|
it's 2015. If you don't assume people are going to gently caress with you on the internet, you are part of the problem. The jerk loving with people are ALSO part of the problem, so i'm not giving them a pass, but security should be your #1 design concern.
|
#
?
Nov 1, 2015 17:12
|
|
|
|
| # ? Apr 28, 2024 18:44 |
|
|
But security costs money and time and and and
|
|
#
?
Nov 1, 2015 18:11
|
|
|
GreenNight posted:But security costs money and time and and and  It's also never black and white and always about tradeoffs.
|
|
#
?
Nov 1, 2015 18:17
|
|
|
MC Fruit Stripe posted:I know what you mean, but I also hate that this is how things work. I understand why you feel that way, but I don't feel anything negative about what happened. There is a fine line between cynicism and realistic expectations. I feel that a cynic would have said "those students will never get that twitch installs arch project to work", whereas a realistic person would say "someone's probably going to troll the entire project". I like the fact that these guys were students and they've received the real world experience of something blowing up in their face. We all need those teachable moments :P
|
|
#
?
Nov 1, 2015 20:06
|
|
|
I just hope they relaunch it. It was fun to watch. The chat room was like observing the stream-of-consciousness of a hyper-caffinated sysadmin with Multiple Personality Disorder. Like Inside Out for sysadmins.
|
|
#
?
Nov 1, 2015 23:31
|
|
|
What should have happened was just let the internet badguy do whatever he wants with a linux neckbeard narrating what's going on. Sell the raw footage to hollywood and turn it into a hacker expose. "And here we can see the hacker in his natural habitat. It seems the hacker is feeling frisky today and is performing his mating ritual: showing an audience of 10 000 viewers an ASCII rendition of goatse in the Lynx web browser. Truly the king of the jungle, the hacker is."
|
|
#
?
Nov 1, 2015 23:40
|
|
|
Methanar posted:What should have happened was just let the internet badguy do whatever he wants with a linux neckbeard narrating what's going on. Indeed. Keep the server isolated from their internal network, and see what hijinks ensue.
|
|
#
?
Nov 2, 2015 01:38
|
|
|
AreWeDrunkYet posted:Indeed. Keep the server isolated from their internal network, and see what hijinks ensue. There are surely some legal repercussions to providing hackers an open platform to do whatever they want on a system you own.
|
|
#
?
Nov 2, 2015 02:08
|
|
|
NippleFloss posted:There are surely some legal repercussions to providing hackers an open platform to do whatever they want on a system you own. Only applies to unauthorized access where damage is done. If you're specifically and deliberately honeypotting them in order to film a documentary or whatever, it's going to be hard to prove that you were damaged by the intrusion and that the intrusion was unwanted. This is the reason why penetration testers aren't in prison (and why a good part of the penetration testing process involves a lengthy legal discussion on rules of engagement). e: Unless you're referring to the case where they may be setting up your system for a botnet or proxy to carry out an attack on a third party. In that case, I have no idea. But it's rare to see people prosecuted for being unwitting participants in computer crimes due to gross negligence, so I doubt the FBI would bother come after you since it would be a waste of time. psydude fucked around with this message at 02:24 on Nov 2, 2015 |
|
#
?
Nov 2, 2015 02:17
|
|
|
psydude posted:Only applies to unauthorized access where damage is done. If you're specifically and deliberately honeypotting them in order to film a documentary or whatever, it's going to be hard to prove that you were damaged by the intrusion and that the intrusion was unwanted. This is the reason why penetration testers aren't in prison (and why a good part of the penetration testing process involves a lengthy legal discussion on rules of engagement). I think what he's saying is more of a "Let's not give root access to a bunch of people who are clearly malicious because if they do something egregious like DDoS somebody from our box, it might bite us in the rear end."
|
|
#
?
Nov 2, 2015 02:22
|
|
|
Toshimo posted:I think what he's saying is more of a "Let's not give root access to a bunch of people who are clearly malicious because if they do something egregious like DDoS somebody from our box, it might bite us in the rear end." Yeah, see my above edit. I guess you could permit only certain types of vulnerabilities on your network. Most DDoS tools are widespread and are easily detected by next generation firewalls and IDSs/IPSs. And even if the tools themselves aren't detected, the traffic pattern is going to trigger a block. TBH it would probably be best to just treat it like a penetration test and get someone you trust to do it within certain parameters. psydude fucked around with this message at 02:29 on Nov 2, 2015 |
|
#
?
Nov 2, 2015 02:27
|
|
|
Toshimo posted:I think what he's saying is more of a "Let's not give root access to a bunch of people who are clearly malicious because if they do something egregious like DDoS somebody from our box, it might bite us in the rear end." Yea, it's hard to claim that you had no idea they were setting up a kiddie porn dump or trying to DDoS whitehouse.gov when you set up a stream to allow hundreds of thousands of strangers to watch them do it.
|
|
#
?
Nov 2, 2015 03:11
|
|
|
All of these ridiculous replies assume that they can't just shut off the server at any time. "Let's see where they go with this" does not mean that they're obligated to leave it on for X amount of time.
|
|
#
?
Nov 2, 2015 10:48
|
|
|
Regarding the twitch/arch discussion, this article was written before the experiment started:quote:Linux, in contrast, opens the door to a whole world of exotic trolling opportunities.
|
|
#
?
Nov 2, 2015 14:50
|
|
|
So Im looking to transition into help desk work or some other entry level position for IT; to that end I went out and earned A+ and Network+ certifications. However I was looking for opinions on what non-certification based skills or software I should teach myself in order to make myself marketable if I'm coming in from the outside. I've made an effort to familiarize myself with Remedy since its the ticketing software I've seen referenced most heavily in job postings, but I was curious if folks had an suggestions in the 'this is knowledge someone should definitely have' department.
|
|
#
?
Nov 2, 2015 14:57
|
|
|
Lilli posted:So Im looking to transition into help desk work or some other entry level position for IT; to that end I went out and earned A+ and Network+ certifications. However I was looking for opinions on what non-certification based skills or software I should teach myself in order to make myself marketable if I'm coming in from the outside. I've made an effort to familiarize myself with Remedy since its the ticketing software I've seen referenced most heavily in job postings, but I was curious if folks had an suggestions in the 'this is knowledge someone should definitely have' department. Customer service. If your'e dealing with users, that's almost priority over even IT knowledge. How to work a computer can (sometimes) be taught, but Customer Service is learned, and can sometimes take a while.
|
|
#
?
Nov 2, 2015 15:59
|
|
|
Lilli posted:So Im looking to transition into help desk work or some other entry level position for IT; to that end I went out and earned A+ and Network+ certifications. However I was looking for opinions on what non-certification based skills or software I should teach myself in order to make myself marketable if I'm coming in from the outside. I've made an effort to familiarize myself with Remedy since its the ticketing software I've seen referenced most heavily in job postings, but I was curious if folks had an suggestions in the 'this is knowledge someone should definitely have' department. Honestly, for entry level I wouldn't sweat the "learn common support tools". Being familiar with ServiceNow or Remedy would not tip the scales in a hiring decision for me, entry-level or otherwise. I'd say cast your net wide and start figuring out what interests you. Do you like Linux? Start playing with the OS and building up skills. You want to do networking? Start following tech sites and read up on networking. I will say if you list a hobby or outside interest that shows a desire to learn and grow, I'll pay attention to it. It doesn't need to be related for positions you're pursuing, more that you show an interest in learning and developing skills. It may or may not actually impact the decision to hire, but it will cause me to give you more consideration. However, don't do it and be miserable because you think it will get you a leg up. Do something you actually enjoy.
|
|
#
?
Nov 2, 2015 16:01
|
|
|
hth you're looking for entry level/helpdesk stuff; you have more tech credentials than I did when I started.
|
|
#
?
Nov 2, 2015 16:07
|
|
|
Yeah, my tech credentials consisted of a pile of worthless free Brainbench certifications. But I did know the right people to get me in the door, so you should network whenever possible. Local user groups and meetups are awesome for coming across people who can get your resume looked at a little closer.
|
|
#
?
Nov 2, 2015 16:39
|
|
|
Gothmog1065 posted:Customer service. If your'e dealing with users, that's almost priority over even IT knowledge. How to work a computer can (sometimes) be taught, but Customer Service is learned, and can sometimes take a while. Oh yeah, I should have mentioned I'm coming from a sales background in addition to working in retail or food service through high school and college. I have like 9+ years of customer service experience at this point which is actually part of the reason I was looking specifically at help desk work, but thank you for the reminder to be sure to emphasize that on my cover letter! flosofl posted:I will say if you list a hobby or outside interest that shows a desire to learn and grow, I'll pay attention to it. It doesn't need to be related for positions you're pursuing, more that you show an interest in learning and developing skills. It may or may not actually impact the decision to hire, but it will cause me to give you more consideration. Alright, I'll keep this in mind; to some extent I had already been doing this. Although I couldn't utilize it in a professional environment I had taught myself how to do some basic coding in python recently because I enjoy understanding the backend of how software functions. I ended up writing some really basic utility programs for myself with the knowledge, but it was mostly interesting for getting some minor insight into how certain applications functioned. Thanks for the tip! Vulture Culture posted:But I did know the right people to get me in the door, so you should network whenever possible. Local user groups and meetups are awesome for coming across people who can get your resume looked at a little closer. Okay, I'll definitely look into what local groups are in the area, thanks! I really appreciate the advice, everyone!
|
|
#
?
Nov 2, 2015 17:06
|
|
|
Lilli posted:Oh yeah, I should have mentioned I'm coming from a sales background in addition to working in retail or food service through high school and college. I have like 9+ years of customer service experience at this point which is actually part of the reason I was looking specifically at help desk work, but thank you for the reminder to be sure to emphasize that on my cover letter! You should also be looking for "Desktop Support." That's a half step up from helpdesk and still requires good customer service skills.
|
|
#
?
Nov 2, 2015 17:11
|
|
|
Lilli posted:Although I couldn't utilize it in a professional environment I had taught myself how to do some basic coding in python recently because I enjoy understanding the backend of how software functions. I ended up writing some really basic utility programs for myself with the knowledge, but it was mostly interesting for getting some minor insight into how certain applications functioned. keep doing this forever and there is no way to possibly fail in this industry
|
|
#
?
Nov 2, 2015 17:12
|
|
|
Lilli posted:Alright, I'll keep this in mind; to some extent I had already been doing this. Although I couldn't utilize it in a professional environment I had taught myself how to do some basic coding in python recently because I enjoy understanding the backend of how software functions. I ended up writing some really basic utility programs for myself with the knowledge, but it was mostly interesting for getting some minor insight into how certain applications functioned. Thanks for the tip! This is the kind of poo poo I want to hear about in an interview. My team actually uses Python regularly to automate stuff that's not easily done by off the shelf kits. Things like this would definitely give you a leg up. I don't know about other places, but part of what we take into account for hiring decisions is how likely will we be able to move you up through the ranks. Proteus Jones fucked around with this message at 17:17 on Nov 2, 2015 |
|
#
?
Nov 2, 2015 17:15
|
|
|
MC Fruit Stripe posted:All of these ridiculous replies assume that they can't just shut off the server at any time. "Let's see where they go with this" does not mean that they're obligated to leave it on for X amount of time. Sort of defeats the purpose of twitch plays streaming if you have to kill the stream every 45 seconds because someone tried to turn it into a spam server sending goatse to the world. There's not any mystery about "where this goes" when you open it up to everyone like that, as the first incarnation demonstrated.
|
|
#
?
Nov 2, 2015 17:28
|
|
|
What did they start setting up on that twitch linux install that shut it down?
|
|
#
?
Nov 2, 2015 18:18
|
|
|
ChubbyThePhat posted:What did they start setting up on that twitch linux install that shut it down? Gentoo
|
|
#
?
Nov 2, 2015 18:21
|
|
|
ChubbyThePhat posted:What did they start setting up on that twitch linux install that shut it down? It was mostly that someone had a botnet large enough that win a vote against the public. But the guy started to install nmap after checking that he had internet access.
|
|
#
?
Nov 2, 2015 18:29
|
|
|
I'm completely missing something about Raid-5. If there are, for example, four 1tb drives, how does the parity only take up 1tb of space? The parity is where all of the redundancy comes from, right? It seems like if you had 3tb worth of data, you could only have 1tb redundant. E: okay, figured it out. It's not copying the data, its doing bitwise operations to make nonsense data that can be used to backwards engineer the lost data. That's pretty cool. 22 Eargesplitten fucked around with this message at 20:51 on Nov 2, 2015 |
|
#
?
Nov 2, 2015 20:44
|
|
|
22 Eargesplitten posted:I'm completely missing something about Raid-5. If there are, for example, four 1tb drives, how does the parity only take up 1tb of space? The parity is where all of the redundancy comes from, right? It seems like if you had 3tb worth of data, you could only have 1tb redundant. Math is magical stuff. Google "Raid 5 parity algorithm" and take your pick.
|
|
#
?
Nov 2, 2015 20:55
|
|
|
Yeah, imagine the drives can only store 1 bit each. 4 drives with 3 bits of data and one parity bit, which is 0 if the sum of the 3 data bits is even, 1 if it's odd (one way to do it). Lose any one drive and you can figure out what the missing bit is, no matter which drive it was. Same thing works for 400 drives with 399 data bits. This is why reading from a degraded RAID 5 is slow, because the controller is doing the parity operation on the fly to fill in those missing bits. And writing to RAID 5 is slow because it's calculating parity as it writes.
|
|
#
?
Nov 2, 2015 20:57
|
|
|
thebigcow posted:Math is magical stuff. Google "Raid 5 parity algorithm" and take your pick. Double parity schemes where you need to prove independence are more interesting. The Reed Solomon stuff used for erasure coding across shared nothing nodes is significantly cooler than both.
|
|
#
?
Nov 2, 2015 21:08
|
|
|
How many of you keep your email with very few unread emails? During work hours, it's rare that I'll have more than 10 unread emails. When I get in the office, first thing I do is go through all email, even if most of it is logs and automated notices. After taking a peek at some of my coworker's inboxes, with hundreds of unread items, I wonder if I'm a strange bird, or if I'm part of a strange breed.
|
|
#
?
Nov 2, 2015 22:03
|
|
|
Alfajor posted:How many of you keep your email with very few unread emails? No, those people are monsters.
|
|
#
?
Nov 2, 2015 22:04
|
|
|
rafikki posted:No, those people are monsters.  - in an emergency, right click mark all read.I found out my director reads no email at all when he gets back from vacation. Just marks it all read and moves on with his life, figuring anyone who really needs anything will just ask him for it again. Must be nice...
|
|
#
?
Nov 2, 2015 22:07
|
|
|
I get into this argument a lot, actually. I do not clean my inbox and I do not mark things as read if I haven't read them. Search exists and I use flags to drive my workflow, not read/unread. I save a lot of time not cleaning my inbox and whenever I need an email I have it, unlike my more "organized" coworkers.
|
|
#
?
Nov 2, 2015 22:08
|
|
|
It honestly doesn't matter for me because it's not like I'm going to remember anything on Monday. Read, Not Read, it's new to me!
|
|
#
?
Nov 2, 2015 22:10
|
|
|
The first thing I do in the morning is go through unread email, respond to any as I read them, and then start the rest of my day, this is assuming the world isn't on fire when I get into the office. I organize emails into different folders as needed.
|
|
#
?
Nov 2, 2015 22:18
|
|
|
Email is the most important thing I do so I make sure I am always reading it. When I have gaps between emails, I will do other work. If you would like me to work more, get me fewer emails.
|
|
#
?
Nov 2, 2015 22:28
|
|
|
Internet Explorer posted:I get into this argument a lot, actually. I do not clean my inbox and I do not mark things as read if I haven't read them. Search exists and I use flags to drive my workflow, not read/unread. I save a lot of time not cleaning my inbox and whenever I need an email I have it, unlike my more "organized" coworkers. I read (or mark as read) all email and archive it if I don't need to reply or address it. Things in my inbox are things I still need to address. This was a change in behavior from just keeping everything in the inbox and relying on search, because I would forget to do things. It works for me but I have no strong opinion on whether it's appropriate for others. Just do what you need to do to not forget stuff.
|
|
#
?
Nov 2, 2015 22:34
|
|
|
|
| # ? Apr 28, 2024 18:44 |
|
|
Internet Explorer posted:I get into this argument a lot, actually. I do not clean my inbox and I do not mark things as read if I haven't read them. Search exists and I use flags to drive my workflow, not read/unread. I save a lot of time not cleaning my inbox and whenever I need an email I have it, unlike my more "organized" coworkers. I do a sort of "Inbox Zero" that works for me. I have a folder that spans two months for "dealt with/read" emails. Right now it's "2015 Nov Dec Cabinet" Older ones are in "Archive Folder". After 12 months they are deleted forever. I triage my Inbox when I get in and then at 2 hour intervals until I leave. Triaged emails are sorted into "Due Today", "Due tomorrow", "Due in three days", or the current "cabinet" Vendor trash and all FYI emails are trashed Ones that need to be addressed I either add to my task management or respond. They then get filed. Mails from automated systems that are not priority 1 have server side rules to segregate and I deal when I can. It works well for the most part. I was out last week due to an unexpected death (not mine) and came back to 800+ inbox messages. Even with my rules, it took a lot of today to go trough and respond to them. So I still have some tweaking left to my system.
|
|
#
?
Nov 2, 2015 22:34
|
|