Even freaking routers are cloud IOT based these days?!!
What the hell does that even mean? What does IOT even mean? Since when did routers (which have always had vulnerabilities and don't get patched often) get lumped in with light bulbs and security cameras? What about unpatched servers or workstations with direct connections to the internet (think cloud hosting providers)? Routers are the "things" that are responsible for traffic going anywhere. Servers are "things" that provide access to services on the internet. I guess the enter internet is an "internet of things."
OK, now I'm going you are talking about home NAT routers here, and not the Cisco ASR in your ISP's data center. Are you complaining that they are getting software updates automatically from the manufacturer? If so, for the average user, how is this a bad thing? Think about all the Linksys WRT54Gs from a decade ago there that never got an update because the user didn't know you could update it. Same with all the Netgear piles of crap that are chock full of vulnerabilities you read about in the news on a weekly basis. I understand that there may be some reservations as to the "features" pushed out by these updates (I'm specifically thinking of the Linksys incident about 5 years ago,) but for the average user, the router is an appliance. If it automatically "fixes" itself, that's a good thing.
Actually, I'm of the opinion that basic programming can be taught along side of basic traditional math, science, and literacy. What makes the S(cience) and the M(ath) in STEM more important than the Technology and Engineering components? It's true that science relies heavily on math, and engineering on science, but only at more advanced levels. Coding at a 5-year-old level isn't going to be requiring any more math than a science class for 5-year-olds. Even in middle school, there is a lot of programming that can easily be taught without advanced math. You don't need to learn about functions in algebra before learning about them in programming. I've never understood this attitude. Having a handle on logic is much more important. Similarly, learning about simple machines and basic other engineering doesn't require any math right away.
I don't disagree that the health care situation in the US is a complete shitshow, but your argument doesn't hold up.
people in need of healthcare should be cared for or discarded?
In the US, any hospital that accepts Medicare (so pretty much all of them) have to provide an exam to decide whether a patient's condition is considered an emergency medical condition (EMC). If it is, they are required to stabilize the patient regardless of ability to pay. This is part of the EMTALA and has been in effect since 1986. Prior to this, hospitals had a habit of dumping or transferring patients who couldn't pay regardless of condition.
We still have a long way to go, but at least patients aren't "discarded" outright anymore.
As a sports fan who chooses not to get screwed over by the cable or satellite TV companies, I don't have access to the ESPN app. Paying a couple bucks a month extra to Amazon for live sports would be well worth it to me vs paying for a cable subscription.
For what it's worth they are spying on you anyway, even if you don't have an account. Every time you see a like button--whether you click it or not, you are being facebooked. Every time someone tags you in a picture (even though you don't have an account,) you are being facebooked.
At the end of the day you are better off having an account (even if you don't use it) so you can control your exposure. Also, use a script or ad blocker to prevent those stupid like buttons from running their script in the background.
Obviously there is no guarantee--there never is in these days of NSA-intercepted shipments, government-sponsored code changes, etc... There are plenty of steps you can take to minimize the risk of this happening though.
1. Use either Open Source software as your firewall platform (pfSense, m0n0wall, your own creation with pf or iptables, etc...), a firewall appliance based on open-source software that update frequently when vulnerabilities are disclosed (Mikrotik, Ubiquiti, etc...) or use enterprise-grade (even if it's used) hardware (Palo Alto, Cisco ASA, Fortinet, etc...) as long as you have access to software updates. Home and SOHO products aren't going to give you the kind of fine-grained controls you need to do this right. You minimally need VLAN support so you can have multiple WLANs to segregate your IoT devices.
2. Follow the vendor/developers best practices when configuring the above firewall. Don't expose any firewall management services to the internet or your IoT network. If your firewall supports any consumer-oriented crap like upnp, TURN IT OFF! Obviously, don't expose any real computers to the IoT network.
3. Subscribe to your vendors/developers mailing list. This way you can stay on top of any vulnerabilities as they are discovered, as workarounds are discovered, and as patches are released. Pretty much all the major vendors in item #1 have been on the front page of Slashdot within the last 2 years for some sort of vulnerability. It happens. Know about it when it does.
4. Patch your shit. Update your firewall often. Read the release notes so you know what you are fixing, then apply the patch.
A trucker with a CB can send critical information 40 or 50 miles on the 11m band on a good day. Legally they are limited to 5w output. Even with a yagi, this is going to be tough.
HAMs (Skilled QRPers) on the other hand regularly communicate to other continents with 5w of power. Your typical 100-150W HF rig is going to be able to communicate anywhere in the world--or worst case, anywhere in the continental US. Some HAMs are also trained in emergency communications and/or formal traffic handling (to verify the accuracy of messages.) HAMs can use modes like SSTV (Slow Scan TV) to send an image of a piece of damaged infrastructure or a damaged building so engineers or rescuers can come in properly prepared. APRS mode is designed to update a real-time map of mobile and stationary transmitters using GPS. Information like this can also be critical in a disaster information. Rescuers won't have to guess where to look to find an injured person, etc... HAM radio is much more than Morse Code (CW) and people talking to each other like on CBs.
Just because you can't think of a reason doesn't mean they don't exist.
Here's a list of people you forgot: Farmers Landscapers People who regularly trailer cars or heavy equipment for whatever reason People with non-European sized campers - see below People with large boats - see below
When it comes to boats and campers, you are not taking wind resistance in to consideration. Many campers in the US are much taller than the tow vehicle causing massive amounts of wind resistance. This is a consideration along with weight. Same with any large boat. If it's sticking way above the roof of the towing vehicle, it probably shouldn't be towed by your sub-compact or little crossover.
Any trailer with brakes should be pulled by a full-size truck or SUV, especially if it's towed on a regular basis. Your little car may say it has a certain towing capacity, but that is assuming optimal conditions and new parts. If you are towing on a regular basis, you *will* put more strain on the drive train, suspension, and brakes than someone who doesn't. Most cars, minivans, and hatchbacks these days seem to be built as cheaply as possible so the extra wear and tear does make a difference. Vehicles that are purpose-built for this kind of work are generally heavy-duty enough to handle it.
It makes little to no financial sense, and is wasteful, to own a dedicated towing vehicle if towing is something you do even a handful to times a year. Most families can't afford more than 2 vehicles, so if towing is something needed and both adults are working, the tow vehicle needs to double as a commuter.
The only heavy haulage work involves moving concrete, sand, or building supplies, and if that's your gig then you need a light commercial vehicle.
At least in the US, full-size trucks are the light commercial vehicle of choice and are often driven to job sites by their owners. You can't really expect a construction worker--think of an independent contractor who for sure isn't making tons of money--to own a separate work vehicle.
A simple TCP port scan doesn't need root. You are just attempting to open a connection to a port on a given host or hosts. This is the same behavior every network-enabled application is using to establish a connection with a remote host. It's also exactly what ShieldsUp does.
Fancier nmap scans (SYN scan for example) do need root.
I suppose the authors of nmap didn't think their tool through correctly because it allows joe-random-employee at $office to portscan the ever loving shit out of every device behind the firewall.
Feel free to block the scanner. That's the appropriate response if you don't like having a port scan done. While you are at it, you should probably sit there and watch your firewall logs and block all of Shodan's bots, and all the malware-infected pcs hanging out there on the internet doing port scans. If you consider a port scan a threat to your office's or your company's security, you are relying on security by obscurity and are doing it wrong.
Oh, and SpinRite does work. I used to work at a university back in the days when floppies were the most common way for students to carry homework around. Every semester at finals time, we would have a few dozen students come in to the student support area in tears because their final/thesis/whatever was on a bad floppy and it was their only copy. I had about a 50% success rate with SpinRite. Better than nothing. I have also used SpinRite to get a drive back in good enough shape to pull an image before throwing it out. I've probably done this a dozen times over the years. I won't say it fixes the drive (or floppy disk), because it doesn't, and GRC doesn't claim it does. Generally the act of reading all the data just triggers the drive's internal ECC and it fixes itself by recovering from a spare sector.
Assuming the hinges don't crack, the laptop doesn't get dropped, the power connector doesn't break, the RAM doesn't fail, there aren't any capacitors waiting to blow, and there aren't any hidden cold joints in a BGA socket somewhere, I guess you will have to find a new distro 7 years from now.
Most laptops don't come close to lasting 10 years. Desktops are a bit better, but most of them have been 64-bit since 2006 or so. I don't think it's worth wasting a free software project's time and money to support such a fringe case. I'm sure there will be a demand for 32-bit distros in 2023. You will probably be able to use Gentoo, CentOS, Debian, one of the BSDs, or else some enterprising people will create a niche distribution to fill that gap in the market. You will be fine.
No reason to stop. If it does what you need, go ahead. I'm sure source-based distros like Gentoo will still be fine. Distros that focus on long term support like CentOS and Debian will probably still provide a 32-bit distro as well.
I would also like to point out that your 10-year-old laptop is having trouble now. Add another 7 years to that and you will be compounding those problems dramatically. I don't see any (desktop or laptop) computers around from 1999 that are terribly useful today. Some parts from a 15+ year old PC are hard to find nowadays (unless you have a huge stash or like risking your money on feebay.) Think IDE hard drives and DDR1 or SDRAM.
Well, in 2018, the 2006 MacBook will be 12 years old. 18.04 is an LTS release and will have 5 years of support and security updates. By the time there are no more security patches, the machine will be 17 years old and software exploits will be the least of the user's concerns if it is still his/her main machine.
Ads in the app are one thing. Nobody is complaining about that. Taking over the lock screen and advertising to you when the app isn't open is something totally different. It's no better than the mid-2000s trend of including spyware, browser toolbars, etc... with shareware apps--scummy as hell.
FWIW, I CAN'T STAND in-app advertising at all and spend the couple of bucks on the pro version whenever one is available. Apps that don't have a pro version and insist on in-app advertising get uninstalled unless there isn't a better alternative (WIFI Analyzer, I'm looking at you!).
I'm sick and tired of hearing about "The debate between privacy and security." It's total bullshit. It's pretty hard to have security online without privacy. It's not a balance of one versus the other, one depends on the other. The US Government argues my case all the time when bitching about how when Snowden breached the government's privacy, he adversely affected national security.
This brings me to my next piece of pedantry: I'm tired of hearing about "National Security Issues." Terrorism, ISIS/ISIL/Daesh/IS/Whatever, Al Qaeda, Home Grown Terrorists, Lone Wolves, the Boston Marathon Bombers, etc... do not threaten the territorial integrity of the United States. There is no invasion and there never will be. The government isn't in danger of collapse. Terrorism is a PUBLIC SAFETY concern. Stop pretending otherwise. If we do that though, who is going to keep the money flowing in to the military/industrial complex?
Note: Teen passengers donâ(TM)t have the same helpful effect with teen drivers.
You conveniently forgot all people in the world are not teens.
So the other live passengers physically present in the car are likely to help, whereas the on-phone conversation partner typically cannot.
First of all, there is no actual data indicating a passenger is helpful affect either in the article or otherwise. Passengers who don't drive (aren't old enough (teens)), or those who are looking up directions on their phone, or are otherwise not paying attention to the road while conversing cannot help pay attention to the road and negate the supposed helpfulness. Same goes for children or other passengers in the back seat.
The point I am trying to make is that even an article from a reputable source that disagrees with my position (as per the headline) can only use conjecture to argue that talking with a passenger is safer than talking to someone hands-free on the phone. Oddly, the don't show the number on the 1-5 scale for drunk drivers anywhere in the article either. Again, more conjecture. The facts speak for themselves.
Slashdot Mirror
I suggest using the word Cyber since the media and governments seem so in love with it.
Who wouldn't want to cyber Fannie Mae?
No, there is a need to move away from SMS in general. A properly-implemented time-based key CANNOT be intercepted over the wire.
That would make an iPad, an android tablet, or pretty much any smartphone a notebook...
Are you logged in to your google account? Search results are customized so others may have more useful results. Did you try any other search queries?
To save some time, here is the solution: Crouton + GCC.
Even freaking routers are cloud IOT based these days?!!
What the hell does that even mean? What does IOT even mean? Since when did routers (which have always had vulnerabilities and don't get patched often) get lumped in with light bulbs and security cameras? What about unpatched servers or workstations with direct connections to the internet (think cloud hosting providers)? Routers are the "things" that are responsible for traffic going anywhere. Servers are "things" that provide access to services on the internet. I guess the enter internet is an "internet of things."
OK, now I'm going you are talking about home NAT routers here, and not the Cisco ASR in your ISP's data center. Are you complaining that they are getting software updates automatically from the manufacturer? If so, for the average user, how is this a bad thing? Think about all the Linksys WRT54Gs from a decade ago there that never got an update because the user didn't know you could update it. Same with all the Netgear piles of crap that are chock full of vulnerabilities you read about in the news on a weekly basis. I understand that there may be some reservations as to the "features" pushed out by these updates (I'm specifically thinking of the Linksys incident about 5 years ago,) but for the average user, the router is an appliance. If it automatically "fixes" itself, that's a good thing.
OK, rant over. Patch your shit.
Actually, I'm of the opinion that basic programming can be taught along side of basic traditional math, science, and literacy. What makes the S(cience) and the M(ath) in STEM more important than the Technology and Engineering components? It's true that science relies heavily on math, and engineering on science, but only at more advanced levels. Coding at a 5-year-old level isn't going to be requiring any more math than a science class for 5-year-olds. Even in middle school, there is a lot of programming that can easily be taught without advanced math. You don't need to learn about functions in algebra before learning about them in programming. I've never understood this attitude. Having a handle on logic is much more important. Similarly, learning about simple machines and basic other engineering doesn't require any math right away.
I don't disagree that the health care situation in the US is a complete shitshow, but your argument doesn't hold up.
people in need of healthcare should be cared for or discarded?
In the US, any hospital that accepts Medicare (so pretty much all of them) have to provide an exam to decide whether a patient's condition is considered an emergency medical condition (EMC). If it is, they are required to stabilize the patient regardless of ability to pay. This is part of the EMTALA and has been in effect since 1986. Prior to this, hospitals had a habit of dumping or transferring patients who couldn't pay regardless of condition.
We still have a long way to go, but at least patients aren't "discarded" outright anymore.
Anyway, I don't think you're going to get wireless charging in any high-end phone for at least the next few years.
The Nexus 6 made it work. Samsung is still making it work.
Yup. All of them.
As a sports fan who chooses not to get screwed over by the cable or satellite TV companies, I don't have access to the ESPN app. Paying a couple bucks a month extra to Amazon for live sports would be well worth it to me vs paying for a cable subscription.
Also, use a script or ad blocker to prevent those stupid like buttons from running their scripts in the background.
I see you never made it past line 1 of the comment...
For what it's worth they are spying on you anyway, even if you don't have an account. Every time you see a like button--whether you click it or not, you are being facebooked. Every time someone tags you in a picture (even though you don't have an account,) you are being facebooked.
At the end of the day you are better off having an account (even if you don't use it) so you can control your exposure. Also, use a script or ad blocker to prevent those stupid like buttons from running their script in the background.
Obviously there is no guarantee--there never is in these days of NSA-intercepted shipments, government-sponsored code changes, etc... There are plenty of steps you can take to minimize the risk of this happening though.
1. Use either Open Source software as your firewall platform (pfSense, m0n0wall, your own creation with pf or iptables, etc...), a firewall appliance based on open-source software that update frequently when vulnerabilities are disclosed (Mikrotik, Ubiquiti, etc...) or use enterprise-grade (even if it's used) hardware (Palo Alto, Cisco ASA, Fortinet, etc...) as long as you have access to software updates. Home and SOHO products aren't going to give you the kind of fine-grained controls you need to do this right. You minimally need VLAN support so you can have multiple WLANs to segregate your IoT devices.
2. Follow the vendor/developers best practices when configuring the above firewall. Don't expose any firewall management services to the internet or your IoT network. If your firewall supports any consumer-oriented crap like upnp, TURN IT OFF! Obviously, don't expose any real computers to the IoT network.
3. Subscribe to your vendors/developers mailing list. This way you can stay on top of any vulnerabilities as they are discovered, as workarounds are discovered, and as patches are released. Pretty much all the major vendors in item #1 have been on the front page of Slashdot within the last 2 years for some sort of vulnerability. It happens. Know about it when it does.
4. Patch your shit. Update your firewall often. Read the release notes so you know what you are fixing, then apply the patch.
Yes. I use a firewall. I suggest everyone else do the same with their IoT devices.
A trucker with a CB can send critical information 40 or 50 miles on the 11m band on a good day. Legally they are limited to 5w output. Even with a yagi, this is going to be tough.
HAMs (Skilled QRPers) on the other hand regularly communicate to other continents with 5w of power. Your typical 100-150W HF rig is going to be able to communicate anywhere in the world--or worst case, anywhere in the continental US. Some HAMs are also trained in emergency communications and/or formal traffic handling (to verify the accuracy of messages.) HAMs can use modes like SSTV (Slow Scan TV) to send an image of a piece of damaged infrastructure or a damaged building so engineers or rescuers can come in properly prepared. APRS mode is designed to update a real-time map of mobile and stationary transmitters using GPS. Information like this can also be critical in a disaster information. Rescuers won't have to guess where to look to find an injured person, etc... HAM radio is much more than Morse Code (CW) and people talking to each other like on CBs.
Just because you can't think of a reason doesn't mean they don't exist.
Here's a list of people you forgot:
Farmers
Landscapers
People who regularly trailer cars or heavy equipment for whatever reason
People with non-European sized campers - see below
People with large boats - see below
When it comes to boats and campers, you are not taking wind resistance in to consideration. Many campers in the US are much taller than the tow vehicle causing massive amounts of wind resistance. This is a consideration along with weight. Same with any large boat. If it's sticking way above the roof of the towing vehicle, it probably shouldn't be towed by your sub-compact or little crossover.
Any trailer with brakes should be pulled by a full-size truck or SUV, especially if it's towed on a regular basis. Your little car may say it has a certain towing capacity, but that is assuming optimal conditions and new parts. If you are towing on a regular basis, you *will* put more strain on the drive train, suspension, and brakes than someone who doesn't. Most cars, minivans, and hatchbacks these days seem to be built as cheaply as possible so the extra wear and tear does make a difference. Vehicles that are purpose-built for this kind of work are generally heavy-duty enough to handle it.
It makes little to no financial sense, and is wasteful, to own a dedicated towing vehicle if towing is something you do even a handful to times a year. Most families can't afford more than 2 vehicles, so if towing is something needed and both adults are working, the tow vehicle needs to double as a commuter.
The only heavy haulage work involves moving concrete, sand, or building supplies, and if that's your gig then you need a light commercial vehicle.
At least in the US, full-size trucks are the light commercial vehicle of choice and are often driven to job sites by their owners. You can't really expect a construction worker--think of an independent contractor who for sure isn't making tons of money--to own a separate work vehicle.
A simple TCP port scan doesn't need root. You are just attempting to open a connection to a port on a given host or hosts. This is the same behavior every network-enabled application is using to establish a connection with a remote host. It's also exactly what ShieldsUp does.
Fancier nmap scans (SYN scan for example) do need root.
I suppose the authors of nmap didn't think their tool through correctly because it allows joe-random-employee at $office to portscan the ever loving shit out of every device behind the firewall.
Feel free to block the scanner. That's the appropriate response if you don't like having a port scan done. While you are at it, you should probably sit there and watch your firewall logs and block all of Shodan's bots, and all the malware-infected pcs hanging out there on the internet doing port scans. If you consider a port scan a threat to your office's or your company's security, you are relying on security by obscurity and are doing it wrong.
Oh, and SpinRite does work. I used to work at a university back in the days when floppies were the most common way for students to carry homework around. Every semester at finals time, we would have a few dozen students come in to the student support area in tears because their final/thesis/whatever was on a bad floppy and it was their only copy. I had about a 50% success rate with SpinRite. Better than nothing. I have also used SpinRite to get a drive back in good enough shape to pull an image before throwing it out. I've probably done this a dozen times over the years. I won't say it fixes the drive (or floppy disk), because it doesn't, and GRC doesn't claim it does. Generally the act of reading all the data just triggers the drive's internal ECC and it fixes itself by recovering from a spare sector.
Assuming the hinges don't crack, the laptop doesn't get dropped, the power connector doesn't break, the RAM doesn't fail, there aren't any capacitors waiting to blow, and there aren't any hidden cold joints in a BGA socket somewhere, I guess you will have to find a new distro 7 years from now.
Most laptops don't come close to lasting 10 years. Desktops are a bit better, but most of them have been 64-bit since 2006 or so. I don't think it's worth wasting a free software project's time and money to support such a fringe case. I'm sure there will be a demand for 32-bit distros in 2023. You will probably be able to use Gentoo, CentOS, Debian, one of the BSDs, or else some enterprising people will create a niche distribution to fill that gap in the market. You will be fine.
No reason to stop. If it does what you need, go ahead. I'm sure source-based distros like Gentoo will still be fine. Distros that focus on long term support like CentOS and Debian will probably still provide a 32-bit distro as well.
I would also like to point out that your 10-year-old laptop is having trouble now. Add another 7 years to that and you will be compounding those problems dramatically. I don't see any (desktop or laptop) computers around from 1999 that are terribly useful today. Some parts from a 15+ year old PC are hard to find nowadays (unless you have a huge stash or like risking your money on feebay.) Think IDE hard drives and DDR1 or SDRAM.
That is the plan as described by TFA.
Well, in 2018, the 2006 MacBook will be 12 years old. 18.04 is an LTS release and will have 5 years of support and security updates. By the time there are no more security patches, the machine will be 17 years old and software exploits will be the least of the user's concerns if it is still his/her main machine.
Ads in the app are one thing. Nobody is complaining about that. Taking over the lock screen and advertising to you when the app isn't open is something totally different. It's no better than the mid-2000s trend of including spyware, browser toolbars, etc... with shareware apps--scummy as hell.
FWIW, I CAN'T STAND in-app advertising at all and spend the couple of bucks on the pro version whenever one is available. Apps that don't have a pro version and insist on in-app advertising get uninstalled unless there isn't a better alternative (WIFI Analyzer, I'm looking at you!).
I'm sick and tired of hearing about "The debate between privacy and security." It's total bullshit. It's pretty hard to have security online without privacy. It's not a balance of one versus the other, one depends on the other. The US Government argues my case all the time when bitching about how when Snowden breached the government's privacy, he adversely affected national security.
This brings me to my next piece of pedantry: I'm tired of hearing about "National Security Issues." Terrorism, ISIS/ISIL/Daesh/IS/Whatever, Al Qaeda, Home Grown Terrorists, Lone Wolves, the Boston Marathon Bombers, etc... do not threaten the territorial integrity of the United States. There is no invasion and there never will be. The government isn't in danger of collapse. Terrorism is a PUBLIC SAFETY concern. Stop pretending otherwise. If we do that though, who is going to keep the money flowing in to the military/industrial complex?
You conveniently skipped this part of the article
Note: Teen passengers donâ(TM)t have the same helpful effect with teen drivers.
You conveniently forgot all people in the world are not teens.
So the other live passengers physically present in the car are likely to help, whereas the on-phone conversation partner typically cannot.
First of all, there is no actual data indicating a passenger is helpful affect either in the article or otherwise. Passengers who don't drive (aren't old enough (teens)), or those who are looking up directions on their phone, or are otherwise not paying attention to the road while conversing cannot help pay attention to the road and negate the supposed helpfulness. Same goes for children or other passengers in the back seat.
The point I am trying to make is that even an article from a reputable source that disagrees with my position (as per the headline) can only use conjecture to argue that talking with a passenger is safer than talking to someone hands-free on the phone. Oddly, the don't show the number on the 1-5 scale for drunk drivers anywhere in the article either. Again, more conjecture. The facts speak for themselves.