Jason Cooper

It's not the technical issue that's the problem, shown by organisations that have private/internal websites and a specified minimum spec of web browser (e.g. their staff must use IE11+, Firefox v30+ or Chrome v35+). Then their internal websites have all the bad ciphers and weak versions of ssl disabled, and yet everything runs fine. The problem is for all the public facing websites where not supporting an old browser will loose them users (and generally for those sites user=money). For those before dropping support for a browser, a cipher or protocol they have to wait till they have evidence that they aren't going to block access for a significant number of users. Of course as a user you can always tell your browser not to use certain ciphers or protocols, which would protect yourself (e.g. to force TLS1 and above on Chrome you can use the parameter "--ssl-version-min=tls1")

While I usually use apt-get to install new packages, when I get dependency issues I find that aptitude can really help resolve them. Try doing your install with aptitude and see how you get on.

Did you get any errors in your logs? Personally my money's on SELinux blocking httpd writing to an executable file. You'll probably find that your counter file will work fine with permissions of 666 or, even better, 600 (assuming you've got the owner of the file correct).

Make some sturdy legs for it and turn it into a coffee table! Seriously, if it is anything like the old Dells I used to deal with then the hardware will be fine, but they need their air-con.

The best way to go about this would depend on what machines you are planning to connect in with. If you want other people to connect or you want to connect from public machines then it would be difficult, but if you just want to be able to connect in with your laptop then a tunnel of some sort should do the job fine. Another question is, are you comfortable with using SSH tunnels or would a full VPN be an easier long term solution. A possible solution could be to make an SSH server or VPN server on your local network available as a tor hidden service (as long as you can run tor on the machines you wish to connect from). Of course the easiest solution would be to switch to provider that doesn't limit you so much :)

Do you mean that they don't provide static IPs (using dynamical assigned IPs is common practice for ISPs) or do you mean that you're getting an IP in a private range 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16? If the former then you can just use a dynamic dns service (https://ydns.eu/ seems to be pretty reliable). If the latter then you either need them to do some port forwarding or come up with a more complicated solution (you could do it with some of the free IPv6 tunnel/routing services but if you haven't any IPv6 experience then it would take quite a bit of work to get reliable)

To my mind the strength of a degree comes from the broad range of knowledge that must be learnt and applied. Certification on the other hand says you have a deep understanding of a very specific area. Which is better is really a case of what the job you're doing will involve. If you're going to be staying well within the confines of a specialist area then certification should show you have the skills and will be what they are looking for. If you're going to be expected to cover lots of bases and pick up new skills as required then the broader degree will be of more benefit. As already mentioned though, don't underestimate the value of experience. The fact that you are already doing the job and have been for a number of years holds a lot of sway with recruiters.

OK here are the assumptions I'm making from reading between the lines of the original post: 1) your customers connect to your network via some sort of VPN or Dialup connection 2) once connected they get an IP address via DHCP (unless they have paid for a static IP, but that is a different issue) 3) your network's connection to the internet isn't behind NAT, i.e. each IP address handed out by DHCP will be routed to and from the internet. 4) you are wanting to avoid storing any long term mapping between a customer and their IPs. Working from those assumptions I find myself asking "Do you ever need to log the IP?" Couldn't you simply turn off the logging from your DHCP server. Of course if there is a further requirement things get more difficult. 5) you are wanting to avoid storing any short term mapping between a customer and their IPs Here things get tricky as your DHCP server will have a mapping between the customers local MAC addresses and their IPs. One option would be, as suggested, to modify the DHCP server to not store a mapping between MAC address and IP, but between MAC address and a token. While it should be relatively easy to do there are a lot of ways to get it wrong. First of all we'll add another assumption 6) you're using IPv4 subnet for your network As IPv4 is only 32bits in length then a simple one way hash function of it wouldn't be much use, after all, a normal desktop could generate a mapping that could be used to reverse the process. Adding in a salt would appear to improve things at first, especially if we make it random and something like 96 bits in length (so a total of 128 bits going into the hash). 128 bits is far to big to prepare a mapping, so problem solved. Unless we make the following, reasonable, assumption 7) your DHCP server will need to keep the salt with the IP to operate. We can't prepare any mappings before hand so we would have to resort to brute forcing the unknown 32 bits. This gets even worse when you consider that your IPs are actually all going to be within a couple of 8-16 bit subnets. Those sizes are something that a computer can brute force in real time, leaving the salt as no protection whatever. At this point you either have to consider moving away from dhcp to some custom protocol designed with privacy in mind or move to IPv6 which would let you have, at the very least, a 64 bit subnet. IPv6 also has the added possibility of not needing dhcp. You could simply use radvd to advertise your IPv6 network details and leave the client to generate their own IP address.

If it is a bigger printer then it could well be running a Java VM, and if that is the case then it can be quite easy to remotely upload you're own java bytecode for it run. At the very least I would say that it would be trival to put together some bytecode to email all print jobs to someone. To play safe I would give them a separate USB printer connected to the machine.

@i8igmac - I was just going to ask if anyone had tried aufs. I've seen it mentioned a few times and always wondered how well it worked in practice? I think that both its strength and weakness, when compared to RAID, is actually the same point. That being that when a disk fails you only lose the data on that disk, all the other disks retain their data. So instead of being there being a distinct number of disks that can fail before you lose all your data, you actually end up with a partial loss of data as each disk fails. As aufs runs at the filesystem level and not at the device level it could be used to merge multiple RAID arrays into one file system, but then I would start to feel that I'm building a house of cards :) @G-Stress - One important thing for backups that you will want to keep in mind is that the more active you have to be to take them the less likely you are to do them. If you're using optical media for your backups then you'll need to replace them during each backup (unless you're not hitting their limits). This means you have to be about for the back up to run, if you're backing up to a device that has plenty of room for backups then you can schedule a backup script to run at a regular time, and then you won't miss a backup because you didn't have the time free to run it.

The other Cooper's right about the problems with old disks, though I would also add that they are usually much smaller to the list (13X300GB is about the same space as a modern 4TB disk). Note: RAID 5 with a hot spare and RAID 6 are different. RAID5 with a hot spare leaves one disk unused and if any of the other disks in the array fail it will rebuild the array using that spare disk. RAID 6 uses all the disk but stores twice as much parity information on them so that the array can be rebuilt even it two disks fail at the same time. Personally the real worry for me whenever I've used RAID 5 (with or without a hot spare) is that rebuilding a RAID array puts more stress on the disks than usual, and a degraded RAID 5 array can't afford to loose another disk in the rebuild. These days the only reason to use RAID 5 and a hot spare would be if your system didn't support RAID 6. There are arguments that RAID 5 and a hot spare has better performance in some situations, but if performance is your key requirement then you wouldn't be looking at RAID 5 to start with.

Which RAID to use is normally dictated by a combination of how many disks you can justify using in the array and how resilient from a disk failure perspective you want it to be. If you want some resilience and only have room for 2 disks then the only option is RAID 1. If on the other hand you have 3 disks then you can use RAID 5 and have an array that would survive a single disk failure, or RAID 1 with the data mirrored across all 3 disks (assuming your setup supports RAID 1 on more than 2 disks). If you have 4 or more disks available for the array then you could look to using RAID 6, which will survive up to 2 concurrent disk failures. Personally I would go with RAID 1 unless there is a need for more space than a single drive can provide, in which case I would be looking to RAID 6.

Usually the best way to set up a blog to try out themes on isn't to dump the database and import it locally as WordPress stores the site URL in the database and uses that as the base of a number of key URLs. For creating a site to test some themes on it is usually much easier to simply use the export option on the live WordPress to export your posts and pages, then do a fresh install of WordPress locally and import your export. If your export is large then you may need to gzip the file or split it into smaller files to get past some WordPress upload limits (separate limits to the usual php upload ones).

You're using a Mac, that explains it. The version of sed on macs will be BSD rather than GNU and so doesn't support escape codes. You should be able to insert a literal escape into the string with a bit of fiddling. Try something like: sed -e 's/'$(echo "\x1B")'\[2K#/\n/g'

Have you tried this to replace all your ^[[2K# entries with newlines (worked when I piped your example through it in bash) sed -e 's/\x1B\[2K#/\n/g'

I haven't used Access for a while, but a mdb should open in 2007, as mdb is the container used in Access 2003 and below (though newer versions can use it for backwards compatibility). Most likely it has been corrupted, take a copy of the file to be safe then try Access's Compact and Repair Database option on it. If that doesn't work you can always try importing it into a new database.

RC4 is a stream cipher and not a block cipher so RC4(k||IV) produces a stream of bits which is then xor'd with the bits in the message. So in WEP you would have RC4(k||IV) = 10011011001........ Message = 11100101101........ XOR Output = 01111110100........ Sometimes you encounter RC4 functions in languages which do the xor'ing process for you, that is why they want the key and the message.

It sounds like the battery isn't correctly reporting its charge to the laptop (or the laptop isn't reading it correctly). Have you tried recalibrating the battery? If not then it is worth a try, just charge it up to full then let the battery run down all the way, then charge it back up again. That should be enough for the battery's chips to recalibrating themselves. If that doesn't help then you could try updating your BIOS and see if it is a bug in that. Failing those solving the problem then I suspect that you are back to replacing the battery.

This isn't an easy question to answer as the best choice will depend on a number of factors. The big question is does the pineapple have a voltage regulator built in. If not then you will want to aim the Volts at the those it requires (or you risk frying some of the components). If it does have a voltage regulator built in, or you are piping the batteries through one, then you will want to find out the specs and that voltage regulator and make sure that you don't overload it. Another consideration is the type of cells you are using and what their discharge curve is. As a general rule rechargeable batteries tend to hold their voltage for longer while discharging, but drop off quickly towards the end. Alkaline's voltage tends to show a steady drop but last a bit longer that rechargeables, they also tend start with a higher voltage as well (e.g. AA's will have 1.5v compared to a rechargeable 1.2). Assuming a suitable voltage regulator and your hypothetical figures I would recommend trying 12 banks of 2 if the cells are rechargeable and 8 banks of 3 if using Alkaline. But the best way to figure it out might be to just try each combination and see which one lasts the longest.

Why not do what most people do when they need an OS that isn't owned by Microsoft or Apple, and turn to Linux? If you are serious about creating your own OS then you will need to sit down and read everything you can get your hands on about OS design and implementation. This means books to get you a good grounding in the area and articles to get you up to date. Also you will need to learn to code at a low level on the machine (this means a lot of C and even some assembler for the architectures your OS is going to support).

There are a lot of factors that you have to think about before deciding if you should or shouldn't use SELinux. Sometimes you find that you don't have a choice, the software you are wanting to run just doesn't work with SELinux or there is a legal/contractual requirement to be running SELinux. If there is no obvious reason that SELinux has to be used or can't be used then it comes down to a call of risk versus cost versus outlay. The risk includes things like: How many people can access it? How much do you trust those people that can access it? What is the probability that they can break in? What can they do when they have broken in? As the numbers of users increase the risk goes up. The less trustworthy your users are the risk goes up. The more complex your setup then the higher the probability that someone will be able to find a way in increases, and the risk goes up. If they get in and can use the machine to pivot into the rest of the your network then the risk goes up. The costs to be considered are how much will it cost you if someone does break in. This includes both the cost of clean up and the damage to your reputation and what else can they gain access to once they are in the server. The outlay to be considered is how much will you have to spend on security (maintenance/administration in the case of SELinux). Once you have an idea of those two you can look at your security objectively. If the risk presented from the server was low and the cost low, yet the outlay quite high (i.e. a lot of time to get the SELinux permissions configured, or needing to reconfigure them every time you update the server). Then it wouldn't be worth using SELinux. If on the other hand the outlay was still high, but you had a very high risk with a reasonably high cost, then SELinux may well be worth the outlay. If your setup works fine with the default SELinux permissions then the outlay is very low and there wouldn't be much reason not to use SELinux. For the majority of tasks where you have to make significant configuration changes to the server/software, you will probably find that the outlay on SELinux's outweighs the risks and costs involved (especially if you are already using defence in depth methodology and separating your services onto different machines). Another thing to remember with SELinux is that it is only any use if you know what you are doing when granting and denying permissions. If you just keep granting permissions to make every error you see go away without understanding what it is then you don't have any security as you the first time someone tries something nasty and you see the error and "fix it" by granting permissions the next time they try to do the same nasty thing they will be allowed.

Actually this is an area that over the last few years my perspective on has changed. For many years I held a similar view to Digip (more layers of encryption makes it feel safer). Now though I hold the opinion that once you reach a certain level of encryption (e.g. AES with a strong key) then any extra layers of encryption don't significantly reduce the risk of someone gaining access to the file, as if someone does gain access it will have probably been through a different route anyway.

Unless you are trying to pass about government or company secrets you could probably get away with just using an encrypted RAR with a good passphrase (making sure it is using AES of course). The real security risk would be what happens when the file gets to its destination. Is you friend going to destroy it after reading, store it in an encrypted form or just copy the unencrypted file onto a flash drive which he then leaves on the train?

Before you start trying to code something for this I suggest sitting down and working out how much space (62^8)+(62^32) actually takes up. The method you are trying is a time-memory trade off. Effectively it means that the more you precompute the faster the problem can be solved, but conversely the faster you want to solve the problem the more resources have to have been spent on the precomputations. In this case the precomputations you are proposing would require too much space to be practical (unless you are a large corporation or a nation state). Rainbow tables do fall into the same category but they have a clever twist that reduces the amount of storage that they require (note this isn't magic, it is gained at the cost of increasing the time it takes to solve the problem). On another note, if you have already been storing your passwords and their hashes in a database table then just making sure that those fields are indexed will aid looking up the values. Any good database will have indexing algorithms capable of doing fast lookups on large tables. Just be very sure of how much data you are going to want to put into the database (hint if you tried to store 62^8 entries in a table you would find it had 218,340,105,584,896 rows).

Doesn't your browser have a spell checker built in? I know that Chrome does, as it has underlined some misspellings while typing this reply (deliberate misspellings of course ). If you are using your browsers spell checker and it has stopped working then check its settings and see if it has been disabled. Failing that let us know what browser you are using and someone here might have a suggestion.