Warning: Constant ABSPATH already defined in /home/public/wp-config.php on line 27
O frabjous day! Callooh! Callay! — Why Now?
On-line Opinion Magazine…OK, it's a blog
Random header image... Refresh for more!

O frabjous day! Callooh! Callay!

At 10:26AM someone at the courthouse realized that a trial would interfere with Christmas week festivities, so any outstanding cases scheduled for next week that hadn’t been settled were continued to a later date. This means that I don’t have to show up at the courthouse at 8AM on Monday, which is nice.

It would have been better if they had figured this out before I bought a suit and got a haircut, as that would have saved me a good deal of money, but I will be satisfied with not having to deal with rush hour traffic.

10 comments

1 Kryten42 { 12.20.14 at 10:08 am }

Ah well… A new suit has many uses! Weddings, divorces, funeral’s, job interviews… etc. 😉 😀

Read this Bryan? I was going to post a comment a few days ago, but thought I’d wait and see if they figured out who was doing what. 🙂

The FBI has formally accused North Korea of being behind the Sony hack

What a surprise.

And of course, thanks to the NSA, CIA (and several other 3-letter acronyms) , Comm’s Companies, and big Business for making security a complete joke. You know what I mean. I actually hope this is the start of a big trend. Then maybe morons will finally start taking *actual and real* security seriously! But I shan’t hold my breath. LOL

2 Shirt { 12.20.14 at 10:48 am }

If you’re comfortable in the suit then wear the suit. The only time I was summoned (but not selected) I wore the same clothes I work in; clean, comfortable, sans chicken choker.

Regarding the Sony hack: I think we’re being played. See http://www.wired.com/2014/12/evidence-of-north-korea-hack-is-thin/

I haven’t quite figured out the motivation by the players but this “incident” will certainly be used to clamp down on internet security. BTW: there is nothing wrong in forcing someone who’s transferring huge data chunks to meet certain ID criteria.

3 Bryan { 12.20.14 at 10:51 am }

They make manufacturers install backdoors in their software and complain when the least tech capable country in the world can hack them. The media moguls hire hackers to file absurd lawsuits against people for ‘illegal downloading’ and wonder why the tools exist to download everything on their corporate servers. They spend millions on advertising crappy movies but won’t hire the people needed to set up their firewalls correctly. They buy cheap equipment from China and wonder why China and its allies can access all of their data. They ignore security and complain loudly when someone wanders in through doors that are not only unlocked, but open.

The only way of changing this is for insurance companies to stop paying claims where companies aren’t taking reasonable steps to secure their systems. Most corporate systems are months or years behind in patches and updates to their system software, and their routers are a joke. The news isn’t that they are being hacked, but how infrequently the hacks are reported. My credit union has pretty good security, but I have had to change my debit card twice in a year because of hacks at the corporate sites of large retailers. That cost is not added to whatever the corporations claim for damages and I don’t get reimbursed for the time I have to spend getting a new card.

It is years past the time when these fools have needed to spend serious money on security. Solid security should have been designed in when the companies decided to connect to the ‘Net.

4 Bryan { 12.20.14 at 11:11 am }

For some weird reason you got dumped in the spam folder, Shirt, and I was posting at the same time.

I needed a suit that fit me, but I didn’t need to spend the money right now, and the haircut makes my neck cold. I trim my beard this time of year to avoid the Santa Claus jokes, but leave what hair I have left on the back of my head alone until it warms up a bit.

You don’t need much to point to North Korea because the government owns all of the computers and there aren’t really that many IP addresses active in the country. The reaction of the country is also a big tell that they did it. All governments do this stuff, so the problem is the lack of any real security at Sony, not that they got hacked.

5 Badtux { 12.22.14 at 12:34 am }

. Most corporate systems are months or years behind in patches and updates to their system software

And why is that so? Let me list the reasons…

1. A sizable percentage of the time, a patch or update breaks a critical application on the corporate network. For example, a Windows Server update broke domain validation between our firewall router and our domain servers. To the point we had to call in a consultant to fix it, and even he is baffled.

2. A sizable percentage of the time, a patch or update requires a reboot. Reboots in a 24/7 server environment simply aren’t acceptable, and are invariably scheduled for once per year so that you can reach the 9/9’s uptime requirements of your customers.

3. A sizable percentage of the time, a patch or update renders the server unbootable. As in, dead in the water. As in, you just created a shitload of trouble for yourself and for your company.

In short: The reason patches and updates don’t get applied is because *THEY’RE AS BAD AS WHAT THEY’RE SUPPOSED TO BE PROTECTING AGAINST*. I don’t care whether it is a hacker or a Microsoft patch that downs my Windows domain servers. They’re down either way — and it’s much less likely that a hacker will do it, given our firewall and IDS, so I’d rather risk hackers than Microsoft “quality”.

– Badtux the DevOps Penguin

6 Kryten42 { 12.22.14 at 5:13 am }

Unfortunately, Badtux is right. I spent a lot of my time in the IT/Security biz protecting clients from M$ and other s/w vendors. I’ve seen all the above, and more. Sometimes h/w vendors such as Cisco (to name but 1) were as bad with their system s/w updates. I had a HP client in the late 90’s loose a 7000 series router that was bricked after a forced f/w update! We had to swap their older 4000 series unit (which I’d recommended they keep when they bought the 7000, luckily) while waiting over 3 days for a replacement, and this was a major Corp. client! HP would have given them one, but as it happened, we didn’t have one at that time. And we couldn’t give them a HP replacement since that would have taken as long because of different architecture etc.

But even having a decent Firewall/IDS doesn’t make anyone invulnerable. Even they eventually need updates or replacing. Curiously, there are lessons to be learned from the mining industry. 🙂 They can take several Months to plan for major equipment maintenance and replacement, whilst lessening the impact to production. Most of them still use DOS on Mil spec systems! LOL They understand reliability better than anyone. Doesn’t mean they don’t get it wrong, but in this specific case of maintenance of existing systems, they usually do it right. You only have to look at BP’s recent history to see what happens when Corp. greed is in the driving seat!

Until quality and reliability become more important than profits, and companies are held severely accountable, it won’t improve. Sometimes, it’s simply a case of “the devil you know”, or the least bad option. *shrug*

7 Badtux { 12.23.14 at 11:59 pm }

The only good thing is that now we’re virtualizing servers, so we can make a snapshot of the server before we apply the patch (assuming we’re using something like ESXi that will snapshot running servers). Which I did to the domain servers. But frustratingly, rolling back the domain servers to the previous snapshot did *not* fix the issue talking to the firewall router. Apparently the domain servers somehow told the firewall router “I don’t like you anymore” and the firewall router is sulking even after I rolled back the domain servers. SIGH!

Oh yeah, why the firewall needs to talk to the domain server in the first place — VPN access. That’s how VPN users are authenticated. Double-sigh!

8 Kryten42 { 12.24.14 at 8:13 am }

Whilst working with Prometeus setting up their cloud services and security, we had a lot of problems with DNS systems. In the end, they decided the best option was to find some experts. 🙂 They have partnered with RAGE4 Networks on what is truly an excellent deal! R4 wanted a secure place to locate a fully redundant DNS system in Italy, so Prometeus organized two locations in their facility in Milan for secured cabinet’s with triple redundant controllers, fiber and interfaces.

Now Prometeus can offer free DNS by R4 to all their clients (Std for low-end basic hosting, Pro for VPN, Server & Cloud hosting), and since the nodes are in their facilities (Dallas and a 2nd Italian site will be up in 2015), they are damned fast! 😀 R4 also wanted a 2nd location here in Aus. (they had one in Syd. Wanted a different city and decided to put one here after learning I helped CyberGhost choose and setup their facility here earlier this year. They located their DNS in the same facility. A huge bonus for me!) Aus. has 3 undersea fiber links (Syd., Melb., & WA). The Melb bundle goes via SA to NT, from Darwin NT to Singapore (DNS node), to Taramani India (DNS node) to Pune India (Prometeus + DNS), then to Greece (DNS), Then Italy. So I’ll have no DNS problems (and the ones I was having have all disappeared) and damn! Is it fast! And RAGE 4 are totally paranoid about security! The min pwd on everything is 16 mixed characters, and must be changed every 30 to 90 days and pass a rigorous dictionary check to be accepted. And they require a two-factor authentication token also! Of course, only login via HTTPS are supported to your DNS management services, and their nodes can only be managed on-site or via secured hardware VPN. We also use DNSSEC with chained sig’s. 🙂

If a client uses up to 250,000 DNS requests / Mth / Domain, it’s free. Up to 1 million requests, it’s 1 euro / mth. 🙂

R4 liked Prometeus Anti-DDOS system and helped strengthen it for their managed anycast BGP gateways, and client use. 🙂 Prometeus & R4 offer high-end Anti-DDOS protection for 100 Euro/Mth!

And… prometeus have yet another new VPS hosting service in Italy & USA called XenPower!
http://xenpower.com/

It’s been an interesting, and very hectic year. It’s meant I’ve had to delay my own roll-out that was planned for July, but it was well worth delaying. 🙂

Well, it’s Xmas day here, I’m off to bed. Until boxing day! 😉 😀

Whatever you are all doing tomorrow, enjoy! 😀

9 Badtux { 12.25.14 at 1:39 am }

I’m just using plain old BIND for our internal DNS. I’ve been editing zone files by hand for hmm, close to twenty years now, and see no reason to change given the limited number of hosts that we have. For our external DNS we’re using Amazon’s DNS service, because it integrates with CloudFormation so that our configuration JSON can assign a DNS name to the new virtual cloud that we just spun up. It is possible to do the same thing by hand by copying Amazon’s load balancer DNS name as a CNAME into your own BIND zone file, but that’s one more manual step to go wrong. Since all our outward-facing servers are in the Amazon cloud, it made sense to use Amazon’s DNS too.

It is now December 25th here in Phoenix AZ, so Merry Christmas!

-Badtux the Christmas Penguin

10 Bryan { 12.25.14 at 12:21 pm }

Well, Merry Christmas to both of you, no matter what IP you are sending from!