Posts made by tonyshowoff

@Dashrender IPVanish

@Dashrender said:

good point, that is probably it, I'm at a hospital on their wifi now.

I'd VPN out of public wifi, homes.

God, SAM's really gotten huge

@scottalanmiller said:

@MattSpeller said:

Well, operating a brick or distracting a shop owner is considerably easier than some of the stuff you use Kali for! Jokes aside, I don't see your point. Practice and trying something new always involves failure, that's part of learning.

Yes, but practicing lock picking doesn't require the caveat of "don't break into other peoples' houses." We assume that people know not to do that. If they don't, they shouldn't have lock picks.

My wife is our resident lock picker, my hand isn't steady enough at all. STUPID PINS, MOVE OUT OF THE WAY, GOD I HATE YOU, I HATE YOU! and also she's good at safe cracking, though not as well as lock picking, though it's something she's working on.

@MattSpeller said:

@scottalanmiller said:

I don't think we'd say that if we were talking about shoplifting or breaking and entering.

Well, operating a brick or distracting a shop owner is considerably easier than some of the stuff you use Kali for! Jokes aside, I don't see your point. Practice and trying something new always involves failure, that's part of learning.

Most good pentesters are more social engineers than hackers/crackers, or rather it's used more. I used to do a lot of pentesting, and it's a service our company still provides, and it's not hard to get a 100% success rate when it comes to convincing people to do things. These days, though, it can be harder to find something with a port scan and metasploit. A lot of pentesting shops are a joke though, and are, like I said, goody-goody dorks who don't really understand what they're doing. Many maybe will do some basic software checks (passwords, updates, other things) and call it a day.

There's a lot of good firms/groups out there, but a lot of these doofy "ethical" hacker programs and certifications (lol, it's like a letter from your mom proving you're a hacker) are really just the ITT Tech version having the knack to find the holes or convince someone to do something for you.

@scottalanmiller said:

@MattSpeller said:

Trying and failing is a time honoured tradition of our species

I don't think we'd say that if we were talking about shoplifting or breaking and entering. Pen testing is closest to breaking and entering (since just a pentest doesn't actually involve stealing anything.)

As far as the law is concerned, computer cracking is just this side of murder, you don't even have to break anything and you can get more time in prison than most rapists or murders get, and plus also more fines than you can imagine, especially because a lot of companies base their losses on the overall value of what (if anything) was stolen, rather than any actual monetary loss. For example, Sun claimed that Kevin Mitnick lost them something like $1.4 billion, and they calculated that based on how much they thought SunOS was worth, though later on they gave it away for free so, I'm not sure what that's about.

@MattSpeller said:

@tonyshowoff I disagree, backtrack got me very interested in security long before I knew what I was doing, let alone knew how to use any of it's tools. Trying and failing is a time honoured tradition of our species

Yes, but you knew it was illegal to gain unauthorised access right? That's my point, if someone has to be told it's illegal, then maybe they need to join the 21st century before getting deeper involved in security or exploring.

@MattSpeller said:

If you want to get into security then Kali is a good way to explore it a bit.

BEFORE YOU USE IT:

Make sure you ONLY use it on things YOU OWN

This is a very stupid way to go to jail.

Yeah, but if you need this warning you shouldn't be using security tools at all

Damn that's an ugly dress, no matter what colour it is.

@scottalanmiller said:

Kali is a Linux distro built specifically for security and pen testing. It's full of applications set up just for this.

Yeah you could always DIY, and for getting things going it makes things easier. I think overall what bothers me most about the current rise in popularity of pentesting is a lot of pentesters don't have the mindset of what it takes to be a criminal, instead they're goody-goody folks who run through the same check lists as everyone else. I've even met "pentesters" who, even with permission, are afraid to do something that would be otherwise considered illegal or "wrong", even though it's a benefit to their client to see if it will work. People like this should not be doing pentesting. In the same manner if you want to know whether or not your house can be broken into or your car stolen, don't ask a cop, ask a thief.

When it comes to projecting dates for technology, I usually see people say either "basically tomorrow" or "a billion years from now" and they're always wrong. People tend to forget technological change does have essentially a set pattern and keeps doubling in speed. People tend to over estimate that doubling or vastly underestimate it, and I think that's primarily a difference between optimists and people who have been disappointed with predictions in the past. If the prediction doesn't fall within what's likely possible in The Law of Accelerating Returns then it almost certainly won't happen.

Given the technology, I'd say mass production is likely in 5 years, but the problem is mass to them may not be mass to us. If they're creating even 10 million units a year, that's mass production, but it's likely to be fairly expensive to where it doesn't touch your daily life, therefore most people would say "ah, see, I told you, didn't' happen in 5 years," when it actually did. What you're really wanting is "when is it cheap enough for me to throw away" and that may indeed be 10 - 15 years, depending on many other factors and over all application.

@scottalanmiller said:

@tonyshowoff said:

Well, it only took 25 years, but Server's finally catching up to Linux and BSD I actually have been impressed with Server since 2000, after NT4 it was basically amazing.

I actually had great luck with NT 4, Windows 2000 is the only one that I really did not like. Very slow.

I had literally the opposite experience. That's so strange. I did use NT4 for workstation though and liked it more than 98 (obviously).

Forks used to only really happen when developers disappeared/got bored and moved on, or there was some sort of political reason to fork the project (Oracle buying Sun is a more recent example), but or the more rare "we edited the code base so much we've basically forked it by default," but you're right, now people fork on a whim instead of just branching the code and merging later. That's what version control is for!

Well, it only took 25 years, but Server's finally catching up to Linux and BSD I actually have been impressed with Server since 2000, after NT4 it was basically amazing.

@thecreativeone91 said:

I personally like MRTG much better

I have to second this, I suggest trying both before putting a lot of effort into one or the other, or just try both because it's fun!

Fréé V1/\gRA gopher://arandomblog.com/become-a-millionaire-with-magazine-subscriptions/

@thecreativeone91 said:

I don't know anyone using open source ERP's on a large scale yet, mainly because of the support contracts you get with enterpise commercial systems and with all or most of your companies data being in this system - you really want a support contract even with in house development incase something goes wrong.

Agreed, and even a lot of closed source ERPs like SAP don't scale worth a damn either, I think the biggest difference is with the support contracts people feel better, where as if you hit a scalability wall with OpenBravo or something, you're basically screwed unless you want to hire some Java programmers. Even if SAP takes 2 days to fix something, that's a lot better for a company than something never being fixed, or having to setup all the outsourcing/insourcing to fix some internally mangled Java app.

I also noticed the article doesn't mention and sources or any companies using open source ERP. And this is written by a guy who does Open source ERP Implemntation/customization so bias is likely.

I hear that... this is typical though. They'll ignore 500 fail cases and concentration on 2 use cases and call it success.

• Sleeping with uppermanagement

A big company I worked at years ago, there was an employee sleeping with a under executive and basically got away with murder all the time, and this was against policy, and yet nobody ever did anything. This company is almost bankrupt today, I wonder why...

I'm still waiting to see a decent Open Source ERP, all of them are pretty limited or pretty crappy, typically leaning toward crappy on all accounts. Some like ErpNext/Frappe look pretty nice, but are almost impossible to get to work because the shitty developers don't understand what portability means, and just assume everyone has the same computer, with the same tools, and the same libraries as they do and so don't even tend to document it.

That or they create some convoluted method of forcing you to use some crazy library manager instead of just telling you what the libraries are. In general though, Open Source developers sometimes get on some thing they think is revolutionary/disruptive/whatever but it's just a pain in the ass for the broader world, like the recent, bafflingly stupid obsession with Composer for PHP projects in recent years. Instead of just telling me to get a copy of some goofy XML parser, I have to do all this extra work and install tons of extra stuff just because you follow the whole "HURR IT HAS TO USE COMPOSER, HURRRRR HUUURURR" thing, which also means your autoloading class is 50,000 lines long and you're wondering where your optimisation failures are.

Most Open Source projects are total garbage, but some like Linux, gnutools, clang, BSD, etc shine through and are totally amazing, but over the last 20 years I've come to the conclusion most Open Source evangelicals don't even understand the basics of programming (hey, just like Eric S Raymond).

@mlnews said:

This must have been a shocking find for supermarket workers!!

http://news.yahoo.com/hundreds-medieval-bodies-found-under-paris-supermarket-123517025.html

Discount on jerky today...