Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Illustrating Basic - Donald Alcock (Score 1) 700

It may seem crude and irrelevant today but had I not read that book sometime in the late 70s / early 80s I would not be:

Typing this post on slashdot
Sitting in front of this computer
Living in this country

(It remains to be seen if any of the above are good things...)

Comment Re:been there done that (Score 2) 165

I have no mod points and parent is already +5 but YES! YES! YES!

You cannot imagine how frustrating it is to send a mail to a site admin on another continent saying something like:

  "Our intrusion detection systems - for which the company invested hundreds of thousands of dollars, not to mention the countless man hours configuring, testing and analyzing results - have identified that the PC named X, connected to port Y of switch Z is clearly virused. It appears to be sharing a mini-switch with computers A,B,C,D, and E so if we shut down the port we cut off all the other computers too. Could you take a look at PC X? By the way - don't forget the possible consequences of remotely logging into a networked, virused PC with your domain adminstrator credentials" ... and receive the response:
"Well I know which building that is but there are hundreds of computers in there. It would take me days to find it. I'll just wait until the user calls in with a problem"

System Administrators everywhere: If you cannot walk straight to a machine on your wired network given its Name, switchport or IP address you are not administrators but passengers.

You really do need to know the physical location of the jacks connected to every port on your wiring closet's patch panels, using any of the ideas mentioned in the above comments. Then you need to know which port of your switch connects to which jack on the patch panel. The people who already have patch cables with idents at both ends are probably not going to be the people with problems, but for those who don't it is never too late to start. I bought a load of laser printable cable labels and printed long numbers (and corresponding barcodes) on them. It takes me about 40 seconds to put idents on both ends of a new patch cable and saves me hours tugging at cables to see what moves or unplugging them to see which light goes out.

Never identify your cables with names like 'server-1' because it WILL be used for something else one day but will not be re-labled. Just put an identifier which is unique to each cable at both ends of the cable. You can then easily look at every port of your patch panel and note which cable ends there, then look at every port of your switches and note which cable starts there. Once you have done it the first time it doesn't take much time to audit it from time to time. Although it is not much work to write a script to generate a list of which cable goes where, just using the search feature of any text editor should enable you to find source and destination for any cable, and from that you should be able to work out the location of any computer given its switchport.

There are lots of ways to map your site retroactively. Some work well and some don't.
Having every computer's name include the user's name works nicely in conjunction with the company phone list, but doesn't work well for lab PCs
If you are using VOIP telephones with internal mini-switches so the computer plugs into the phone you are laughing - just talk to your phone switch administrator if that isn't you. Disclaimer: I only have experience of Cisco VOIP phones. Again - lab PCs are a problem
Use your managed switches' spantree information to list which macs are on which ports, use your router's arp table to list which IP addresses are associated with which macs. If you live in Windows land use NBTSTAT -A (ip address) or preferably use nbtscan to find which mac and Computer name correspond to which IP. When you have seen what the data looks like - script it. It doesn't take long. Script Hint: Macs will appear on several different switches, most of them being on the inter-switch link. The port with the smallest number of connected machines is probably the port the mac is really connected to.
I set up my system before we had IP phones so for my sites the system was simple. The wiring closet is locked and no changes are made until they are documented. The engineers I supported would not make changes to the product without documentation and approval, the beancounters I supported would not make payments without documentation and approval, so why should IT be so unprofessional as to make undocumented changes to the nerve system of the company?

Tools used?
Excel workbook to store all the data, lotsa perl because that was the scripting language at the time, and it could read the data from the individual worksheets in the workbook.
To avoid errors you should never have to enter the same piece of information in a workbook twice. My choice was that each workspace on my Excel spreadsheet floorplan would contain a few cells for user name, user extension, user jack(s). A separate sheet of the workbook would contain a list with columns for location, user, phone ext, jack(s) and almost every cell of that list would be generated by referring to a cell on a floorplan. It takes time to save time and reduce errors.
Don't use Excel macros. IMHO they are one of the few things harder than perl to maintain.

The hardest bit would have been generating maps of the site. My sites have all been on rectangular grids so it was possible to make floor plans on separate worksheets of the workbook. I once helped set up a site in Israel where the majority of internal and external walls were curved and there was no easy way of representing workspaces on a rectangular grid. Fortunately it was small enough that the site administrator knew the names and locations of all the users and all the computers.

If you think this sounds like a 20th century solution - well done! That's when I developed it, although I refined it significantly in the early 2000's.

For all those sysadmins who advocate 21st century solutions but can't walk directly to a given PC given its switchport - Do try and keep up.

Comment Name some names (Score 4, Interesting) 316

After the media storm following the arrest of Mr. Dotcom - who has yet to be proved guilty of any crime - can we now hope to have published the names and photographs of all those who took part in these illegal acts. Not to mention descriptions of their homes, cars and financial assets.

If the aim of the action was to scare all the other download sites out of business voluntarily I feel that natural justice requires the DOJ and NZ police forces get an example made of them to make sure they and other national police forces never try to perfom such egregiously illegal acts again.

Way to go, MAFIAA/DOJ. You managed to convert someone most people would have loved to hate into a martyr.

Comment Source is here... (Score 5, Insightful) 403

17434/11 - Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security

PNR, as set forth in the Guidelines of the International Civil Aviation Organization, shall
mean the record created by air carriers or their authorized agents for each journey booked by or on
behalf of any passenger and contained in carriers' reservation systems, departure control systems, or
equivalent systems providing similar functionality (collectively referred to in this Agreement as
"reservation systems"). Specifically, as used in this Agreement, PNR consists of the data types set
forth in the Annex to this Agreement ("Annex").
This Agreement shall apply to carriers operating passenger flights between the
European Union and the United States.
This Agreement shall also apply to carriers incorporated or storing data in the
European Union and operating passenger flights to or from the United States.
Provision of PNR
The Parties agree that carriers shall provide PNR contained in their reservation systems to DHS as
required by and in accordance with DHS standards and consistent with this Agreement. Should
PNR transferred by carriers include data beyond those listed in the Annex, DHS shall delete such
data upon receipt.

Article 2 Item 1 Defines PNR as being data gathered for any flight, anywhere
Article 2 Items 2 and 3 Specify that carriers who must comply are those who operate flights to the USA even if they are incorporated and store their data - in Europe

The data in the Annex - mentioned in Article 2 Item 1 and Article 3 is as follows:

PNR Data Types
1. PNR record locator code
2. Date of reservation/issue of ticket
3. Date(s) of intended travel
4. Name(s)
5. Available frequent flier and benefit information (i.e., free tickets, upgrades, etc.)
6. Other names on PNR, including number of travelers on PNR
7. All available contact information (including originator information)
8. All available payment/billing information (not including other transaction details linked to a credit card or account and not connected to the travel transaction)
9. Travel itinerary for specific PNR
10. Travel agency/travel agent
11. Code share information
12. Split/divided information
13. Travel status of passenger (including confirmations and check-in status)
14. Ticketing information, including ticket number, one way tickets and Automated Ticket Fare Quote
15. All baggage information
16. Seat information, including seat number
17. General remarks including OSI, SSI and SSR information
18. Any collected APIS information
19. All historical changes to the PNR listed under points 1 to 18

I have seen nothing in the agreement that limits the data gathering to flights to / from the USA

If anyone finds wording to contradict me please reply.

Comment Re:Uh, what? (Score 1) 141

Do your staff also have fireproof safes and armoured cars? I'm not sure where the capacity / logistics cost curves intersect but once the robot, tapes, fireproof safe and sealable, serial-numbered tape containers were purchased I found a very significant recurring cost of backing up a site of about 100 people was the weekly visit from the security company that transferred last week's tapes from our fireproof safe to their 24/7 monitored, environment-controlled, fire and flood-proof storage facility. I dread to think what it would have cost to have done the job properly and used an external storage facility > 100 km distant.

Also the fact that I COULD locate the version of a file as it was on any given day in the last 6 months, and at any given month end for several years meant I DID have to keep detailed records so I could call the security company and ask them to bring me box #1234. Good for data integrity but it did take more than a trivial amount of time.

In my experience Cloud backup forces you to just tell your users that unless they specifically ask you to archive something they can only hope to recover the last two or three versions of any given file. Not so secure but a lot less effort.

Comment No political censorship? (Score 1) 308

Child porn has been censored in the US for decades. Has it led to political censorship yet? Nope. Again, you're insane. Paranoid, specifically.

Ok, how about this one?

Davis was named the head of the Foreign Affairs, Defense and Trade Division of the Congressional Research Service in December 2008; and was fired from this job in late November or early December 2009.[20] This occurred because of an op-ed Davis wrote in the Wall Street Journal.[21] Davis criticized a preliminary report from the inter-agency review team President Obama authorized for proposing looser judicial standards when the suspects faced more serious charges.

Davis wrote: "The administration must choose. Either federal courts or military commissions, but not both, for the detainees that deserve to be prosecuted and punished for their past conduct."

More details here

Comment USB key storage is more work than it looks (Score 1) 440

I have a handful of USB keys that I am prepared to plug into someone else's machine, but they are all formatted with two partitions, a linux boot partition and an EXT2 data partition. Last time I checked, Windows couldn't see the second partition of a USB key and by design couldn't read an EXT2 partition, so if the machine accidently boots from Windows my data partition should safe from Windows malware and I have automated the re-formatting of the linux partition which is necessarily formatted as FAT

Needless to say that I only plug my keys into a strange machine that has been switched off and ensure that the machine boots from my key.

I spent several days of trial and error tuning my USB key formatting routines to work out what slightly non-standard format was necessary to boot a particular vendor's notebook and I dread finding a different vendor who will require me to do the same research in future.

On a much more pragmatic level USB keys are great if you can fit ALL your data on them. Once your data is spread among many keys, some of which are physically identical you really miss the large flat surface of a DVD onto which you can write a summary of its contents.

Slashdot Top Deals

FORTUNE'S FUN FACTS TO KNOW AND TELL: A firefly is not a fly, but a beetle.