4 people at my work attempted just this and all of them failed on my pattern. Additionally, I am in the habbit of wiping the screen with my sleeve as soon as I use my swipe pattern to re-lock the phone.
More to the parent point, before using the pattern, I did indeed use my birthday as my PIN. I know this is crap security - but it's not about protecting my phone from my people who know my birthday. It's about a) providing me enough time for me to realise my friend has picked it up and intends to mess with it (either options gives me the few seconds I need for this) as a joke or b) to stop a complete stranger from viewing all my details, easily. So in this case, both would work equally.
But I like the pattern because it's easier for me to work with and so far, no one else has ever guessed it.
To be honest, the amount of stuff on my Droid that I don't want a stranger to get access to is a little scary (like many people, I have saved my passwords for Facebook, eBay etc on it... I felt bad about doing it but I did it anyway), so I really just try not to lose it. Again, a crap security policy I will admit but I seem to have become quite apathetic about it.
Here in Australia, where we have had caps for as long as I can recall, we have streaming services that are integrated with the ISPs who quota, so the streamed movies are not metered against your quota (they are in the "free zone", etc). The major movie streaming players have deals with the major ISPs so this is a non issue.
You can use Steam in the same way (non-metered). Also, they host repos for Linux distros, etc, so yum or whatever don't count against your quota, either and some of the nice ones even let Windows updates through for free.
Pretty much the only high bandwidth thing that is not free is, unsurprisingly, bittorrent.
I have a 1TB a month quota. If I could even download 1TB of torrents a month, on my crappy DSL connection (I am a long way from a phone exchange), I'd be laughing. However even if I could, there's no way I could find 1TB a month of legit torrents.
I use Live Mesh on my Windows and Mac computers and it's equally functional on both (which is to say it works well, to do what it's suppose to do). I understand a Linux port of Mesh is in the works, too?
I fully expect Skype to eventually be incorporated into the Windows Live suite and wind up called Windows Live Chat. However if it remains fundamentally the same as it is now, I couldn't care less.
There is plenty of MS software out there that's not just good but really good. I don't blame MS for not making a tonne of software for KDE or OSX.
I can't think of a single decent Apple piece of software for Windows either (iTunes is f*cking aweful, runs a bunch of insecure network services, requires you to convert perfectly usable media files to another format, etc. Quicktime is just pitiful). They probably exist but I can't think of any, right now (admittedly, I am not really trying too hard).
Anyone up for the irony of complaining about AJAX scripting on Slashdot? Try viewing *this very site* with NoScript enabled and see how much fun it is...
I am where you're going to be in a few years. This life was fine in the past but now I have a wife and two children under 3, one of whom is still a little baby. I get home from work with a tonne of work to do, so my wife has to carry addition burdens with the kids, etc. It's not as great as it used to be, I can tell you.
The only saving grace is I never, ever work on a Saturday, so at least we have 1 day a week of family time.
The problem you're going to find is that a young family is like 3 full time jobs and running your own business is like 3 full time jobs. There's not enough time for both and there's no way to juggle it.
Build your business as fast as you can because when you get to the family stage of life, you're going to need to hand some of that work over, whether you want to or not.
I've met Jesper on 3 occassions and he is brilliant. In fact, I first met him back a few years before this article but I met him again on his 2004 road show with MS and he single handedly changed the way I view IT security, through his compelling arguments and his charisma. Before that time, I was pretty much a "default permit" mindset kind of guy, using AV and the like and not thinking about it - only a few years into IT.
Now I think about security first, when I design anything and am more than happy to tell a client straight out what the result is going to be, if they want to play it the other way around.
I really recommend listening to him talk about IT security any chance you get. He's passionate about the topic, interesting to listen to, quite funny and he knows his stuff.
He also had some interesting tales about his time advising MS on the initial release of XP and how the security team got utterly bulldozed by the marketing team's instistance on meeting shipping deadlines. He was very open about the fact that they released it knowing that the firewall service started after the network service (i.e. allowing worms free access to the computer during boot up, as the firewall service started almost last and the network service very early) - but no one outside the security team seemed to care. Come XPSP2 and all the bad press - the security team got a veto on the release date and a seat at the decision table and things turned out differently.
As you mention, you can us Amavis & SpamAssassin, etc to scan it and then use postfix to tarpit anything that "fails" the check. This is better than a bad SMTP - it hangs on the connection at the other end, taking up a thread. So it actually slows them down, if they try you.
You can do this using the smtpd_error_sleep_time settings for Postfix.
My HP48G graphical calculator was frikkin fantastic. It could store whole text essays, copies of past exams and came with a fake-reset application that made it appear as though it had been reset but actually just made a hidden directory and moved the contents of the system into that. Imagine how many exams this helped out in!
The download trail from the MS website is not an OEM install and therefore the OEM key won't work with it. Unlike Office, which MS allows you to download a copy of if you can provide the OEM key, there is no such luck with Windows. Therefore you'd need to "obtain" a copy from Bittorrent, which may or may not prove to be better than the recovery crap from your laptop vendor. Then it would need to be the same release level as your key - i.e. if your CD key was for Windows 7 release 1 it may not work on a downloaded Windows 7 with SP1 release disk.
So it's a real pain to get the media we should be entitled to.
3. iOS has outsold Android. So your conclusion has yet to come to pass. But even if it ever does, you end up with the first point, how has that benefitted Google greater than iOS has benefitted Apple? Even if Android outsells iOS 5 to 1 (and it most certainly does not, and won't any time soon), how is that an example of Google beating Apple? Apple will still make far more from iOS than Google will be making from Android.
How do you come by that? Android has a much larger market share than iOS, already:
http://en.wikipedia.org/wiki/File:Smartphone_share_current.png - they're now the largest mobile OS out there. In a few years, it's relatively safe to assume that gap will be even larger, as Symbian tends towards 0.
One must assume Google gets more than a buck or two for each phone you buy with "with Google" written on the back, like mine does. Presumably, that adds up. Given Android's open nature, it has more companies developing for it, which means Google gets benefits without even trying (as hard) as iOS. So I would say Google is already doing damn nicely out of Android and will continue to do so. In business speak, that's a "win". It's not even too far removed from getting "something for nothing".
Back in 97, when MS bought into Apple, Apple had around 7% of the PC market. In 2010, Apple had about 8% of the PC market - so in the last almost 15 years, they have basically made no inroads at all. Dell, on the other hand, have 15% market share. In fact, the top 5 PC sellers are HP, Dell, Acer, Lennova and Toshiba. All of them doing basically zero research into the OS. This is basically true for mobile phones too, with Nokia, Samsung, LG, Rim and Sony taking the top 5 seller by manufacturer positions, all of them now moving to Android (even RIM is now working to allow Android apps to work on Blackberrys).
So I'd say that supports the parent argument pretty well - once again Apple's coupling of OS to hardware will guarantee that the market will move on past them, leaving them an important but none the less niche player, in regards to overall usage statistics. Once again, the market they can largely be credited with creating, will leave them behind. Google will be their new Microsoft. Whatever way you turn it, that's got to hurt at least a little.
As I mentioned, we resell Supermicro's. Those look like (but could be anything really), this model: http://www.supermicro.com/products/system/1U/6016/SYS-6016GT-TF.cfm?GPU=FM207 (or one of it's variants). Nearly all of them ship with Intel Xeon, although they do offer an AMD based range but it's not as popular (at least where I am).
Those are SuperMicro servers. I resell supermicro and as much as I love their low cost and good speed, the hardware failure rate is astronomical. They should fit in well with Iran's centrifuges.:-P
China already do take our gas, coal and other mineral wealth. We're making out like bandits selling it to them (how's that recession working out for you, rest of the World?) and their economy is still going strong, based on them buying it from us at a price they can bear. That's way easier for them than trying to mount an invasion of a country half a world away, by sea because there's no land between us and them, and without damaging the infrastructure necessary to pull said minerals out of the ground and ship them back to China.
I can guarantee there will be issues. We had this change forced on us for 3 years as a trial in Perth, Western Australia and every single Windows computer / Outlook+Exchange server got screwed up (although only 1 hour). For the entire 3 years. Because every year MS would release a new patch which was not in Windows Update (i.e. you had to hunt it down manually) to fix the date changes and every one of those patches only effected a single year. So come March 1 everyone would suddenly start complaining "my appointments are all 1 hour out!".
I see no reason to suspect it would be any different in the UK; except perhaps the UK might be a big enough market for Microsoft to try harder.
Wow, you're a real idiot. I have mod points, and I'd love to rate you troll but instead I am going to comment (more the fool me, because you clearly have shown you have no comprehension skills).
The nice people talking to you above are trying to help you understand that your method for preventing browsing of censored websites only works because you voluntarily allow it to. You seem to be switching between talking about protecting your machine from inbound connections one minute and outbound, the next?
Your method may be u83r l337 for preventing people from finding you (it's not, btw and I will explain why to you in a second) but it does nothing to enforce censorship of the net, which is what you originally seemed to be claiming it does because, as Pharmboy pointed out, anyone who has permission to change the modified files can circumvent your censorship, which is basically anyone who either has admin access or a Linux boot disk with NTFS write permissions (like, I don't know... all of them).
Now, as to why your method above does not prevent people finding you online, perhaps you've heard of switches and routers? How the fck do you think they can get your packets to you, if they can't find you, pray tell? Any network admin on his first day on the job is going to be able to tell you what devices are plugged into his switches. You do understand that simply closing off SMB services does nothing to secure anything other than SMB, right?
Finally: I read that first link on your "Bing" link above. Firstly, the fact that you even use Bing calls deeply into question any IT credentials you claim to have. All I see there is a complete novice refusing to listen to other people's advice and throwing a tantrum about being the most l337 person on the planet and insinuating everyone else is dumb - pretty much exactly like you've done here. You then bang on about how a single downloadable app, which you did not write, fixes every single security problem on every computer and this somehow makes you an expert. You even claim your mate "Jack" got infected with a virus because he "ignored your advice" and used YouTube.
Well, the thing is, he, as you yourself admitted, wanted to use YouTube. He, being the user, had a requirements. You, being the know-it-all-idiot, tried to simply ban him from them, in a misguided belief that YouTube infects computers and you somehow own his computer. That's not the behaviour of an IT expert. That's not the behaviour of a security expert. That's the behaviour of a control freak moron. Try to remember it's his computer and he wants it to do what he wants it to do. If you can't help him do whatever that is securely, then you're no expert and best leave it to people who can.
Iran has very limited options. China can buy PLCs from any company or build PLCs at will (many are built in China already).
Iran can only get them from North Korea, who can only get what they can basically steal from China. They can't get support on them, either, as Siemens won't do a house call to Tehran. Hence they can't patch the systems and get the virus out.
I think in this case the issue is people are upset he illegally gained control over other people's computers and used them to send the SPAM. It's the hacking / cracking / botnet component of this case that got him jail time, not the actual contents of the emails sent.
So with that in mind, spammers do actually do a fair amount of damage. It's not just bandwidth being chewed - it's the theft of other people's property to send their spam, which in turn gets other people's mail servers blacklisted (like ISPs for example) by SPAMHAUS and the like, which causes completely other people still, who are unrelated, to not be able to do business (just because they used the same ISP to send email) and so on and so on...
Of course spam and other computer crimes are "no big deal" if you view every computer network in the same way you view a home PC... but they're not all home PCs.
Redhat does cost more for a server license - but it doesn't then hit you for CAL licensing for every bloody app server you run as well. Microsoft OS licensing isn't too expensive. It gets expensive you install Exchange and MSSQL and Sharepoint and all of sudden your 50 users means 50 Server CALs, 50 Exchange CALs, 50 MSSQL CALs, 50 Sharepoint CALS and before you know it, a Windows 50 user environment cost $5,000 for the new server and $25,000 for the f***ing licenses.
Redhat license costs are a few thousand but at least MySQL and Postfix or whatever don't then charge you per user you connect, as well.
Slashdot Mirror
4 people at my work attempted just this and all of them failed on my pattern. Additionally, I am in the habbit of wiping the screen with my sleeve as soon as I use my swipe pattern to re-lock the phone.
More to the parent point, before using the pattern, I did indeed use my birthday as my PIN. I know this is crap security - but it's not about protecting my phone from my people who know my birthday. It's about a) providing me enough time for me to realise my friend has picked it up and intends to mess with it (either options gives me the few seconds I need for this) as a joke or b) to stop a complete stranger from viewing all my details, easily. So in this case, both would work equally.
But I like the pattern because it's easier for me to work with and so far, no one else has ever guessed it.
To be honest, the amount of stuff on my Droid that I don't want a stranger to get access to is a little scary (like many people, I have saved my passwords for Facebook, eBay etc on it... I felt bad about doing it but I did it anyway), so I really just try not to lose it. Again, a crap security policy I will admit but I seem to have become quite apathetic about it.
I guess the Wiggles are really taking their child education program seriously.
You spelt Wiggles wrong, btw.
Here in Australia, where we have had caps for as long as I can recall, we have streaming services that are integrated with the ISPs who quota, so the streamed movies are not metered against your quota (they are in the "free zone", etc). The major movie streaming players have deals with the major ISPs so this is a non issue.
You can use Steam in the same way (non-metered). Also, they host repos for Linux distros, etc, so yum or whatever don't count against your quota, either and some of the nice ones even let Windows updates through for free.
Pretty much the only high bandwidth thing that is not free is, unsurprisingly, bittorrent.
I have a 1TB a month quota. If I could even download 1TB of torrents a month, on my crappy DSL connection (I am a long way from a phone exchange), I'd be laughing. However even if I could, there's no way I could find 1TB a month of legit torrents.
I use Live Mesh on my Windows and Mac computers and it's equally functional on both (which is to say it works well, to do what it's suppose to do). I understand a Linux port of Mesh is in the works, too?
I fully expect Skype to eventually be incorporated into the Windows Live suite and wind up called Windows Live Chat. However if it remains fundamentally the same as it is now, I couldn't care less.
There is plenty of MS software out there that's not just good but really good. I don't blame MS for not making a tonne of software for KDE or OSX.
I can't think of a single decent Apple piece of software for Windows either (iTunes is f*cking aweful, runs a bunch of insecure network services, requires you to convert perfectly usable media files to another format, etc. Quicktime is just pitiful). They probably exist but I can't think of any, right now (admittedly, I am not really trying too hard).
Anyone up for the irony of complaining about AJAX scripting on Slashdot? Try viewing *this very site* with NoScript enabled and see how much fun it is...
I am where you're going to be in a few years. This life was fine in the past but now I have a wife and two children under 3, one of whom is still a little baby. I get home from work with a tonne of work to do, so my wife has to carry addition burdens with the kids, etc. It's not as great as it used to be, I can tell you.
The only saving grace is I never, ever work on a Saturday, so at least we have 1 day a week of family time.
The problem you're going to find is that a young family is like 3 full time jobs and running your own business is like 3 full time jobs. There's not enough time for both and there's no way to juggle it.
Build your business as fast as you can because when you get to the family stage of life, you're going to need to hand some of that work over, whether you want to or not.
And then we can say Akhbar Hu Akhbar!
I've met Jesper on 3 occassions and he is brilliant. In fact, I first met him back a few years before this article but I met him again on his 2004 road show with MS and he single handedly changed the way I view IT security, through his compelling arguments and his charisma. Before that time, I was pretty much a "default permit" mindset kind of guy, using AV and the like and not thinking about it - only a few years into IT.
Now I think about security first, when I design anything and am more than happy to tell a client straight out what the result is going to be, if they want to play it the other way around.
I really recommend listening to him talk about IT security any chance you get. He's passionate about the topic, interesting to listen to, quite funny and he knows his stuff.
He also had some interesting tales about his time advising MS on the initial release of XP and how the security team got utterly bulldozed by the marketing team's instistance on meeting shipping deadlines. He was very open about the fact that they released it knowing that the firewall service started after the network service (i.e. allowing worms free access to the computer during boot up, as the firewall service started almost last and the network service very early) - but no one outside the security team seemed to care. Come XPSP2 and all the bad press - the security team got a veto on the release date and a seat at the decision table and things turned out differently.
Yes there is.
As you mention, you can us Amavis & SpamAssassin, etc to scan it and then use postfix to tarpit anything that "fails" the check. This is better than a bad SMTP - it hangs on the connection at the other end, taking up a thread. So it actually slows them down, if they try you.
You can do this using the smtpd_error_sleep_time settings for Postfix.
My HP48G graphical calculator was frikkin fantastic. It could store whole text essays, copies of past exams and came with a fake-reset application that made it appear as though it had been reset but actually just made a hidden directory and moved the contents of the system into that. Imagine how many exams this helped out in!
That's bloody useful, I can tell you!
:-P
Am I the only person who initially read that as "It has been just over a year since Santa Claus released its Nehalem-based..."?
The download trail from the MS website is not an OEM install and therefore the OEM key won't work with it. Unlike Office, which MS allows you to download a copy of if you can provide the OEM key, there is no such luck with Windows. Therefore you'd need to "obtain" a copy from Bittorrent, which may or may not prove to be better than the recovery crap from your laptop vendor. Then it would need to be the same release level as your key - i.e. if your CD key was for Windows 7 release 1 it may not work on a downloaded Windows 7 with SP1 release disk.
So it's a real pain to get the media we should be entitled to.
If 41% of facebook users are divulging personal information to strangers without a care - the other 59% are doing it without knowing it...
3. iOS has outsold Android. So your conclusion has yet to come to pass. But even if it ever does, you end up with the first point, how has that benefitted Google greater than iOS has benefitted Apple? Even if Android outsells iOS 5 to 1 (and it most certainly does not, and won't any time soon), how is that an example of Google beating Apple? Apple will still make far more from iOS than Google will be making from Android.
How do you come by that? Android has a much larger market share than iOS, already: http://en.wikipedia.org/wiki/File:Smartphone_share_current.png - they're now the largest mobile OS out there. In a few years, it's relatively safe to assume that gap will be even larger, as Symbian tends towards 0.
One must assume Google gets more than a buck or two for each phone you buy with "with Google" written on the back, like mine does. Presumably, that adds up. Given Android's open nature, it has more companies developing for it, which means Google gets benefits without even trying (as hard) as iOS. So I would say Google is already doing damn nicely out of Android and will continue to do so. In business speak, that's a "win". It's not even too far removed from getting "something for nothing".
Back in 97, when MS bought into Apple, Apple had around 7% of the PC market. In 2010, Apple had about 8% of the PC market - so in the last almost 15 years, they have basically made no inroads at all. Dell, on the other hand, have 15% market share. In fact, the top 5 PC sellers are HP, Dell, Acer, Lennova and Toshiba. All of them doing basically zero research into the OS. This is basically true for mobile phones too, with Nokia, Samsung, LG, Rim and Sony taking the top 5 seller by manufacturer positions, all of them now moving to Android (even RIM is now working to allow Android apps to work on Blackberrys).
So I'd say that supports the parent argument pretty well - once again Apple's coupling of OS to hardware will guarantee that the market will move on past them, leaving them an important but none the less niche player, in regards to overall usage statistics. Once again, the market they can largely be credited with creating, will leave them behind. Google will be their new Microsoft. Whatever way you turn it, that's got to hurt at least a little.
As I mentioned, we resell Supermicro's. Those look like (but could be anything really), this model: http://www.supermicro.com/products/system/1U/6016/SYS-6016GT-TF.cfm?GPU=FM207 (or one of it's variants). Nearly all of them ship with Intel Xeon, although they do offer an AMD based range but it's not as popular (at least where I am).
Those are SuperMicro servers. I resell supermicro and as much as I love their low cost and good speed, the hardware failure rate is astronomical. They should fit in well with Iran's centrifuges. :-P
China already do take our gas, coal and other mineral wealth. We're making out like bandits selling it to them (how's that recession working out for you, rest of the World?) and their economy is still going strong, based on them buying it from us at a price they can bear. That's way easier for them than trying to mount an invasion of a country half a world away, by sea because there's no land between us and them, and without damaging the infrastructure necessary to pull said minerals out of the ground and ship them back to China.
I can guarantee there will be issues. We had this change forced on us for 3 years as a trial in Perth, Western Australia and every single Windows computer / Outlook+Exchange server got screwed up (although only 1 hour). For the entire 3 years. Because every year MS would release a new patch which was not in Windows Update (i.e. you had to hunt it down manually) to fix the date changes and every one of those patches only effected a single year. So come March 1 everyone would suddenly start complaining "my appointments are all 1 hour out!".
I see no reason to suspect it would be any different in the UK; except perhaps the UK might be a big enough market for Microsoft to try harder.
Now this deserves mod points...
Wow, you're a real idiot. I have mod points, and I'd love to rate you troll but instead I am going to comment (more the fool me, because you clearly have shown you have no comprehension skills).
The nice people talking to you above are trying to help you understand that your method for preventing browsing of censored websites only works because you voluntarily allow it to. You seem to be switching between talking about protecting your machine from inbound connections one minute and outbound, the next?
Your method may be u83r l337 for preventing people from finding you (it's not, btw and I will explain why to you in a second) but it does nothing to enforce censorship of the net, which is what you originally seemed to be claiming it does because, as Pharmboy pointed out, anyone who has permission to change the modified files can circumvent your censorship, which is basically anyone who either has admin access or a Linux boot disk with NTFS write permissions (like, I don't know... all of them).
Now, as to why your method above does not prevent people finding you online, perhaps you've heard of switches and routers? How the fck do you think they can get your packets to you, if they can't find you, pray tell? Any network admin on his first day on the job is going to be able to tell you what devices are plugged into his switches. You do understand that simply closing off SMB services does nothing to secure anything other than SMB, right?
Finally: I read that first link on your "Bing" link above. Firstly, the fact that you even use Bing calls deeply into question any IT credentials you claim to have. All I see there is a complete novice refusing to listen to other people's advice and throwing a tantrum about being the most l337 person on the planet and insinuating everyone else is dumb - pretty much exactly like you've done here. You then bang on about how a single downloadable app, which you did not write, fixes every single security problem on every computer and this somehow makes you an expert. You even claim your mate "Jack" got infected with a virus because he "ignored your advice" and used YouTube.
Well, the thing is, he, as you yourself admitted, wanted to use YouTube. He, being the user, had a requirements. You, being the know-it-all-idiot, tried to simply ban him from them, in a misguided belief that YouTube infects computers and you somehow own his computer. That's not the behaviour of an IT expert. That's not the behaviour of a security expert. That's the behaviour of a control freak moron. Try to remember it's his computer and he wants it to do what he wants it to do. If you can't help him do whatever that is securely, then you're no expert and best leave it to people who can.
Iran has very limited options. China can buy PLCs from any company or build PLCs at will (many are built in China already).
Iran can only get them from North Korea, who can only get what they can basically steal from China. They can't get support on them, either, as Siemens won't do a house call to Tehran. Hence they can't patch the systems and get the virus out.
The largest killer of Palestinians is the Palestinians themselves, then the Lebanese, followed by Jordan.
(http://en.wikipedia.org/wiki/Palestinian_casualties_of_war).
Never let facts get in the way of a good prejudice, hey?
I think in this case the issue is people are upset he illegally gained control over other people's computers and used them to send the SPAM. It's the hacking / cracking / botnet component of this case that got him jail time, not the actual contents of the emails sent.
So with that in mind, spammers do actually do a fair amount of damage. It's not just bandwidth being chewed - it's the theft of other people's property to send their spam, which in turn gets other people's mail servers blacklisted (like ISPs for example) by SPAMHAUS and the like, which causes completely other people still, who are unrelated, to not be able to do business (just because they used the same ISP to send email) and so on and so on...
Of course spam and other computer crimes are "no big deal" if you view every computer network in the same way you view a home PC... but they're not all home PCs.
was his name Jar Jar?
Redhat does cost more for a server license - but it doesn't then hit you for CAL licensing for every bloody app server you run as well. Microsoft OS licensing isn't too expensive. It gets expensive you install Exchange and MSSQL and Sharepoint and all of sudden your 50 users means 50 Server CALs, 50 Exchange CALs, 50 MSSQL CALs, 50 Sharepoint CALS and before you know it, a Windows 50 user environment cost $5,000 for the new server and $25,000 for the f***ing licenses.
Redhat license costs are a few thousand but at least MySQL and Postfix or whatever don't then charge you per user you connect, as well.