Run Carbon Black on her machine and you'll know absolutely everything that happens on the machine. Combine it with a good antivirus like ESET and you'll at least know definitively when the machine is infected.
Add to this a small server and setup her machine to do diskless network boot, and you're all set. Even if she gets infected, you know exactly what happened and all you need to do to fix it is reboot, and it will pull down a fresh uninfected image and boot that. See the howto here.
I think you're referring to Russia Today, not Russia Times, aka RT. They are a state-owned news service controlled by Rospechat. They are not even remotely independent. If you're looking for news from a Russian news source, I would recommend Novaya Gazeta. They are staff-owned (a rarity in the Russian Federation).
We kids have no idea what its like upgrading thousands of computers at work because unlike you, grandpa, we use [Ansible / Salt / Chef / CFEngine / Puppet]. And making changes to thousands and thousands of machines takes seconds to send out to all of them. A bit more time to verify, and any that are stuck can be rebuilt from scratch in a few more moments without even worrying about why it didn't work the first time.
Second point: why would you need some kind of interface to your firewall rules. Its a text file. Learn the syntax and keep in in version control. Then have the back end of version control push the change out through the programs that I just mentioned.
This paper does still count for your request, since it has an English language online version - Novaya Gazeta from Russia. This is one of the trustworthy news sources from Russia. Most news outlets in Russia are state owned, but this one is a rare occurrence of the paper's staff controlling 51%. This, however, is not the reason why I find the paper trustworthy. It is a bit of a grim statistic, but Novaya Gazeta has more journalists killed than any other news outlet in Russia. The majority of whom were either murdered by the state, or at least the state turned a blind eye to their death.
This next one is Russian-language only, and a radio station in Moscow. But it is a fairly good, unbiased news source. It's called Echo Moskvy or Echo of Moscow.
Unfortunately, one of the best English language news sources in Moscow, The eXile, closed its doors a few years ago. There are two possible reasons: one, that the paper was harassed into closing by the government. Or that the editor, Mark Ames, was tired and used some light harassment from the government as an excuse to close shop. Either way, it used to be a good source of insanely funny gonzo journalism with a constant streak of hard-hitting honest journalism.
The ideas that are put forward in the section "Is advertising rational?" are very interesting. They seem related in some way to what happens in biology, specifically evolution and sexual selection. The process of exponential growth in female preference seems to me to be similar to the advertising process. The male grows some fairly useless appendage such as a plume of feathers or antlers that is basically a waste of energy, but a public and visible waste of energy. This demonstrates to the female that the male is healthy enough that he can expend this energy and still have offspring. Females then select males with larger of these appendages creating an evolutionary force that increases the size of the appendage to a point of equilibrium in the population. In advertising, the act of spending money on advertising demonstrates the health of the company rather than serving a more direct purpose.
You can also use AWS, Azure, HPCloud, Rackspace, or others and pay a few cents per hour for the server only when you need it. Spin it up when you go on holiday, and destroy it when you come back home.
This would not work. All the firewalls that I've encountered are configured to only allow UDP port 53. If you just have ssh listen on port 53 it will still be blocked because ssh uses TCP.
To do it properly, you really need to have the correct client and server that will make real DNS or ICMP packets that contain your data as a payload.
Why pay? Connect to their access point and tunnel all of your traffic over DNS or ICMP. The firewalls that they use rarely block ICMP and almost never block UDP port 53. All you need is to have a client installed on your machine and run a server out on the interwebs somewhere that is running the right server software and acts as a proxy. The tech to do this has been around for quite a while, and most linux distros have the clients and servers in their repositories. The main system used for DNS is called iodine and there are two different, very good ICMP tunnels that I know of. One is here and another here. If you search through your favorite linux or BSD distro's repository search for "ip over icmp" or "ip over dns" and you'll find what you need.
Not sure that I entirely agree. Keeping a hosts file up-to-date introduces a security vulnerability. The hosts file can do much more damage than a list kept by a browser plugin. Additionally, I'm not convinced that what you're saying is true (it could be your presentation that is poor: next time use English sentences, you will convey your point in a more clear way).
When you enter a URL in the browser, it issues a GET request, then the plugin parses the response and allows the browser to make subsequent requests depending on the list it keeps. As long as you're not keeping too large a list, it shouldn't impact the speed of your browser.
From a security and sandboxing perspective this paradigm is much more secure than running all the variety of services on one instance or server. If you use FreeBSD jails it becomes even more secure because each jail only has the resources and libraries available to run the single application that you want to run. The whole resource argument is a non-starter. You are thinking in terms of old hypervisors that don't do memory deduplication. Most all modern virtualization environments do this and allow you to run a very large number of VMs with very little cost. There is a great video from ShmooCon this year that describes this technology excellently. You should fast forward to 6:33 to skip straight to the pertinent section of the talk. Then fast forward to 24:50 to see a demonstration of this technology in action (KVM's version).
I haven't seen ads or trackers for a very long time. Every once in a blue moon one slips through my combination of AdBlock and Ghostery, but I always report it so they can add it to the block list. All I see is a little number representing how many cooties were blocked for the page I'm on. Hopefully everyone does something like this and the commercial internet dries up and withers away.
Just to reiterate this. Everything is basically tainted at this point. We need to redo tons of standards and we need to exclude the US government from having a seat at the table.
Nobody is completely safe. Even OpenBSD. In light of these new Snowden docs, the following post by the OpenBSD author makes quite a lot of sense. Theo is accusing certain developers of being paid to backdoor the OpenBSD IPSEC stack dating back to 2000/2001 which coincides with the current revalations.
I use Chrome on Kubuntu which does store its passwords in Kwallet. However, kwallet can have multiple wallets. You are not being forced to store Chrome's passwords in the same wallet that the system stores its passwords at all. The new secretservice libraries and utilities are not stable yet, but when they are, the back end storage for kwallet will be the same back end as gnome.
If you're playing a file locally, there won't be any packets for you to inspect with wireshark. The browser is opening a file handle and reading data from the file handle.
They definitely don't want you to be able to stream your own content. There's a chance that your own content includes pirated stuff, so that will never happen.
Slashdot Mirror
You may want to pose that question to Netflix. They account for about 1/3 of the traffic on the internet and all that traffic is served from FreeBSD servers.
Also, Mac OS X is essentially a fork of FreeBSD.
The OS on all Juniper equipment is a modified version of FreeBSD.
The Playstation 3 and 4 OS are both modified FreeBSD.
Plus more.
Run Carbon Black on her machine and you'll know absolutely everything that happens on the machine. Combine it with a good antivirus like ESET and you'll at least know definitively when the machine is infected.
Add to this a small server and setup her machine to do diskless network boot, and you're all set. Even if she gets infected, you know exactly what happened and all you need to do to fix it is reboot, and it will pull down a fresh uninfected image and boot that. See the howto here.
I think you're referring to Russia Today, not Russia Times, aka RT. They are a state-owned news service controlled by Rospechat. They are not even remotely independent. If you're looking for news from a Russian news source, I would recommend Novaya Gazeta. They are staff-owned (a rarity in the Russian Federation).
But news from facebook is not first person. It's just your friends posting links to those same news sources that you're complaining about.
Hi there. This is how OpenBSD's PF has always worked. Linux needs to catch up to the times.
You can.
1) Use OpenBSD
2) Use FreeBSD
3) Use Debian with a FreeBSD kernel. This is debian and the kernel has PF. You get everything you want.
We kids have no idea what its like upgrading thousands of computers at work because unlike you, grandpa, we use [Ansible / Salt / Chef / CFEngine / Puppet]. And making changes to thousands and thousands of machines takes seconds to send out to all of them. A bit more time to verify, and any that are stuck can be rebuilt from scratch in a few more moments without even worrying about why it didn't work the first time.
Second point: why would you need some kind of interface to your firewall rules. Its a text file. Learn the syntax and keep in in version control. Then have the back end of version control push the change out through the programs that I just mentioned.
You're getting old. Its probably time to retire.
Yes. Exactly. Actually its the Comcast peacock now.
This paper does still count for your request, since it has an English language online version - Novaya Gazeta from Russia. This is one of the trustworthy news sources from Russia. Most news outlets in Russia are state owned, but this one is a rare occurrence of the paper's staff controlling 51%. This, however, is not the reason why I find the paper trustworthy. It is a bit of a grim statistic, but Novaya Gazeta has more journalists killed than any other news outlet in Russia. The majority of whom were either murdered by the state, or at least the state turned a blind eye to their death.
This next one is Russian-language only, and a radio station in Moscow. But it is a fairly good, unbiased news source. It's called Echo Moskvy or Echo of Moscow.
Unfortunately, one of the best English language news sources in Moscow, The eXile, closed its doors a few years ago. There are two possible reasons: one, that the paper was harassed into closing by the government. Or that the editor, Mark Ames, was tired and used some light harassment from the government as an excuse to close shop. Either way, it used to be a good source of insanely funny gonzo journalism with a constant streak of hard-hitting honest journalism.
The ideas that are put forward in the section "Is advertising rational?" are very interesting. They seem related in some way to what happens in biology, specifically evolution and sexual selection. The process of exponential growth in female preference seems to me to be similar to the advertising process. The male grows some fairly useless appendage such as a plume of feathers or antlers that is basically a waste of energy, but a public and visible waste of energy. This demonstrates to the female that the male is healthy enough that he can expend this energy and still have offspring. Females then select males with larger of these appendages creating an evolutionary force that increases the size of the appendage to a point of equilibrium in the population. In advertising, the act of spending money on advertising demonstrates the health of the company rather than serving a more direct purpose.
You can also use AWS, Azure, HPCloud, Rackspace, or others and pay a few cents per hour for the server only when you need it. Spin it up when you go on holiday, and destroy it when you come back home.
This would not work. All the firewalls that I've encountered are configured to only allow UDP port 53. If you just have ssh listen on port 53 it will still be blocked because ssh uses TCP.
To do it properly, you really need to have the correct client and server that will make real DNS or ICMP packets that contain your data as a payload.
Why pay? Connect to their access point and tunnel all of your traffic over DNS or ICMP. The firewalls that they use rarely block ICMP and almost never block UDP port 53. All you need is to have a client installed on your machine and run a server out on the interwebs somewhere that is running the right server software and acts as a proxy. The tech to do this has been around for quite a while, and most linux distros have the clients and servers in their repositories. The main system used for DNS is called iodine and there are two different, very good ICMP tunnels that I know of. One is here and another here. If you search through your favorite linux or BSD distro's repository search for "ip over icmp" or "ip over dns" and you'll find what you need.
This article sounds like the DICKS plugin for nmap that was described in this issue of hakin9. This was a beautiful trojan horse.
Not sure that I entirely agree. Keeping a hosts file up-to-date introduces a security vulnerability. The hosts file can do much more damage than a list kept by a browser plugin. Additionally, I'm not convinced that what you're saying is true (it could be your presentation that is poor: next time use English sentences, you will convey your point in a more clear way).
When you enter a URL in the browser, it issues a GET request, then the plugin parses the response and allows the browser to make subsequent requests depending on the list it keeps. As long as you're not keeping too large a list, it shouldn't impact the speed of your browser.
From a security and sandboxing perspective this paradigm is much more secure than running all the variety of services on one instance or server. If you use FreeBSD jails it becomes even more secure because each jail only has the resources and libraries available to run the single application that you want to run. The whole resource argument is a non-starter. You are thinking in terms of old hypervisors that don't do memory deduplication. Most all modern virtualization environments do this and allow you to run a very large number of VMs with very little cost. There is a great video from ShmooCon this year that describes this technology excellently. You should fast forward to 6:33 to skip straight to the pertinent section of the talk. Then fast forward to 24:50 to see a demonstration of this technology in action (KVM's version).
I haven't seen ads or trackers for a very long time. Every once in a blue moon one slips through my combination of AdBlock and Ghostery, but I always report it so they can add it to the block list. All I see is a little number representing how many cooties were blocked for the page I'm on. Hopefully everyone does something like this and the commercial internet dries up and withers away.
FAQ much? There is no central source repository for OpenZFS. Each supported operating system has it's own repository. The previous also has a link to the source tree for each of the supported projects under the umbrella.
Just to reiterate this. Everything is basically tainted at this point. We need to redo tons of standards and we need to exclude the US government from having a seat at the table.
Nobody is completely safe. Even OpenBSD. In light of these new Snowden docs, the following post by the OpenBSD author makes quite a lot of sense. Theo is accusing certain developers of being paid to backdoor the OpenBSD IPSEC stack dating back to 2000/2001 which coincides with the current revalations.
Theo de Raadt's post to the openbsd-tech mailing list.
I use Chrome on Kubuntu which does store its passwords in Kwallet. However, kwallet can have multiple wallets. You are not being forced to store Chrome's passwords in the same wallet that the system stores its passwords at all. The new secretservice libraries and utilities are not stable yet, but when they are, the back end storage for kwallet will be the same back end as gnome.
I predict that this will advance the science of cyberdildonics to the max. I can see all sorts of uses for this type of thing.
If you're playing a file locally, there won't be any packets for you to inspect with wireshark. The browser is opening a file handle and reading data from the file handle.
Do you have a Roku? You can't stream your own content with Roku either, so it essentially the same, just a different manufacturer.
They definitely don't want you to be able to stream your own content. There's a chance that your own content includes pirated stuff, so that will never happen.