If you need gigabit ports for your home server or router project and you’re short on available expansion slots, I have just the thing. Home sysadmins have known for a while that you can get cheap PCI-X Intel NICs and run them in PCI mode, but you may not know that you can find the very same thing by searching Ebay for HP 7170 and it’s usually cheaper. It’s not rare to find them for $7, shipped.
At a recent job interview, the CISO asked me a really good question that I wish more people would ask.
He asked me how I conduct myself as a security professional when dealing with the rest of IT.
I got an innocent question last week. We’d been scanning an AIX server with Nexpose, a vulnerability scanner made by Rapid7, and ran into some issues. The system owner then asked a question: The server is behind a firewall and has no direct connection to the Internet and no data itself, it’s just a front-end to two other servers. Is there any reason to scan a server like that?
In my sysadmin days, I asked a similar question. Nobody could give me an answer that was any better than “because reasons.” So I’ll answer the question and give the reasons.
So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9.
The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Continue reading How to become an Info Assurance Analyst
I’ve grown used to being asked what unpatched vulnerability was used in the most recent breach, in an effort to make sure some other company is protected.
I appreciate the desire to learn from other companies’ mistakes and not repeat them. But there are several reasons why the answer to that question is complicated, and not necessarily helpful.
WordPress occasionally suffers from the dreaded “white screen of death,” where you visit an admin page and, instead of being able to do what you want to do, you get a blank white screen. Meanwhile, the blog continues to function. If you have scheduled posts, they keep going. But with no admin access, the blog essentially becomes a ghost ship.
Several of the causes are pretty well documented, so I’ll talk about mine instead of rehashing old advice you can easily find elsewhere. Continue reading I fought the white screen, and I won!
I get the occasional query from people who say I should promote my blog more, so that I can get an audience and write a book about this or that, and then I read stuff like this. Basically, writing is getting more and more commoditized, and writers are making less and less, not that they ever made much in the first place. And then I heard on a podcast that the average technical book sells 5,000 copies.
Fifteen years ago, I was in the home stretch of writing a book–my first, and so far only book. All told, I made around $13,000 off that book, between book royalties and publishing derivative articles in magazines, all before taxes, of course. I wrote about 20 hours a week for six months to do it, so, perhaps if I’d made it my full-time gig, I might have been able to make $52,000 a year. But that was when computer books were hot and big-box book stores were booming. I’m not confident I could make $52,000 as an author today. Continue reading The dwindling writing market
The bane of my existence as a sysadmin was .NET. It would corrupt itself randomly, sometimes taking with it this awful CA product written in .NET that nobody else wanted anything to do with.
In my day I’d reinstall service packs and the latest patches and one of the six things we tried would fix it. I rarely knew which one. But that was five years ago. Today, as long as you’re running .NET 4.5.1 or earlier, Microsoft has an automated tool that repairs it. You can run it as a GUI app or from a command line or script. Curiously, it doesn’t support 4.5.2 yet–maybe that means 4.5.2 doesn’t break. We can dream, right?
Normally I’d say upgrade to 4.5.2 since its end of life is in 2023, as opposed to 2016, but until the fix gets revised to support 4.5.2, I won’t blame you for staying back on 4.5.1. Availability is 1/3 of security, after all.
“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day.
“What, Cygwin’s bash?” I asked.
“No, in CMD.EXE.”
I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those cryptic batch files are exploiting the command interpreter to do things that shouldn’t be done. Then I smiled.
I find little, if anything, to disagree with in this tough-love post from Mr. Money Mustache from February: Why the middle-class keeps giving itself the shaft.
I find several takeaways from it. Continue reading Some tough-love money advice I missed before