On Thu, 25 Oct 2012, Chris Fitzpatrick wrote:
I'm guessing the other people participating in this thread have never had
men with guns show up to take your server because of a 'security
Or block your server's IP address, and then make you jump through hoops
for two weeks because they were unhappy with someone uploading an image to
your trouble ticket system that accepted anonymous submissions ... with
the explaination that if they managed to get a file on there, the whole
system was compromised, and had to be blanked and the OS reinstalled.
... it didn't help that the image was text saying something to the effect
of 'I've hacked your computer'. And they didn't realize at the time it
actually had a JPEG exploit in it, so it was the people who downloaded it
could've been compromised, but it wasn't even a valid exploit against the
OS we were running.
Or have all of the sysadmins in your group stop work for a day while we
have a comprehensive scan of all of our machines by the security group
because someone on the security auditing group noticed that a machine on
our network sent out a request to some random webserver in the middle of
the night, and then there was a connection attempted back to that machine
and another one on our network. ... but they failed to mention was that
the connection back was from a completely different IP range, and they had
selectively filtered what they were looking for, so the incoming
connections were attempted against *all* machines on our network and not a
sign that someone was being selective in their attempts and cause for
concern ... and the 'middle of the night' just meant 'before we got in
this morning', but we have folks who have to work earlier shifts depending
on when we get assigned antenna time to talk to the spacecraft.
... it makes the people who e-mail convinced that NASA's hiding evidence
of the existance of alien life seem reasonable by comparison.*
So I actually *do* have a stake in validating what we use as inputs.
Other people might not, but I do my best to avoid a DOS from our security
* They don't like that we get highly compressed data for 'space weather'
purposes, and we replace them with a higher-quality image once it's been
downloaded through a higher bandwidth link. They also seem convinced
that a compression artifact must be at the same distance from us as the
sun for their size and speed calculations, rather than highly energetic
particles right at the telescope.
** I've got other stories, too ... but I thought I'd keep it to only the
ones that actually affected me.