"Is it safer to log out of an SSH session, and re-establish it later, or just keep the connection open?
It's safer to log out and re-establish. UNLESS you are subverting host key verification - just clicking past the big warning sign that OpenSSH throws up when it sees an unknown host key - in which case you certainly can get MITM'd. Keep copies of your public (not private!) host keys on a thumb drive for use the first time you connect from an outside box.
Like many of you, I use OpenSSH to connect to my Slackware Linux boxes remotely from Linux and WinXP (putty.exe) clients. At home and at work, I wonder if it would be safer to just leave the connection open (my clients are physically secured, the servers limit connections with hosts.allow). Is it more secure to re-establish the connection over an insecure link (big bad internet) where people can sniff that handshaking, or is it more secure to just remain connected? I connect 1 to 4 times per day, most days."
I believe the "handshake" is a diffie-hellman key exchange. It can't be sniffed and cracked in realtime. On the other claw, I suppose it's theoretically possible that if you leave the connection open long enough, a determined attacker with titanic resources can brute your session key. In reality, I personally don't think that will ever happen to you, it'd be cheaper for anyone with those kind of resources to use the $5 wrench upside your head method.
Here's something to consider: If your computer is turned off, it's not being hacked. If your computer is turned off, it's not getting a virus. If your computer is turned off, nobody is sniffing your packets. If your computer is turned off, lightning isn't blowing through the ground line of your UPS like a knife through butter and turning your motherboard into a campfire. If your computer is turned off, a jealous colleague is not sneaking into your office and using it without leaving a login record. If your computer is turned off, it's not part of a botnet. If your computer is turned off, it is immune to zero-day exploits that are absolutely unstoppable by any other means.
The most secure computer is turned off. Any time you don't need your computer to be turned on, just turn it off. If everyone did this, we'd save millions of dollars (and hopefully, cut off some funding to energy suppliers who hate us).
The day someone invents a working greasemonkey script that lets me remove meta-whining from conversations I will throw a party.
Personally, I am interested enough in these data visualizations that I don't care if you are "advertising" your company and/or products.
I don't know if you read my earlier comment about aliasing, but the data filtering you used here (that removed the "plaid" effect) could easily be acting as a poor-man's anti-aliasing system.
Try using prime numbers in your sampling intervals. You might be surprised what happens. Most networks have broadcast traffic that hits at regular 60-second intervals (due to unimaginative default settings in commercial software and hardware) that introduces regular "pulses" into the data flows. In very large switched networks this can create amazing patterns as the switches dynamically fiddle with the broadcast traffic to optimize per-port throughput. In my experience no pattern is real unless it shows up using multiple sample intervals on the same traffic. Check out this video where Burton MacKenzie abuses the Nyquist limit.
Try using some other sample intervals and see if your patterns stay consistent. You might be aliasing.
I'd try 101 and 17 right off the bat, since prime numbers work best for detecting aliasing in my experience (I'm not a mathematician so my methods are empirical, I stole those numbers from bamboo and locusts respectively).
Those plaids may be an artifact of your sampling interval. The real patterns might even be more interesting!
It may narrow the nominal keyspace, but it almost certainly increases the average keyspace that needs to be searched.
That's highly questionable. Especially since there is strong pressure for enterprises to use exactly the password strength criteria required by their auditors, and the auditors of public companies are published data, and auditor checklists are easily obtained. Hell, you might be able to find out the password recipe for a major corporation by spending two nights in the closest bar to their site and listening to people complain. Forcing people to use less secure passwords just seems wrong, I refuse to do it (and I get harassed by auditors every year, even if I run John on the db for a month to prove my point).
Have you considered just analyzing the people's password hashes for crackability instead? Use a shared history file and a dictionary and run rainbow tables on the hashes automatically and swap the tables and dictionaries every once in a while. If you can't crack it within a couple of seconds with a dedicated engine, nobody's ever used it before, and it's not in the dictionary then it's probably better than your recipe permits.
The people complaining are white and according to Google maps live in a walled community with swimming pools and hot tubs. So y'all can stop giggling about your "ignorant benighted darkies who fear witchcraft" meme now.
I guess there's no use pointing out that these people might have been hit by wind-blown soil sterilants when the tower was put up, and that their alleged symptoms are consistent with accidental exposure to chemical toxins. God forbid anyone should suggest a rational solution that doesn't involve EMF, hypochondria or corporate malice.
Oh, c'mon. The USA is not Israel and does not have Israel's problems. Your argument is not convincing.
Anyway, giving up your dignity won't save you from death. You'll still die one way or another. Why not live on your feet instead of kneeling at the feet of terrorist nutbags and authoritarian blowhards?
Contemplate the mangled bodies of your countrymen, and then say "what should be the reward of such sacrifices?" Bid us and our posterity bow the knee, supplicate the friendship and plough, and sow, and reap, to glut the avarice of the men who have let loose on us the dogs of war to riot in our blood and hunt us from the face of the earth? If ye love wealth better than liberty, the tranquility of servitude than the animated contest of freedom -- go from us in peace. We ask not your counsels or arms. Crouch down and lick the hands which feed you. May your chains sit lightly upon you, and may posterity forget that you were our countrymen! --Sam Adams
I'd think not throwing huge chunks of metal out to rust would be on the priorities list of the greens and warmers. But, apparently, most want to actually add more heavy metals to our waste heaps via their EV batteries instead of using what we've already got.
1) EV batteries are designed to be recycled. Unsurprisingly. Dead ones are worth cash and are not discarded.
2) American diesels emit ridiculous amounts of particulates. They suck compared to Euro diesels. US law stupidly assumes that all diesels emit particulates at the level of crappy Detroit diesels, because politicians are techno-illiterate.
3) So-called "greens" have a long-standing love affair with the diesel engine because bio-diesel is carbon neutral.
4) Opposing sustainable technologies is just the latest way to be an anti-technology whack job. Move over Amish!
It's even cheaper to just face reality and understand that anyone who really wants to bypass security can do so.
That's the results of hundreds of tests, repeated ad nauseum, at all major US airports. The evidence is incontrovertible. We need to stop pretending that airport security has any useful function other than controlling the aftermath of an incident.
And stop pretending terrorist activity is more common than normal incidents like equipment malfunction, disease, thievery, etc. that we don't react to so hysterically (and ineffectively).
Terrorists are losers, incompetents, and not a real-life hazard to 99% of all people. Whiskey kills more people than terrorists and we serve whiskey on the damn planes.
Close it when CPAN co-operates with the most common package manager on business linux systems - namely RPM.
Companies that make stuff that people actually need usually run SuSe or Red Hat, if they run any linux at all. Why not simply have a CPAN plugin that keeps the RPM db updated? Don't use it if you don't want it.
Ideally, Red Hat and Suse should be paying for this, since their customers would be the ones profiting by it.
There are pure electrics (like the Tesla) and home-made plugins (like the California Prius Mods) that use LIon, but the mainstream hybrid cars you see on the street use NimH... fundamentally safer than a gas tank. Gas tanks, much like LIon batteries, are extremely explosive and flammable. Adding LIon batteries to a vehicle with a gas tank makes this even more dangerous, adding NiMH does not.
In a home, weight is not an issue, so deep-cycle lead-acid or similar heavyweight technologies are the obvious way to go.
The only thing that affects whether the boat goes deeper into the water or not is if additional mass is added, removed, or a hole is punched in the bottom. Governments are well known for punching holes into the titanics of industry, though.
And far better known for keeping said titanics afloat when they ought to sink from the consequences of rapacious mismanagement.
I'm impressed that they can supply low-power consumption home video and audio rigs that are completely fanless. They can support wireless connectivity, too, although personally I like nice fast private hard-wiring and have installed it throughout my home.
Less than a hundred years ago, everyone believed that the oceans could not possibly be harmed by human sewage, because they were simply too big to pollute. Today, this has been proved both qualitatively and quantitatively wrong.
Perhaps I'm misinterpreting what you meant, but it sounds to me like you are using essentially the same discredited argument - that humans are tiny and meaningless on a geologic scale. We're not; we do matter; we don't control our world (yet) but our influence on it is vast and profound.
At the moment "human scale" is significantly larger than "planetary scale". Humans have been sending stuff to other planets for quite some time.
But what are maintenance costs and lifespan of such a piece of equipment, I can't image Saltwater not eating the hell out of all the piping.
Google "sacrificial anode".
I'm more worried about heating up the oceans. Heat pollution is already a problem in rivers and streams, and it's not like we aren't already stressing the hell out of the oceans...
Sorry, but how is colonizing another planet going to prevent a catastrophic collision?
No need to be sorry, it's a good question. See, the aliens only have the resources to throw biosphere-destroying meteors at one planet, and if we spread to more than one they will save their resources for defense against our inevitable invasion and conquering of their own planets.
It makes perfect sense once you have all the data. See http://traipse.com/upgrade/index.html for another idea about averting a catastrophic collision.
No color on the VT102. The standard ANSI attributes you mention, yes. I think you have to get up into the 3xx-4xx series before you get color, and by then you have REGIS graphics too.
But yeah, nobody got fired for using blinking double-height text as far as I know.
I've always thought it insane to script an application you don't control, especially a constantly-updating security-sensitive end-user application, but people keep doing it. It's usually a stereotypical Dilbert situation; pointy-haired IT boss purchases software to help doctors, if he admits software sucks he will lose face with doctors and possibly lose income, so Asok or Wally has to make it work. If Asok gets the job, it gets done competently but the user interface is too technical and the doctors hate it, if Wally gets the job he scripts IE to do something magical and PHB gets a raise. Nobody knows why it breaks a year later, but it won't be blamed on PHB buying garbage (the salesman took him on a golfing junket and got him to sign a contract drunk). More likely it will be blamed on the vendor, or even more likely, on Dilbert who was completely uninvolved.
The people who work in such places will always find some way to screw things up, of course. It's almost Darwinian.
I personally would like to see all the browsers present options in a more transparent way; I don't think end users are as stupid as the IE designers think they are. For example, on getting an NXDOMAIN the browser could say this:
"No web server found at URL sexy.foxterriers.com
perhaps sexy.foxterriers.com is not the correct name?
That way you'd get the clueless user assistance function without unrequested search lookups. Instead, the browser just does whatever the default says the user probably wants, and the way to change that behaviour is buried among many other confusing options several layers deep in the configuration interface. Instead of attempting to subtly educate the user (notice how I snuck in an explanation of what URL means by context?) they assume ignorance and thus propagate it.
I tried to make that a https:/// link, incidentally, but unfortunately bing.com seems to have a bogus akamai cert.
That's why I always laugh when Chevy's ads come on trying to sell me this AMAZING 29 MPG car.
I got 48 MPG in a '86 IDI Diesel (that was a bit weak, but who needs more than 50 HP?) I get 45 MPG in a '98 TDI diesel that is quite peppy. I have upgraded injectors and a special chip tune. I bet I'm just barely over 110 HP, if that.
Yeah, I know, I had a 1969 VW Karmann Ghia that got 40 MPG consistently with about 3 aftermarket parts in it. Granted it only turned out 72 HP, sure, but it also weighed less than a ton, so it drove fine (and was about as safe in a collision as bathing in gasoline while smoking).
Slashdot Mirror
It's safer to log out and re-establish. UNLESS you are subverting host key verification - just clicking past the big warning sign that OpenSSH throws up when it sees an unknown host key - in which case you certainly can get MITM'd. Keep copies of your public (not private!) host keys on a thumb drive for use the first time you connect from an outside box.
I believe the "handshake" is a diffie-hellman key exchange. It can't be sniffed and cracked in realtime. On the other claw, I suppose it's theoretically possible that if you leave the connection open long enough, a determined attacker with titanic resources can brute your session key. In reality, I personally don't think that will ever happen to you, it'd be cheaper for anyone with those kind of resources to use the $5 wrench upside your head method.
Here's something to consider: If your computer is turned off, it's not being hacked. If your computer is turned off, it's not getting a virus. If your computer is turned off, nobody is sniffing your packets. If your computer is turned off, lightning isn't blowing through the ground line of your UPS like a knife through butter and turning your motherboard into a campfire. If your computer is turned off, a jealous colleague is not sneaking into your office and using it without leaving a login record. If your computer is turned off, it's not part of a botnet. If your computer is turned off, it is immune to zero-day exploits that are absolutely unstoppable by any other means.
The most secure computer is turned off. Any time you don't need your computer to be turned on, just turn it off. If everyone did this, we'd save millions of dollars (and hopefully, cut off some funding to energy suppliers who hate us).
The day someone invents a working greasemonkey script that lets me remove meta-whining from conversations I will throw a party.
Personally, I am interested enough in these data visualizations that I don't care if you are "advertising" your company and/or products.
I don't know if you read my earlier comment about aliasing, but the data filtering you used here (that removed the "plaid" effect) could easily be acting as a poor-man's anti-aliasing system.
Try using prime numbers in your sampling intervals. You might be surprised what happens. Most networks have broadcast traffic that hits at regular 60-second intervals (due to unimaginative default settings in commercial software and hardware) that introduces regular "pulses" into the data flows. In very large switched networks this can create amazing patterns as the switches dynamically fiddle with the broadcast traffic to optimize per-port throughput. In my experience no pattern is real unless it shows up using multiple sample intervals on the same traffic. Check out this video where Burton MacKenzie abuses the Nyquist limit.
Try using some other sample intervals and see if your patterns stay consistent. You might be aliasing.
I'd try 101 and 17 right off the bat, since prime numbers work best for detecting aliasing in my experience (I'm not a mathematician so my methods are empirical, I stole those numbers from bamboo and locusts respectively).
Those plaids may be an artifact of your sampling interval. The real patterns might even be more interesting!
Who let this man post? WHO LET THIS MAN POST?
RELEASE THE KILLBOTS!!!!
You shall not profane this sphere for long, Infidel. Praise be to Steve.
That's highly questionable. Especially since there is strong pressure for enterprises to use exactly the password strength criteria required by their auditors, and the auditors of public companies are published data, and auditor checklists are easily obtained. Hell, you might be able to find out the password recipe for a major corporation by spending two nights in the closest bar to their site and listening to people complain. Forcing people to use less secure passwords just seems wrong, I refuse to do it (and I get harassed by auditors every year, even if I run John on the db for a month to prove my point).
Have you considered just analyzing the people's password hashes for crackability instead? Use a shared history file and a dictionary and run rainbow tables on the hashes automatically and swap the tables and dictionaries every once in a while. If you can't crack it within a couple of seconds with a dedicated engine, nobody's ever used it before, and it's not in the dictionary then it's probably better than your recipe permits.
The people complaining are white and according to Google maps live in a walled community with swimming pools and hot tubs. So y'all can stop giggling about your "ignorant benighted darkies who fear witchcraft" meme now.
I guess there's no use pointing out that these people might have been hit by wind-blown soil sterilants when the tower was put up, and that their alleged symptoms are consistent with accidental exposure to chemical toxins. God forbid anyone should suggest a rational solution that doesn't involve EMF, hypochondria or corporate malice.
Oh, c'mon. The USA is not Israel and does not have Israel's problems. Your argument is not convincing.
Anyway, giving up your dignity won't save you from death. You'll still die one way or another. Why not live on your feet instead of kneeling at the feet of terrorist nutbags and authoritarian blowhards?
Contemplate the mangled bodies of your countrymen, and then say "what should be the reward of such sacrifices?" Bid us and our posterity bow the knee, supplicate the friendship and plough, and sow, and reap, to glut the avarice of the men who have let loose on us the dogs of war to riot in our blood and hunt us from the face of the earth? If ye love wealth better than liberty, the tranquility of servitude than the animated contest of freedom -- go from us in peace. We ask not your counsels or arms. Crouch down and lick the hands which feed you. May your chains sit lightly upon you, and may posterity forget that you were our countrymen! --Sam Adams
See here for lengthy back-and-forth with two guys who've had the phone in their hands since late last month.
If you read the whole thing, they've got benchmarks and such. It's really long though.
1) EV batteries are designed to be recycled. Unsurprisingly. Dead ones are worth cash and are not discarded.
2) American diesels emit ridiculous amounts of particulates. They suck compared to Euro diesels. US law stupidly assumes that all diesels emit particulates at the level of crappy Detroit diesels, because politicians are techno-illiterate.
3) So-called "greens" have a long-standing love affair with the diesel engine because bio-diesel is carbon neutral.
4) Opposing sustainable technologies is just the latest way to be an anti-technology whack job. Move over Amish!
It's even cheaper to just face reality and understand that anyone who really wants to bypass security can do so.
That's the results of hundreds of tests, repeated ad nauseum, at all major US airports. The evidence is incontrovertible. We need to stop pretending that airport security has any useful function other than controlling the aftermath of an incident.
And stop pretending terrorist activity is more common than normal incidents like equipment malfunction, disease, thievery, etc. that we don't react to so hysterically (and ineffectively).
Terrorists are losers, incompetents, and not a real-life hazard to 99% of all people. Whiskey kills more people than terrorists and we serve whiskey on the damn planes.
Close it when CPAN co-operates with the most common package manager on business linux systems - namely RPM.
Companies that make stuff that people actually need usually run SuSe or Red Hat, if they run any linux at all. Why not simply have a CPAN plugin that keeps the RPM db updated? Don't use it if you don't want it.
Ideally, Red Hat and Suse should be paying for this, since their customers would be the ones profiting by it.
There are pure electrics (like the Tesla) and home-made plugins (like the California Prius Mods) that use LIon, but the mainstream hybrid cars you see on the street use NimH... fundamentally safer than a gas tank. Gas tanks, much like LIon batteries, are extremely explosive and flammable. Adding LIon batteries to a vehicle with a gas tank makes this even more dangerous, adding NiMH does not.
In a home, weight is not an issue, so deep-cycle lead-acid or similar heavyweight technologies are the obvious way to go.
You discredit your argument, which would otherwise be sound, when you imply you have the ability to infallibly predict the future.
Just sayin'.
Wow, an informative comment with a useful link that allows the reader to verify your statements independently!
Are you sure you aren't really a time traveler from, say, 2001 or thereabouts?
And far better known for keeping said titanics afloat when they ought to sink from the consequences of rapacious mismanagement.
This company seems to be pretty dedicated to making what you want.
http://www.norhtec.com/products/index.html
I'm impressed that they can supply low-power consumption home video and audio rigs that are completely fanless. They can support wireless connectivity, too, although personally I like nice fast private hard-wiring and have installed it throughout my home.
Less than a hundred years ago, everyone believed that the oceans could not possibly be harmed by human sewage, because they were simply too big to pollute. Today, this has been proved both qualitatively and quantitatively wrong.
Perhaps I'm misinterpreting what you meant, but it sounds to me like you are using essentially the same discredited argument - that humans are tiny and meaningless on a geologic scale. We're not; we do matter; we don't control our world (yet) but our influence on it is vast and profound.
At the moment "human scale" is significantly larger than "planetary scale". Humans have been sending stuff to other planets for quite some time.
Google "sacrificial anode".
I'm more worried about heating up the oceans. Heat pollution is already a problem in rivers and streams, and it's not like we aren't already stressing the hell out of the oceans...
Nope. All the RSX-11 and TSX-11 systems I built to test launch vehicles are still running today.
Sorry, but how is colonizing another planet going to prevent a catastrophic collision?
No need to be sorry, it's a good question. See, the aliens only have the resources to throw biosphere-destroying meteors at one planet, and if we spread to more than one they will save their resources for defense against our inevitable invasion and conquering of their own planets.
It makes perfect sense once you have all the data. See http://traipse.com/upgrade/index.html for another idea about averting a catastrophic collision.
Right, that's what I said. Zeyphr passport's FAQ says they do the double height thing clean, but I haven't used it myself.
No color on the VT102. The standard ANSI attributes you mention, yes. I think you have to get up into the 3xx-4xx series before you get color, and by then you have REGIS graphics too.
But yeah, nobody got fired for using blinking double-height text as far as I know.
I want it in raw ASCII text although I'd settle for ODF.
I think Adobe PDF is a lame, bloated format from a thoroughly disreputable company and I would be happy to never see another PDF so long as I live.
"Good Enough is the enemy of Great" -- Collins, misquoting Voltaire
I've always thought it insane to script an application you don't control, especially a constantly-updating security-sensitive end-user application, but people keep doing it. It's usually a stereotypical Dilbert situation; pointy-haired IT boss purchases software to help doctors, if he admits software sucks he will lose face with doctors and possibly lose income, so Asok or Wally has to make it work. If Asok gets the job, it gets done competently but the user interface is too technical and the doctors hate it, if Wally gets the job he scripts IE to do something magical and PHB gets a raise. Nobody knows why it breaks a year later, but it won't be blamed on PHB buying garbage (the salesman took him on a golfing junket and got him to sign a contract drunk). More likely it will be blamed on the vendor, or even more likely, on Dilbert who was completely uninvolved.
The people who work in such places will always find some way to screw things up, of course. It's almost Darwinian.
I personally would like to see all the browsers present options in a more transparent way; I don't think end users are as stupid as the IE designers think they are. For example, on getting an NXDOMAIN the browser could say this:
"No web server found at URL sexy.foxterriers.com
perhaps sexy.foxterriers.com is not the correct name?
Click here to search Bing for information about sexy.foxterriers.com"
That way you'd get the clueless user assistance function without unrequested search lookups. Instead, the browser just does whatever the default says the user probably wants, and the way to change that behaviour is buried among many other confusing options several layers deep in the configuration interface. Instead of attempting to subtly educate the user (notice how I snuck in an explanation of what URL means by context?) they assume ignorance and thus propagate it.
I tried to make that a https:/// link, incidentally, but unfortunately bing.com seems to have a bogus akamai cert.
Yeah, I know, I had a 1969 VW Karmann Ghia that got 40 MPG consistently with about 3 aftermarket parts in it. Granted it only turned out 72 HP, sure, but it also weighed less than a ton, so it drove fine (and was about as safe in a collision as bathing in gasoline while smoking).