They were probably aware that this would come up anyway so their PR department took action. To be hacked when you are a security focused company is hurting their image whatever advanced attack was used. I guess they were blackmailed that somebody will reveal information about breach so they took proactive but image hurting approach. Nevertheless it is curious.
Some technical explanation that I TL'DR as for now
https://securelist.com/files/2...
But these statements that "entire network needs to be replaced" - who said that? Their CIO or just some politician (probably from the opposition)? I *really* find it hard to belive that in order to secure your network you need to replace ALL THE HARDWARE. Such statements (REPLACE ALL THE HARDWARE) just prove that the staff (or person issuing such statements) have no idea how the breach came to life. And if they have no idea what makes them think that replacing hardware (not security policies, not the staff, not the systems, not the software) would solve the problem?
> I call BS.
I call it too.
> There's no competent network/system admins?
I was once working under a guy trained in CS at Bundeswehr (German Federal Defence) and I recall this guy as the most sane CIO I happen to work with. It may be just the one guy was sane or more likely that his training was OK. Nevertheless in such scenario you do not relay on belief that your staff is competent - you just hire external auditing/security company to assure you (or not) about that. And that is what that guy would to. This has nothing to do with trust - it is IMO a good practice - have some guys that control each other.
This article is so full of WTF I just can't belive it. I guess it is some form of poor translation of german source.
1) All software and hardware in the German parliamentary network might need to be replaced.
So they will replace all servers, routers, switches etc.? Or just client machines?
2) Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination
So maybe just fucking block all outbound traffic from the Bundestag network and enable it back on a white list basis like it should be anyway?
3) In May, parliament IT specialists discovered hackers were trying to infiltrate the network.
Just fucking WOW! Shouldn't it be an assumption (that hacker are trying to inflitrate government network) not a discover?
4) Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process.
I guess the legislative *process* should not be a secret to anyone?
IMO this is just some bullshit article citing politicians not technical piece. I guess it is really hard to work for any central government bureau since *any* of your action no matter sane or stupid will be judged not by technical merits but by political fucking around. I really do pity the actual IT staff behind this mess.
> You seems like you have been trying to use it, haven't you? Like most
> open source solutions, you might have to tweak it a bit to get it to do what
> you want and then again, you have to make compromise.
Sorry I am an professional - for my clients I advice and implement what is best for them so in general I avoid tweaking (as in unstadarised hacks). Tweaking is good for my home machines but what I do on home machines I would not recommend to clients who just wish to do their business.
> But be assured it works in a satisfactory way for me.
What? Rsync and NTFS? I don't know what is satisfactory for you but I assume you that it is not for me. In cases that I would choose to use rsync over f.e. Windows DFS it would just not work - like it will lose Active Directory ACL's. Rsync is fine tool for mirroring archives but it is not compatible in advanced Linux/Windows setups.
> Just get a proprietary solution if you can't make it work as you wish.
Which one?
> Oh my god, I just realized you sounded like a guy that would
> choose the later solution
I would - why not? I am not rms
> I know what you are saying although and there is some truth to it.
Why "some" truth? You haven't contradicted any of my arguments. The truth is that Linux and Windows filesystems differ in loads of subtle manners (like timestamping, ACLs, internal compression, namespaces) and rsync as codebase *shouldn't* implement a glue between those systems - that should be hadled *lower* (like Cygwin does).
Hopefully Microsoft will decide to act on that fact but keep in mind that in their best inerest it is to manage Linux systems, not the other way.
> tl;dr, both MS and Linux would win big. Especially if Windows had the
> ability to run Linux applications in Hyper-V wrapped Docker containers.
Just run Linux kernel in hypervisor and do some glue to map Linux/UNIX convetions (process management/filesystem/networking/etc.) to Windows host. But that is problematic - you can do it in many ways (like you've said EMC is the way you like it). I guess the problem is that we need to have some standards regarding on how to map such things and the best way possible would be to the vendor (Microsoft) to define that with open and true intentions of interoperability. As you've said everyone would benefit from that.
> I guess Microsoft finally got sick of seeing PuTTY's hegemony in
> the terminal/SSH client market
You guess wrong. There is basically no market for terminal/ssh clients. And if it is it is peanuts. There is HUGE market for centralized management tools like OpenStack, Chief, Puppet, etc. - and that is at what Microsoft is aiming. Basically they need SSH compatibility to manage Linux boxes and they want and they do (Azure) manage Linux boxes.
> I shudder to think of how bastardized the command options are going
> to be, given the PowerShell's habit of using stuff like
> '-omgLookAtThisMassiveOptionNamingConvention', to the point where
> they have to alias a frickin' option...
Oh like in GNU/Linux/BSD utils are just kosher and standardized... please... each tiny utility comes from few other schools of command line switches and are usually different. Threre is no standardisation of switches in commands used on Linux. Usually if you need to do something comples (that you haven't yet memorized) you need to open other terminal window with manual to do it. Of course this is a different *convention* from PowerShell but PS is not that bad - it is just different.
> Ah well, good on 'em. I'll stick with using Linux and OSX clients, thanks much.
Oh OSX clients and bastardized commands. Come on...
And for the record I really like Linux and use it all the time. I also happen to use Windows and OSX as clients and they are also fine. Any effort to bring more interoperability between those systems is welcome in my opinion.
Not to mention such trivial things as how to translate paths f.e. C:\Users\foo to
> Next proposal: implement rsync natively...
Rsync fails on Windows/Unix interactions due to basic filesystem architecture. There are lot of differences betweeen NTFS and *nix filesystems like ACLs, timestamping and so on. So I don't really get how Microsoft could change rsync to work with NTFS since the problem is not in rsync but in general differences in which filesystems work - f.e. how to accurately map Windows ACLs to unix ACLs?
Also I don't think that rsync support is something Microsoft clients (as in people who buy their products) are looking for. Ability to run Linux systems via GPO or SCCM/SCOM/whatever it is named now is another matter.
They have no choice. Well they could just stick with Windows Server and Windows Clients but it actually happens that they are offering Linux as a product/service (in their Cloud). So why not embrace and extend methods to manage Linux via their tools? In my opinion this is good trend.
Sorry it wasn't translated to English - my mistake.
I've read Stanisaw Lems essay predicting it in late nineties. The essay was published in a polish "PC Magazine" and then released as part of collection as "Bomba megabitowa" which was also released in English:
IMO he is an idiot. He knew that what he was doing was illegal. He was taking big profit from it. Yet he decided to run his *internet* business from US. Which is stupid. Since it is an internet business you could run it from anywhere and given the income he had he would have settled him OK in any country. Yet he decided to reside in US where his sentence would be draconian for sure. Clearly an idiot.
WTF man - first of all you do not understand what it means to hold own the rights. I don't know which jurisdiction you are reffering to - I assume Murrica since everybody else would state that (not assuming that Murrica is the only country in the world). Second of all you don't get what the rights are - if you have written some code that is you who have written it and in sane juridictions that can't be changed (nobody else can claim he/she is the author). Monetary profit (licensing) is a different deal but you haven't stated exactly which rights you wan't to keep.
Going further... when you write software as an employee of some company it is assumed that you are licensing it - that is the law in Europe. If you are coding for your employer that basically means he holds the monetary rights to it (you are still the author). That is the sane default.
Now I don't know if it is suitable in your case but I would call for BSD type license - that way you will get your monetary rights for the software (as you can take it and sell it somewhere else). But this is not the "default" and you should talk about it with your employer.
Which right now I can plug to exactly nothing I own.
Why did the Roman Empire collapse? What is the Latin for office automation?
