Forgot your password?
typodupeerror

Comment: Re:PFsense (Score 1) 264

by Anti-Trend (#46296609) Attached to: Routers Pose Biggest Security Threat To Home Networks
Been there, done that. pfSense isn't bad, really; just the implementation has some ugly hacks under the hood that make edge cases exceptionally painful, and pf itself (the filter for which pfSense is named) isn't the best for scalability. It's probably fine for most users though -- certainly better than your typical lowest-bidder, unpatched firmware image from who-knows-where. I ran pfSense for years -- I guess about 5 -- and wrote an article about it not too long ago. Eventually moved to a low-power Atom 1U and VyOS (brand new community fork of Vyatta, which Brocade has essentially killed off). I'm very happy with the results.

...if you're familiar with the Cisco IOS CLI, Vyatta is another solution...

Vyatta/VyOS are actually a lot closer to JunOS syntax, FYI. Which is good, since recent IOS syntax makes less sense than ever.

If you're not the DIY type, there's also Ubiquiti, who has their own fork of Vyatta called EdgeOS. Ships standard on all their EdgeMAX routers.

Comment: Re:Oh, the surprise. (Score 1) 800

by Anti-Trend (#42810223) Attached to: Leaked: Obama's Rules For Assassinating American Citizens

You don't want to get blowed up, don't stand with the enemy. American citizenship has no bearing if you are actively engaged in planning WAR against the USA.

Also, don't attend any weddings, either. The trouble is that the state can just hit any random person or location they want, and come up with a justification later. Worse, this is happening in countries in which we have no formal declaration of war, which is a violation of the Geneva Convention. Violating that convention, being signed and ratified by US dignitaries, is also a violation of the US constitution.

Comment: Re:It's worse than that - My boss got one! (Score 1) 134

by Anti-Trend (#31342648) Attached to: New "Spear Phishing" Attacks Target IT Admins

Is there any way I can volunteer to blacklist my own site before this gets out of hand?

Yes! Simply give me your IP range, open up your firewall to the following /24, and I'll get started on that immediately.


Off topic, but is the UI of /. becoming more slow and unresponsive all the time, or is it me?

Comment: Open ranges of IPs on a firewall without question? (Score 1) 134

by Anti-Trend (#31342498) Attached to: New "Spear Phishing" Attacks Target IT Admins
Over my dead body. If another sysadmin or an engineer asks me to poke a single pinhole to a single IP, we have a discussion about the implications. More often than not, we can avoid that whole mentality and pull rather than push from the server in question. If I got such a request from an outside source, you can bet the scrutiny over the issue would be 10x more intense. In a situation where somebody was to fall for something like this hook, line and sinker, I'd argue such a person shouldn't have administrative access to things like corporate firewalls in the first place.

On the other hand, in my younger days I was a network engineer. I ran into more than a few networks of huge multinationals that were designed about as poorly as you could imagine. Oh they had expensive hardware, and plenty of engineers who loved to sign their correspondence with the usual alphabet soup following their name and title. But you can only explain how a static route works to a corporate network admin so many times before you start becoming cynical about the whole thing. I can easily imagine one of those guys opening up an IP range willy-nilly on a firewall, and not realizing it until long after the damage was done. You might be surprised how often this kind of thing happens.

Comment: Re:oh god no (Score 1) 525

by Anti-Trend (#26938565) Attached to: Should Obama Give Stimulus To Open Source?
In point of fact, I'm not in favor of the "bailout" either. Wallstreet got us into this mess, I say let them sink. Same goes for GM. They bought up and dismantled a lot of public transportation after WWII, it'd be poetic justice to nationalize them (at the expense of the shareholders) and use their workers and facilities to build public transportation.

On the topic of public works however, I see that as a totally different topic. You may not use parks, libraries, schools or museums either, but others do. Their impact on society is a constructive one. Open source is along that vein. And if you don't think you use open source, think twice. The webserver you're on is powered perhaps entirely by open source and the open standards built around it. The routers you use to connect to this server are almost all either running open source directly, or are based on some descendant of FreeBSD which is open source. Without OSS, the internet as you know it would simply not exist.

Comment: Re:oh god no (Score 2, Insightful) 525

by Anti-Trend (#26935091) Attached to: Should Obama Give Stimulus To Open Source?
So when they throw money at banks and big industry, it's good. When they throw money at something that can potentially benefit everyone, it's bad? I don't get it.

To me, open source is a resource. The more of it we have, the more competitive we can be. Not just in the IT sector, but everybody who uses computers as part of their business process. It's like building a park or a library. Sure a few people make their living off of the implementation and upkeep of those resources, but the important part is the resource itself. It contributes in a much larger way than the salaries of those commissioned to work on them.

You see but you do not observe. Sir Arthur Conan Doyle, in "The Memoirs of Sherlock Holmes"

Working...