filtering technology, and you're commenting about securing individual computers. I know this is/. and all, but come on now.
I have been a self taught geek and managed to make it in IT. However I started doing it professionally (getting paid by a real company to work a real network) in 1996. At this point, I think you're about 15 years too late. The days of getting jobs based on merit and the ability to do the work are past. When I started, I was some what unique because most people did not have real world skills. Companies would hire whoever they could.
Now there are colleges that are turning out kids with all of the skills that companies are looking for. Those skills are backed by coursework and projects to demonstrate proficiency with the subject matter.
The only constructive advice I have is to develop a portfolio. With so many qualified people out of work and looking for jobs, no employer is going to hire you because you say you know something. You have to prove it. You need something to show an employer to demonstrate that you have experience with your skill set in the real world.
It is time to switch data centers. We're with AT&T (and AT&T is far from the best) and they do quarterly power tests without a single problem. They've done core infrastructure router upgrades with zero down time. All in all, I'm very happy with the service. Any competent co-lo provider should be able to handle the issues you've had without any hiccups.
I am still that way with firmware upgrades. I think it probably has something to do with our generation. In the 90s, computer hardware was touchy and was expensive to replace. If you're like me, you probably grew up blowing into Nintendo game cartridges when they did not work. But back to firmware, I only upgrade it when necessary. Over the last fifteen years I have seen too many firmware upgrades bork hardware that was working just fine. With security patches I do them monthly, but not firmware. And never CIsco IOS. Once the config is good, leave it be!
I dealt with this recently. A department wanted a couple of VMs. Corporate IT did not want to host the VMs for them so it fell on us. I worked out the costs for RAM, CPU, disk and software licensing. I broke down the costs of data center infrastructure (bandwidth, power, VPN licensing, etc). With all the costs in hand, I added 10% overhead for the time I would have to spend configuring the VMs and supporting them going forward. Then I presented those numbers to the department that wanted the VMs.
They came back with, "This is WAY more than RackSpace would charge us!"
I explained to them that we are not RackSpace, and we do not enjoy the economies of scale that RackSpace does. They continued to insist that RackSpace was less expensive. I told them to go to RackSpace.
In the end, they decided to pay what we wanted to charge them. RackSpace would provide them with the VM, but they would not provide any admin support for the VM. It turned out that my time and expertise was worth the cost.
Nine times out of ten, IT holds the power. Everyone likes to gripe about IT, but IT keeps the company functioning. MBAs are a dime a dozen. Business school grads are a nickel a dozen. Admins are a penny a dozen. A decent IT staff is nearly impossible to find. In this economy, with companies hemorrhaging jobs left and right, I still get calls from recruiters a couple of times a month.
For everyone who wants to rant about how much IT sucks and how they don't like their IT department. You know what? You people can go fuck yourselves. IT keeps the company running. If company A does not like the job we do, we can go work for company B. Have fun fixing your own computers. Have fun pulling more disk space out of your ass when the SAN fills up and you didn't have the foresight to plan 6 months ahead to bring more space online. Have fun with the new guy that the company brings in to replace us. The guy who does not know how the systems work and is going to take 6-12 months just getting up to speed on the mish mash of hardware and software that management approved piecemeal over the last five years.
Each time the key changes or a different agency's system is "hacked" you have to figure out the new key of the day/week/month, and if it takes you 2 months to brute-force a DES key and they change them monthly, well, you're fucked.
The article refers to local police departments. I can almost guarantee that the keys are set once by whoever implements the system and then never changed. Most local police departments do not have the technical knowledge to handle their communications deployments. I know. I worked for the company that setup the system for the City of Cypress, California in the early 2000s. We were contractors, not full time employees.
Exactly. It is easier to just comply with the contract than it is to try to justify why you do not want to. The government is not going to redraft their contract to reflect the OPs untried and unproven (in the eyes of the government) methodology. They are going to stick to their guns, declare that physical destruction is what the contract specifies, and demand that the company honors the contract that they signed.
Slashdot Mirror
They did not do the actual loans. They just packaged them up into mortgage backed securities that they (presumably) knew they were going to fail.
There are some states with 6 lane wide freeways that are practically deserted after midnight.
I'd be more concerned with a blowout at those speeds than a slow moving truck. YMMV
I have a 2003 540i with the M package (stiffer suspension) and it rides fine. The handling is very predictable at the limit and steps out just like you would expect it to. I have driven cars with much stiffer suspensions including an S13 240SX with a full blown drift suspension. The 5 series is an absolute joy to drive. The engineers did a very good job of finding a compromise between ride stiffness and handling.
As other posters have stated, the maintenance sucks. I doubt I will ever buy another BMW for that fact alone. When the car is running I love it though. Unlike an Accord or Camry, it feels stable at 100mph+.
What do you mean? If the euro craters then German exports become too expensive for the rest of the continent. Their growth has come from providing cheap credit to the rest of the EU.
Goldman Sachs must be getting desperate to get this IPO off the ground if they are resorting to articles like this that promote supposed trickle down economics. They need to launch this IPO before the Euro completely craters and takes the rest of the world economy with it. Once the shit hits the fan, there will not be any money left over to piss away on a social networking site.
Just be glad that you learned this lesson with your data, and some company's. We've all been through it at one point or another. I've never lost multiple terabytes, but that's because I learned the hard drive reliability lesson in the early 1990s.
You are statistically luckier than just about everyone else. Seagate drives die just as much as any other drive. Manufacturers have good runs and bad runs. How many hard drives have you come into contact with in the last 10 years? I've been in contact with thousands of them. There is no such thing as a perfect HD manufacturer. They all fail sooner or later.
So let me get this straight, you had a multi-drive RAID0 array and you are upset that it crashed? Do actually know anything about hard drive reliability rates? Well, you do now.
RAID was invented for a reason. Controllers support hot spares for a reason.
Lesson for next time. Go with RAID5 or RAID6 and eat the loss of capacity. Parity is worth it. Granted, RAID is not a backup strategy but RAID0 is just a ticking time bomb waiting to go off. You will have a drive failure. It is inevitable.
256MB? Get off my lawn. My first computer did not even have a hard drive.
Damn kids.
If you were going to fire the missile, why not hit SuperNAP in Vegas? There are a whole slew of government contractors there. That would be the better target for anyone crazy enough to use a nuke.
I think you're just getting old. ;)
What the OP did is no different than what you or I did. The environment is different due to the criminal statues on the books and the willingness of the authorities to prosecute them. Other than that, it is just a kid / young adult pushing the boundries and seeing what they can get away with.
Given that the OP had the good sense to post here and ask for guidance shows that they have their head on mostly straight. The phone phreaking that you did was more objectionable than what the OP did. You stole services. The OP just found a flaw, reported it and then realized that the vendor had no interest in taking the problem seriously. By doing that, they are exposing their customers to fraud.
I agree with you about needing to emphasize ethics. I think the OP has shown ethics and a conscious awareness of responsible disclosure. Back in the day, the exploit would have been all over various underground forums, and everyone and their mom would be poking around the site.
The metapoint was that I am good at my job because I enjoy it. When I was younger, it was a hobby that I could turn into a career. That aspect of it, the hobby to career transition opportunity is not realistic today. But enjoying what you do is so rare in adults who have to earn a paycheck that it seems criminal to suggest that the OP needs to find a whole new group of friends. What he should be doing is going to a college with a digital forensics and/or computer security program. His natural curiosity and talents will put him head and shoulders above everyone else in the class who is there on a whim, or because they think it will get them a "good job".
It just goes to show, being good at one thing does not necessarily mean you are qualified to comment on something else. ;)
You're being a bit harsh on the guy. A lot of people started their IT careers in the computer underground, myself included. If it were not for LA 2600 meetings and the first few Defcons, I would not have developed the skills and background that landed me my first job as a sysadmin fifteen years ago. More recently (within the last year), the head auditor for my company told me that my background reassured him because he knew that I had a better perspective on computer security and the threat landscape than most "professionals" who picked up all of their knowledge in a classroom.
WRT the OP, it was dumb for him to go to the company. As everyone else stated, he exposed himself to some liability. Any information that he provides to the company could be used to build a case against him for computer trespass, unauthorized access, etc.
To call the OP morally and ethically criminal is overboard. He did not do any damage to them and did not profit from his activities. It was a real world learning exercise. It was not the brightest move in the world, but doing a security audit on a random computer system does not make someone morally bankrupt. If he had taken the data and sold it for profit, or even just posted it for fame and notoriety, that would be a different story. Instead he naively did "the right thing" without fully understanding the liability it exposed him to.
We deal with this on a daily basis. Our clients (large Fortune 500 corporations) are requesting that we do not store data in the US. I personally think it has more to do with the fact that they are up to shady financial maneuvers than terrorism, but the end result is the same. It is just another nail in the economic coffin of the United States. The oft claimed, "It is too expensive/risky to do business in the States" rears its ugly head again.
The article talks about "cloud" providers, which we are not. We are more of a SaaS shop, but the regulatory challenges are the same. It all comes down to the client wanting to feel like their data is safe, and that they will have some expectation of privacy. With the United States government declaring the right to come in and seize data (the life blood of any company in this day and age) without any form of real due process, corporations are deciding that they do not want to subject themselves to that unnecessary liability.
I am not a geneticist, so I might be way off base here. But isn't DNA data a grouping of ATCG bonds in various arrangements? It seems like the nature of the data itself would lend to effective compression and/or de-duplication.
It was more advanced than Doom though. Quake maybe? I just remember the LAN play aspect of it. I didn't own a Mac so the only time I played it was with friends going head to head.
It's not all that. It just gets talked up because it was one of the few FPS games that the Mac guys could play. I seem to remember it came out around the same time as Unreal and was popular because it leveraged the right-click for alt-fire.
WTH are you talking about? The article is talking about ISP level traffic monitoring and filtering technology, and you're commenting about securing individual computers. I know this is /. and all, but come on now.
I have been a self taught geek and managed to make it in IT. However I started doing it professionally (getting paid by a real company to work a real network) in 1996. At this point, I think you're about 15 years too late. The days of getting jobs based on merit and the ability to do the work are past. When I started, I was some what unique because most people did not have real world skills. Companies would hire whoever they could.
Now there are colleges that are turning out kids with all of the skills that companies are looking for. Those skills are backed by coursework and projects to demonstrate proficiency with the subject matter.
The only constructive advice I have is to develop a portfolio. With so many qualified people out of work and looking for jobs, no employer is going to hire you because you say you know something. You have to prove it. You need something to show an employer to demonstrate that you have experience with your skill set in the real world.
It is time to switch data centers. We're with AT&T (and AT&T is far from the best) and they do quarterly power tests without a single problem. They've done core infrastructure router upgrades with zero down time. All in all, I'm very happy with the service. Any competent co-lo provider should be able to handle the issues you've had without any hiccups.
I am still that way with firmware upgrades. I think it probably has something to do with our generation. In the 90s, computer hardware was touchy and was expensive to replace. If you're like me, you probably grew up blowing into Nintendo game cartridges when they did not work. But back to firmware, I only upgrade it when necessary. Over the last fifteen years I have seen too many firmware upgrades bork hardware that was working just fine. With security patches I do them monthly, but not firmware. And never CIsco IOS. Once the config is good, leave it be!
I dealt with this recently. A department wanted a couple of VMs. Corporate IT did not want to host the VMs for them so it fell on us. I worked out the costs for RAM, CPU, disk and software licensing. I broke down the costs of data center infrastructure (bandwidth, power, VPN licensing, etc). With all the costs in hand, I added 10% overhead for the time I would have to spend configuring the VMs and supporting them going forward. Then I presented those numbers to the department that wanted the VMs.
They came back with, "This is WAY more than RackSpace would charge us!"
I explained to them that we are not RackSpace, and we do not enjoy the economies of scale that RackSpace does. They continued to insist that RackSpace was less expensive. I told them to go to RackSpace.
In the end, they decided to pay what we wanted to charge them. RackSpace would provide them with the VM, but they would not provide any admin support for the VM. It turned out that my time and expertise was worth the cost.
Nine times out of ten, IT holds the power. Everyone likes to gripe about IT, but IT keeps the company functioning. MBAs are a dime a dozen. Business school grads are a nickel a dozen. Admins are a penny a dozen. A decent IT staff is nearly impossible to find. In this economy, with companies hemorrhaging jobs left and right, I still get calls from recruiters a couple of times a month.
For everyone who wants to rant about how much IT sucks and how they don't like their IT department. You know what? You people can go fuck yourselves. IT keeps the company running. If company A does not like the job we do, we can go work for company B. Have fun fixing your own computers. Have fun pulling more disk space out of your ass when the SAN fills up and you didn't have the foresight to plan 6 months ahead to bring more space online. Have fun with the new guy that the company brings in to replace us. The guy who does not know how the systems work and is going to take 6-12 months just getting up to speed on the mish mash of hardware and software that management approved piecemeal over the last five years.
Each time the key changes or a different agency's system is "hacked" you have to figure out the new key of the day/week/month, and if it takes you 2 months to brute-force a DES key and they change them monthly, well, you're fucked.
The article refers to local police departments. I can almost guarantee that the keys are set once by whoever implements the system and then never changed. Most local police departments do not have the technical knowledge to handle their communications deployments. I know. I worked for the company that setup the system for the City of Cypress, California in the early 2000s. We were contractors, not full time employees.
Exactly. It is easier to just comply with the contract than it is to try to justify why you do not want to. The government is not going to redraft their contract to reflect the OPs untried and unproven (in the eyes of the government) methodology. They are going to stick to their guns, declare that physical destruction is what the contract specifies, and demand that the company honors the contract that they signed.