×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

'Moneyball' Approach Reduces Crime In New York City

dave562 Re: Wait, what? (218 comments)

Because life is not a TV and people who deal with the public for a living, especially detectives and trained investigators, know how to read people.

about two weeks ago
top

The Sony Pictures Hack Was Even Worse Than Everyone Thought

dave562 Re:Can't avoid medical records (528 comments)

It is a combination of a previous back injury, a bunch of poor dietary and health choices, and a genetic predisposition to weight gain.

I have talked to him about it as much as I feel like I can. Like I said, I care about the guy. It is just that my hands are tied.

And, he's not a single point of failure, but the organization would feel the loss.

about two weeks ago
top

The Sony Pictures Hack Was Even Worse Than Everyone Thought

dave562 Re:Can't avoid medical records (528 comments)

As a practical matter, a lot of valuable talent is not healthy.

This is so true. It is difficult to deal with as a boss and even more so as an employer. One of my guys is seriously over weight, and has a number of health complications that come with it. He is also highly intelligent and very capable. It is challenge because I want to be able to depend on him, and for the most part I can. But I also have to mitigate risk and make sure that there are people shadowing his projects and documenting his recommendations so that they can carry on if the time comes that he is no longer able to come into work.

As his boss, I want to have a legitimate, sincere conversation with him about his health and his value to the company. I also want to have it with him as a friend and someone who cares about him. But due to the way employment law works, I have to avoid the subject.

about two weeks ago
top

Ask Slashdot: Convincing My Company To Stop Using Passwords?

dave562 Built the Business Case (247 comments)

What is the risk of continuing to use passwords?

What is the cost to the business if the risk of continuing to use passwords is realized?

What is the cost of implementing an alternate system? Be sure to include the costs in training, process re-engineering, systems re-engineering, etc.

What value, if any, is generated by replacing passwords?

Unless the money you are going to spend is either going to generate more money for the business than the dozens of other projects that are competing for resources, you practically have zero hope of your change being embraced.

While some organizations are risk adverse to the point where they will act on them, more often than not unless you or your direct supervisor are liable for mitigating the risk, you are doing your career a disservice by raising the risk.

about two weeks ago
top

'Moneyball' Approach Reduces Crime In New York City

dave562 Re:Chronic offenders without a record? (218 comments)

Guilty by association. Usually gang members who are not hard core / have not been charged with a crime before... yet always seem to be nearby when things are happening. See the above comments about 'uncooperative witnesses'. While freedom of speech protects a person's right to throw up gang signs and tell an officer to go fuck themselves, and dress just like the gangsters who are dealing drugs and breaking into apartments... we do have a system that still vaguely upholds the ideal of 'innocent until proven guilty'.

Think of petty crimes. Out after curfew for example. Police pick someone up for a curfew violation. District attorney has too many cases and refuses to prosecute. The person has 'broken the law' but 'not been charged'.

about two weeks ago
top

'Moneyball' Approach Reduces Crime In New York City

dave562 Re:Wait, what? (218 comments)

Not really. Gang A shoots at Gang B. Gangster B1 gets hit. Gangsters B2 through B12 refuse to help police because snitches get stitches. Therefore they are likely involved with the gang, or sympathetic to the gang.

You can safely assume that the police can tell the difference between "someone afraid to testify due to fear of retaliation" versus "uncooperative witnesses".

about two weeks ago
top

'Moneyball' Approach Reduces Crime In New York City

dave562 Re: Operational analysis needed (218 comments)

Not exactly true. Crime is a numbers game. Criminals get away with it far more frequently than they get caught. But sooner or later, everyone gets caught. The careless ones get caught more often, that is true. But even the 'good' ones roll the dice every time they break the law.

about two weeks ago
top

'Moneyball' Approach Reduces Crime In New York City

dave562 Re:A tech gloss over racial profiling? (218 comments)

Even if they are completely racist in their arrests, so what? The strategy of the system is to identify serious repeat offenders and take them off of the streets.

If there is a corresponding decrease in crime, it is mostly safe to say that the strategy is effective. If five years from now there is a negligible decrease or an increase in crime, we can start having a serious discussion about the merits of the system.

The article gives a couple of good examples of how the system has been used. Here is one example, there are others that you can review for yourself...

"In May we created our crime-strategies unit. Wilmington has one of the highest violent-crime rates in the country, but 1 to 2 percent of the people are doing 70 percent of the crimes. We’ve taken dozens of high-risk offenders off the street.”

Presumably, within a few months to a year, they will be able to check crime stats and determine of the absence of those high-risk offenders has had a measurable impact on crime.

I think what you will see is that it does. The reality is that the truly anti-social, dangerously violent, willing to use force on other human beings types of criminals are a small percentage of the overall criminal population. If you focus on removing those severe cases, it will take a while for the population to produce more of them.

To a lesser extent, the same thing happens with property crimes. Let's say you have a guy who likes to smash car windows and steal things. He has a few friends who see him getting away with it and they adopt the same behavior. They tend to work a particular neighborhood. If you take those guys out of the equation, that neighborhood will see a decrease in that kind of crime for a little while. But if you let it go unchecked, it will increase. Other criminals will start to realize, "Hey, let's go down to VehicleTheftVille and get some center console change" because the police do not seem to be doing anything about it, and everyone else is doing it.

about two weeks ago
top

How the FCC CIO Plans To Modernize 207 Legacy IT Systems

dave562 Inevitable Scope Creep (74 comments)

"Over time, this will allow us to turn off the 207 different legacy systems, and give us one common data platform that maybe has 207 different processes interoperating at the data layer on that platform. "

One process per system? Has this guy even worked in IT before?

Queue excuses along the lines of, "We vastly underestimated the size and complexity of the individual systems." in 3, 2, 1....

about three weeks ago
top

Cyber Ring Stole Secrets For Gaming US Stock Market

dave562 Re:Purpose (37 comments)

Given the wide scale adoption of Exchange, the first thing that came to mind is Outlook Web Access. The internal and external passwords are the same. Or more accurately, it is the exact same account, accessed via a web server versus a client side application.

The password dialogue that appears in the email is a common Microsoft password dialogue. We see similar boxes when loading documents from a SharePoint site for example. Your average corporate user would be very unlikely to think twice about that kind of prompt, especially when clicking a link in an email that appears to come from a colleague.

about three weeks ago
top

Ask Slashdot: IT Career Path After 35?

dave562 Re: Instead of carrying on as a one-man band - (376 comments)

Having been in management for a while, I have seen too many bad managers at this point. Unfortunately technical competence does not directly translate into management ability. As a manager, one of the most important skills to have is the ability to understand and predict the needs of the business. A programmer is in a good position to develop that ability because they are constantly being tasked with fulfilling those needs. If the OP has not developed those skills he is either organizationally tone deaf from being eyeballs deep in his code, or he does not care enough to pay attention what is going on around him.

For all we know, he already has that ability in spades. Nothing about the original post mentions it one way or the other, and I tend to give people the benefit of the doubt. Most good programmers are really good at coming up with effective solutions for real world challenges.

about three weeks ago
top

Ask Slashdot: IT Career Path After 35?

dave562 Re:Find a job you love (376 comments)

It is all about perspective. You will always toil away at something. Whether or not you love it is up to you.

about three weeks ago
top

Ask Slashdot: IT Career Path After 35?

dave562 Re: Instead of carrying on as a one-man band - (376 comments)

If he has the experience that he says he has, he should already have the business and risk mitigation functions under control. As a programmer, I presumably has spent his career developing programs that the business needs. If he cannot anticipate business needs by now, he probably lacks the intelligence to be in management anyway. The same thing goes for mitigating risk. If he cannot foresee project risks and is still relying on others to tell him what to work on, and what NOT to do, then he is not much more valuable than a mid-level programmer.

Managerial functions on the other hand are a whole new ball game. Unlike programs, people are unpredictable and cannot be debugged or rewritten to function the way we would like them to. I agree with you that those functions are not simple, and that could make the transition rough.

None the less, the OP is on the right track. A good employee should be leading a team and mentoring junior employees. I look at it as the personnel equivalent of systems administration. As an employer, do you want a guy who is still provisioning servers by hand, or do you want the guy who has automated everything and can make a change across ten thousand systems as easily as one? I do not mean to disparage the admin who can fine tune the golden image to the point where it consumes as few resources as possible. But without the talent to extend that skill beyond a single system, they are going to be professionally limited.

about three weeks ago
top

Top Counter-Strike Players Embroiled In Hacking Scandal

dave562 Re:Inescapable fact of FPS games (224 comments)

Not sure why I bother replying to an AC, but I usually play Conquest so I do PTFO you tool.

K:D is something that everyone, even someone who does not play BF4, can understand.

How about this... when I am playing on a hack free server, I am usually in the top 5 (because I am PTFingO and earning points for my team). If I was all about K:D, I would not spend so much time with a Stinger where I only earn about 50 points for a mobility kill and get 0 player kills.

about a month ago
top

Top Counter-Strike Players Embroiled In Hacking Scandal

dave562 Re:Inescapable fact of FPS games (224 comments)

They ban them, but I think it is a limited time ban. As someone else commented, those hackers are paying customers. They do not want to cut off the revenue stream.

I think that they should let them play on hacker only servers. Let the trolls all roll around in the muck with each other and leave the rest of the community alone.

about a month ago
top

Top Counter-Strike Players Embroiled In Hacking Scandal

dave562 Re:Various hacking tools? (224 comments)

It really does not require any more skill. If hacking were allowed, it would come down to who has the fastest computer and lowest ping to the server.

Playing the game without hacks requires skill.

about a month ago
top

Top Counter-Strike Players Embroiled In Hacking Scandal

dave562 Inescapable fact of FPS games (224 comments)

I keep hoping and praying that one day someone will come out with a way to effectively deal with this, but the reality is that the problem is here to stay. The way this pans out is that you get a day or two of hack free game play when the publisher updates their anti-cheat code. Then the hackers come out with new binaries that cannot be detected and the game sucks again.

I like FPS games and I really like FPS games on the computer where I can use a keyboard and mouse. Hackers just kill the game though. On a hacker free BF4 server, I will go 3:1 or 4:1 frequently. Yet my overall ratio for the game is down around 0.8:1. That gives some sense of how often the hacks are going undetected.

I do not understand why companies like EA, Valve, etc do not just subscribe to the hacks themselves and update the detection routines as soon as they come out. They have proven that they have technology that will catch the large majority of them. It just seems like they are too lazy to stay on top of it. The cynical side of me thinks that they are have only been aggressive with the BF4 hackers in the last week or two due to Hardline coming out soon.

about a month ago

Submissions

top

Citrix or VMware for VDI access to SaaS application?

dave562 dave562 writes  |  about a year ago

dave562 (969951) writes "Editors, this is for ask Slashdot.

Given the need to provide a remote desktop to clients who want speedy access to an in house, Windows based (yeah, yeah, I know, I know...) SaaS application, which vendor has the best offering, Citrix or VMware? If it matters, I am looking at a user base of 500-5000 users in the next two to three years. I come here to ask this question because I figure if anyone has really used this technology, in the wild, and lived through the boot storms, I/O challenges and other technical and administrative challenges with this technology, they are probably a /. reader.

I am currently leaning towards Citrix. Their web gateway simplifies the external access component. It also supports two-factor auth and federation. Their client is also very stable at this point and works on all devices, from desktops to laptops to tablets and smartphones. The technology is fairly secure, enough so that we can leverage it to prevent the average user from mapping drives, or printers, or otherwise exfiltrating data from the environment. While on the other side of the coin, universal driver support makes it easy to enable those features when necessary.

I am only really considering VMware because we already have the licenses for their VDI product. Based on some cursory research, it would require more investment on our time to properly configure external access for clients. They do seem to be making some strides on the resource utilization front though. Specifically I'm talking about the full and linked clones.

I am sure that there are a dozen other nuances of the two products that I have not even begun to scratch the surface of. The main driver of desktop virtualization in this case is application performance. We have hundreds of users who are using a web based app to review large documents (10-50MB each). The bandwidth costs and performance challenges of clients having disparate levels of connectivity are both alleviated by using a remote connectivity solution like Citrix / RDP."
top

AAPL tracks MSFT peak for peak

dave562 dave562 writes  |  about 2 years ago

dave562 (969951) writes "The more things change, the more they stay the same. In 1999, Microsoft had a run up to what proved to be the company's highest market capitalization ever. Now in 2013, Apple reached similar highs. The jury is still out as to whether or not AAPL has peaked, but this article from ZeroHedge provides an overlay of the market caps of these two tech titans, and makes some suggestions about where AAPL is heading.

So Slashdot, is Apple really that different? Or does the market have a limited pool of capital to allocate to technology companies, no matter how sought after their products are?"

Link to Original Source
top

Industrial Control System (ICS) Security Investment Growing Substantially

dave562 dave562 writes  |  about 2 years ago

dave562 (969951) writes "Smart grid industrial control systems (ICS) remain in a state of flux. Security is still viewed as a cost-limitation exercise by many utilities, and advances toward meaningful regulations remain halting. But the utility industry as a whole appears better informed of cyber risks to grids and substations, likely portending more cyber security deployments in the next one to two years. According to a new report from Pike Research, a part of Navigant's Energy Practice, the market for smart grid ICS cyber security will reach $369 million in 2012 and grow to $608 million by 2020.

Technological innovation in this market is stagnant, according to the report, and security vendors do not share a consistent view of this market. While many general-purpose security vendors have not yet seen the growth they had expected, vendors that specialize in control systems security are receiving more requests for proposals than ever. Vendor approaches to the market also vary: some strategically propose a full cyber security solution for an entire control network, while others take a more tactical approach and propose only solving specific problems. Whether taking a strategic or a tactical approach, vendors must orient their discussions with utilities around solving operational and business problems, not technical concepts.

Are any Slashdotters working in this field? What sort of approaches are you taking? Tactical fixes, or strategic solutions?"

Link to Original Source
top

DoJ investigates eBook price fixing

dave562 dave562 writes  |  about 3 years ago

dave562 (969951) writes "The U.S. Justice Department's antitrust arm said it was looking into potentially unfair pricing practices by electronic booksellers, joining European regulators and state attorneys general in a widening probe of large U.S. and international e-book publishers.

A Justice Department spokeswoman confirmed that the probe involved the possibility of "anticompetitive practices involving e-book sales."

Attorneys general in Connecticut and, reportedly, Texas, have also begun inquiries into the way electronic booksellers price their wares, and whether companies such as Apple and Amazon have set up pricing practices that are ultimately harmful to consumers."

Link to Original Source
top

Android cuts into Apple's margins

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "Reggie Middleton at BoomBustBlog offers some insightful analysis about how Android is impacting Apple's market share.



The maddening pace of Android technology development is simply too much for Apple to keep pace, or at least keep pace with while maintaining those fat margins. So what do they do? they release a marginally improved product that has yet to match the 6 month old Android flagship tech that is about to be refreshed/replaced/updated in exactly ONE WEEK!



He goes on to point out how Google has backed Apple into a corner, and they will have no choice but to cut into their fat profit margins in order to stay competitive.



Lower prices and/or higher technological bars will lead to lower margins. For those that are paying attention, it is evident that it is already happening. The disappointment felt throughout the web at the release of the iPhone 4GS was not due to Apple releasing a subpar product. It was due to Android raising the bar so high that Apple simply could not match it without busting its extremely fat (72%) margins.



What does this mean for Apple's share prices? I think the answer is obvious."

Link to Original Source
top

FCC Release Broadband Report

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "Today the FCC released the results of their study that was focused on measuring real world broadband performance for residential customers across the United States. The study examined service offerings from 13 of the largest wireline broadband providers using automated, direct measurements of broadband performance delivered to the homes of thousands of volunteers during March 2011. Myself and many other Slashdot readers participated in the study."
Link to Original Source
top

Rural broadband cost $7 million per home

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "In an analysis of the effectiveness of the the 2009 stimulus program (American Recovery and Reinvestment Act of 2009 or ARRA), one of the programs that was investigated was the project to bring broadband access to rural America. Some real interesting numbers popped out.

Quoting the article, "Eisenach and Caves looked at three areas that received stimulus funds, in the form of loans and direct grants, to expand broadband access in Southwestern Montana, Northwestern Kansas, and Northeastern Minnesota. The median household income in these areas is between $40,100 and $50,900. The median home prices are between $94,400 and $189,000.

So how much did it cost per unserved household to get them broadband access? A whopping $349,234, or many multiples of household income, and significantly more than the cost of a home itself.""

Link to Original Source
top

RIMs downward spiral continues

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "The always insightful and forward looking guys at Zero Hedge bring the latest details in RIMs stock valuation. Layoffs are on the horizon as RIM misses their earning targets and continues to lose ground to Apple and Android. Is RIM on the way to becoming the MySpace of the smartphone market?"
Link to Original Source
top

FCC pressured to reject AT&T / T-Mobile deal

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "Sprint Nextel, joined by an army of thousands of consumers, have filed requests for the U.S. Federal Communications Commission to block AT&T's proposed acquisition of rival mobile carrier T-Mobile USA.

AT&T has argued that it needs T-Mobile's spectrum to keep up with growing demand for mobile broadband service. Sprint disputed that argument, saying AT&T already controls the most spectrum of any U.S. mobile carrier. AT&T is the "industry laggard" in deploying next-generation mobile broadband, a source close to Sprint said Tuesday."

Link to Original Source
top

Rural broadband subsidy program wasteful

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "An analysis of federal broadband stimulus projects awarded by the Department of Agriculture’s Rural Utilities Service (RUS) finds the program’s funding of duplicative broadband networks has resulted in an extremely high cost to reach a small number of unserved households.

The study shows that the RUS’ current program is not a cost-effective means of achieving universal broadband availability.

  RUS’ prior broadband subsidy programs have not been cost effective, in part because they have provided duplicative service to areas that were already served by existing providers,"

Link to Original Source
top

Social Media as a Tool for Protest

dave562 dave562 writes  |  more than 3 years ago

dave562 (969951) writes "Stratfor provides good analysis and insight into the realities of using Social Media like Facebook and Twitter as revolutionary tools.

"
The role of social media in protests and revolutions has garnered considerable media attention in recent years. Current conventional wisdom has it that social networks have made regime change easier to organize and execute. An underlying assumption is that social media is making it more difficult to sustain an authoritarian regime — even for hardened autocracies like Iran and Myanmar — which could usher in a new wave of democratization around the globe. In a Jan. 27 YouTube interview, U.S. President Barack Obama went as far as to compare social networking to universal liberties such as freedom of speech.

Social media alone, however, do not instigate revolutions. They are no more responsible for the recent unrest in Tunisia and Egypt than cassette-tape recordings of Ayatollah Ruholla Khomeini speeches were responsible for the 1979 revolution in Iran. Social media are tools that allow revolutionary groups to lower the costs of participation, organization, recruitment and training. But like any tool, social media have inherent weaknesses and strengths, and their effectiveness depends on how effectively leaders use them and how accessible they are to people who know how to use them.""

Link to Original Source
top

China's Double-edged Cyber-sword

dave562 dave562 writes  |  about 4 years ago

dave562 (969951) writes "Stratfor analyst Sean Noonan shares his commentary on the capabilities of China's cyberwarfare capabilities, and the challenges and threats that those same capabilities bring to maintaining social order within the country.

A recent batch of WikiLeaks cables led Der Spiegel and The New York Times to print front-page stories on China’s cyber-espionage capabilities Dec. 4 and 5. While China’s offensive capabilities on the Internet are widely recognized, the country is discovering the other edge of the sword.

China is no doubt facing a paradox as it tries to manipulate and confront the growing capabilities of Internet users. Recent arrests of Chinese hackers and People’s Liberation Army (PLA) pronouncements suggest that China fears that its own computer experts, nationalist hackers and social media could turn against the government.
"

Link to Original Source
top

Goldman Sachs programmer trial sealed

dave562 dave562 writes  |  more than 4 years ago

dave562 (969951) writes "Goldman Sachs' lawyers have asked the Federal judge to seal the court room during the trial of Sergey Aleynikov. Aleynikov was one of the programmers who developed Goldman's High Frequency Trading (HFT) programs. What does this say about the state of the financial indudstry? Given the problems HFT seems to have caused over the last few years, shouldn't more light be shone into the dark corners of how it works?"
Link to Original Source
top

Doubts on Iranian regime change via social media

dave562 dave562 writes  |  more than 4 years ago

dave562 (969951) writes "Dr. Foaud Ajami was recently interviewed by Stanford University. He is a Senior Fellow of the Hoover Institution and the Chair of the working group on Islamism and the International Order. Among the topics discussed were Twitter and Facebook. Dr. Ajami seems skeptical about enacting regime change in Iran via the social media. He says that he is "worried about people who believe that Twitter and Facebook and so on will overthrow the Iranian regime.""
Link to Original Source
top

Integrating Linux into the Microsoft Enterprise

dave562 dave562 writes  |  more than 5 years ago

dave562 (969951) writes "I have to admit that despite getting Slackware running on a 486 in the mid-1990s, I never really picked up on Linux. At this point I've realized that the handwriting is on the wall, and I need to get with the program (better late than never, right?).

My first project has been to setup Ubuntu (8.04) and get Subversion running. The Ubuntu install went flawlessly. Subversion has been a struggle, but I finally got it to work with TortoiseSVN and was able to upload files into my repository. The experience required tweaking some permissions via chmod. I've realized that I'm very uncomfortable with integrating Linux into the Windows world, and I don't have any idea of where to start.

I've read vague descriptions of OpenLDAP, and I have a feeling that I should be looking in that direction.

Can any of you recommend some good books about integrating Linux and Windows? What I am specifically interested in is being able to control the access of Windows (Active Directory) groups to resources on the Linux box. I will be looking into Samba as well, but I need to control access to more than just network file shares. For example, to be able to get TortoiseSVN to transfer (Import) files into the repository, I had to give the "world" rxw rights to some of the sub-directories in the Subversion repository. I'm fairly certain that is a huge security hole right now. In an ideal world, I would have liked to create a group in Windows, and only allow those people access to the directories. Longer term it would be great to be able to replace Active Directory with something else that can handle access controls to the Windows boxes and network file shares. Where I work Windows will never go away because of some industry specific applications, but it would be great if I can minimize the role that it plays on the backend.

Beyond books, what are some of the real world tools and solutions that you guys are using when you have to make Linux live in an Active Directory environment?

If it matters, I'm not married to Ubuntu and have already considered giving CentOS a try. I work at a shop with a heavy investment in HP hardware, and HP has great support for RHEL, so I figure CentOS will probably be a good foundation for where I am working."
top

Maxtor drives contain password stealing trojans

dave562 dave562 writes  |  more than 7 years ago

dave562 writes "According to this ComputerWorld article http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9046424&intsrc=hm_list, Seagate hard drives that were assembled in Taiwan were shipped with firmware that phoned home to two servers based in China. The Chinese government is denying any involvement in the incident. The software appears to steal passwords to online gaming websites."

Journals

top

Oh the irony

dave562 dave562 writes  |  more than 5 years ago

I originally started reading Slashdot because of my curiosity about Linux. I've been on the internet since the early 1990s and have been working in corporate IT since the mid-1990s. My original experience with networking in a corporate environment was Novell Netware and I've since spent most of my time using Microsoft Windows servers. In the decade plus that I've been working in IT I've developed a fairly platform agnostic approach to meeting the needs of business. It's all about the best tool for the job as far as I'm concerned.

Recently where I work we have hired a new CFO and he oversees IT. He is a big proponent of OSS software and Linux. He hates Microsoft with a passion and believes that we should be replacing Windows boxes with Linux where ever possible. He wanted to use Subversion for version control on some budget documents, and of course he wanted to run it on Linux and have SSH access into the Linux box.

Being a Linux neophyte I went ahead and downloaded Ubuntu 8.04 LTS server. I used apt-get to get all of the updated versions of the software from the repository. I configured Subversion and setup the repository for the files. I setup SSH so that the CFO could use Tortoise and Putty to remotely access the files. Everything was working well up until this morning.

My users were calling and emailing with complaints of the internet being slow. Given that we upgraded to a 7.5MB connection over the weekend, my initial thought was that something was wrong with the ISP. I checked the firewall and saw that there were 65000+ open connections and the logs were filled with warnings of SYN floods coming from the Linux box. I logged into it, ran a netstat -a and found pages upon pages upon pages of open connections on port 22 to random boxes all over the internet. Sure enough, the Linux box was completely owned and being used to attack other boxes.

I find it ironic that here I am in a Windows shop with twenty plus servers running everything from SQL to IIS to Exchange on public facing connections. I have a few boxes with exposed terminal services connections so that vendors can get in an do remote support. I put one Linux box on the network and open it up to the internet and it lasts less than three months.

I find myself remembering all of the comments about how *nix is more secure by default. How OSS software is more secure because so many people are looking at the code. Microsoft software sucks and it's a huge target that is going to crumble as soon as you plug it into the network.

I realize that in this case a lot of what happened probably has to do with my own inexperience with Linux. If I had over a decade of experience using Linux day in and day out I'm sure that I wouldn't be in the situation that I'm in right now. I do consider myself a fairly competent network admin though. I did my best to harden the box. I only exposed SSH to the internet. I downloaded all of the latest software updates from the repository using the built in apt-get mechanism. Despite all of that, the box still got owned. So I write this journal entry to point out that nothing is simple. There are a lot of zealots out there who take it for granted that their OS of choice is secure and stable. They spout off about how it is perfect for everyone, and every job and fits in every situation. They take for granted that they've forgotten so many of the glitches, the gotchas, the key workarounds that are necessary in any sort of production environment.

Every software has bugs. Every software has exploits. Every software takes a skill set tailored to the package itself in order to properly use it. There really should be licenses to use software in business environments where sensitive data is involved. Even the best intentioned admins who are doing the best that they can do are bound to miss things. They don't miss them because they are incompetent or because they are malicious. They miss them because they don't have the experience to realize that they are missing things.

Slashdot Login

Need an Account?

Forgot your password?