I use owncloud and I really love it. It's been awesome to be able to access my files from anywhere while still maintaining control of them down to the metal. I sync my calendar and contacts with my phone through caldav and carddav. I am very close to running cyanogenmod/lineages without google play services.
It certainly isn't as convenient as Google, but freedom isn't free. I am glad that I can get a little bit of control back.
Not exactly true on 1) (unless you still run Windows XP). So long as UAC is enabled, programs run with non-admin privs by default (even under an admin account). Of course this won't stop users from blindly clicking 'Allow' without thinking about what they're doing.
Well said. The fact that Samsung (and other manufacturers) can brick your devices remotely is disturbing. Even PC's are not safe from this sort of thing anymore thanks to Windows 10. What's disturbing is that this capability could be used for any reason at any time.
The more immediate threat (at least until 01/20/2017) is to domestic violence victims. Abusers won't need to install special tracking apps on their victim's device. They just need to enable this feature. And before someone comments on the attacker needing physical access to the device, they oftentimes have it in these situations.
If I get any IoT devices they will go on a separate subnet that has no internet access. I will only purchase devices that will talk to a server I control. The firewall will only allow traffic to the device subnet from my trusted subnet and VPN. It's not perfect but it's a lot more secure than handing over control to a company that "cares" about security only after they've been compromised.
Yep, they will. It's still good to have it on paper. The separation of powers in the United States is far from perfect, but we're still way ahead of countries with a single-party dictator.
It would be awesome to see an emphasis on home servers and server clusters. I run owncloud and I recently clustered it (two web server VM's, 3 mysql galera VM's; two pfSense/HAProxy VM's). All of this runs on hardware with Intel chips (one Xeon E3, one i7, one NUC - all Haswell). I might even get another server I have so many VM's.:-)
Unfortunately, the biggest barrier to entry for running a home server is the internet connection, not the hardware. Dynamic IP's can cause your cloud to be unavailable until dynamic DNS updates and the cache gets cleared. My encrypted offsite backups to dropbox slow my upload speed almost to a halt (and downloads from my server when I'm not on my network). I'm already paying way too much money for a static IP.
Of course they're doing it for business reasons. The opposition of tech companies to government spying is one of the few situations where corporate interests align (coincidentally) with those of the people. The fact that corporations play a large part in US politics gives a tiny bit of hope that something will be done.
I was waiting for someone to mention pfSense. I used to run iptables / packet forwarding on my server but I've replaced it with pfSense running in a VM. I've since spun up a second pfSense VM on my other server and configured CARP. Last time I tested it I got close to gigabit routing between my subnets.
pfSense (pfSense.org) is an enterprise grade firewall / router that is based on FreeBSD. It is completely free and open source (no community vs. commercial edition). If you plan to do anything advanced with your home network, I highly recommend it!
I really wish I could replace the CPU/Board/Graphics of my old Thinkpad T400 and keep the case/keyboard/display (especially the indicator lights). No such luck so far.:-(
Putting stuff like this on a separate VLAN is always a good idea to protect against unknown backdoors. To protect against known backdoors, I prohibit those devices from connecting to any of my networks at all.
I'd rather unlock the bootloader myself (Nexus/OnePlus) and install the su binary I downloaded directly from ChainFire than run some utility written by someone whose reputation I don't know. I also download the su binary directly - not off of a fileshare or forum post. I don't take any chances when I'm gaining root to a machine.
I plan to disable all of these through group policy before win10 goes on any of my machines. I don't want to miss any or fat finger my way past one.
My question is is this possible with a w2k8r2 active directory? I obviously won't find the win10-specific group policies on my DC's. If i install RSAT in my win8 machine (once released), will that work? Anyone tried this yet? Thanks!
I second this recommendation. I use OpenVPN for this purpose as well. You can either configure each individual client at location A to connect to your OpenVPN network or you can set it up on the router at location A (assuming you can OpenWRT/DD-WRT,etc firmware on it).
This doesn't pass the smell test. 20Gbps seems way too fast for wireless when wired (or fibered) 10Gpbs switch ports and NICs are so expensive. For example, this 10Gbps NIC is over $400: http://www.newegg.com/Product/...
Not understanding the concept of a file / filesystem is more common than I thought. My sister had a flash drive (with all of her autocad drawings for school) that got corrupted. After failing to recover it, I asked why she didn't back it up. She said her Macbook didn't have autocad so she couldn't save the files to it. She now knows the difference.:-)
I've seen a lot of posts in this thread about how people have massively hosed a system while logged in directly as root. I'd be curious to know exactly what command(s) caused the issue. I'm guessing some variant of rm or dd. How would sudo have prevented it?
I log in as root directly when I know I need to do something that requires it. My root shell colors the prompt red as a reminder. I log out when I'm done. I think at the end of the day, not hosing up your system is best prevented by constant awareness when you're logged in as root or running something as root. You could just as easily trash your box with a mis-typed sudo command.
This is why I run Debian. I don't have time to troubleshoot my laptop and my server every time I update them. That being said, I'm kind of biased since I'm a Linux sysadmin for a factory.:-)
And thanks to everyone who does run Arch and posts their solutions on the Arch wiki. It's extremely helpful.
I've actually been thinking of setting something like this up. I want to load my own key into UEFI and sign the bootloader with it. I already use LUKS. Any recommended how-to's?
I updated Firefox on my windows machine and the Windows firewall dialog popped up and asked me to allow Firefox. I declined it. but WTF?! Why would a browser need to open up ports? This seems like quite a security risk. Anyone else seen this?
They should be sending out images via flashdrive (since most machines don't have optical drives anymore). Once a box is compromised the OS cannot be trusted again. And they should send them for free. This is a huge breach of trust.
Slashdot Mirror
I use owncloud and I really love it. It's been awesome to be able to access my files from anywhere while still maintaining control of them down to the metal. I sync my calendar and contacts with my phone through caldav and carddav. I am very close to running cyanogenmod/lineages without google play services. It certainly isn't as convenient as Google, but freedom isn't free. I am glad that I can get a little bit of control back.
Not exactly true on 1) (unless you still run Windows XP). So long as UAC is enabled, programs run with non-admin privs by default (even under an admin account). Of course this won't stop users from blindly clicking 'Allow' without thinking about what they're doing.
Well said. The fact that Samsung (and other manufacturers) can brick your devices remotely is disturbing. Even PC's are not safe from this sort of thing anymore thanks to Windows 10. What's disturbing is that this capability could be used for any reason at any time.
The more immediate threat (at least until 01/20/2017) is to domestic violence victims. Abusers won't need to install special tracking apps on their victim's device. They just need to enable this feature. And before someone comments on the attacker needing physical access to the device, they oftentimes have it in these situations.
I didn't know that iPads had floppy drives. Units are important. :-)
If I get any IoT devices they will go on a separate subnet that has no internet access. I will only purchase devices that will talk to a server I control. The firewall will only allow traffic to the device subnet from my trusted subnet and VPN. It's not perfect but it's a lot more secure than handing over control to a company that "cares" about security only after they've been compromised.
The feature I'd like to see in Office is a search bar that finds the button you're looking for on the ribbon.
Yep, they will. It's still good to have it on paper. The separation of powers in the United States is far from perfect, but we're still way ahead of countries with a single-party dictator.
It would be awesome to see an emphasis on home servers and server clusters. I run owncloud and I recently clustered it (two web server VM's, 3 mysql galera VM's; two pfSense/HAProxy VM's). All of this runs on hardware with Intel chips (one Xeon E3, one i7, one NUC - all Haswell). I might even get another server I have so many VM's. :-)
Unfortunately, the biggest barrier to entry for running a home server is the internet connection, not the hardware. Dynamic IP's can cause your cloud to be unavailable until dynamic DNS updates and the cache gets cleared. My encrypted offsite backups to dropbox slow my upload speed almost to a halt (and downloads from my server when I'm not on my network). I'm already paying way too much money for a static IP.
Of course they're doing it for business reasons. The opposition of tech companies to government spying is one of the few situations where corporate interests align (coincidentally) with those of the people. The fact that corporations play a large part in US politics gives a tiny bit of hope that something will be done.
I was waiting for someone to mention pfSense. I used to run iptables / packet forwarding on my server but I've replaced it with pfSense running in a VM. I've since spun up a second pfSense VM on my other server and configured CARP. Last time I tested it I got close to gigabit routing between my subnets. pfSense (pfSense.org) is an enterprise grade firewall / router that is based on FreeBSD. It is completely free and open source (no community vs. commercial edition). If you plan to do anything advanced with your home network, I highly recommend it!
I really wish I could replace the CPU/Board/Graphics of my old Thinkpad T400 and keep the case/keyboard/display (especially the indicator lights). No such luck so far. :-(
Putting stuff like this on a separate VLAN is always a good idea to protect against unknown backdoors. To protect against known backdoors, I prohibit those devices from connecting to any of my networks at all.
There should be a constitutional amendment against it.
I root my devices manually.
I'd rather unlock the bootloader myself (Nexus/OnePlus) and install the su binary I downloaded directly from ChainFire than run some utility written by someone whose reputation I don't know. I also download the su binary directly - not off of a fileshare or forum post. I don't take any chances when I'm gaining root to a machine.
I plan to disable all of these through group policy before win10 goes on any of my machines. I don't want to miss any or fat finger my way past one. My question is is this possible with a w2k8r2 active directory? I obviously won't find the win10-specific group policies on my DC's. If i install RSAT in my win8 machine (once released), will that work? Anyone tried this yet? Thanks!
I second this recommendation. I use OpenVPN for this purpose as well. You can either configure each individual client at location A to connect to your OpenVPN network or you can set it up on the router at location A (assuming you can OpenWRT/DD-WRT,etc firmware on it).
This doesn't pass the smell test. 20Gbps seems way too fast for wireless when wired (or fibered) 10Gpbs switch ports and NICs are so expensive. For example, this 10Gbps NIC is over $400: http://www.newegg.com/Product/...
I must be missing something here...
Google Maps is the killer for me. If I could find a replacement I would consider CyanogenMod without gapps. What alternative maps program do you use?
Not understanding the concept of a file / filesystem is more common than I thought. My sister had a flash drive (with all of her autocad drawings for school) that got corrupted. After failing to recover it, I asked why she didn't back it up. She said her Macbook didn't have autocad so she couldn't save the files to it. She now knows the difference. :-)
I've seen a lot of posts in this thread about how people have massively hosed a system while logged in directly as root. I'd be curious to know exactly what command(s) caused the issue. I'm guessing some variant of rm or dd. How would sudo have prevented it? I log in as root directly when I know I need to do something that requires it. My root shell colors the prompt red as a reminder. I log out when I'm done. I think at the end of the day, not hosing up your system is best prevented by constant awareness when you're logged in as root or running something as root. You could just as easily trash your box with a mis-typed sudo command.
This is why I run Debian. I don't have time to troubleshoot my laptop and my server every time I update them. That being said, I'm kind of biased since I'm a Linux sysadmin for a factory. :-)
And thanks to everyone who does run Arch and posts their solutions on the Arch wiki. It's extremely helpful.
I've actually been thinking of setting something like this up. I want to load my own key into UEFI and sign the bootloader with it. I already use LUKS. Any recommended how-to's?
I updated Firefox on my windows machine and the Windows firewall dialog popped up and asked me to allow Firefox. I declined it. but WTF?! Why would a browser need to open up ports? This seems like quite a security risk. Anyone else seen this?
They should be sending out images via flashdrive (since most machines don't have optical drives anymore). Once a box is compromised the OS cannot be trusted again. And they should send them for free. This is a huge breach of trust.