Re: New name needed
Since there is always going to be one more accelerator, we need something that extends into infinity. Like numbers.
So I suggest "Particle Coliider 0", "Particle Collider 1" etc. Abbreviated PC1, PC2 ...
67 posts • joined 25 May 2011
Because certificates typically expire after 2-3 years - beancounters and bosses cannot see that far ahead (except when pulling "strategies" out of various orifices).
Even the IT monkeys doing the renewals have moved to new offices at least 3 times, so that two your old calendar with the post-it notes? Noone remembers what it was for, so it goes down the bin.
'Users will be relieved to know that the team is indeed actually looking at feedback, even if it seems to be skipping the “stop the thing deleting my stuff” entries in favour of “make search a bit faster.”'
You don't seem to understand that these two work together. With all user files deleted, there is a lot less to index. Hence search runs faster.
As others have mentioned, sudo gives you much more fine-grained control over who is allowed to do what. But there are other advantages over plain su:
- You have an audit trail of who ran which admin command when. For some of us, that is a compliance requirement.
- Communicating a shared password is difficult. Tends to happen via e-mail which is NOT secure.
- When you have 20+ servers, changing the administrator password because Joe Admin left the company is not so simple.
- Passwords can be cracked or leaked, so a security compromise of one server quickly becomes a site-wide problem (unless you use unique passwords, which complicates the distribution issue further).
I try to avoid passwords as much as possible, to the extent that my personal servers do not have passwords (a '!' for the password field in /etc/shadow). Logins can only happen via ssh using SSH keys or certificates, and sudo is setup to require a one-time password or physical token (Yubikey). If you must use passwords, at least make sure you keep them centralized (ldap directory or similar).
In other words, think about how you implement security instead of just bashing some random tool based on a 7 year old forum post.
As you said, OpenVPN does what it claims to do - nothing wrong with that. But Wireguard does have some things going for it:
1) It doesn't rely on OpenSSL for encryption, so there is a whole lot less code to audit if you want to check for security problems
2) It is a kernel module implementation (at least on Linux), so the processing overhead is much smaller and it should be able to scale to wirespeed while handling multiple connections. It also means that it works like any other network interface, so the usual configuration files and network scripts will take care of running your VPN.
3) Authentication and setup is much simpler, since it is a trust-on-first-use so no need for setting up your own CA.
Have a look at it, it does work quite well.
Had a database server bickering about being short of disk space. Without knowing much of Oracle internals, I found some very large *.log files lying around and promptly deleted them - I mean, there's no need to keep those old system logs, right?
So I learned the hard way what database transaction logs are. And how to convince Oracle to create a new set of transaction log files when starting up.
Fortunately, it was a very quiet database.
Since it was in the Windows for Workgroups days, TCP/IP was most likely not used. Just some random address assigned by the NIC and running Netbios, IPX or some other abominable protocol.
Personally, I would have made the PC speaker start screaming at the user with a NSFW vocabulary. Guaranteed results much quicker.
7. The fridge, being an intelligent IoT device, will notice that it needs to stock up on fresh milk, but since there is no Wifi connection in the asteroid belt it will fail to connect to Walmart and subsequently the control system crashes with an unexpected error. The thrusters therefore fail to fire, and the fridge crashes back to Earth.
is about as quaint as remembering phone numbers.
Face it - one of the goals of ANY new IP version is to extend the address range. So no matter how you design the protocol, you end up with more numbers per address. Saying that it is easier to remember 188.8.131.52 than 2a00:1450:400f:802::200e just does not make sense. What you CAN remember is "google.com".
Which is why we invented DNS.
I agree with the "(most) pen tests are crap" statement, but you should still consider disabling ping responses. It is trivial to spoof the source of a ping request, so pulling off a DDoS with your host (and many others) being used to flood someone else with ping responses is simple.
Same reason you don't respond when someone sends a packet for a closed/non-existing service, but just drop it with no response.
One of the news stories here in Denmark this week (apart from Donald) was that we must buy spare parts for our F-35's now, because production of spare parts for our version of the F-35 will stop in a couple of years.
Oh, and our F-35's haven't arrived yet, it will be some years before they touch down here.
Definitely no speed daemon. There are a couple of this kind of devices around, for the latest holidays I brought along a WDC My Passport Wireless which has the same features except it uses 1 (or 2) TB rotating rust storage. Just did a simple speed test, which gave me 60 seconds for uploading a 100 MB file, and 25 seconds for downloading the same.
Bought it for backing up the SD cards from the digital cameras while on-the-go (my S.O. is an ex-photographer, so a couple of hundred snaps per day is not uncommon). Works quite well.
But yes - these micro-reviews are nice.
Totally agree. Codepage 865 (the danish one, in case you didn't recognize it) had some of the special danish letters mixed up with the symbols for cent and Yen. I still see the occasional bill printed by an cash register running some ancient software with the company name printed as "s<yen>n" instead of "søn".
It was "fixed" by switching to codepage 850, meaning lots of fun when trying to figure out why pc's set for one codepage would print *almost* correctly on printers set for the other ....
Easiest solution is to just encrypt whatever data you put on the disk. dm-crypt/LUKS on Linux boxes, and I'm sure MS has something similar (the name escapes my mind).
It also works if the hard disk is stolen or goes AWOL in the back of taxi.
Sure, it nips a couple of cpu cycles from your system, but most boxes have plenty of idle cycles to spare while waiting for the spinning rust to settle.
The company I worked for did some custom applications development for a company based in Greenland, who - amongst other things - exported a lot of shrimp which all ended up in a warehouse in Copenhagen. A new release had to be installed right around beer'o'clock on a Friday, and of course it didn't work. Debugging and fixing other peoples code has to be done right there and then, but I got it working. On the way out, the customer thanked me for getting things working and sent me home with 2 kg (about 4 lbs) of frozen shrimps "so I had something for dinner".
Pretty good shrimp, though.
"1) I can see what sensitive corporate data such as, I dunno, customer database Employee X has uploaded to their HotGmahoo! webmail account and sent to Competitor Y."
Sure, that's what Employee X would do. Copying it to a USB stick and bring it home? Nah ... no way.
Couldn't agree more. When I stumble across a site that seems interesting, I am quite willing to pay them for their efforts - but in return, I expect them to stop forcing ads down my pipe. Or at least give me the option to turn off the darned noise.
But expecting to get intelligent writings for free is naïve.
Had a similar experience only a couple of weeks ago. A matcbox-sized, USB-connected *harddisk* sporting a full 2.2 GB, bought at the Copenhagen equivalent of Tesco's went tits-up. Only one problem: It belonged to my SO, not the Boss ... so the usual BOFH remedies for "fixing" it could not be applied.
Thanks to Linux and ddrescue, I managed to salvage the important bits.
(Peltier elements?!? Nice ...)
What about it? In the words of Mahatma Gandhi (when asked about western civilzation): "I think It would be a good idea".
He wasn't impressed. Me neither.
Change management usually means that updates are slow to trickle out. Just ain't gonna fly these days with developer teams rolling out hourly software updates and managers screaming to get the hottest new whizbang thing on the production systems. So it gets overridden by some PHB ("it's just a small UI change!") and things break.
The article is about cleaning up when things go bad, not preventing them (save for the post-mortem analysis). For that it is a pretty nice list, although I think most experienced sysadmins could write it in about 10 minutes.
"the Danes – well, they introduced something very similar to the Home Office’s proposed ICRs only to ditch it a few years later because it proved to be useless, and just meant their police force was drowning in data."
Unfortunately our dear politicians have learned nothing from their previous failure, so they are at it again: http://www.dr.dk/nyheder/politik/pind-om-internetovervaagning-ny-tid-kraever-nye-regler (in danish, I'm afraid).
Having mail thrown away by accident is really annoying, especially when you only have yourself to blame. So if you are new to this, get yourself a domain to play with, and set everything up the way it should be. And test it properly. Domain prices vary a lot between the TLD's, but the .info domains appear to be cheap at the moment (29 kroner = ~3£ for a year at my local dns shop).
Having done this for 20+ years, my experience is that you shouldn't try this on a home connection. Too much hassle with ISP filtering ports, home DSL IP's being blacklisted etc. etc. And if you end up providing mail service to friends&family (and believe me, it will happen ...) then your home server suddenly needs to be up and running 24/7 - including power and Internet connection.
Much easier with a VPS somehwere, and it is cheaper on the power bill.
My own setup is based on https://workaround.org/ispmail/ - is uses Postfix and Dovecot on Linux. Sendmail? No way I'm gonna do another sendmail.cf voodoo dance again. QMail? Been there, done that - for 10+ years, actually, but it is definitely showing its age now, getting it to do spam filtering and avoiding backscatter mails was just too big a hassle.
Apple is building a new datacenter in Denmark near Viborg.
Caused a bit of a stir around here, since they officially defined it as a "heat generating factory", so that they could avoid a bit of tax by selling the heat to the local district heating company.
Biting the hand that feeds IT © 1998–2019