Part of the aging process of the eye also makes it stiffer, producing presbyopia (Far sightedness). I wonder if these drops will also affect that as well. Now that I'm on the high side of 40, I've noticed this in my own eyes, and it is quite irritating.
If you haven't already, get progressive lenses. You'll hate them for several weeks, and then you will likely love them.
Sounds interesting (thanks for the tip), mine are deteriorating rapidly. I've only worn glasses since I was thirty. Two years ago I had to get a second pair for distance. And this year I had to get a third pair for close up.
I've had a partially detached retina in one eye - will that affect progressive lens? (I was told it stops me from wearing contacts)
68 and hoodies? Bunch of wussies. Sounds like you people dont have what it takes, get out of the way for those that do.
IBM have got a job for you as a media librarian in their tape storage and backup centre. Formal dress code is black trousers, dress shoes and a shirt. They supply the shirt - you wash it. You'll love the job - bugger all to do.
When you've burnt off those 200lbs of bravado they'll drag your goose-pimpled skinny carcass out, strip off your company shirt and give it to the next blubbery fool.
It can demonstrate that you are a loser. A reliable and pliable underling. It certainly demonstrates that you've got bad clothing, and that you're willing to be submissive. A good suit is comfortable.
I'll wear a good suit when it serves a purpose i.e. when wearing it is a profitable investment. It's a negotiating tool. What I won't wear is a big arrow round my neck pointing at my dick. But then my strength is not being conventional.
Some jobs require tugging the forelock - those that chose those roles, um, well - each to their own. Service isn't necessarily servility.
Clothing that cost more than a weeks wage doesn't say good thing about the wearer.
The MBA morons that judge based on clothes and not substance of ideas are what needs to go.
Perhaps they could find work selling wash-once Japanese sabiro suits?
Seriously - they should be contractually bound to the fate of their stupid ideas. Though style over substance sometimes sells - in the long-term, not so much. If the company dies because of dress codes that didn't result in a better bottom line, they should be sent swimming with pockets full of rocks instead being allowed to bail out with a golden parachute.
Clothing is among the fundamental elements of civilization. Clothes make the man -- always hated this, but seems true enough: dress affects behavior, behavior determines performance. It certainly doesn't seem fair that those among us with poor taste should be punished for it, but nearly everyone I've ever encountered is very quick to judge based on incredibly short and shallow impressions. If one desires success in corporate career, one will make themselves more attractive, less offensive, and embrace a level of vane pageantry. Yet most prefer to dress how they feel, or as an adjustment to their attractiveness to increase or decrease the level of their social engagement.
To expand - not necessarily contradict Clothes don't make the man. Put an idiot in a $1000 suit and you have a well dressed idiot. Clothes make an impression on the viewer - and sometimes, they affect the behaviour of the wearer.
When it comes to impressions it depends on how educated the viewer is. To some, someone wearing black "slacks" and a white shirt is in "business clothes", to others the same person could be a waiter in a low-end café.
When I was younger I knew nothing about good clothes - just price tags. I couldn't tell a Anderson & Sheppard suit from something off the rack at Target, or a genuine Rolex from a Bangkok special. I met a weird guy wearing worn shoes and a tattered jumper and made the mistake of misjudging him. I've since learnt to identify Italian kid leather shoes, tailored silk and wool mix trouser, and non-homespun mohair jumpers - and what it means when someone will wear them gardening. They can afford expensive clothes, they avoid showy displays, they recognise quality, and they are frugal - i.e. A grade client. Weird also meant he wasn't conventional - if he was he wouldn' t have been a multi-billionaire (nuts is the low income version of eccentric). That someone needs to make a good impression on a stranger speaks for itself.
HP hopes to market themselves to the mainstream. Makes sense. They don't want to be cutting edge, or leaders. Conservative, predictable and low budget. It's not like they're saying "formal", or "smart business".
tl;dr dress does say a lot about the wearer, in combination with deportment - but only if the viewer is educated. The cost of the clothing is only a measure of what that person is, apparently, willing to spend on their image - which does tell you something about the person (in the right context). Whether you can tell if they own those clothes is another thing. How obvious the expense of the clothes (bling factor) is tells you something else. If the person wears cheap, comfortable clothing it doesn't automatically mean they are cheap - they could simply be more focussed on substance over style. If it's not engineered properly it can backfire, badly. Someone who's uncomfortable in a suit and tie looks less untrustworthy in jeans.
What any of those things mean - when properly interpreted, depends on what you want. If you want a company that play follow the leader - pick the suits, and maybe they'll help you pick up the scraps left by less conventional pioneers on a well-worn trail.
In IT image is probably more important because the product is often intangible - if you provide on-site support and the client pays $200 every time a tech visits to install a mouse, that ($35phr) tech had better be well-dressed, driving a clean, well-maintained, recent model car, and not chewing gum or picking their nose. That way the client's staff don't resent your staff (as much). But if the clients wears Lanvin suits and pay you $300+ and hour to advice them on IT - don' t turn up wearing a shiny Italian suit (or Tommy Hilfiger). A plain cotton shirt and jeans is usually fine (just don't mumble, or fail to look directly in their eyes).
Interesting, it's a main ingredient of Nivea creme.
Interesting - do you have a source for that. It's not a listed ingredient in Australia.
Here's what listed, with some additional information:-
Parafinnum liquidum (fancy name for refined mineral oil - it'll grease you up good and proper, all the way through), PEG-150 (Pentaerythrityl Tetrastearate, emulsifier and thickener, High molecular weight Polyethylene Glycol Diester of Stearic Acid - like methylparaben, shouldn't be used on broken skin, in this case because it can carry other ingredients), methylparaben (a "paraben paradox" - don't apply to broken, eczematous or ulcerated skin, used as a preservative), butylparaben (another paraben - this one has powerful anti-microbial properties, kills all sorts of things, used as a masking agent), ethylparaben (another paraben preservative, used to make dry skin appear, um, not dry), isobutylparaben (another paraben preservative, used to stabilise suspensions), propylparaben (anti-fungal, anti-microbial preservative E126), simethicone (anti-foaming agent), BHT (dibutylhydroxytoluene, a preservative, also found in potato chips), parfum (fancy name for perfume, and a way to avoid listing other ingredients), limonene (citrus smelling cyclic terpine - a cleaning solvent), geraniol (scent, mozzie repellant, monoterpenoid alcohol, increases histamine release), linalool (scent - terpene alcohol, inhibitor of acetylcholinesterase, can be a potent skin irritant), hydroxycitronellal (scent - see citronellol), hydroxyisohexyl 3-cyclohexane carboxaldehyde (long lasting Lily-like fragrance, a combination of myrcenol and acrolein), citronellol (acyclic monoterpenoid, keeps the mozzies away).
Note, that's a lot of parabens - which the preservative industry makes use of because in low levels they are considered free of the cancer risks that larger levels pose. Breast cancer in particular. Parabens mimic estrogens and are endocrine destructors. tl;dr Not something I'd smear on my skin unless I the mozzies were really bad and I couldn't find any catnip (best mozzie repellent ever - especially since Kokoda was banned). I certainly wouldn't rub it in my eyes.
It makes me glad that I can call my president an asshole if I feel he is being an asshole. Of course, I will be labled a racist if I do so but that is another matter entirely.
Labelled by idiots. A label to wear with pride. Of course I could be wrong - but I suspect it's unlikely that you would call Obama an arsehole because of the colour of his skin. Even calling him a black arsehole doesn't make you a racist bigot. It's just an accurate description.
I am sure I will be a sexist for not voting for Hillary as well but, again, that is another matter entirely.
Labelled a sexist bigot by idiots - maybe. But not voting for someone - whatever your reasons is just exercising your right to vote.
Just saying.
Of course I'll be labelled rude by idiots. Maybe I am, but it won't make them less idiotic.
Read again. I said you were involved with extremists. Not that you were one of them. They damage the credibility of anyone with genuine problems with systemd.
ACK and agree. I'm sure you understand that to transform a years old flame into a decent discussion is quite a hell of a process.
For what it's worth - though some clients use systemd with good reasons, I don't (though I find many features interesting and have been testing some for the last year and a bit). I can relate to your feeling: I've watched the "debate" damage the Debian community (and I'm aware that much of the blame lies parties whose only interests is destruction); I was in a similar position when udev replaced sysfs. I can also see how hard it makes things for the developers of systemd, and why some of us have developed support for systemd as a matter of compromise - so that software can have the widest adoption possible. If blame for premature change must be attributed much of it lies with "gamers" (posing as "desktop users") demanding that support for the latest take precedence over support for stability. There is a need for some of the features of systemd in the larger areas of deployment - non desktop where even shaving a few seconds off a boot that occurs once a year makes a critical difference to adoption (when multiplied a few tens of thousands of times). But the major problem facing systemd and the traditional init IMO is two-fold: Eternal September (uninformed protesters camping in the carpark, hindering work and informed discussion); lack of development with the traditional init. The only solution I can think of is more seasoned developers.
The uniformed talk of Desktop Wars, and falsely compare the difficulties of developing a distro that includes 25K+ packages that run on a multitude of architectures with things much more limited in scope and have a completely different focus (one is a commercial development, the other is a development that does cater for commerce - but not exclusively). Most simply - it's choices vs. lack of choices, free will vs. you will get what you pay for that is on offer.
Apologies for overreacting, I recognize you do have legitimate observations, but really I've been through the systemd-grinder enough to quickly put up defenses.
No offence taken. Really. See above for why I can partially understand where you're coming from. I especially appreciate that you've always backed your position with action. As have I, but I'll stick to my anonymity on this forum for various reasons (not to great effect, but those that have recognised me, not that I'm anyone of import, have kept that knowledge off/.).
That posting of the "financial reports" is the first time you' ve published any information about business registration. Where is the posted information about dyne.org? Where are all those certified accounts available? Why doesn't Archive.org have them?
Man, we are paying taxes to the Netherlands, not to Archive.org. I think you have a different idea of transparency... we are producing all the documentation needed for the institutions and organizations that require them, including the EU commission for some projects. However in case of donors you are right, more work must be done towards transparency...
Your first point was understood. The second was the reason why I made the initial points - not that you are being deceptive, just that you could do much better (governments, as you are aware, are not the highest goal when setting standards). I'm sure I'm not the only one who didn't donate because I'd like to know where the money goes. And more importantly - like to put my money where the investment is more likely to bring returns i.e. will result in something the keeps growing. If your income grows so will the amount of distrust. If you didn't deal with that now you would never reach the next hurdle for growth - achieving
You'd like proof of entropy in a/. post? What next - pi demonstrated to 10000 places in a Twitter post? Instant education you can sprinkle on your breakfast and some else to feed it to you?
/dev/urandom will not wait (block) for sufficient entropy and thus is (theoretically) more vulnerable to attacks than using/dev/random. You should ALWAYS use/dev/random if you are worried (paranoid) about the cryptographic strength of your result.
Yes/dev/random blocks. It gives out exactly as much randomness as it has entropy in its pool. But that's not always a good thing - which is why cryptography is not intuitive - it's also why cryptographers e.g. Bruce Schneier, choose/dev/urandom as the preferred source of cryptographic randomness on UNIX-like systems.. Rather than selectively picking from what I wrote to support pre-invested emotional belief - try reading it in context. (there are situations when/dev/random is the best choice).
"sufficient" entropy is the stumbling block. How does/dev/random determine what's sufficient entropy? Note: that I've already pointed out that 256 bits is a secure level of entropy, and don't make the mistake of trying to keep a complex subject so simple it becomes stupid.
There is no entropy counting going on there, it's estimation. The amount of entropy some source is giving you isn't something obvious that you just get, along with the data. It has to be estimated. When the estimate is too optimistic, the property of/dev/random you have invested so much in, that it's only giving out as many random numbers as available entropy allows, is gone. It's hard to estimate the amount of entropy. If/dev/urandom doesn't have enough available entropy it injects entropy - “low quality random” numbers from a pseudorandom number generator (a cryptographically secure one) that is running alongside the rest of the random number machinery. This CSPRNG (both/dev/random and/dev/urandom use the same CSPRING) is just seeded once (except when it's not) with “true randomness” from the randomness pool. Perfection is the enemy of good. 256 bits is enough..
tl;dr You are right, all cryptographers are wrong. As I've already pointed out/dev/urandom is the preferred choice of leading cryptographers.
I was talking about seeding your randomness and how to test entropy is definitely a necessity.
Care to put that in a context? A time frame for your test would be a good start - some of us, like the processes that use entropy, do have time constraints. Be sure and allow for realistic limitations and biases - like the system timing signals.
If you sneak in some vulnerability,
That's a big if. (try kippers - so much more substance than red herrings) There is always a big if - in everything. It's the same uncertainty that paralyses obsessive compulsives.
most likely you'll want to be able to predict the random numbers generated at certain points in time but still make it look like you have sufficient randomness for people that are not in the know. How do you test against that?
It's a major concern only if: you take the first part of the sophism, a theoretical uncertainty and conflate it with a fact; believe it is possible to prove entropy (which it isn't), in a flawed system with a single biasing clock; and then tack on the broken logic of how do you prove the complex to the ignorant (people who are not in the know). You've married a straw man to a red herring and both of them live in a castle in the clouds. It should be no surprise all their off-spring are red-headed step-children.
The article does not specify what configuration changes are needed to get the flaw to appear or disappear.
Agreed. It's a crap summary. The blog post it references is worth reading - as does the BSD list thread I quoted earlier. The many "news" stories, and the reddit thread are not.
It references a code patch, which is a completely different thing.
And from what I can tell, non-BSD systems are vulnerable too - as long as you don't use the default configuration. If you do, you probably should wait for vendor patches anyhow, and are safe while you wait...
It doesn't affect non-BSD systems. It only affects a small number of BSD systems. And in those instances only if the sysadmin does not follow best practices (they'd have to disable default configurations, and then use a stupid password).
Curious about your manipulation of to the Devuan project passing via a personal attack against me.
Read again. I said you were involved with extremists. Not that you were one of them. They damage the credibility of anyone with genuine problems with systemd.
BTW are you Kevin McCurley of Digicrime, based in San Jose?
Isn't this game boring?
[Yawn] Yes to the second question.
Yet I have to reply because your claims about Devuan are false:
1- we don't demand no-one else should be able to use systemd.
Never said you did. Nor that you speak for everyone that was involved in that project. Read again - the words have not changed. I said you were "eccentric" and that you are behind dynobolic - and further, that you should be judged by your code. Twisting my words and implying that you "know who I am" does nothing to improve your image.
our fund-raise is accountable the financial responsibility is taken up by a non-profit organization registered since more than 10 years, our financial report is public and reasonably detailed
That posting of the "financial reports" is the first time you' ve published any information about business registration. Where is the posted information about dyne.org? Where are all those certified accounts available? Why doesn't Archive.org have them?
And no, that's not transparent accounting. I have no reason to believe you are engaging in fraud - or even paying yourself to design logos. Transparent "accounting" is when expenditures are detailed (show where the money went - not on what) and are certified by a registered accountant as being true and complete, and made public. You've only done the last part.
SFI is a registered non-profit. Debian is a registered non-profit funded by SFI, and other organisations. All display that information as required by law and produce annual returns certified by registered accountants. Just as gnu.org does. I'd already checked your non-profit status, but your "financial reports" only appeared recently and it's only in them that your business registration is mentioned.
The devuan domain is not registered in the name of the business operator (you).
As a fork of Debian Devuan was doomed to failure from the start. Good intentions on your part not-withstanding.
Repackaging would have been a more viable ambition, and less divisive. I still think there is a need for such a project. It is more likely to succeed if it operates in a responsible manner. Any project that forks from Debian because it doesn't trust systemd (which is not a necessity if you use Debian), while composed of anonymous "veteran Unix administrators" will be treated with the suspicion it deserves. Feel free to play all the "I know who you are and where you live" games you like. As long as your games are just in your head they're games without consequences.
Dyne is a laudable project in it's own right - and if you re-read what I said you'll find I didn't damn Tomb.
As for some to the people that associated with the Devuan project - and some of your conduct on various forums... my opinions haven't changed. Before you get on your moral platform with your knickers in a twist because you believe I've impugned your reputation - get a time machine and go back and undo all the allegations, slurs, and FUD that you've left behind you in the past. Most of it's still there preserved for posterity.
No, my parser is fine. Your's matches your usename - that is just a pseudonym, right?
... but still, if PAM is configured with OpenSSH, a PAM bug may sometimes be mis-identified to be an OpenSSH bug
Then it's not an OpenSSH bug. (and that's not English)
No matter if it's a PAM bug or an OpenSSH bug, a but report which points out a vulnerability is good thing for the community
(assuming the coward means "bug report"). No - it's a waste of limited resources. Big scare about an insecurity in OpenSSH which did not exist
"King Cope" posted to the Full Disclosure mailing list Fri, 17 Jul 2015 21:23:36 +0000 (UTC) (according to my email system) with an exploit
ssh -lusername -oKbdInteractiveDevices=`perl -e 'print "pam," x 10000'` targethost
and "a patch for openssh-6.9p1 that will allow to use a wordlist
and any passwords piped to the ssh process to be used in order to
crack passwords remotely.". By applying the patch it allows an attacker to try as many attacks as possible within the gracetime (2 minutes). The best case scenario allows an estimated 10000 attempts in that time period.
I only read it because he's usually good for a laugh, or, as is this case, a face-palm.
Which might brute force a very short (stupid) password that would fall to a small, lucky, dictionary attack. Which is why BP is to use a key.
He mentions in that email that it has been "tested against a new FreeBSD 10.1 system and older FreeBSD versions such as version 6.2.".
something that will allow the users to tighten up their configuration to deny that bug from being able to function in the first place
Tighten up what? Their SSH configurations? It is a bug in PAM that is restricted to small range of BSD versions. Tightening up SSH, which is already as tight as it can be against the exploit unless you deliberately loosened it (as Sex Conker would recommend - but he's an idiot). Default configurations already stop the exploit (no root ssh login, all ssh logins with keys).
The exploit would only affect insecure systems that use piss poor password security - and even then only on a limited number of BSD systems.
That belief is a broken as the idea that if there's a story a cigarette lighter exploded, which causes a panic about cigarette lighters, and calls for a recall of them - turns out to be a case of someone in petrol soaked pants being injured when the cigarette lighter in their pocket exploded as a result of them falling out of a building and landing on their arse. Unfortunately they had a box of matches in the back pocket which exploded on impact, setting fire to their pants - the heat of the flames caused the cigarette lighter to explode.
The moral of the story is not - oh the panic about cigarette lighters exploding was a good thing. It would have been a "good thing" if that energy was spent on warning people of the dangers of wearing petrol pants and falling out of windows.
It would be a "good thing" if people focused on the actual bug in PAM instead of trying to justify their earlier panic (the sky is not falling).
The coward that wrote that gibberish you're defending , who is obviously not you, is referring to what bug report?Hint: there was none, just another of King Cope's self-promoting and inflated security exploits (he also thinks robots.txt is a security hole). You fell for it, get over it.
How do you even test your source of entropy reliably? Sure you can do some statistical analysis, but if you don't even trust/dev/random, what do you trust? A chip would be less reliable IMHO than either using the kernel seeding/dev/random (at least you have control over the code) or a HAVEGE type algorithm (prediction at that level requires insane amounts of resources)
If you trust/dev/random you're off to the wrong start (and living in the past) - especially as far as credibility goes. Use/dev/urandom. Given that you only need 256 bits of entropy to get computationally secure numbers for a long, long time - the "how do you test entropy reliably" is a straw man.
There are some case where it's better to use/dev/random. This is not one of them.
Fun facts - dm-crypt uses/dev/urandom, VeraCrypt uses/dev/random and/dev/urandom (on Linux and Mac)
So trivial that the suggested configuration change is not mentioned anywhere.
Where did you look? The summary - or your closet? If you don't run FreeBSD you don't have to change anything. If you do - try reading the referenced article. Though if you need to be told the bleeding obvious that won't fix your problem.
The links are recursive (they point at/.) so they'd be fuck all use at providing more information - and nothing to do with the crappy summary (SecurityWeek reports). Thanks for nothing Timothy.
Downside is, is that if the LUKS header gets corrupted or destroyed, the entire partition is lost.
To be fair - that's the downside of encryption (without regular backups). A single bit of difference means no information recovery.
Using LUKS is unlikely to measurably decrease your chances of being unable to recover information. ie. if the encrypted medium is modified you'll only ever be able to recover data. Data, that doesn't translate into useful information.
... but still, if PAM is configured with OpenSSH, a PAM bug may sometimes be mis-identified to be an OpenSSH bug
No matter if it's a PAM bug or an OpenSSH bug, a but report which points out a vulnerability is good thing for the community - something that will allow the users to tighten up their configuration to deny that bug from being able to function in the first place
The name "Tomb" is self-defeating. The name implies that the software is already dead.
Agreed. If marketing is important.
Vault is already used by many projects. I'd suggest ForNix - but then I do have a black sense of humour (it's latin for vault, also brothel). AbSis? another latin word with double meanings and a likelihood that it'd become the butt of jokes . CryptoPorticus? Cautus is good, but there's a possibility that if it ever failed he'd never shake the "CaughtUs" meme that would result - besides, it's a business name.
Literally the first few words say they released it yesterday.
The project has been around for some years [looks through his records]. The oldest entry reference I have is to a post in a wishlist bug report dated 31 Jan 2011. Tomb was at 0.9.0 then. (I never did work out what Jaromil actually wanted - advertising?)
Can't rule that out about anything. In this case you're talking about the guy (Denis Roio) with dyne:bolic under his belt - and the "non-profit" behind it and his "campaign" to fork Debian. A self-described "researcher in philosophy of technology and software artisan". He's done at least one TED talk (I can't be bothered looking for the link).
The Tomb project is interesting and I've been following it for a while - the main thing that differentiates it from other LUKS-made-simple tools is the addition of steganography capabilities.
Despite his numerous, um, eccentricities and involvement in the rabid and vitriolic campaign against systemd, it's the code that counts. In this case it's just wrappers around dm-crypt, dm-setup and LUKS designed to make LUKS easier for people who find it difficult - and to add a few other features. Like anything else that is meant to be trusted to the same degree it should be independently audited.
Note: there are plenty of reasonable objections to systemd. Those that hold them don't demand no-one else should be able to use systemd, raise money unaccountably so a handful(?) of anonymous self-described "Unix gurus" can "fork Debian" (yeah - and I'm going to build a moon mission in my basement). Or use threats/trolling/FUD.That would be more like an NSA style campaign to divide the Linux community and keep their existing init flaw backdoors in place on hard-to-get-to systems.
Cue the usual sock-puppet forum flooding and disinformation [sigh]
"Caravans"? Um, we don't call them that here in the US. The "Breaking Bad" vehicle would be called an RV (recreational vehicle), and a trailer would be called a trailer. Anyway, cheers mate!
A house in a van is called a camper-van here. A trailer is what we load with rubbish to take to a tip. A house on wheels that you tow we call a caravan. What you call a trailer park we call a caravan park. A 4-wheel drive is called an RV. "Cooking" in "trailers' parked in the "woods" is common [translates to] "Cooking" in "caravans" parked in the "bush". Have a good one buddy!
Not all "cooks" work out of caravans (what they call trailers in the USA). Chemistry labs in universities are frequently used by students, and occasionally staff, to produce illegal drugs. Even Lidcombe Analytical Labs where seized drugs are tested for court has had similar incidents.
The (Oz) Department of Agriculture, Fisheries and Forestry used to occupy a building in Barton, Canberra. In the warren of large storage rooms in the lower basement filled with old furniture and equipment a cannabis grow room was once discovered. And two separate areas where people were living. No one was charged with the grow op, and it was quietly cleaned out. Two rooms along, sharing the same ventilation system was where the Quarantine Inspection Service dog handlers worked - and they would frequently do some of the "find the sock with the pot" training in the shared basement loading bays. Must of confused the hell out of the dogs (or maybe just the trainers). Especially given the number of IT staff who worked out of rooms in the same corridors and were known for using the same carpark for sharing a quick joint at lunchtime when it was raining outside.
Several times I'd gotten out of a lift down to the basement with people that reeked of reefer and we've all had to walk past drug sniffing dogs being walked the other way along the corridors. I often wondered if AQIS detection rates at the airport could have been a little higher.
That same building is now home to the Australian Federal Police - whenever I've visited the lower basement level I've wondered whether the tradition continues.
Slashdot Mirror
Part of the aging process of the eye also makes it stiffer, producing presbyopia (Far sightedness). I wonder if these drops will also affect that as well. Now that I'm on the high side of 40, I've noticed this in my own eyes, and it is quite irritating.
If you haven't already, get progressive lenses. You'll hate them for several weeks, and then you will likely love them.
Sounds interesting (thanks for the tip), mine are deteriorating rapidly. I've only worn glasses since I was thirty. Two years ago I had to get a second pair for distance. And this year I had to get a third pair for close up.
I've had a partially detached retina in one eye - will that affect progressive lens? (I was told it stops me from wearing contacts)
"PEG-150 (Pentaerythrityl Tetrastearate"
Bloody hell.
Anyone know how to replace a stearate functional group for a nitrate?
Pentaerythrityl Tetranitrate is mother's milk!!!!
Hmm, cook it with powdered magnesium and aluminium soap maybe? Just not on my stove - I doubt the insurance would cover it.
You'll find that mother's milk in the pockets of some pensioners in handy little capsules.
Robots will do a better job and not require Cheetos or a soft drink.
What do you mean soon old-timer?
Samzenpus is a Editor bot v.0.01 (Eliza v.9.01) - you insensitive clod. Cutting edge.
Oh wait... I misread the clock. It's 2015 not 2005. Samzenpus is an out-of-date Editor bot. Dice has been cost-cutting again.
Maybe if the Flying Spaghetti Monster was substituted, it would not offend the copyright Goons.
The Spike Milligan estate wishes to remind you that the Goons copyrighted the Flying Spaghetti Monster joke.
And the BBC copyrighted the Goons.
68 and hoodies? Bunch of wussies. Sounds like you people dont have what it takes, get out of the way for those that do.
IBM have got a job for you as a media librarian in their tape storage and backup centre. Formal dress code is black trousers, dress shoes and a shirt. They supply the shirt - you wash it. You'll love the job - bugger all to do.
When you've burnt off those 200lbs of bravado they'll drag your goose-pimpled skinny carcass out, strip off your company shirt and give it to the next blubbery fool.
What purpose does dressing uncomfortably serve?
It can demonstrate that you are a loser. A reliable and pliable underling. It certainly demonstrates that you've got bad clothing, and that you're willing to be submissive. A good suit is comfortable.
I'll wear a good suit when it serves a purpose i.e. when wearing it is a profitable investment. It's a negotiating tool. What I won't wear is a big arrow round my neck pointing at my dick. But then my strength is not being conventional.
Some jobs require tugging the forelock - those that chose those roles, um, well - each to their own. Service isn't necessarily servility.
Clothing that cost more than a weeks wage doesn't say good thing about the wearer.
The MBA morons that judge based on clothes and not substance of ideas are what needs to go.
Perhaps they could find work selling wash-once Japanese sabiro suits?
Seriously - they should be contractually bound to the fate of their stupid ideas. Though style over substance sometimes sells - in the long-term, not so much. If the company dies because of dress codes that didn't result in a better bottom line, they should be sent swimming with pockets full of rocks instead being allowed to bail out with a golden parachute.
Clothing is among the fundamental elements of civilization. Clothes make the man -- always hated this, but seems true enough: dress affects behavior, behavior determines performance. It certainly doesn't seem fair that those among us with poor taste should be punished for it, but nearly everyone I've ever encountered is very quick to judge based on incredibly short and shallow impressions. If one desires success in corporate career, one will make themselves more attractive, less offensive, and embrace a level of vane pageantry. Yet most prefer to dress how they feel, or as an adjustment to their attractiveness to increase or decrease the level of their social engagement.
To expand - not necessarily contradict
Clothes don't make the man. Put an idiot in a $1000 suit and you have a well dressed idiot. Clothes make an impression on the viewer - and sometimes, they affect the behaviour of the wearer.
When it comes to impressions it depends on how educated the viewer is. To some, someone wearing black "slacks" and a white shirt is in "business clothes", to others the same person could be a waiter in a low-end café.
When I was younger I knew nothing about good clothes - just price tags. I couldn't tell a Anderson & Sheppard suit from something off the rack at Target, or a genuine Rolex from a Bangkok special. I met a weird guy wearing worn shoes and a tattered jumper and made the mistake of misjudging him. I've since learnt to identify Italian kid leather shoes, tailored silk and wool mix trouser, and non-homespun mohair jumpers - and what it means when someone will wear them gardening. They can afford expensive clothes, they avoid showy displays, they recognise quality, and they are frugal - i.e. A grade client. Weird also meant he wasn't conventional - if he was he wouldn' t have been a multi-billionaire (nuts is the low income version of eccentric). That someone needs to make a good impression on a stranger speaks for itself.
HP hopes to market themselves to the mainstream. Makes sense. They don't want to be cutting edge, or leaders. Conservative, predictable and low budget. It's not like they're saying "formal", or "smart business".
tl;dr dress does say a lot about the wearer, in combination with deportment - but only if the viewer is educated. The cost of the clothing is only a measure of what that person is, apparently, willing to spend on their image - which does tell you something about the person (in the right context). Whether you can tell if they own those clothes is another thing. How obvious the expense of the clothes (bling factor) is tells you something else. If the person wears cheap, comfortable clothing it doesn't automatically mean they are cheap - they could simply be more focussed on substance over style. If it's not engineered properly it can backfire, badly. Someone who's uncomfortable in a suit and tie looks less untrustworthy in jeans.
What any of those things mean - when properly interpreted, depends on what you want. If you want a company that play follow the leader - pick the suits, and maybe they'll help you pick up the scraps left by less conventional pioneers on a well-worn trail.
In IT image is probably more important because the product is often intangible - if you provide on-site support and the client pays $200 every time a tech visits to install a mouse, that ($35phr) tech had better be well-dressed, driving a clean, well-maintained, recent model car, and not chewing gum or picking their nose. That way the client's staff don't resent your staff (as much). But if the clients wears Lanvin suits and pay you $300+ and hour to advice them on IT - don' t turn up wearing a shiny Italian suit (or Tommy Hilfiger). A plain cotton shirt and jeans is usually fine (just don't mumble, or fail to look directly in their eyes).
Urgh. That's the worst yoghurt I've ever had.
Pro-tip. That other bad yoghurt you tried - the one your flatmate left in the fridge but didn't seem to eat. The one that left you with a sore throat.
Maybe she didn't buy it to eat.
Interesting, it's a main ingredient of Nivea creme.
Interesting - do you have a source for that. It's not a listed ingredient in Australia.
Here's what listed, with some additional information:-
Parafinnum liquidum (fancy name for refined mineral oil - it'll grease you up good and proper, all the way through),
PEG-150 (Pentaerythrityl Tetrastearate, emulsifier and thickener, High molecular weight Polyethylene Glycol Diester of Stearic Acid - like methylparaben, shouldn't be used on broken skin, in this case because it can carry other ingredients),
methylparaben (a "paraben paradox" - don't apply to broken, eczematous or ulcerated skin, used as a preservative),
butylparaben (another paraben - this one has powerful anti-microbial properties, kills all sorts of things, used as a masking agent),
ethylparaben (another paraben preservative, used to make dry skin appear, um, not dry),
isobutylparaben (another paraben preservative, used to stabilise suspensions),
propylparaben (anti-fungal, anti-microbial preservative E126),
simethicone (anti-foaming agent),
BHT (dibutylhydroxytoluene, a preservative, also found in potato chips),
parfum (fancy name for perfume, and a way to avoid listing other ingredients),
limonene (citrus smelling cyclic terpine - a cleaning solvent),
geraniol (scent, mozzie repellant, monoterpenoid alcohol, increases histamine release),
linalool (scent - terpene alcohol, inhibitor of acetylcholinesterase, can be a potent skin irritant),
hydroxycitronellal (scent - see citronellol),
hydroxyisohexyl 3-cyclohexane carboxaldehyde (long lasting Lily-like fragrance, a combination of myrcenol and acrolein),
citronellol (acyclic monoterpenoid, keeps the mozzies away).
Note, that's a lot of parabens - which the preservative industry makes use of because in low levels they are considered free of the cancer risks that larger levels pose. Breast cancer in particular. Parabens mimic estrogens and are endocrine destructors.
tl;dr Not something I'd smear on my skin unless I the mozzies were really bad and I couldn't find any catnip (best mozzie repellent ever - especially since Kokoda was banned). I certainly wouldn't rub it in my eyes.
It makes me glad that I can call my president an asshole if I feel he is being an asshole. Of course, I will be labled a racist if I do so but that is another matter entirely.
Labelled by idiots. A label to wear with pride. Of course I could be wrong - but I suspect it's unlikely that you would call Obama an arsehole because of the colour of his skin. Even calling him a black arsehole doesn't make you a racist bigot. It's just an accurate description.
I am sure I will be a sexist for not voting for Hillary as well but, again, that is another matter entirely.
Labelled a sexist bigot by idiots - maybe. But not voting for someone - whatever your reasons is just exercising your right to vote.
Just saying.
Of course I'll be labelled rude by idiots. Maybe I am, but it won't make them less idiotic.
Read again. I said you were involved with extremists. Not that you were one of them. They damage the credibility of anyone with genuine problems with systemd.
ACK and agree. I'm sure you understand that to transform a years old flame into a decent discussion is quite a hell of a process.
For what it's worth - though some clients use systemd with good reasons, I don't (though I find many features interesting and have been testing some for the last year and a bit). I can relate to your feeling: I've watched the "debate" damage the Debian community (and I'm aware that much of the blame lies parties whose only interests is destruction); I was in a similar position when udev replaced sysfs. I can also see how hard it makes things for the developers of systemd, and why some of us have developed support for systemd as a matter of compromise - so that software can have the widest adoption possible. If blame for premature change must be attributed much of it lies with "gamers" (posing as "desktop users") demanding that support for the latest take precedence over support for stability. There is a need for some of the features of systemd in the larger areas of deployment - non desktop where even shaving a few seconds off a boot that occurs once a year makes a critical difference to adoption (when multiplied a few tens of thousands of times). But the major problem facing systemd and the traditional init IMO is two-fold: Eternal September (uninformed protesters camping in the carpark, hindering work and informed discussion); lack of development with the traditional init. The only solution I can think of is more seasoned developers.
The uniformed talk of Desktop Wars, and falsely compare the difficulties of developing a distro that includes 25K+ packages that run on a multitude of architectures with things much more limited in scope and have a completely different focus (one is a commercial development, the other is a development that does cater for commerce - but not exclusively). Most simply - it's choices vs. lack of choices, free will vs. you will get what you pay for that is on offer.
Apologies for overreacting, I recognize you do have legitimate observations, but really I've been through the systemd-grinder enough to quickly put up defenses.
No offence taken. Really. See above for why I can partially understand where you're coming from. I especially appreciate that you've always backed your position with action. As have I, but I'll stick to my anonymity on this forum for various reasons (not to great effect, but those that have recognised me, not that I'm anyone of import, have kept that knowledge off /.).
That posting of the "financial reports" is the first time you' ve published any information about business registration. Where is the posted information about dyne.org? Where are all those certified accounts available? Why doesn't Archive.org have them?
Man, we are paying taxes to the Netherlands, not to Archive.org. I think you have a different idea of transparency... we are producing all the documentation needed for the institutions and organizations that require them, including the EU commission for some projects. However in case of donors you are right, more work must be done towards transparency...
Your first point was understood. The second was the reason why I made the initial points - not that you are being deceptive, just that you could do much better (governments, as you are aware, are not the highest goal when setting standards). I'm sure I'm not the only one who didn't donate because I'd like to know where the money goes. And more importantly - like to put my money where the investment is more likely to bring returns i.e. will result in something the keeps growing. If your income grows so will the amount of distrust. If you didn't deal with that now you would never reach the next hurdle for growth - achieving
You'd like proof of entropy in a /. post? What next - pi demonstrated to 10000 places in a Twitter post? Instant education you can sprinkle on your breakfast and some else to feed it to you?
/dev/urandom will not wait (block) for sufficient entropy and thus is (theoretically) more vulnerable to attacks than using /dev/random. You should ALWAYS use /dev/random if you are worried (paranoid) about the cryptographic strength of your result.
Yes /dev/random blocks. It gives out exactly as much randomness as it has entropy in its pool. But that's not always a good thing - which is why cryptography is not intuitive - it's also why cryptographers e.g. Bruce Schneier, choose /dev/urandom as the preferred source of cryptographic randomness on UNIX-like systems.. Rather than selectively picking from what I wrote to support pre-invested emotional belief - try reading it in context. (there are situations when /dev/random is the best choice).
"sufficient" entropy is the stumbling block. How does /dev/random determine what's sufficient entropy? Note: that I've already pointed out that 256 bits is a secure level of entropy, and don't make the mistake of trying to keep a complex subject so simple it becomes stupid.
There is no entropy counting going on there, it's estimation. The amount of entropy some source is giving you isn't something obvious that you just get, along with the data. It has to be estimated. When the estimate is too optimistic, the property of /dev/random you have invested so much in, that it's only giving out as many random numbers as available entropy allows, is gone. It's hard to estimate the amount of entropy. /dev/urandom doesn't have enough available entropy it injects entropy - “low quality random” numbers from a pseudorandom number generator (a cryptographically secure one) that is running alongside the rest of the random number machinery. This CSPRNG (both /dev/random and /dev/urandom use the same CSPRING) is just seeded once (except when it's not) with “true randomness” from the randomness pool. Perfection is the enemy of good. 256 bits is enough..
If
tl;dr You are right, all cryptographers are wrong. As I've already pointed out /dev/urandom is the preferred choice of leading cryptographers.
I was talking about seeding your randomness and how to test entropy is definitely a necessity.
Care to put that in a context? A time frame for your test would be a good start - some of us, like the processes that use entropy, do have time constraints. Be sure and allow for realistic limitations and biases - like the system timing signals.
If you sneak in some vulnerability,
That's a big if. (try kippers - so much more substance than red herrings) There is always a big if - in everything. It's the same uncertainty that paralyses obsessive compulsives.
most likely you'll want to be able to predict the random numbers generated at certain points in time but still make it look like you have sufficient randomness for people that are not in the know. How do you test against that?
It's a major concern only if: you take the first part of the sophism, a theoretical uncertainty and conflate it with a fact; believe it is possible to prove entropy (which it isn't), in a flawed system with a single biasing clock; and then tack on the broken logic of how do you prove the complex to the ignorant (people who are not in the know). You've married a straw man to a red herring and both of them live in a castle in the clouds. It should be no surprise all their off-spring are red-headed step-children.
The article does not specify what configuration changes are needed to get the flaw to appear or disappear.
Agreed. It's a crap summary. The blog post it references is worth reading - as does the BSD list thread I quoted earlier. The many "news" stories, and the reddit thread are not.
It references a code patch, which is a completely different thing.
And from what I can tell, non-BSD systems are vulnerable too - as long as you don't use the default configuration. If you do, you probably should wait for vendor patches anyhow, and are safe while you wait...
It doesn't affect non-BSD systems. It only affects a small number of BSD systems. And in those instances only if the sysadmin does not follow best practices (they'd have to disable default configurations, and then use a stupid password).
Curious about your manipulation of to the Devuan project passing via a personal attack against me.
Read again. I said you were involved with extremists. Not that you were one of them. They damage the credibility of anyone with genuine problems with systemd.
BTW are you Kevin McCurley of Digicrime, based in San Jose?
Isn't this game boring?
[Yawn] Yes to the second question.
Yet I have to reply because your claims about Devuan are false:
1- we don't demand no-one else should be able to use systemd.
Never said you did. Nor that you speak for everyone that was involved in that project. Read again - the words have not changed. I said you were "eccentric" and that you are behind dynobolic - and further, that you should be judged by your code. Twisting my words and implying that you "know who I am" does nothing to improve your image.
our fund-raise is accountable the financial responsibility is taken up by a non-profit organization registered since more than 10 years, our financial report is public and reasonably detailed
That posting of the "financial reports" is the first time you' ve published any information about business registration. Where is the posted information about dyne.org? Where are all those certified accounts available? Why doesn't Archive.org have them?
And no, that's not transparent accounting. I have no reason to believe you are engaging in fraud - or even paying yourself to design logos.
Transparent "accounting" is when expenditures are detailed (show where the money went - not on what) and are certified by a registered accountant as being true and complete, and made public. You've only done the last part.
SFI is a registered non-profit. Debian is a registered non-profit funded by SFI, and other organisations. All display that information as required by law and produce annual returns certified by registered accountants. Just as gnu.org does.
I'd already checked your non-profit status, but your "financial reports" only appeared recently and it's only in them that your business registration is mentioned.
The devuan domain is not registered in the name of the business operator (you).
As a fork of Debian Devuan was doomed to failure from the start. Good intentions on your part not-withstanding.
Repackaging would have been a more viable ambition, and less divisive. I still think there is a need for such a project. It is more likely to succeed if it operates in a responsible manner. Any project that forks from Debian because it doesn't trust systemd (which is not a necessity if you use Debian), while composed of anonymous "veteran Unix administrators" will be treated with the suspicion it deserves. Feel free to play all the "I know who you are and where you live" games you like. As long as your games are just in your head they're games without consequences.
Dyne is a laudable project in it's own right - and if you re-read what I said you'll find I didn't damn Tomb.
As for some to the people that associated with the Devuan project - and some of your conduct on various forums... my opinions haven't changed. Before you get on your moral platform with your knickers in a twist because you believe I've impugned your reputation - get a time machine and go back and undo all the allegations, slurs, and FUD that you've left behind you in the past. Most of it's still there preserved for posterity.
That's because your parser's broken.
No, my parser is fine. Your's matches your usename - that is just a pseudonym, right?
... but still, if PAM is configured with OpenSSH, a PAM bug may sometimes be mis-identified to be an OpenSSH bug
Then it's not an OpenSSH bug. (and that's not English)
No matter if it's a PAM bug or an OpenSSH bug, a but report which points out a vulnerability is good thing for the community
(assuming the coward means "bug report"). No - it's a waste of limited resources. Big scare about an insecurity in OpenSSH which did not exist
"King Cope" posted to the Full Disclosure mailing list Fri, 17 Jul 2015 21:23:36 +0000 (UTC) (according to my email system) with an exploit
and "a patch for openssh-6.9p1 that will allow to use a wordlist and any passwords piped to the ssh process to be used in order to crack passwords remotely.". By applying the patch it allows an attacker to try as many attacks as possible within the gracetime (2 minutes). The best case scenario allows an estimated 10000 attempts in that time period.
I only read it because he's usually good for a laugh, or, as is this case, a face-palm.
Which might brute force a very short (stupid) password that would fall to a small, lucky, dictionary attack. Which is why BP is to use a key.
He mentions in that email that it has been "tested against a new FreeBSD 10.1 system and older FreeBSD versions such as version 6.2.".
something that will allow the users to tighten up their configuration to deny that bug from being able to function in the first place
Tighten up what? Their SSH configurations? It is a bug in PAM that is restricted to small range of BSD versions.
Tightening up SSH, which is already as tight as it can be against the exploit unless you deliberately loosened it (as Sex Conker would recommend - but he's an idiot). Default configurations already stop the exploit (no root ssh login, all ssh logins with keys).
The exploit would only affect insecure systems that use piss poor password security - and even then only on a limited number of BSD systems.
That belief is a broken as the idea that if there's a story a cigarette lighter exploded, which causes a panic about cigarette lighters, and calls for a recall of them - turns out to be a case of someone in petrol soaked pants being injured when the cigarette lighter in their pocket exploded as a result of them falling out of a building and landing on their arse. Unfortunately they had a box of matches in the back pocket which exploded on impact, setting fire to their pants - the heat of the flames caused the cigarette lighter to explode.
The moral of the story is not - oh the panic about cigarette lighters exploding was a good thing.
It would have been a "good thing" if that energy was spent on warning people of the dangers of wearing petrol pants and falling out of windows.
It would be a "good thing" if people focused on the actual bug in PAM instead of trying to justify their earlier panic (the sky is not falling).
The coward that wrote that gibberish you're defending , who is obviously not you, is referring to what bug report?Hint: there was none, just another of King Cope's self-promoting and inflated security exploits (he also thinks robots.txt is a security hole). You fell for it, get over it.
How do you even test your source of entropy reliably? Sure you can do some statistical analysis, but if you don't even trust /dev/random, what do you trust? A chip would be less reliable IMHO than either using the kernel seeding /dev/random (at least you have control over the code) or a HAVEGE type algorithm (prediction at that level requires insane amounts of resources)
If you trust /dev/random you're off to the wrong start (and living in the past) - especially as far as credibility goes. Use /dev/urandom. Given that you only need 256 bits of entropy to get computationally secure numbers for a long, long time - the "how do you test entropy reliably" is a straw man.
There are some case where it's better to use /dev/random. This is not one of them.
Fun facts - dm-crypt uses /dev/urandom, VeraCrypt uses /dev/random and /dev/urandom (on Linux and Mac)
> fixing the configuration is trivial
So trivial that the suggested configuration change is not mentioned anywhere.
Where did you look? The summary - or your closet? If you don't run FreeBSD you don't have to change anything. If you do - try reading the referenced article. Though if you need to be told the bleeding obvious that won't fix your problem.
Links that work pls thx.
The links are recursive (they point at /.) so they'd be fuck all use at providing more information - and nothing to do with the crappy summary (SecurityWeek reports). Thanks for nothing Timothy.
Articles from the last week of SecurityWeek about HTML5 and malware 4 security flaws in MSIE, a stupid "story" about old flaws long patched,
This one - paper it's based on is here tl;dr If you don't use stupid (Silverlight, Java, Adobe, Flash) it won't matter.
Downside is, is that if the LUKS header gets corrupted or destroyed, the entire partition is lost.
To be fair - that's the downside of encryption (without regular backups). A single bit of difference means no information recovery.
Using LUKS is unlikely to measurably decrease your chances of being unable to recover information. ie. if the encrypted medium is modified you'll only ever be able to recover data. Data, that doesn't translate into useful information.
... but still, if PAM is configured with OpenSSH, a PAM bug may sometimes be mis-identified to be an OpenSSH bug
No matter if it's a PAM bug or an OpenSSH bug, a but report which points out a vulnerability is good thing for the community - something that will allow the users to tighten up their configuration to deny that bug from being able to function in the first place
Does not parse.
tl;dr Huh?
The name "Tomb" is self-defeating. The name implies that the software is already dead.
Agreed. If marketing is important.
Vault is already used by many projects. I'd suggest ForNix - but then I do have a black sense of humour (it's latin for vault, also brothel). AbSis? another latin word with double meanings and a likelihood that it'd become the butt of jokes . CryptoPorticus? Cautus is good, but there's a possibility that if it ever failed he'd never shake the "CaughtUs" meme that would result - besides, it's a business name.
Literally the first few words say they released it yesterday.
The project has been around for some years [looks through his records]. The oldest entry reference I have is to a post in a wishlist bug report dated 31 Jan 2011. Tomb was at 0.9.0 then. (I never did work out what Jaromil actually wanted - advertising?)
Need I say more?
Can't rule that out about anything. In this case you're talking about the guy (Denis Roio) with dyne:bolic under his belt - and the "non-profit" behind it and his "campaign" to fork Debian. A self-described "researcher in philosophy of technology and software artisan". He's done at least one TED talk (I can't be bothered looking for the link).
The Tomb project is interesting and I've been following it for a while - the main thing that differentiates it from other LUKS-made-simple tools is the addition of steganography capabilities.
Despite his numerous, um, eccentricities and involvement in the rabid and vitriolic campaign against systemd, it's the code that counts. In this case it's just wrappers around dm-crypt, dm-setup and LUKS designed to make LUKS easier for people who find it difficult - and to add a few other features. Like anything else that is meant to be trusted to the same degree it should be independently audited.
Note: there are plenty of reasonable objections to systemd. Those that hold them don't demand no-one else should be able to use systemd, raise money unaccountably so a handful(?) of anonymous self-described "Unix gurus" can "fork Debian" (yeah - and I'm going to build a moon mission in my basement). Or use threats/trolling/FUD.That would be more like an NSA style campaign to divide the Linux community and keep their existing init flaw backdoors in place on hard-to-get-to systems.
Cue the usual sock-puppet forum flooding and disinformation [sigh]
"Caravans"? Um, we don't call them that here in the US. The "Breaking Bad" vehicle would be called an RV (recreational vehicle), and a trailer would be called a trailer. Anyway, cheers mate!
A house in a van is called a camper-van here. A trailer is what we load with rubbish to take to a tip. A house on wheels that you tow we call a caravan. What you call a trailer park we call a caravan park. A 4-wheel drive is called an RV.
"Cooking" in "trailers' parked in the "woods" is common [translates to] "Cooking" in "caravans" parked in the "bush". Have a good one buddy!
Not all "cooks" work out of caravans (what they call trailers in the USA). Chemistry labs in universities are frequently used by students, and occasionally staff, to produce illegal drugs. Even Lidcombe Analytical Labs where seized drugs are tested for court has had similar incidents.
The (Oz) Department of Agriculture, Fisheries and Forestry used to occupy a building in Barton, Canberra. In the warren of large storage rooms in the lower basement filled with old furniture and equipment a cannabis grow room was once discovered. And two separate areas where people were living. No one was charged with the grow op, and it was quietly cleaned out. Two rooms along, sharing the same ventilation system was where the Quarantine Inspection Service dog handlers worked - and they would frequently do some of the "find the sock with the pot" training in the shared basement loading bays. Must of confused the hell out of the dogs (or maybe just the trainers). Especially given the number of IT staff who worked out of rooms in the same corridors and were known for using the same carpark for sharing a quick joint at lunchtime when it was raining outside.
Several times I'd gotten out of a lift down to the basement with people that reeked of reefer and we've all had to walk past drug sniffing dogs being walked the other way along the corridors. I often wondered if AQIS detection rates at the airport could have been a little higher.
That same building is now home to the Australian Federal Police - whenever I've visited the lower basement level I've wondered whether the tradition continues.