• 2 Posts
  • 48 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle
  • Do a search for you server OS + STIG

    Then, for each service you’re hosting on that server, do a search for:

    Service/Program name + STIG/Benchmark

    There’s tons of work already done by the vendors in conjunction with the DoD (and CIS) to create lists of potential vulnerable settings that can be corrected before deploying the server.

    Along with this, you can usually find scripts and/or Ansible playbooks that will do most of the hardening for you. Though it’s a good Idea to understand what you do and do not need done.


  • Another reason for going with a swap file vs partition (if you need either) are nvme and SSD drives.

    A partition that’s only a few GB and written to constantly will wear out a solid state drive quickly.

    Using a swap file in a larger partition that has other data allows the drive to even out the wear across more storage cells.









  • What they should be saying is that it’s like exercise.

    Just because you know how to run or you know how to do a pull-up, you won’t necessarily be able to do so to the extent needed in a pinch. You have to stay in shape. You have a car, but the car could break down and you might have to walk a mile to the nearest gas station.

    Likewise, with math, we run into situations all the time where being able to do simple math in your head you can prevent you from getting screwed.

    Like at a car dealership, some will show you different payments and ask you if you want to get the premium insurance or skip the premium insurance and go with the lower payment.

    Most will choose the lower payment. If you did the quick math* in you head though, you’d quickly see that the “lowest payment” is off and has a minimal car warranty bundled in.

    Grocery shopping. I’ve seen where the price per ounce on the shelf doesn’t match the actual price per ounce.

    Should you take the more distant job? It pays $5 more an hour, but is it worth driving 15 extra miles?

    Should you take the delivery job that pays $20 an hour but will put an extra 50-100 miles a day on your car? It’s not just gas. Cars are a finite resource. Can you figure out the depreciation per mile?

    When you buy a house: Should you buy a house now if it’s cheaper but interest rates are high or buy later when interest rates go down but the price may go up? How much money does each 0.25% in APR really mean to me? (Example: For a $400,000 house, a 0.25% APR difference is $83 a month or $1000 just that first year (not including compounding). With compounding, it can mean an extra $62 a month for the life of the loan for all 360 payments or $22,000! An extra 1% is quadruple that!)

    If you think you would keep a house for only 5 years, which loan makes more sense? Pay a bit more in closing for a lower APR or pay nothing extra but get a higher APR? How many years in does the first loan come out ahead?

    * Quick loan payment estimation (without compounding for short loans (<6 years):

    Takes a while to read, but with practice, it’s quick to do in your head:

    Take loan amount, number of years, and APR:

    Ex. 10K at 6% for 5 years.

    Think of it as a geometry problem. You have a triangle with one side at 10k (starting loan amount) on the y axis and 0 days (x axis) and the tip will be at 60 months (5 years) and $0.

    At the halfway point (30 months 2.5 years) the principal balance (not counting interest) should be about $5000. So on average we can calculate $5000 * 6% APR for 5 years (or 30% total without compounding)

    Original loan amount + non-compounded interest =

    $10000 + ( $5000 * 30% ) = $11500

    $11,500 divided by 60 payments = $191.66 /mo

    0% interest would be $10,000/60 or $166.66

    This already gets us really close to the real answer.
    I threw the loan values into an online calculator and it came up with $193.33 for the monthly payment.

    $193.33 - $191.66 = $1.67 difference or 99.1% of the real answer.

    This % difference due to compounding will vary based on the APR and and loan term but not the loan amount. So if you know which terms and APR you qualify for, you can figure this out ahead of time. For our 6% APR for 5 years example we know to add 1%.

    If the sales person presents us with a significantly different monthly payment, then we know they snuck something in. I’ve personally run into this where all the payment options had a different service plan and/or extended warranty snuck in.

    Also it’s good to know that the interest will cost us $26 a month vs 0% APR or paying in cash. Which helps us figure out if it makes sense to buy now (do we get $26 of benefit a month for having it now) vs waiting.




  • Eh, that at least goes back to the days of dial-up (at least).

    56k modem connections were 7k bytes or less.

    The drive thing confused and angered many cause most OSs of the time (and even now) report binary kilobytes (kiB) as kB which technically was incorrect as k is an SI prefix for 1000 (10^3) not the binary unit of 1024 (2^10).

    Really they should have advertised both on the boxes.

    I think Mac OS switched to reporting data in kilobibytes (kiB) vs kB since Mac OS 10.6.

    I remember folks at the time thinking the new update was so efficient it had grown their drive space by 10%!








  • True on the digit by digit code decryption. That I can forgive in the name of building tension and “counting down” in a visible way for the movie viewer. “When will it have the launch code?!” “In either 7 nano seconds or 12 years…”

    If they had been more accurate, it would have looked like the Bender xmas execution scene from Futurama:

    https://www.youtube.com/v/aRdRZ6TKo4s?t=25s

    I did like the fact that they showed war-dialing and doing research to find a way into the system. It’s also interesting that they showed some secure practices, like the fact there was no banner identifying the system or OS, giving less info to a would be hacker. Granted, now a days it would have the official DoD banner identifying it as a DoD system.

    I remember with Windows 95, LAN Manager passwords were hashed in two 7 digit sections which made extracting user password from the password hash file trivial:

    https://techgenix.com/how-cracked-windows-password-part1/

    Looks like it was worse than I remember. The passwords were first converted to all upper case first!