An office environment is quite different, different actions, different tolerances, and different expectations.
Agreed. Systems at work I keep locked down and secured much differently. At home only one system is accessible to the outside world at all, and only on two ports.
A simple iptable rule would throttle the rate at which you accept ssh connection would solve this problem.
That is one of many options.
Why are you allowing them to hammer your server and fill your logs with crap?
I find it amusing to see how hard some people will work to try to compromise my inconsequential system. I set my messages log to turn over at a very high file size now so I can see the activities more readily through only one file. Even with people attacking at this frequency they pose no real danger to my system, either by way of filling my "logs with crap" or by actually trying to get it (as a prohibited user name).
My home box has seen a dramatic up-tick in frequency of ssh attempts - particularly as root (even though I don't allow remote logins as root regardless of whether the password is right or not) - but the frequency of attacks via PHP and other potential shellshock vectors hasn't changed much.
I recently had one IP address in China make over 10,000 attempts to log in as root via ssh in one morning. By comparison on the same day I saw only 109 failed attempts to load various php configuration pages.
True, but you're not going to find those Bushmasters for sale in Connecticut where new AR-15's have already been outlawed.
That's only partially true. Yeah, Bushmaster might not yet have any compliant guns for the new CT laws, but Stag Arms already does. You can bet that others will follow suit once sales get going.
It's amazing what can be done when people are willing to pay for progress. In the US the wallet opens wide for war but is inexplicably absent when it is time to talk about spending money on something useful for the people.
The waiting period for an AR-15 is generally on the order of 20 minutes at a gun store in most states. If you have the money, you walk out with it not long after walking in.
On the other hand, if you have $1,200 you can order this lathe and wait for it to show up (days to weeks). Then you buy the "80% lower" from somewhere and wait for it to come (days to weeks). Then you mill it (hours) and if you have all the other parts you can assemble your gun. If everything was correct the first time through, you now have a gun that took far longer - and likely more money - than just buying a bushmaster (or any other brand AR-15 you like) from your local sporting goods or outdoors store.
I've seen bushmasters in the local flyer for Dick's Sporting Goods go for less than $1,200. If I had that much money burning a hole in my pocket I could get that gun the same day. I don't see an advantage here.
Sure, the leading cars are popular with young drivers, but data only gets to this study when someone comes to this insurance company for a quote and self-reports a ticket in the process. If junior is running around in whatever car mom and dad gave him and gets a ticket but they pay the ticket and the insurance it doesn't make it into these numbers at all. The ticketed drivers that go to this site for a quote after a ticket are the ones who are paying their own insurance, and there aren't a lot of younger drivers in that set currently.
Looks like they are the car models that are mostly driven by younger drivers
Sure, but where is the Jeep Wrangler, the (base model) Chevy Camaro, the Ford Focus, or the Honda Civic? I would have expected those to have been high on the list for the same reason but they are all quite a ways down. The problem here is that the list depends on people to get tickets and then come to this insurance company for a quote. It would be a lot more informative to have a list of all the tickets issued in a year, but that would be a lot more difficult to obtain and compile.
It's unlikely there's any significant "self reporting bias," as you seem to be implying, which would be caused by drivers being deceptive about the vehicles they're actively seeking insurance quotes on.
Perhaps I was not adequately clear on this. What I was after is that this is just reporting to one insurance company, and reporting only based on people who have gone to this insurance company for a quote for insurance on their vehicle. Hence all we have here are people who were ticketed and then at some point after decided to get a quote for insurance through this particular company / web site.
To really know how this relates to the real world, we would need to know at least how the distribution of vehicles that they insure compare to the distribution of vehicles nationwide.
It is based on driver reporting. As mentioned in the widget:
Insurance.com analyzed online quote information submitted by 557,238 drivers January 2013 to July 2014. Ticket data calculated for models with 50 or more quotes.
I don't know how they would respond to ET, but there are plenty of adherents here on slashdot (with numbers growing at a staggering rate). This is a faith with a number of people who spend a great deal of time attempting to recruit new members. I'm not talking about Pastafarians, nor am I talking about Jedi Knights. I'm talking about the most profound cult in the US in some time, and I'm not talking about Apple fanboys either.
I'm talking about the church of Ron Paul. I expect their dear leader would tell them that ET can be dealt with somehow through the miracle of the open market but what that would actually mean is anyone's guess.
The issue is that people learn Photoshop, they don't learn the fundamentals for the tool.
I'm not sure how that would effect sales. Are people who learned Photoshop without understanding how it works really be likely Linux users? I think the overlap on those sets is vanishingly small.
So they switch to GIMP and then find it's horrible because their skills don't transfer and they cry on the internet that "GIMP SUX" because they don't want to relearn anything.
First of all, I can tell you that I have used a significant number of Photoshop tutorials in GIMP to do various functions and found that they work just fine.
Second, the most critical (by frequency of use) tools in Photoshop are the technical adjustments - color, levels, curves, etc. They work the same in GIMP and are even in the same menus. There is no significant relearning to do. My wife uses Photoshop and Illustrator (as well as InDesign) professionally on a daily basis. A while back we were traveling with only my laptop, which has GIMP and Inkscape but nothing from Adobe. She was able to get by just fine for a quick job while we were out; going well beyond the use level that I get from GIMP even though I use it almost daily.
This is even worse in a business situation because relearning things pushes back deadlines and impacts quality
I'm not sure how this applies. How many businesses are running Linux workstations and need Adobe on them? Again this seems to me like a likely very small set. I don't see the absence of Adobe software in Linux as being a critical impediment to Linux migration for businesses who want to do that, either.
I know that Photoshop is still the gold standard, but I'm not sure how many Linux users are concerned about it. I use GIMP for all my photo work in Linux and it meets all my needs. It seems that the overlap between people who need Photoshop (and are wiling to pay for it) and the people who are using Linux would be pretty small.
I know that Photoshop gets a lot of attention from the WINE community but that doesn't necessarily translate to people who want to buy licenses for running it in Linux.
The electric companies (other utilities as well, but electric in particular) have been getting it both ways for some time. They have a lock on providing most - if not all - of their services for their market, and government is generally unwilling to investigate their actions when they use their power to abuse customers. I recall in a previous home of mine, one winter the temperature wasn't as cold as predicted, which led to less need for heating energy. The power companies hence made less money, which they made up for by forcing a subsidy on the customers. Customers who tried to contest the subsidy (which raised their monthly bill) were threatened with disconnect and collections.
Now that solar is becoming a viable option - even if just to reduce the electric bill - the power companies are seeking ways to prevent it from hitting them. Eventually they will follow the same path that the insurance industry took with "health care reform" and dictate to the government a giant handout for themselves.
Yet you were the person so sure that the stock would tank that you shorted it and got millions? No, didn't think so.
The stock market has been, for quite some time now, a casino for the wealthy. I was one of many who knew that it was drastically overvalued but had no way to make money on that knowledge. Even to short sell, based on the insane IPO price, required vastly more expendable money than I or most others had.
This sounds like the same kind of wisdom we saw from people tripping over each other to buy facebook stock on opening day, paying obscene sums for stock that subsequently tanked on the market. It seems like he's just trying to play the opposite argument now in hopes that he might be able to look less stupid.
Too bad he's just as wrong as his type was before.
I know that RTFA is passe' here, but if we even take a look at the abstract (which shoudl be publicly available to all) we see a key point here:
Turning to a case study of scientific communication, another online sample of adults described public attitudes toward climate scientists specifically.
We already know that a large portion of our country is repeatedly fed biased misinformation on this topic and told to distrust anyone who represents an opposing viewpoint. If we tried this on something that is less of a political football, we would likely see very different results. I would doubt that anywhere near as many people would doubt scientists telling them about research on gravity or the spheroid shape of our planet.
Default Linux install (assuming dhcpd is the default). Boom. Owned.
You neglected your second - and more profound - assumption.
You have to have bash installed as well in order to be vulnerable. Not every linux install installs bash by default.
In other words, you are comparing an OS that has a vulnerable shell by default (OS X) with an OS that has a vulnerable dhcp by default (Linux) and making an assumption that the Linux install has the vulnerable shell as well.
Far more vulnerable is Linux which runs dhcpd on any machine with a non-static IP, through which bash is exploitable.
Although not every Linux distro installs bash as a shell by default. AFAIK OS X always installs bash unless the user goes back an uninstalls it.
In other words I would say the two are roughly equally vulnerable. You can't compromise bash if it isn't installed (on various other *nixes) nor can you compromise bash if you can't get to it because no public services are installed that can call upon it (OS X).
... really aren't Apple systems likely the *nix boxes that are least likely to be exploited by shellshock? I have a lot of Apple boxes at work (and know of lots of people who use them in other places as well) but I know of only a very short list of Apple boxes that have any public facing services. While a fair chunk of other *nix boxes are running web servers and other services that can provide avenues for exploiting shellshock, it doesn't seem particularly pressing for the Apple systems that are not.
Which would drive more people to alternative energy.
I think the big question here is how many people will have the ability to make that choice. People in high density housing (apartments, condos, townhomes, duplexes, etc) generally only get a choice of one supplier for electricity and they don't have the right to get new lines installed. As more of the world's population ends up living in dense cities, the percentage of people with the ability to select alternative energy sources declines.
Energy companies can also cut costs by closing power plants and tightening supply.
From my recollection of Economics 1001 a reduction in supply with static or increasing demand leads to an increase in price.
Slashdot Mirror
And yet they still seem to be doing fine. While some of us may miss Lotus it doesn't appear that IBM will.
An office environment is quite different, different actions, different tolerances, and different expectations.
Agreed. Systems at work I keep locked down and secured much differently. At home only one system is accessible to the outside world at all, and only on two ports.
A simple iptable rule would throttle the rate at which you accept ssh connection would solve this problem.
That is one of many options.
Why are you allowing them to hammer your server and fill your logs with crap?
I find it amusing to see how hard some people will work to try to compromise my inconsequential system. I set my messages log to turn over at a very high file size now so I can see the activities more readily through only one file. Even with people attacking at this frequency they pose no real danger to my system, either by way of filling my "logs with crap" or by actually trying to get it (as a prohibited user name).
My home box has seen a dramatic up-tick in frequency of ssh attempts - particularly as root (even though I don't allow remote logins as root regardless of whether the password is right or not) - but the frequency of attacks via PHP and other potential shellshock vectors hasn't changed much.
I recently had one IP address in China make over 10,000 attempts to log in as root via ssh in one morning. By comparison on the same day I saw only 109 failed attempts to load various php configuration pages.
True, but you're not going to find those Bushmasters for sale in Connecticut where new AR-15's have already been outlawed.
That's only partially true. Yeah, Bushmaster might not yet have any compliant guns for the new CT laws, but Stag Arms already does. You can bet that others will follow suit once sales get going.
It's amazing what can be done when people are willing to pay for progress. In the US the wallet opens wide for war but is inexplicably absent when it is time to talk about spending money on something useful for the people.
The waiting period for an AR-15 is generally on the order of 20 minutes at a gun store in most states. If you have the money, you walk out with it not long after walking in.
On the other hand, if you have $1,200 you can order this lathe and wait for it to show up (days to weeks). Then you buy the "80% lower" from somewhere and wait for it to come (days to weeks). Then you mill it (hours) and if you have all the other parts you can assemble your gun. If everything was correct the first time through, you now have a gun that took far longer - and likely more money - than just buying a bushmaster (or any other brand AR-15 you like) from your local sporting goods or outdoors store.
I've seen bushmasters in the local flyer for Dick's Sporting Goods go for less than $1,200. If I had that much money burning a hole in my pocket I could get that gun the same day. I don't see an advantage here.
Sure, the leading cars are popular with young drivers, but data only gets to this study when someone comes to this insurance company for a quote and self-reports a ticket in the process. If junior is running around in whatever car mom and dad gave him and gets a ticket but they pay the ticket and the insurance it doesn't make it into these numbers at all. The ticketed drivers that go to this site for a quote after a ticket are the ones who are paying their own insurance, and there aren't a lot of younger drivers in that set currently.
Looks like they are the car models that are mostly driven by younger drivers
Sure, but where is the Jeep Wrangler, the (base model) Chevy Camaro, the Ford Focus, or the Honda Civic? I would have expected those to have been high on the list for the same reason but they are all quite a ways down. The problem here is that the list depends on people to get tickets and then come to this insurance company for a quote. It would be a lot more informative to have a list of all the tickets issued in a year, but that would be a lot more difficult to obtain and compile.
It's unlikely there's any significant "self reporting bias," as you seem to be implying, which would be caused by drivers being deceptive about the vehicles they're actively seeking insurance quotes on.
Perhaps I was not adequately clear on this. What I was after is that this is just reporting to one insurance company, and reporting only based on people who have gone to this insurance company for a quote for insurance on their vehicle. Hence all we have here are people who were ticketed and then at some point after decided to get a quote for insurance through this particular company / web site.
To really know how this relates to the real world, we would need to know at least how the distribution of vehicles that they insure compare to the distribution of vehicles nationwide.
Insurance.com analyzed online quote information submitted by 557,238 drivers January 2013 to July 2014. Ticket data calculated for models with 50 or more quotes.
I don't know how they would respond to ET, but there are plenty of adherents here on slashdot (with numbers growing at a staggering rate). This is a faith with a number of people who spend a great deal of time attempting to recruit new members. I'm not talking about Pastafarians, nor am I talking about Jedi Knights. I'm talking about the most profound cult in the US in some time, and I'm not talking about Apple fanboys either.
I'm talking about the church of Ron Paul. I expect their dear leader would tell them that ET can be dealt with somehow through the miracle of the open market but what that would actually mean is anyone's guess.
The issue is that people learn Photoshop, they don't learn the fundamentals for the tool.
I'm not sure how that would effect sales. Are people who learned Photoshop without understanding how it works really be likely Linux users? I think the overlap on those sets is vanishingly small.
So they switch to GIMP and then find it's horrible because their skills don't transfer and they cry on the internet that "GIMP SUX" because they don't want to relearn anything.
First of all, I can tell you that I have used a significant number of Photoshop tutorials in GIMP to do various functions and found that they work just fine.
Second, the most critical (by frequency of use) tools in Photoshop are the technical adjustments - color, levels, curves, etc. They work the same in GIMP and are even in the same menus. There is no significant relearning to do. My wife uses Photoshop and Illustrator (as well as InDesign) professionally on a daily basis. A while back we were traveling with only my laptop, which has GIMP and Inkscape but nothing from Adobe. She was able to get by just fine for a quick job while we were out; going well beyond the use level that I get from GIMP even though I use it almost daily.
This is even worse in a business situation because relearning things pushes back deadlines and impacts quality
I'm not sure how this applies. How many businesses are running Linux workstations and need Adobe on them? Again this seems to me like a likely very small set. I don't see the absence of Adobe software in Linux as being a critical impediment to Linux migration for businesses who want to do that, either.
I know that Photoshop is still the gold standard, but I'm not sure how many Linux users are concerned about it. I use GIMP for all my photo work in Linux and it meets all my needs. It seems that the overlap between people who need Photoshop (and are wiling to pay for it) and the people who are using Linux would be pretty small.
I know that Photoshop gets a lot of attention from the WINE community but that doesn't necessarily translate to people who want to buy licenses for running it in Linux.
The electric companies (other utilities as well, but electric in particular) have been getting it both ways for some time. They have a lock on providing most - if not all - of their services for their market, and government is generally unwilling to investigate their actions when they use their power to abuse customers. I recall in a previous home of mine, one winter the temperature wasn't as cold as predicted, which led to less need for heating energy. The power companies hence made less money, which they made up for by forcing a subsidy on the customers. Customers who tried to contest the subsidy (which raised their monthly bill) were threatened with disconnect and collections.
Now that solar is becoming a viable option - even if just to reduce the electric bill - the power companies are seeking ways to prevent it from hitting them. Eventually they will follow the same path that the insurance industry took with "health care reform" and dictate to the government a giant handout for themselves.
Yet you were the person so sure that the stock would tank that you shorted it and got millions? No, didn't think so.
The stock market has been, for quite some time now, a casino for the wealthy. I was one of many who knew that it was drastically overvalued but had no way to make money on that knowledge. Even to short sell, based on the insane IPO price, required vastly more expendable money than I or most others had.
This sounds like the same kind of wisdom we saw from people tripping over each other to buy facebook stock on opening day, paying obscene sums for stock that subsequently tanked on the market. It seems like he's just trying to play the opposite argument now in hopes that he might be able to look less stupid.
Too bad he's just as wrong as his type was before.
Turning to a case study of scientific communication, another online sample of adults described public attitudes toward climate scientists specifically.
We already know that a large portion of our country is repeatedly fed biased misinformation on this topic and told to distrust anyone who represents an opposing viewpoint. If we tried this on something that is less of a political football, we would likely see very different results. I would doubt that anywhere near as many people would doubt scientists telling them about research on gravity or the spheroid shape of our planet.
Default Linux install (assuming dhcpd is the default). Boom. Owned.
You neglected your second - and more profound - assumption.
You have to have bash installed as well in order to be vulnerable. Not every linux install installs bash by default.
In other words, you are comparing an OS that has a vulnerable shell by default (OS X) with an OS that has a vulnerable dhcp by default (Linux) and making an assumption that the Linux install has the vulnerable shell as well.
Yahoo's directories were like gopherhole directories for html. Web searches didn't start to mean much until infoseek came around.
It looks like the firing order for an 8 cylinder engine. I thought maybe the engineer tasked with that pin out was moonlighting in a garage somewhere.
Far more vulnerable is Linux which runs dhcpd on any machine with a non-static IP, through which bash is exploitable.
Although not every Linux distro installs bash as a shell by default. AFAIK OS X always installs bash unless the user goes back an uninstalls it.
In other words I would say the two are roughly equally vulnerable. You can't compromise bash if it isn't installed (on various other *nixes) nor can you compromise bash if you can't get to it because no public services are installed that can call upon it (OS X).
... really aren't Apple systems likely the *nix boxes that are least likely to be exploited by shellshock? I have a lot of Apple boxes at work (and know of lots of people who use them in other places as well) but I know of only a very short list of Apple boxes that have any public facing services. While a fair chunk of other *nix boxes are running web servers and other services that can provide avenues for exploiting shellshock, it doesn't seem particularly pressing for the Apple systems that are not.
This seems highly improbable.
Which would drive more people to alternative energy.
I think the big question here is how many people will have the ability to make that choice. People in high density housing (apartments, condos, townhomes, duplexes, etc) generally only get a choice of one supplier for electricity and they don't have the right to get new lines installed. As more of the world's population ends up living in dense cities, the percentage of people with the ability to select alternative energy sources declines.
Energy companies can also cut costs by closing power plants and tightening supply.
From my recollection of Economics 1001 a reduction in supply with static or increasing demand leads to an increase in price.