Could all be mounted r/o on my system.:D But yeah, I guess that that sounds like a mitigating strat... otoh, only root should be able to write to files in those dirs. If an attacker *can* write to those files, don't you have more to worry about?
How would spreading your *nix fs across multiple partitions limit the number of places an attacker could go? Are you supposing that these partitions are unmounted at the time of the attack?
Time? Sure thing. Hulu probably knows their way around Flash and can develop a standalone app in a week.;)
Adoption? Fuck no. They're writing a standalone client. They can bundle *anything* *they* *want* with it to get it to work! Hell, they could package mplayer and pipe commands to it to decode the video, and redirect the output to their app.
Um... it's trivial for a USian to use a proxy in some more progressive part of the world to bypass the IP geolocation that you're proposing. I imagine that a user-driven "honour system" method is less likely to make lawyers salivate in anticipation of a payday than a flimsy active denial system that's trivially bypassed.
Remember, half-heartedly *trying* to stop it is worse than doing nothing at all!:D
Oh no, I was not trying to make a joke. I guess that a moderator had a different experience from mine? YMMV, I guess. I've been using Gentoo since 1.4. The installation guide is ffin' great, IMO.
I'm still sad about the loss of the Gentoo Wiki. I really should help flesh out the new one...
So, thus "you reap what you sow" & I promise you something, right now: That posting of mine that shows your errors in this exchange? Well, that is going to go into EVERY ONE OF YOUR POSTS here, until you can't stand it anymore, & change your nick/handle here
You're breaking your promise to me. It's been a week since you've last posted anything to my comments on slashdot. I haven't changed my handle, and still post from time to time. What happened over on your end?
Twelve character passwords?! That's fucking crazy.
I've spent the past few minutes trying to come up with a rationale for long-ass passwords that get transmitted in plaintext over the wire, but am utterly unable to...
Here are my thoughts:
* Given that you have an isolated network, your machines are probably in a reasonably secure building. * Folks who aren't employees are probably escorted around by someone who's involved with building security. * Given that "untrusted" "visitors" are escorted, there wouldn't be much of a chance for them to try to guess a system password or stick an inline packet sniffer on a wall jack, so these policies aren't written to protect against them.
* Given that you express concern about rsh's unencrypted nature, this probably means that you don't use anything like IPSec. * If you don't use IPSec, you probably don't encrypt your systems' harddisks. * I also bet that you have CD/DVD burners on your isolated network.:)
Do you -at least- search visitors before they leave the building to be certain that they haven't nicked a harddrive? If so, do you search your employees as well?:)
Slashdot Mirror
KDE didn't break these rules because KDE has never followed them in the first place. ... [KDE 3.0] was mostly just a port to Qt 3 ...
I wish I had mod points for you... that's truly informative.
The latest version of OpenSSL is currently 0.9.8k. Should I use it in my production environments?
:/
Cite?
*grins* I could do ya one better. /usr /var /opt
Could all be mounted r/o on my system. :D
But yeah, I guess that that sounds like a mitigating strat... otoh, only root should be able to write to files in those dirs. If an attacker *can* write to those files, don't you have more to worry about?
How would spreading your *nix fs across multiple partitions limit the number of places an attacker could go? Are you supposing that these partitions are unmounted at the time of the attack?
*confused*
The problem is time and adoption.
Time? Sure thing. Hulu probably knows their way around Flash and can develop a standalone app in a week. ;)
Adoption? Fuck no. They're writing a standalone client. They can bundle *anything* *they* *want* with it to get it to work!
Hell, they could package mplayer and pipe commands to it to decode the video, and redirect the output to their app.
Um... it's trivial for a USian to use a proxy in some more progressive part of the world to bypass the IP geolocation that you're proposing. I imagine that a user-driven "honour system" method is less likely to make lawyers salivate in anticipation of a payday than a flimsy active denial system that's trivially bypassed.
Remember, half-heartedly *trying* to stop it is worse than doing nothing at all! :D
*Many* people?
Whatevz, you don't fuckin argue with Dr. Emmett Brown.
I'm glad to see that you're spending a significant portion of your allotted ten posts-per-day on me.
As you haven't answered my outstanding questions this is all that I have to say to you.
Cheers!
I suppose that Dilbert is not published in your country of residence:
http://web.archive.org/web/20011027002011/http://dilbert.com/comics/dilbert/archive/images/dilbert2001182781025.gif
Oh no, I was not trying to make a joke. I guess that a moderator had a different experience from mine? YMMV, I guess. I've been using Gentoo since 1.4. The installation guide is ffin' great, IMO.
I'm still sad about the loss of the Gentoo Wiki. I really should help flesh out the new one...
*points to forums.gentoo.org*
They're nice and helpful over there. :)
awer (all keys touching) 234 (well duh) tfgv (again all touching) 3556 (all numbers, in asscending order)...
9 9 9 9 9 9
You might want to send the contents of this post off to APK, seeing as how you have his email address:
%<%<%<%<%<%<%<
Do you remember saying this?
So, thus "you reap what you sow" & I promise you something, right now:
That posting of mine that shows your errors in this exchange? Well, that is going to go into EVERY ONE OF YOUR POSTS here, until you can't stand it anymore, & change your nick/handle here
You're breaking your promise to me.
It's been a week since you've last posted anything to my comments on slashdot. I haven't changed my handle, and still post from time to time.
What happened over on your end?
>%>%>%>%>%>%>%
...and send you to die in a war you don't believe in against your will...
*looks around*
We USians haven't had a conscript army since Vietnam. Perhaps you were talking about another country?
Sometimes, even at the best places, you get a bad egg...
Speaking of eggs, newegg.com is the best online store that I've had the pleasure of doing business with. :)
Twelve character passwords?! That's fucking crazy.
I've spent the past few minutes trying to come up with a rationale for long-ass passwords that get transmitted in plaintext over the wire, but am utterly unable to...
Here are my thoughts:
* Given that you have an isolated network, your machines are probably in a reasonably secure building.
* Folks who aren't employees are probably escorted around by someone who's involved with building security.
* Given that "untrusted" "visitors" are escorted, there wouldn't be much of a chance for them to try to guess a system password or stick an inline packet sniffer on a wall jack, so these policies aren't written to protect against them.
* Given that you express concern about rsh's unencrypted nature, this probably means that you don't use anything like IPSec. :)
* If you don't use IPSec, you probably don't encrypt your systems' harddisks.
* I also bet that you have CD/DVD burners on your isolated network.
Do you -at least- search visitors before they leave the building to be certain that they haven't nicked a harddrive? :)
If so, do you search your employees as well?
Are you implying that I'mma be sued under the terms of the DMCA for actions that I take on my own computer?
Fucking bring it on, I say.
Yegawds, lemmy introduce you to Screengrab:
https://addons.mozilla.org/en-US/firefox/addon/1146
*blink*
A little bit of time with tcpdump will get around whatever "protections" are in Flash.
Screenshot with browser and OS details?
I don't click on ads, ever. (Not even AdSense ads.)
How does my Adblock/NoScript usage hurt the websites that I vist?
Anywhere that's served by the TVA. :)
Err, where $MY_USER_NAME is the name of the user's account, not the administrator's. :/
as their is no way for a user to launch a process that has even less privileges then his user account has.
How about
sudo -u nobody $STRANGE_COMMAND
after having an admin enter
$MY_USER_NAME ALL=(nobody) NOPASSWD: ALL
into /etc/sudoers ?