To be fair, the virus itself doesn't offer permanent immunity either, despite everyone thinking it does and that you can't get the disease twice.
However, the virus seems to offer much longer and stronger immunity than the vaccine, probably because the virus is stronger. The odds of ever getting it again are pretty low if you've actually had it, whereas after about a decade you need another booster vaccine, and after two decades you're essentially unvaccinated. (Two decades later...you know, right around when your kids get it if you got vaccinated as a kid.)
So, on one hand, the virus probably kills twice as many kids as the vaccine. OTOH, that's statistical noise. And, perhaps more importantly, the amount of adults who die from chicken pox is much higher. (And is getting higher each year, possible because of more things that compromise the immune system.) 5% of chicken pox infections are in adults...and cause 55% of the deaths. If vaccines stops 100% of the kids from getting chicken pox, and just 5% of those get it later as adults, it will kill more people.
So there are two options: Immunize everyone every 10 years or so and pretend they actually do that. (Adults have an abysmal record of getting immunization....who here has gotten a tetanus vaccine? It's every ten years...I know I've missed at least one, possible two.)
So actually the first option is: Immunize people when they're children and have them skip all over immunizations and then have them die when their kids catch it.
Or just give everyone chicken pox as a kid, and have them live off the immunity.
Those are the _actual_ choices, until we have some sort of health care system that people are willing to participate in, which probably means having some sort of immunization notice service and providing them for free. Until then, adults go to the doctors only when sick, and do not get vaccines as adults.
Your not real bright if you couldn't figure out that the people who argue against vaccines are saying that the mercury based preservatives are causing autism, and while MMR is the biggest culprit, one can also get the same results with less dangerous vaccines by taking a bunch of them.
Really? That's what they're saying? Those are the actual words they're saying?
So, because mercury hasn't been used to preserve vaccines for a decade in the US, what the fuck are they whining about, and why aren't kids getting vaccinated?
Oh, that's right, they're a psuedo-science cult that is convinced that vaccines cause autism, so will constantly invent new reasons they do so.
I think the very first thing we should do, after we figure out who committed a crime, is try to figure out why.
There are people who break the law because that is, in fact, their 'job', and there are people who break the law because they were stupid once, and there are people who break the law because they are sociopaths.
If someone is breaking the law because it's their job, we can probably solve the problem with tracking anklets. 'Oh, you've decided to make money by breaking into houses? Well, now you get GPS monitored for 5 years, and your location will be compared to every single crime that happens.'.
And then we just let them go adn point them to the employment office. They don't really need prison, they just need to be stopped from that activity, or caught if they continue it. And now we actually have the technology to do that.
There are a few cases where this doesn't work, where crimes do not get reported, like being an enforcer for organized crime, or drug dealer, but in general it works. (And I'd suggest what we should do there is additionally give a restraining order. They cannot go stand around on the street where they sold drugs.)
The short and quick punishments you suggested (Although I don't know about that specific one) would be ideal for people who just 'got stupid', and decided to punch someone in the face or drive drunk. Certainly better than the system we have now.
Considering how giant the prison system is at this point, and how expensive it is, I think it's past time to start asking ourselves 'How can we do this sanely?'.
Prison should be reserved for people who are either sociopaths or who have demonstrated that they are repeatedly going to commit crimes. 95% of prisoners could function just fine in society, either as is, or with a little bit of restraint and monitoring.
Strictly speaking, if the smuggler was a prison guard, he did break the law. Prison guards are not allowed to do favors for prisoners like that.
However, yes, it's not generally illegal for people to smuggle things in to a prisoner. (Unless it's part of a conspiracy to commit a crime, obviously. If you know they'll be running their gang out of prison and help them, that's illegal regardless of what the action was.)
What Microsoft is doing is being a parasite. And it shows that they can't work out their own system. It tells me that they are failures and are willing to do anything to create a competent product (something they can't do on their own apparently).
It at least demonstrates they are willing to be parasites. I'm not sure how much the results that they currently have are from google, but seriously, this makes me think much less of them.
And it's worth pointing out that the reason Google doesn't use click information that it incredibly susceptible to spammers. Which rather implies that MS is crappier in that regard.
The rigged their own results so it would return some nonsensical pages for certain queries. And then they search for those queries on their own computers...with the MS toolbar installed. Google searched on Google for these things.
Then, after doing this a bunch, they searched for that thing once on Bing. (And, as far we know, didn't click at all.) Tada, that result was inexplicably on Bing also.
Google running one search on Bing to see what results they return is not 'click fraud'. And I don't know in what insane world you can commit click fraud by searching in your own search engine and clicking on the links you have given yourself to pages you yourself set up.
It would be one thing for Google to load Bing search result and do that to attempt to manipulate Bing's listings. Instead, they loaded their search results and did that, to demonstrate that Bing was spying on Google search results (via their toolbar) and sticking them in Bing's listing.
No one runs a DDoS against ports that aren't open. All DDoSes are designed to look like totally legit connections to, in this case, port 80. This is quite simply because bogus packets cannot cause a DDoS, period. The server either rejects them, or ignores them, and they have almost no effect beyond a split second of CPU.
Whereas 'legitimate' connections that show up, and the server ACKs...and then gets no response from...those tie up server resources. And, incidentally, use outgoing bandwidth also. While special hardware could, indeed, filter obviously useless packets, no one actually needs to do that, as obviously useless packet are trivially dealt with at the server.
And you are correct in that my analogy was over-simplified...in actuality, what's going is a bunch of empty clothing keeps walking up to the house. Yes, we could gate the locked doors that some people walk up to, and stop empty clothes from walking up to them, but, frankly, that clothing isn't wasting anyone's time.
The problem is all the empty clothes in the line with legitimate people, making them wait, and who the doorkeepers ask to come in, and just stand there a few seconds until the doorkeepers realize what happened and throw them in the trash.
See why I didn't use that weird analogy?
The problem isn't bogus things clogging up paths to nowhere (Which are, in fact, empty), it's bogus things clogging up actual resources, actual connections, both at the OS and program level.
Many places have an IDS as a tick in the box, and the logs will never be read.
Well, strictly speaking, most placed don't have IDS at all.;)
Most places that do have IDS will never check the logs, or they have six hundred lines of stupid warnings and three lines of an attacker getting in won't be noticed.
However, an IDS and an external firewall are not actually the same thing anyway. You can run an IDS on the computer itself, and you can even run an IDS that just watches and doesn't do anything.
You can even buy an external firewall with IDS and open up everything on the firewall to servers, and just run it as an IDS.
In the classic case, once you get behind the firewall theres lots of easily exploitable systems so an attacker can easily spread around your network, whereas if your hosts are configured securely enough to stand alone on the internet then one server being hacked won't help you get into anything else.
Well, getting into one server almost always will help you somehow into getting into others. You can find passwords, or trojan scp, or whatever.
But, yes, in general, systems should be secure by themselves.
And once they are secure by themselves, at that point you're left wondering why the hell you need a firewall for it. All that's going to result in is having to do everything twice.
And all it really protects against, and this is seriously mentioned as an actual good thing, is the 'problem' of attackers who've broken into your server attacking others, which is, like I said, an utterly absurd thing to worry about. It's like worrying that if you're ever in a sword fight, your intestines fall out of your torso might stain the carpet, so you get a plastic covering for the carpet. I have to suggest that those people's priorities are a bit wacked.
And have fun managing the firewall on each individual box vs. a centralized firewall.
If you have multiple internet facing boxes with the same access requirements, what I said doesn't really apply.
However, almost no one does.
Even when people think they are, they aren't. Round-robin proxies do not make multiple servers internet facing. The proxy faces the internet. That needs a firewall and can be its own.
Slashdot has one public facing server. Amazon and Facebook have, according to DNS, three, but they're all on different networks, so obviously can't be managed via a single firewall. CDN obviously don't have that either, being distributed.
It's actually very hard to think of such a situation except something like godaddy or geocities (RIP), hosting a ton of different sites on various servers....and in those circumstances it's doubtful they're using any sort of 'firewall' at all.
The amounts of single locations that have multiple internet-facing servers with the same access rules (And with actual access rules) is much much less than the 1% I allowed in my statement.
The only example I could actually find was google. Yes, if you're running google, you need a damn external firewall. But as none of us are running google, that's rather moot.
If you are a big enough target to get DDOSed at 100Gbps, you aren't running free tools.
If you're that big a target, you're working with your damn ISP to filter traffic, not idiotically waiting until it gets down your connection.
I'm of 'The 99% of the time, public servers should not be behind firewalls' school of thought.
Or, rather, they should be their own firewall.
I mean, you have to set up that stuff anyway. If you have a mail server, you'll need to set it up to deny connections from spammer-owned machines. If you have ssh, you'll want to set it to block logins. Etc, etc.
So if you're keeping track of all that, just put it in the damn firewall to start with. Which only works if it's the same computer.
If you do get hacked, a firewall can hinder the hacker by preventing them from binding additional ports or establishing outbound connections,
Hackers don't really need to 'bind' ports anymore. It used to be that's how they did their control interfaces, but now they just set up some IRC server somewhere, and a program on the owned machine connects to it to get orders. Or it fetches a web page, or whatever.
It's so trivially easy to poke holes in outgoing firewalls it's not even worth considering them as 'protection' at all.
Unless your server doesn't contact anywhere at all. But if it does that, set up some iptable rules so it can't.
Of course, if they have root on your server, they can change that...but if they have root on your server you need to stop worrying about the server contacting other people and, you know, actually solve the damn problem you have.;)
Seriously, we're getting a little goofy here. The problem isn't hackers inside the server contacting people...if they're inside the server, the problem is that they are inside the server.
It's nice to slightly consider damage they might do to other people, but, to use an analogy I used last time, it's essentially considering boarding up the windows, or even building a big wall around your house, in case snipers have taken over your house and start attacking people. Um, no. That is not the actual problem. The problem there is that attackers are inside your house.
or detect them by providing an additional point of logging.
Yeah, good luck finding anyone who checks router logs and compares them to what 'should' be happening.:)
To use your party analogy, the only thing that's going to keep your house reachable for 'correct' traffic in those circumstances is to have traffic control much further out and before the traffic narrows. Like a ten lane wide toll booth on your subdivision entrance that, instead of a toll, checks IDs of incoming cars.
That's something people can't really do, ISPs have to do.
It doesn't matter what you do, if you check their ID on the sidewalk, at the front door, or just let all six thousand people in until the walls fall over, your house is unreachable for the legit guests.
And, yes, like the article says, having a chockpoint that can handle less traffic than the actual house can is stupid, but it's a pretty dumb assumption that a firewall would be able to handle less traffic than a web server. Internal firewalls aren't very helpful in a DDoS, but they aren't making things worse, unless they're a lot crappier than your server hardware.
Well, refugees from natural disasters are understandable.
I just meant it was absurd to have political refugees, people forced out of their house for political or religious reasons, in the modern era.
Anyway, with your situation, there should have been somewhere to notify. A web site, or even just a place they could call to leave information saying where they are. (Yes, I know they didn't have web sites back then, but now they do.)
Various governments should be collecting that information. In places where the government can't or won't collect it, the UN should.
We need to establish national and international clearinghouses for that information.
It's a damn list of people. It's not rocket science to maintain.
This list would then be made available over the internet, and trusted organizations like the Red Cross could have access to put things in the list.
But it's not actually an 'internet' thing. It should be a damn national database somewhere, that people can connect to and put their name and contact info in, (Or write it down and have it put in by others, obviously.) and look up info for others.
The fact these people are having to do this is just absurd. At least they noticed that having two people are looking for each other not find each other is completely insane in this day and age.
Of course, the entire fact we still have refugees is pretty absurd also.
Or, you know, something a bit more complicated, but essentially that. Just moving the backups out of accessible areas (Which sadly means you can't use the backup program's expiration of backups.), and not having any way to log in remotely at all.
You could make it more complicated, but as this is the emergency 'crazy admin destroyed all the backups' setup, it's unlikely it's going to be used that often. With the sort of small organizations using a setup like this, it's going to take several days to rebuild the servers anyway. The fact the backup is not immediately accessible is fine.
There are people I'm not sure if they're dumb or just pretending to be, like Bush. I'm basically convinced he's smarter than he seems to be. He might be intellectually lazy, but not stupid.
Palin, OTOH, really does seem stupid. Like you said, she apparently can't remember basic beliefs she supposedly has. And, yes, all politicians lie about holding those beliefs...but they can at least explain them to some extent.
If I were, literally, in Palin's shoes, I'd have the 'what percentage of people pay what percentage of taxes' misleading statistic, or a note to mention we have the highest corporate tax rate, (Also misleading) and stuff like that, written on my hand. That's the sort of stuff you put on a cheat sheet, not the fricking basic premise of your argument. '10% p 70% tx. Hgst corp tx', not 'Taxes bad, tree pretty.'
And I came up with those off the top of my head, from right-wing talking points I've argued against. Surely her team of advisers could have come up with better things.
And if she were of average intelligence even if she didn't read papers it should be easy enough to give them name of her local Alaska paper and the Washington Post or something. No one is going to quiz her on stories in the recent edition, and she could always say she's been busy traveling and hasn't been able to keep up.
She really doesn't seem smart enough to lie in a convincing way,and she's been caught doing some really dumb things that no one could possible think would benefit her.
Whereas the dumbest thing Bush ever did that wasn't scripted to make him a 'good ole boy' was trying to open doors that didn't open, which, let's face it, any of us could have done.
Simply set up a file server somewhere that the admin do not have physical access to. Setup a server in a locked office. Put it in the president's office, it makes him fell important. (Of course, don't get him any login to it or even attach a screen.) It's so simple and does so little, you don't have to worry about overheating or anything.
No remote login or anything. All it does is have one file sharing point (SFTP or something), that gets logged into and files uploaded. Presumably every night, when the backups run.
Then, once a day, after the backup will be finished, the files are automatically moved to some other, remotely inaccessable, timestamped directory and directories older than a month are deleted, and it emails out what it just did.
It's something you literally can set up in thirty minutes, on 'non-server' hardware. Grab some hardware you're throwing out, buy a new, large hard drive, and throw Linux on it, and spend two minutes writing a script to put in cron to move the directory and delete old files. (Five more minutes work with rsync can result in you hardlinking the unchanged files and saving space.)
Don't worry about 'restoring' from the server, or how to access the files. If shit goes horribly wrong, you'll have to physically go to the server and copy the files somewhere else, or open up remote access, but shit should not go that wrong, ever.
All server admin should visit it in pairs, if they need to, which they shouldn't.
Based on how the words are USED within the English language, (and also based on how consistent such things the words represent are for humanity as a whole, worldwide!), games, art, puzzles, competition(s), work and play DO NOT MEAN THE SAME THINGS.
Of course they don't mean 'the same thing'. 'Tree' doesn't mean the same thing as 'plant' either. That doesn't mean that a tree isn't a plant.
Puzzles are subsets of games. A puzzle is a type of game that has rules that require mostly thinking to solve.
Competitions are a subset of games. They are games played against others. They can be sport competitions, which are athletic games, or they can be puzzle competitions.
Art is not a subset of game, in fact, they rarely overlap at all.
I have no idea why you keep ranting about how words are used in English, like that somehow changes the actual meaning of the words. Hint: All anyone is talking about is English words. You can't argue that words are 'used different in English' about a discussion of English words.
Jigsaw's are not games, they're puzzles - as are crosswords, word-searches, sudoku,
Dude, all those are games. Go to a book store, check where they keep their jigsaw puzzles. Or, you know, check what 'Boggle' and 'Scrabble' are classified as...they're board games. Or just check the wikipedia redirect for 'Word puzzle'...it goes to 'Word game'.
even crime-scenes, and even science itself can be seen as involving puzzles
If you want to argue that 'puzzle' is also the right word to describe logic problems that are not done for fun (And hence are not games), I will not object to that. (Although I suspect that's just a metaphor.)
That just means you have to say 'game puzzle' or 'play puzzle' or something to specify you're talking about a puzzle done for entertainment, as opposed to a puzzle done for an actual purpose, a 'work puzzle'. (And the same with competitions.)
That does not change the fact that's not what we're talking about, at all. We're talking about puzzles done for entertainment. On the computer. Remember?
As I said, these words represent DIFFERENT applications of often DIFFERENT behaviour (of people!). Competitions and puzzles, based on their use, are about things that happen TO people - (which is why wondering how the universe functions - (the ultimate thing that happens to us all) - is considered a puzzle), whereas games, work and play are not - they're about things people DO for themselves - and art is something people DO for others... (Note that I'm just talking about behaviour here, not its application).
Yes, I'm often walking down the street, and competition to see how high I can jump just happens to me. Or I'm sitting down and a suduku puzzle just attacks and I must solve it to live.
The 'thing that happens to people' is called work. Work is stuff people do with a specific goal that isn't the thing itself. (I.e, they check out your groceries not because they want them checked out, but because they get paid if they do so.)
Work is the opposite of play. Games are a subset of play, as is art.
Puzzles may be work or play. If they are play, they are structured rule-based play, aka, a game. (All work, of course, is structured.)
None of this has anything to do with what happens 'TO' people or people 'DO'.
The fact they're RPGs makes them not adventure games. So, yes.
Well, and the multiplayer thing, which adventure games are not. That wouldn't even make sense. Adventure games have a protagonist in a unique set of circumstances that must get solved. Neither the situation nor the characters are generic or player created. You can't really have multiple ones running around.
Slashdot Mirror
To be fair, the virus itself doesn't offer permanent immunity either, despite everyone thinking it does and that you can't get the disease twice.
However, the virus seems to offer much longer and stronger immunity than the vaccine, probably because the virus is stronger. The odds of ever getting it again are pretty low if you've actually had it, whereas after about a decade you need another booster vaccine, and after two decades you're essentially unvaccinated. (Two decades later...you know, right around when your kids get it if you got vaccinated as a kid.)
So, on one hand, the virus probably kills twice as many kids as the vaccine. OTOH, that's statistical noise. And, perhaps more importantly, the amount of adults who die from chicken pox is much higher. (And is getting higher each year, possible because of more things that compromise the immune system.) 5% of chicken pox infections are in adults...and cause 55% of the deaths. If vaccines stops 100% of the kids from getting chicken pox, and just 5% of those get it later as adults, it will kill more people.
So there are two options: Immunize everyone every 10 years or so and pretend they actually do that. (Adults have an abysmal record of getting immunization....who here has gotten a tetanus vaccine? It's every ten years...I know I've missed at least one, possible two.)
So actually the first option is: Immunize people when they're children and have them skip all over immunizations and then have them die when their kids catch it.
Or just give everyone chicken pox as a kid, and have them live off the immunity.
Those are the _actual_ choices, until we have some sort of health care system that people are willing to participate in, which probably means having some sort of immunization notice service and providing them for free. Until then, adults go to the doctors only when sick, and do not get vaccines as adults.
Indeed, I'm an anti-anti-vax as possible, and I don't even think skipping vaccines should be legal.
But Maher's mildly retarded position is that a specific vaccine is unneeded.
Not that it's harmful, not that it causes autism, but simply that it's not needed.
Now, he's wrong, and doesn't understand what's going on or how the flu works. People with healthy immune systems are more likely to spread it.
But whatever. His stupid claim isn't breaking herd immunity to already 'cured' diseases....very few people get flu shots anyway.
And, incidentally, the H1N1 vaccine was pretty stupid. People should be told to get normal flu shots first, not that.
Your not real bright if you couldn't figure out that the people who argue against vaccines are saying that the mercury based preservatives are causing autism, and while MMR is the biggest culprit, one can also get the same results with less dangerous vaccines by taking a bunch of them.
Really? That's what they're saying? Those are the actual words they're saying?
So, because mercury hasn't been used to preserve vaccines for a decade in the US, what the fuck are they whining about, and why aren't kids getting vaccinated?
Oh, that's right, they're a psuedo-science cult that is convinced that vaccines cause autism, so will constantly invent new reasons they do so.
I think the very first thing we should do, after we figure out who committed a crime, is try to figure out why.
There are people who break the law because that is, in fact, their 'job', and there are people who break the law because they were stupid once, and there are people who break the law because they are sociopaths.
If someone is breaking the law because it's their job, we can probably solve the problem with tracking anklets. 'Oh, you've decided to make money by breaking into houses? Well, now you get GPS monitored for 5 years, and your location will be compared to every single crime that happens.'.
And then we just let them go adn point them to the employment office. They don't really need prison, they just need to be stopped from that activity, or caught if they continue it. And now we actually have the technology to do that.
There are a few cases where this doesn't work, where crimes do not get reported, like being an enforcer for organized crime, or drug dealer, but in general it works. (And I'd suggest what we should do there is additionally give a restraining order. They cannot go stand around on the street where they sold drugs.)
The short and quick punishments you suggested (Although I don't know about that specific one) would be ideal for people who just 'got stupid', and decided to punch someone in the face or drive drunk. Certainly better than the system we have now.
Considering how giant the prison system is at this point, and how expensive it is, I think it's past time to start asking ourselves 'How can we do this sanely?'.
Prison should be reserved for people who are either sociopaths or who have demonstrated that they are repeatedly going to commit crimes. 95% of prisoners could function just fine in society, either as is, or with a little bit of restraint and monitoring.
So the way we rehabilitate people is take away all previous contacts and allow them only contact with criminals.
Seems reasonable to me.
The smuggler did nothing illegal.
Strictly speaking, if the smuggler was a prison guard, he did break the law. Prison guards are not allowed to do favors for prisoners like that.
However, yes, it's not generally illegal for people to smuggle things in to a prisoner. (Unless it's part of a conspiracy to commit a crime, obviously. If you know they'll be running their gang out of prison and help them, that's illegal regardless of what the action was.)
Indeed, and they don't even really need to 'spy' on Google at all.
All they need to do is take their own search results, and see what queries did 'poorly', aka, returned results far down the page.
Then run the same queries on Google, see if Google did better.
If so, there's something to look at.
What Microsoft is doing is being a parasite. And it shows that they can't work out their own system. It tells me that they are failures and are willing to do anything to create a competent product (something they can't do on their own apparently).
It at least demonstrates they are willing to be parasites. I'm not sure how much the results that they currently have are from google, but seriously, this makes me think much less of them.
And it's worth pointing out that the reason Google doesn't use click information that it incredibly susceptible to spammers. Which rather implies that MS is crappier in that regard.
The fact Bing is doing this rather demonstrates that Google is still light-years ahead of them in search technology.
Did you actually read the story?
Google committed 'click fraud' on themselves.
The rigged their own results so it would return some nonsensical pages for certain queries. And then they search for those queries on their own computers...with the MS toolbar installed. Google searched on Google for these things.
Then, after doing this a bunch, they searched for that thing once on Bing. (And, as far we know, didn't click at all.) Tada, that result was inexplicably on Bing also.
Google running one search on Bing to see what results they return is not 'click fraud'. And I don't know in what insane world you can commit click fraud by searching in your own search engine and clicking on the links you have given yourself to pages you yourself set up.
It would be one thing for Google to load Bing search result and do that to attempt to manipulate Bing's listings. Instead, they loaded their search results and did that, to demonstrate that Bing was spying on Google search results (via their toolbar) and sticking them in Bing's listing.
*whoosh*
That's not how DDoSes work at all.
No one runs a DDoS against ports that aren't open. All DDoSes are designed to look like totally legit connections to, in this case, port 80. This is quite simply because bogus packets cannot cause a DDoS, period. The server either rejects them, or ignores them, and they have almost no effect beyond a split second of CPU.
Whereas 'legitimate' connections that show up, and the server ACKs...and then gets no response from...those tie up server resources. And, incidentally, use outgoing bandwidth also. While special hardware could, indeed, filter obviously useless packets, no one actually needs to do that, as obviously useless packet are trivially dealt with at the server.
And you are correct in that my analogy was over-simplified...in actuality, what's going is a bunch of empty clothing keeps walking up to the house. Yes, we could gate the locked doors that some people walk up to, and stop empty clothes from walking up to them, but, frankly, that clothing isn't wasting anyone's time.
The problem is all the empty clothes in the line with legitimate people, making them wait, and who the doorkeepers ask to come in, and just stand there a few seconds until the doorkeepers realize what happened and throw them in the trash.
See why I didn't use that weird analogy?
The problem isn't bogus things clogging up paths to nowhere (Which are, in fact, empty), it's bogus things clogging up actual resources, actual connections, both at the OS and program level.
Many places have an IDS as a tick in the box, and the logs will never be read.
Well, strictly speaking, most placed don't have IDS at all. ;)
Most places that do have IDS will never check the logs, or they have six hundred lines of stupid warnings and three lines of an attacker getting in won't be noticed.
However, an IDS and an external firewall are not actually the same thing anyway. You can run an IDS on the computer itself, and you can even run an IDS that just watches and doesn't do anything.
You can even buy an external firewall with IDS and open up everything on the firewall to servers, and just run it as an IDS.
In the classic case, once you get behind the firewall theres lots of easily exploitable systems so an attacker can easily spread around your network, whereas if your hosts are configured securely enough to stand alone on the internet then one server being hacked won't help you get into anything else.
Well, getting into one server almost always will help you somehow into getting into others. You can find passwords, or trojan scp, or whatever.
But, yes, in general, systems should be secure by themselves.
And once they are secure by themselves, at that point you're left wondering why the hell you need a firewall for it. All that's going to result in is having to do everything twice.
And all it really protects against, and this is seriously mentioned as an actual good thing, is the 'problem' of attackers who've broken into your server attacking others, which is, like I said, an utterly absurd thing to worry about. It's like worrying that if you're ever in a sword fight, your intestines fall out of your torso might stain the carpet, so you get a plastic covering for the carpet. I have to suggest that those people's priorities are a bit wacked.
And have fun managing the firewall on each individual box vs. a centralized firewall.
If you have multiple internet facing boxes with the same access requirements, what I said doesn't really apply.
However, almost no one does.
Even when people think they are, they aren't. Round-robin proxies do not make multiple servers internet facing. The proxy faces the internet. That needs a firewall and can be its own.
Slashdot has one public facing server. Amazon and Facebook have, according to DNS, three, but they're all on different networks, so obviously can't be managed via a single firewall. CDN obviously don't have that either, being distributed.
It's actually very hard to think of such a situation except something like godaddy or geocities (RIP), hosting a ton of different sites on various servers....and in those circumstances it's doubtful they're using any sort of 'firewall' at all.
The amounts of single locations that have multiple internet-facing servers with the same access rules (And with actual access rules) is much much less than the 1% I allowed in my statement.
The only example I could actually find was google. Yes, if you're running google, you need a damn external firewall. But as none of us are running google, that's rather moot.
If you are a big enough target to get DDOSed at 100Gbps, you aren't running free tools.
If you're that big a target, you're working with your damn ISP to filter traffic, not idiotically waiting until it gets down your connection.
I'm of 'The 99% of the time, public servers should not be behind firewalls' school of thought.
Or, rather, they should be their own firewall.
I mean, you have to set up that stuff anyway. If you have a mail server, you'll need to set it up to deny connections from spammer-owned machines. If you have ssh, you'll want to set it to block logins. Etc, etc.
So if you're keeping track of all that, just put it in the damn firewall to start with. Which only works if it's the same computer.
If you do get hacked, a firewall can hinder the hacker by preventing them from binding additional ports or establishing outbound connections,
Hackers don't really need to 'bind' ports anymore. It used to be that's how they did their control interfaces, but now they just set up some IRC server somewhere, and a program on the owned machine connects to it to get orders. Or it fetches a web page, or whatever.
It's so trivially easy to poke holes in outgoing firewalls it's not even worth considering them as 'protection' at all.
Unless your server doesn't contact anywhere at all. But if it does that, set up some iptable rules so it can't.
Of course, if they have root on your server, they can change that...but if they have root on your server you need to stop worrying about the server contacting other people and, you know, actually solve the damn problem you have. ;)
Seriously, we're getting a little goofy here. The problem isn't hackers inside the server contacting people...if they're inside the server, the problem is that they are inside the server.
It's nice to slightly consider damage they might do to other people, but, to use an analogy I used last time, it's essentially considering boarding up the windows, or even building a big wall around your house, in case snipers have taken over your house and start attacking people. Um, no. That is not the actual problem. The problem there is that attackers are inside your house.
or detect them by providing an additional point of logging.
Yeah, good luck finding anyone who checks router logs and compares them to what 'should' be happening. :)
To use your party analogy, the only thing that's going to keep your house reachable for 'correct' traffic in those circumstances is to have traffic control much further out and before the traffic narrows. Like a ten lane wide toll booth on your subdivision entrance that, instead of a toll, checks IDs of incoming cars.
That's something people can't really do, ISPs have to do.
It doesn't matter what you do, if you check their ID on the sidewalk, at the front door, or just let all six thousand people in until the walls fall over, your house is unreachable for the legit guests.
And, yes, like the article says, having a chockpoint that can handle less traffic than the actual house can is stupid, but it's a pretty dumb assumption that a firewall would be able to handle less traffic than a web server. Internal firewalls aren't very helpful in a DDoS, but they aren't making things worse, unless they're a lot crappier than your server hardware.
Well, refugees from natural disasters are understandable.
I just meant it was absurd to have political refugees, people forced out of their house for political or religious reasons, in the modern era.
Anyway, with your situation, there should have been somewhere to notify. A web site, or even just a place they could call to leave information saying where they are. (Yes, I know they didn't have web sites back then, but now they do.)
This entire thing is stupid to have to do.
Various governments should be collecting that information. In places where the government can't or won't collect it, the UN should.
We need to establish national and international clearinghouses for that information.
It's a damn list of people. It's not rocket science to maintain.
This list would then be made available over the internet, and trusted organizations like the Red Cross could have access to put things in the list.
But it's not actually an 'internet' thing. It should be a damn national database somewhere, that people can connect to and put their name and contact info in, (Or write it down and have it put in by others, obviously.) and look up info for others.
The fact these people are having to do this is just absurd. At least they noticed that having two people are looking for each other not find each other is completely insane in this day and age.
Of course, the entire fact we still have refugees is pretty absurd also.
And what's more fun, <I> tags no longer appear to work, including retroactively. See look, not italics.
Which means it's utterly impossible to figure out what people quoted for about 30% of all slashdot posts, ever.
I point to below the posting buttons, where it explicitly (We'll see if that ends up bold) says you can use an <I> tag.
Yeah, that's something that could probably handle the entire backup, and just, at the end of it, copy it somewhere else.
Hell, if the backups are encrypted, that's one less thing to worry about on this server.
Then you just need a script like in cron:
mv /backups/shared/ /backups/`date +%m-%d` /backups/shared/ /backups/ -maxdepth 1 -type d -ctime +30 -exec rm -r {} \; /backups/ |mail admin@example.com
mkdir
find
ls
Or, you know, something a bit more complicated, but essentially that. Just moving the backups out of accessible areas (Which sadly means you can't use the backup program's expiration of backups.), and not having any way to log in remotely at all.
You could make it more complicated, but as this is the emergency 'crazy admin destroyed all the backups' setup, it's unlikely it's going to be used that often. With the sort of small organizations using a setup like this, it's going to take several days to rebuild the servers anyway. The fact the backup is not immediately accessible is fine.
Yes, if you have admin behaving maliciously for a month and no one notices, you'll be in trouble.
Of course, if they can do that, you're pretty much fucked anyway.
Indeed.
There are people I'm not sure if they're dumb or just pretending to be, like Bush. I'm basically convinced he's smarter than he seems to be. He might be intellectually lazy, but not stupid.
Palin, OTOH, really does seem stupid. Like you said, she apparently can't remember basic beliefs she supposedly has. And, yes, all politicians lie about holding those beliefs...but they can at least explain them to some extent.
If I were, literally, in Palin's shoes, I'd have the 'what percentage of people pay what percentage of taxes' misleading statistic, or a note to mention we have the highest corporate tax rate, (Also misleading) and stuff like that, written on my hand. That's the sort of stuff you put on a cheat sheet, not the fricking basic premise of your argument. '10% p 70% tx. Hgst corp tx', not 'Taxes bad, tree pretty.'
And I came up with those off the top of my head, from right-wing talking points I've argued against. Surely her team of advisers could have come up with better things.
And if she were of average intelligence even if she didn't read papers it should be easy enough to give them name of her local Alaska paper and the Washington Post or something. No one is going to quiz her on stories in the recent edition, and she could always say she's been busy traveling and hasn't been able to keep up.
She really doesn't seem smart enough to lie in a convincing way,and she's been caught doing some really dumb things that no one could possible think would benefit her.
Whereas the dumbest thing Bush ever did that wasn't scripted to make him a 'good ole boy' was trying to open doors that didn't open, which, let's face it, any of us could have done.
...there's actually a pretty easy method.
Simply set up a file server somewhere that the admin do not have physical access to. Setup a server in a locked office. Put it in the president's office, it makes him fell important. (Of course, don't get him any login to it or even attach a screen.) It's so simple and does so little, you don't have to worry about overheating or anything.
No remote login or anything. All it does is have one file sharing point (SFTP or something), that gets logged into and files uploaded. Presumably every night, when the backups run.
Then, once a day, after the backup will be finished, the files are automatically moved to some other, remotely inaccessable, timestamped directory and directories older than a month are deleted, and it emails out what it just did.
It's something you literally can set up in thirty minutes, on 'non-server' hardware. Grab some hardware you're throwing out, buy a new, large hard drive, and throw Linux on it, and spend two minutes writing a script to put in cron to move the directory and delete old files. (Five more minutes work with rsync can result in you hardlinking the unchanged files and saving space.)
Don't worry about 'restoring' from the server, or how to access the files. If shit goes horribly wrong, you'll have to physically go to the server and copy the files somewhere else, or open up remote access, but shit should not go that wrong, ever.
All server admin should visit it in pairs, if they need to, which they shouldn't.
Based on how the words are USED within the English language, (and also based on how consistent such things the words represent are for humanity as a whole, worldwide!), games, art, puzzles, competition(s), work and play DO NOT MEAN THE SAME THINGS.
Of course they don't mean 'the same thing'. 'Tree' doesn't mean the same thing as 'plant' either. That doesn't mean that a tree isn't a plant.
Puzzles are subsets of games. A puzzle is a type of game that has rules that require mostly thinking to solve.
Competitions are a subset of games. They are games played against others. They can be sport competitions, which are athletic games, or they can be puzzle competitions.
Art is not a subset of game, in fact, they rarely overlap at all.
I have no idea why you keep ranting about how words are used in English, like that somehow changes the actual meaning of the words. Hint: All anyone is talking about is English words. You can't argue that words are 'used different in English' about a discussion of English words.
Jigsaw's are not games, they're puzzles - as are crosswords, word-searches, sudoku,
Dude, all those are games. Go to a book store, check where they keep their jigsaw puzzles. Or, you know, check what 'Boggle' and 'Scrabble' are classified as...they're board games. Or just check the wikipedia redirect for 'Word puzzle'...it goes to 'Word game'.
even crime-scenes, and even science itself can be seen as involving puzzles
If you want to argue that 'puzzle' is also the right word to describe logic problems that are not done for fun (And hence are not games), I will not object to that. (Although I suspect that's just a metaphor.)
That just means you have to say 'game puzzle' or 'play puzzle' or something to specify you're talking about a puzzle done for entertainment, as opposed to a puzzle done for an actual purpose, a 'work puzzle'. (And the same with competitions.)
That does not change the fact that's not what we're talking about, at all. We're talking about puzzles done for entertainment. On the computer. Remember?
As I said, these words represent DIFFERENT applications of often DIFFERENT behaviour (of people!). Competitions and puzzles, based on their use, are about things that happen TO people - (which is why wondering how the universe functions - (the ultimate thing that happens to us all) - is considered a puzzle), whereas games, work and play are not - they're about things people DO for themselves - and art is something people DO for others... (Note that I'm just talking about behaviour here, not its application).
Yes, I'm often walking down the street, and competition to see how high I can jump just happens to me. Or I'm sitting down and a suduku puzzle just attacks and I must solve it to live.
The 'thing that happens to people' is called work. Work is stuff people do with a specific goal that isn't the thing itself. (I.e, they check out your groceries not because they want them checked out, but because they get paid if they do so.)
Work is the opposite of play. Games are a subset of play, as is art.
Puzzles may be work or play. If they are play, they are structured rule-based play, aka, a game. (All work, of course, is structured.)
None of this has anything to do with what happens 'TO' people or people 'DO'.
The fact they're RPGs makes them not adventure games. So, yes.
Well, and the multiplayer thing, which adventure games are not. That wouldn't even make sense. Adventure games have a protagonist in a unique set of circumstances that must get solved. Neither the situation nor the characters are generic or player created. You can't really have multiple ones running around.