It's good to have something for employers to find when they search for you. I like to use the same name for all of my open source development and volunteering stuff because it looks good on a resume and I've actually had potential employers remark that it was one of the things that made me stand out.
Except that's not the issue. There are plenty of sites that are "just work" equivalents of Facebook, or else have potential to be, like LinkedIn, or more focused ones like ResearchGate or CiteULike. But employers DEMAND access to the personal stuff. Otherwise there would be no problem: If an employer found a picture of you drinking or partying, then they would know to simply not take that into consideration. However, the issue is not that they do so, but it still subliminally affects them, but that they actively take it into account as part of their hiring strategy, which is why they aren't content with your LinkedIn, but demand your Facebook login info
How many employers ACTUALLY demand (or even ask) this? Sure there are news articles about it happening, but is it really that common or is it just the very few horrible employers that are getting all the headline attention? I ask because I've never run into this myself nor known anyone who has.
You do it the same was as music. The performance (actual taping) is not copy writable. The music scores, song lyrics and script are copy writable and would be licensed to the studio for use in the movie. So for example with The Matrix, the Wachowski brothers would own the copyright for the script (one may be primary, not entirely sure) and they would license the script to the studio (the same way the studio bought licenses to all the songs used in the movie). When the Wachowskis die, the script would suddenly be in the public domain so anybody could make remixes but at the same time the studio would no longer have to pay to produce more copies (nor would anyone else) except for other copy writed materials in the movie (such as background music).
The only thing I'm not sure about is the digital media stuff such as 3d models and renderings or content created by a "company" instead of a person (which in my opinion shouldn't be valid anyways, they should be owned by the CEO or something).
Well, if they've got millions of members, then each member has to do one hour a year to add it all up to millions of hours per year, so that's hardly worth talking about.
In my experience they're one of the most service-oriented groups I've come across - there's a reason that there are strong ties with the Boy Scouts, are such a large part of many disaster relief efforts, and offer so many services to members. If you want a more reasonable downside to that, point out the LDS involvement is one of the main reasons the the Scouts are still so harsh on gays and atheists, that volunteer work and in-group services often used as recruiting tools and to make it hard to leave, and their massive involvement with California's Proposition 8.
BULLSHIT. The scouts where never harsh at ALL against gays UNTIL the church took over (in the US, most other countries have no such problems with Scouting). In fact their leader hand (pre-church) specifically stated that leaders were not to instruct in the areas of sex or family values as that was outside the organization's perview.
To others: if you are considering scouting, please do not assume the Boy Scouts of America's twisted values reflect the scouting movement in the rest of the world. The US is the exception here. In fact, Scouts Canada is actively pushing the fact that we (Canadians) are completely inclusive (except apparently to Atheists, they still won't give us a straight answer about that one!).
Part of the Protestant Reformation was making the Bible available to the laity, which the Roman Catholic Church opposed.
The Roman Catholic Church opposed making the Bible available in languages other than Latin, not mass printing it.
Which from what I understand was mostly to keep control. Seeing as basically the only ones who could read latin where the priests, it pretty much meant they could "interpret" the bible however they wanted their "non-latin" (read: everyone else) to understand it. When it was translated into english, most of the english speaking crowd were shocked at the lies they were being told (read: lies == priests misquoting the bible or making shit up) and formed the protestant offshoot.
In our supermarkets (Canada) you will see a sign below some fruit with the $/kg price below it. The next type of fruit will have $/lb. I shit you not! Don't even get me started on mixing fruits (on the same damn shelf) with some having a $/lb label and some having a $/unit (with lb underneith) layout out in such a way that they look almost like a $/lb label.
You sent out walkthrough instructions? As IT you should know who has access to which servers, just have a script write and install the damn config automatically and call it a day. If an employee shows interest in it, sure, show them how it works. But to send out instructions to dozens (hundreds?) of people explaining how to do what a shell script could do in seconds is just a waste of time.
For that matter, if they can't figure out ssh-agent and.ssh/config, chances are if you just generated their public/private keys with passwords, they'd never bother removing the password anyways.
.ssh/authorized_keys is only writable by the user if you decide it should be. "chown root:root/home//.ssh/authorized_keys; chmod 755/home//.ssh/authorized_keys" and voila, only root can update your authorized_keys file. Another solution is to change the location of the authorized_keys files in/etc/ssh/sshd_config (or wherever your distro stores the settings) to something outside their home folder.
I believe fail2ban can now ban entire subnets, so if you're being attacked from China, just block China's subnet (they of course have many, but you get the idea). I think you can set it up so the first ban is for an IP, if it bans more than X from a given subnet, the whole subnet gets banned (or if you're really evil/smart, redirects to a black-hole machine with no valid logins).
One thing to remember is that for non-scripted attacks (where someone is specifically going after YOU), the instant you ban them, they realize it and work around it by either changing to a new IP or trying a different attack. If you can instead add them to a deny list or redirect them to a black hole, they will continue getting "Access Denied" and not realize their attack has already been detected and dealt with. The more information an attacker has (including "you have been banned"), the easier it is for them to get into your system.
One BIG reason not to tell them they've been banned, is if they reliably get a "banned" notice after X amount of tries/time and then suddenly they DON'T get one (because you forgot a specific attack vector), they suddenly know about know which attack to continue. It's like if midevil armor was invisible but you heard a "tink" every time you hit it. Just keep hitting it in different places until you don't hear a "tink". Now you know where to focus your attack!
For this reason, there are lots of security-conscious departments that ban SSH key access on any external-facing system.
So what your telling me is that they decided that a password that said user probably wrote on a sticky-note attached to their laptop or saved in a plaintext password is more secure than a ssh private key that MIGHT not be password protected?
If a user isn't going to properly secure an ssh private key, there is no way in hell they are going to properly protect a password!
One common senerio is a laptop with a private key being stolen from a car, lost at a mall, snagged at the bus stop, etc. You then need to go to every machine with that laptop's public key(s) (laptops can have LOTS of public keys depending on how it's set up) and remove it/them.
Isn't this a little late? Even on the west coast you only have a few hours left to read all the suggestions, weed out the jokes and goatse links (1 already on this page), pick your favorite solution and actually wrap your gift. That's assuming you've even BOUGHT the e-gift already!
I get my internet through Shaw which, unless you pay extra, uses dynamic IPs. By dynamic, I mean "technically" dynamic, but keep the same IP for at least 6-8 months at a time. Shaw also uses blacklists, one of which is Spamhaus among others. Shaw has a policy where they reject E-Mail if a SINGLE blacklist has you listed for ANY reason. Spamhaus has this annoying feature where they add all dynamic IP addresses to their blacklist. Basically, shaw is auto-blocking their own f*cking customers and nobody in the tech support chain seems to understand this.
I bet you 99.9% of tablet users don't even know you can do that. So why would the tablet companies bother putting in a feature (dual screen) that 99% of users wouldn't even know CAN be used, let alone want to?
Perhaps you didn't quite understand what I meant. Most 1TB and 2TB (and 500GB for that matter) drives cost about $100. Now say you have 3TB of data to store (not counting backups). You would probably recommend buying 7 1TB drives. 6 mirrored for 3TB of storage plus a spare in case 1 dies for $700. You could also buy 7 2TB drives which would give you 12TB of storage, enough for 3 copies of everything, plus a spare AND you'd have an extra TB of mirrored storage available ((3TB + 1TB) x 3 mirrors) == 12TB.
With the 1TB drives, you would need 2 drives in the same mirror to die. With 2TB drives, you would need 3 in the same mirror to die.
Colemak is much easier to learn with very similar letter frequency improvements. It only took me about a month to return to my original typing speed and then it just kept getting faster. Unfortunately colemak is not pre-installed in windows (even windows 7 doesn't have it), but Mac and every Linux distro have it.
If you learn colemak, then ever have to use a querty system, you will be absolutely astonished at home many of the most common keys you use are on the top and bottom rows in querty. In colemak ~80% of your keystrokes are just direct finger pushes, no moving.
(And watch soon for a review of The Unofficial Lego Builder's Guide, a book intended to help Lego users escape the tyranny of block-by-number instructions.)
An instruction book about how not to read instructions?
Slashdot Mirror
It's good to have something for employers to find when they search for you. I like to use the same name for all of my open source development and volunteering stuff because it looks good on a resume and I've actually had potential employers remark that it was one of the things that made me stand out.
Except that's not the issue. There are plenty of sites that are "just work" equivalents of Facebook, or else have potential to be, like LinkedIn, or more focused ones like ResearchGate or CiteULike. But employers DEMAND access to the personal stuff. Otherwise there would be no problem: If an employer found a picture of you drinking or partying, then they would know to simply not take that into consideration. However, the issue is not that they do so, but it still subliminally affects them, but that they actively take it into account as part of their hiring strategy, which is why they aren't content with your LinkedIn, but demand your Facebook login info
How many employers ACTUALLY demand (or even ask) this? Sure there are news articles about it happening, but is it really that common or is it just the very few horrible employers that are getting all the headline attention? I ask because I've never run into this myself nor known anyone who has.
Who said it was?
You do it the same was as music. The performance (actual taping) is not copy writable. The music scores, song lyrics and script are copy writable and would be licensed to the studio for use in the movie. So for example with The Matrix, the Wachowski brothers would own the copyright for the script (one may be primary, not entirely sure) and they would license the script to the studio (the same way the studio bought licenses to all the songs used in the movie). When the Wachowskis die, the script would suddenly be in the public domain so anybody could make remixes but at the same time the studio would no longer have to pay to produce more copies (nor would anyone else) except for other copy writed materials in the movie (such as background music).
The only thing I'm not sure about is the digital media stuff such as 3d models and renderings or content created by a "company" instead of a person (which in my opinion shouldn't be valid anyways, they should be owned by the CEO or something).
Well, if they've got millions of members, then each member has to do one hour a year to add it all up to millions of hours per year, so that's hardly worth talking about.
In my experience they're one of the most service-oriented groups I've come across - there's a reason that there are strong ties with the Boy Scouts, are such a large part of many disaster relief efforts, and offer so many services to members. If you want a more reasonable downside to that, point out the LDS involvement is one of the main reasons the the Scouts are still so harsh on gays and atheists, that volunteer work and in-group services often used as recruiting tools and to make it hard to leave, and their massive involvement with California's Proposition 8.
BULLSHIT. The scouts where never harsh at ALL against gays UNTIL the church took over (in the US, most other countries have no such problems with Scouting). In fact their leader hand (pre-church) specifically stated that leaders were not to instruct in the areas of sex or family values as that was outside the organization's perview.
To others: if you are considering scouting, please do not assume the Boy Scouts of America's twisted values reflect the scouting movement in the rest of the world. The US is the exception here. In fact, Scouts Canada is actively pushing the fact that we (Canadians) are completely inclusive (except apparently to Atheists, they still won't give us a straight answer about that one!).
what is the difference between red cross and mafia?
One takes your money or your business burns down, the other gives you money after your business burns down. Or something similar WRT broken kneecaps.
FTFY
Part of the Protestant Reformation was making the Bible available to the laity, which the Roman Catholic Church opposed.
The Roman Catholic Church opposed making the Bible available in languages other than Latin, not mass printing it.
Which from what I understand was mostly to keep control. Seeing as basically the only ones who could read latin where the priests, it pretty much meant they could "interpret" the bible however they wanted their "non-latin" (read: everyone else) to understand it. When it was translated into english, most of the english speaking crowd were shocked at the lies they were being told (read: lies == priests misquoting the bible or making shit up) and formed the protestant offshoot.
In our supermarkets (Canada) you will see a sign below some fruit with the $/kg price below it. The next type of fruit will have $/lb. I shit you not! Don't even get me started on mixing fruits (on the same damn shelf) with some having a $/lb label and some having a $/unit (with lb underneith) layout out in such a way that they look almost like a $/lb label.
You sent out walkthrough instructions? As IT you should know who has access to which servers, just have a script write and install the damn config automatically and call it a day. If an employee shows interest in it, sure, show them how it works. But to send out instructions to dozens (hundreds?) of people explaining how to do what a shell script could do in seconds is just a waste of time.
For that matter, if they can't figure out ssh-agent and .ssh/config, chances are if you just generated their public/private keys with passwords, they'd never bother removing the password anyways.
Oh no doubt, but they don't do that. Instead they instantly shit-can it.
Unless you have a bigger swarm.
Gah, stupid slashot formatting. Replace /home// with /home/_user_/
.ssh/authorized_keys is only writable by the user if you decide it should be. "chown root:root /home//.ssh/authorized_keys; chmod 755 /home//.ssh/authorized_keys" and voila, only root can update your authorized_keys file. Another solution is to change the location of the authorized_keys files in /etc/ssh/sshd_config (or wherever your distro stores the settings) to something outside their home folder.
Wait, so new admins were required to use FTP to add their public key instead of just getting an exist admin to add it for them?
I believe fail2ban can now ban entire subnets, so if you're being attacked from China, just block China's subnet (they of course have many, but you get the idea). I think you can set it up so the first ban is for an IP, if it bans more than X from a given subnet, the whole subnet gets banned (or if you're really evil/smart, redirects to a black-hole machine with no valid logins).
One thing to remember is that for non-scripted attacks (where someone is specifically going after YOU), the instant you ban them, they realize it and work around it by either changing to a new IP or trying a different attack. If you can instead add them to a deny list or redirect them to a black hole, they will continue getting "Access Denied" and not realize their attack has already been detected and dealt with. The more information an attacker has (including "you have been banned"), the easier it is for them to get into your system.
One BIG reason not to tell them they've been banned, is if they reliably get a "banned" notice after X amount of tries/time and then suddenly they DON'T get one (because you forgot a specific attack vector), they suddenly know about know which attack to continue. It's like if midevil armor was invisible but you heard a "tink" every time you hit it. Just keep hitting it in different places until you don't hear a "tink". Now you know where to focus your attack!
For this reason, there are lots of security-conscious departments that ban SSH key access on any external-facing system.
So what your telling me is that they decided that a password that said user probably wrote on a sticky-note attached to their laptop or saved in a plaintext password is more secure than a ssh private key that MIGHT not be password protected?
If a user isn't going to properly secure an ssh private key, there is no way in hell they are going to properly protect a password!
That's why you mount the target directories into the chroot as READ ONLY.
One common senerio is a laptop with a private key being stolen from a car, lost at a mall, snagged at the bus stop, etc. You then need to go to every machine with that laptop's public key(s) (laptops can have LOTS of public keys depending on how it's set up) and remove it/them.
Did you just try to defend gun ownership rights by comparing them to infectious diseases...?
Isn't this a little late? Even on the west coast you only have a few hours left to read all the suggestions, weed out the jokes and goatse links (1 already on this page), pick your favorite solution and actually wrap your gift. That's assuming you've even BOUGHT the e-gift already!
I get my internet through Shaw which, unless you pay extra, uses dynamic IPs. By dynamic, I mean "technically" dynamic, but keep the same IP for at least 6-8 months at a time. Shaw also uses blacklists, one of which is Spamhaus among others. Shaw has a policy where they reject E-Mail if a SINGLE blacklist has you listed for ANY reason. Spamhaus has this annoying feature where they add all dynamic IP addresses to their blacklist. Basically, shaw is auto-blocking their own f*cking customers and nobody in the tech support chain seems to understand this.
I bet you 99.9% of tablet users don't even know you can do that. So why would the tablet companies bother putting in a feature (dual screen) that 99% of users wouldn't even know CAN be used, let alone want to?
Perhaps you didn't quite understand what I meant. Most 1TB and 2TB (and 500GB for that matter) drives cost about $100. Now say you have 3TB of data to store (not counting backups). You would probably recommend buying 7 1TB drives. 6 mirrored for 3TB of storage plus a spare in case 1 dies for $700. You could also buy 7 2TB drives which would give you 12TB of storage, enough for 3 copies of everything, plus a spare AND you'd have an extra TB of mirrored storage available ((3TB + 1TB) x 3 mirrors) == 12TB.
With the 1TB drives, you would need 2 drives in the same mirror to die. With 2TB drives, you would need 3 in the same mirror to die.
Colemak is much easier to learn with very similar letter frequency improvements. It only took me about a month to return to my original typing speed and then it just kept getting faster. Unfortunately colemak is not pre-installed in windows (even windows 7 doesn't have it), but Mac and every Linux distro have it.
If you learn colemak, then ever have to use a querty system, you will be absolutely astonished at home many of the most common keys you use are on the top and bottom rows in querty. In colemak ~80% of your keystrokes are just direct finger pushes, no moving.
(And watch soon for a review of The Unofficial Lego Builder's Guide, a book intended to help Lego users escape the tyranny of block-by-number instructions.)
An instruction book about how not to read instructions?