A secure(?) power strip

Best Current Practice

Best Current Practice: n.
The excuse we bring on the table when we do not want to explain our decision: “It is the best current practice!”

86-68

Κρίμα :(

Q: What is an Incident?

Despite the toxicity that certain meetings carry, I’ve decided to try and make the most out of them. In a meeting that I attended the other day the question arose:

– What is an Incident?

So how does one define a security incident? The easy way out is “an incident is when I say it is”. Would you easily define as an incident every policy violation? Do automated ssh scans count as incidents? Or do we care for the interesting ones only?

How do you define an incident as such?

Dysergy

… when the whole is less than the sum of the parts —David.

[via]

The price of our vote

We knew for ~30 years that a day like yesterday would come. We just hoped that it would come later.

Stateful protocols

Mark Crispin writes:

“In particular, doing things with mailboxes in the hundreds of MB in that format takes a while. The authors of Outlook and Thunderbird are victims of a computer science course mindset which, starting in the 1980s, taught their pupils that all protocols are (or should be) stateless. Thus, they believe that IMAP is like HTTP; that when a server fails to respond immediately, that means that the correct remedial action is to disconnect and try again, or just disconnect and assume that everything happened anyway.”

[via imap-uw]

If we were to start all over again…

Terry Zink writes:

“If we were to start all over again, the designers of the Internet would not design it so that anyone could do anything.”

And how exactly do we know that?

The fact is that other more restrictive (with respect to anonymity and openness) systems co-existed with the Internet at the very same time it was developing. Yet the Internet prevailed because it was exactly this: Open providing interconnection between walled gardens and freedom to experiment.

If we were to start all over again, something similar would have emerged.

A simple pf.conf trick

Sometimes when installing new rules in pf.conf from a remote location your connection to the firewall gets dropped. To avoid this you can fire up screen (or tmux if you like) and then execute:

# sleep 5; pfctl -Fall -f /etc/pf.conf

That way you have enough time to detach from screen, logout and then login again to check the proper application of the new rules. Of course there is always the possibility of not being able to reconnect due to logic errors in pf.conf, but hey he who made no mistakes never built anything.

bnx2 and Debian

One way to install Debian on a machine that requires the bnx2 network driver, is to download the firmware, place it on a USB stick and continue as instructed by the Debian Installer. Another quick trick is to use a USB ethernet card and proceed with installing Debian. Then apt-get install firmware-bnx2 and reconfigure the network interfaces appropriately.