Didn't know anything about Foamy the Squirrel, but this is a true story. I emailed a number of friends with the transcript back when it occurred (it's been around five years).
It wouldn't surprise me in the least if other people have gone and been as annoying as I^H^H the anonymous narrator was.
So a certain anonymous individual went into a Starbuck's one morning, a bit cranky because he had to be up earlier than usual. He spoke to the individual at the cash register...
Anon.: I'd like a medium chai, please. Register Person: Do you mean tall or grande? Anon.: I mean medium. Register Person: We don't sell a size called medium. Anon.: "Medium" is a description, not a name. You sell three sizes. I'd like the one in the middle. Register Person: We call that size "grande." Anon.: Right. Register Person: So what is it you'd like? Anon.: I'd like a medium chai, please. Register Person: You mean a "grande." Anon.: Haven't we already been through this? Register Person: I just would like to be certain. Anon.: You can be certain I'm not going to use your ridiculous trademarked name, when a descriptive adjective completely connotes my intent. Register Person: It's not a ridiculous name -- it's Italian! Anon.: Yes, and "chai" is either Chinese or Sanskrit. What's that got to do with it? The word I want in English is "medium." Register Person: Dude, what have you got against Italians? Anon.: Nothing. Well, perhaps they bear some responsibility for Madonna, but I think she's actually from New York. Register Person: Bay City, Michigan, actually. That'll be $3.50.
Actually in some of the early days of the railroads, Huntington would send his agent over to make you an offer on your property. It was typically lowball. If you refused to sell, the agent would politely say goodbye, and then the boys with the pick handles would come in and beat you and your family to death.
Then, after allowing a few days for the news to travel, they'd visit the next property owner, who would be happy to sell for the lowball price.
Today, they'd just use eminent domain (which would probably involve less physical violence) to accomplish the same end.
No, it doesn't solve the exact problem you're trying to solve.
But getting your label to distribute through them *will* increase sales, result in increased attention to your band, and support one of the major DRM-free independent-music supporting communities.
I use what is now a relatively antique Mac 450MHz G4 desktop from March of 2000.
I've added a lot of memory, and a stack of hard drives. I upgraded the optical drive from a DVD-ROM to DVD-RW a few years ago. I use an external firewire CDR when I need to burn faster.
It's still quite functional. It bogs down a bit on heavy Photoshop. I use it for development of PHP/MySQL and PHP/PostgreSQL stuff, Ruby on Rails, and even did a bit of Java/JBoss. Yeah, Java compiles slower than on my dual-core 2.8GHz Dell box at work. But it's certainly usable, and not nearly as frustrating as my previous 1GHz Dell box.
Will I be upgrading it? Probably after the next version OS release. It'd probably be nice to get some Intel dual-core goodness happening.
But, frankly, I don't do expansions and upgrades as frequently as PC users, 'cause I don't use it for gaming. So that's where the double-edged sword lives. If you want to game, it might not be the right option.
... just to fuel all manner of rumors and innuendo, I will paraphrase a highly placed source(*) who tells me that this is going to be the "Killer Feature" of the iPhone. You'll have your music in the iPod portion, the address book and calendar will all automatically integrate, plus you'll be able to carry around your full computing environment.
No word on what this means for those of us who are photographers and have hundreds of gigabytes of image files on our desktops. There may be an "offline" catalog option for the next iPhoto, along the lines of iViewMedia Pro.
(*)Yeah, well, highly-placed may be an exageration. I mean, he placed in the 50th percentile on his SATs back in the day, and he was high as a f-in kite when he made this statement to me, but other than that he's an upstanding member of our community. And he doesn't know an apple from a computer. Whatever.
Not to put on my Sneaky Zionist Propaganda hat or anything, but we don't really know how sophisticated the Israeli government's mathematics and encryption technologies are either.
Heh, we have yet to encounter even a port scan on our obscure SSH port, let alone any kind of attack, so it's safe to say that script kiddies don't want to spend the time scanning all 65,000 ports on every computer when they can get a similar yield by only harvesting those computers that answer on port 22.
True, especially since it's easier to defend against broad, repeated scans (assuming they don't have a good way of doing it from distributed hosts).
Still, I'd argue your defense isn't as much one of obscurity as it is one of heterogeneity. If everyone ran sshd on a different port, the attack vectors would be different.
t's also probably safe to assume that if someone has the intelligence to change the port that SSH is listening on that they are also clever enough to keep it up to date and securely configured.
I wasn't suggesting that you weren't keeping your sshd up to date. I was thinking more along the lines of a 0-day exploit kind of situation. The first attack scripts will go for the easy targets.
Which kind of brings me full circle. Obscurity, in this case, is more a means to heterogeneity. One powerful way of being secure is just being a little more difficult a target than the next guy. Burglars will go to the house without a dog (or without an alarm system). Sure, a determined burglar will still be able to get into a protected house, but why bother? As the marketing folks say, they'll go for the low hanging fruit.
That is, unless the fruit you're protecting is really, really juicy.
OK, I've mangled enough metaphors to traumatize an entire English Department, so I'd best stop here.
Unfortunately the soft pink human underbelly of your network is the most glaring weak point for attackers targetting your systems, and we can't really firewall their voice-boxes and fingers if we expect to keep doing business.
I often think security would be so easy if we just didn't have those darn users...
I agree that people repeat that "security by obscurity doesn't work" without really understanding the concept. I mean, what is a password but an obscured piece of information? Still, the origin of the phrase is attacking the idea that an obscured algorithm will protect you; you have to assume that an attacker will capture one of your en/de-cryption devices, and learn the algorithm.
That being said, I disagree with your assertion that 20 dictionary attacks a day is 20 times more likely to get into an SSH server than 0 dictionary attacks. If your passwords are any good, they won't get in either way.
Yes, your "obscure" port protects you from the dumber automated scripts. That could buy you a little time if a genuine vulnerability shows up in the sshd. But it's only a matter of time before the stupid scripts scan for sshd on other ports.
I still have Hamm on a backup server. I figured I went through the trouble of upgrading from Bo, so I shoudl leave it alone.
It's a mighty, mighty Pentium 75, with a whoppin' 64M of memory.
Maybe it's time to retire that box. It's just that when I want to get to it stuck out in the back of the garage, I have to cut through so many spider webs that it's a full day project.
Slashdot Mirror
Uh... nothing really "resists" entropy.
But a good working definition of life might include limiting entropy within a closed membrane (at the expense of increasing it outside).
Didn't know anything about Foamy the Squirrel, but this is a true story. I emailed a number of friends with the transcript back when it occurred (it's been around five years).
It wouldn't surprise me in the least if other people have gone and been as annoying as I^H^H the anonymous narrator was.
True story:
So a certain anonymous individual went into a Starbuck's one morning, a bit cranky because he had to be up earlier than usual. He spoke to the individual at the cash register...
Anon.: I'd like a medium chai, please.
Register Person: Do you mean tall or grande?
Anon.: I mean medium.
Register Person: We don't sell a size called medium.
Anon.: "Medium" is a description, not a name. You sell three sizes. I'd like the one in the middle.
Register Person: We call that size "grande."
Anon.: Right.
Register Person: So what is it you'd like?
Anon.: I'd like a medium chai, please.
Register Person: You mean a "grande."
Anon.: Haven't we already been through this?
Register Person: I just would like to be certain.
Anon.: You can be certain I'm not going to use your ridiculous trademarked name, when a descriptive adjective completely connotes my intent.
Register Person: It's not a ridiculous name -- it's Italian!
Anon.: Yes, and "chai" is either Chinese or Sanskrit. What's that got to do with it? The word I want in English is "medium."
Register Person: Dude, what have you got against Italians?
Anon.: Nothing. Well, perhaps they bear some responsibility for Madonna, but I think she's actually from New York.
Register Person: Bay City, Michigan, actually. That'll be $3.50.
Yes, but the saying is "up *shit* creek without a paddle."
Shit creeks don't flow very fast, and every additional second of delay is unpleasant.
exactly same situation here.
Actually in some of the early days of the railroads, Huntington would send his agent over to make you an offer on your property. It was typically lowball. If you refused to sell, the agent would politely say goodbye, and then the boys with the pick handles would come in and beat you and your family to death.
Then, after allowing a few days for the news to travel, they'd visit the next property owner, who would be happy to sell for the lowball price.
Today, they'd just use eminent domain (which would probably involve less physical violence) to accomplish the same end.
Fourteen of the eighteen provinces of Iraq are relatively peaceful
How unfortunate that the remaining four violent provinces contain 80% of the population of Iraq.
No, it doesn't solve the exact problem you're trying to solve.
But getting your label to distribute through them *will* increase sales, result in increased attention to your band, and support one of the major DRM-free independent-music supporting communities.
Yeah. But then what if they sucked?
Fact is, emusic.com will let you re-download tracks you've purchased from them in the past.
So, it's not precluded as a viable business model.
I use what is now a relatively antique Mac 450MHz G4 desktop from March of 2000.
I've added a lot of memory, and a stack of hard drives. I upgraded the optical drive from a DVD-ROM to DVD-RW a few years ago. I use an external firewire CDR when I need to burn faster.
It's still quite functional. It bogs down a bit on heavy Photoshop. I use it for development of PHP/MySQL and PHP/PostgreSQL stuff, Ruby on Rails, and even did a bit of Java/JBoss. Yeah, Java compiles slower than on my dual-core 2.8GHz Dell box at work. But it's certainly usable, and not nearly as frustrating as my previous 1GHz Dell box.
Will I be upgrading it? Probably after the next version OS release. It'd probably be nice to get some Intel dual-core goodness happening.
But, frankly, I don't do expansions and upgrades as frequently as PC users, 'cause I don't use it for gaming. So that's where the double-edged sword lives. If you want to game, it might not be the right option.
... just to fuel all manner of rumors and innuendo, I will paraphrase a highly placed source(*) who tells me that this is going to be the "Killer Feature" of the iPhone. You'll have your music in the iPod portion, the address book and calendar will all automatically integrate, plus you'll be able to carry around your full computing environment.
No word on what this means for those of us who are photographers and have hundreds of gigabytes of image files on our desktops. There may be an "offline" catalog option for the next iPhoto, along the lines of iViewMedia Pro.
(*)Yeah, well, highly-placed may be an exageration. I mean, he placed in the 50th percentile on his SATs back in the day, and he was high as a f-in kite when he made this statement to me, but other than that he's an upstanding member of our community. And he doesn't know an apple from a computer. Whatever.
Because both the United States and Russia blew up hundreds, if not thousands of atomic and hydrogen bombs during testing?
All within a ten minute window?
No one will ever need more than 640k^H^H processors.
Not to put on my Sneaky Zionist Propaganda hat or anything, but we don't really know how sophisticated the Israeli government's mathematics and encryption technologies are either.
Good point. Shiny rocks have a much lower functionality/dollar rating.
In fact, the shiny rocks have close to no intrinsic functionality or value.
Isn't this already being done (at least in theory) for Web 2.0 stuff? Fergzample, at cambrianhouse.com.
No prizes, but royalties. They're looking for community coders, too, which I think is the limiting factor.
Still, an interesting idea. Dunno if it actually has any realworld promise, but an interesting idea.
"Irony is like goldy and bronzy, only it's made of iron."
-- Baldric
If only all those nations had had better Armour... er... armo-- more fuckin' armaments!
Napalm is an anti-personnel weapon. If you're wanting to burn down buildings, it's the wrong tool.
Everyone knows that global warming deflates the heliopause. I mean, like duh!
Or was it the other way around?
What I meant to say was:
I've mangled more metaphors than a bull in a china shop, so I'll park it on a dime here, and let it go to pasture.
Or something along those lines.
Heh, we have yet to encounter even a port scan on our obscure SSH port, let alone any kind of attack, so it's safe to say that script kiddies don't want to spend the time scanning all 65,000 ports on every computer when they can get a similar yield by only harvesting those computers that answer on port 22.
True, especially since it's easier to defend against broad, repeated scans (assuming they don't have a good way of doing it from distributed hosts).
Still, I'd argue your defense isn't as much one of obscurity as it is one of heterogeneity. If everyone ran sshd on a different port, the attack vectors would be different.
t's also probably safe to assume that if someone has the intelligence to change the port that SSH is listening on that they are also clever enough to keep it up to date and securely configured.
I wasn't suggesting that you weren't keeping your sshd up to date. I was thinking more along the lines of a 0-day exploit kind of situation. The first attack scripts will go for the easy targets.
Which kind of brings me full circle. Obscurity, in this case, is more a means to heterogeneity. One powerful way of being secure is just being a little more difficult a target than the next guy. Burglars will go to the house without a dog (or without an alarm system). Sure, a determined burglar will still be able to get into a protected house, but why bother? As the marketing folks say, they'll go for the low hanging fruit.
That is, unless the fruit you're protecting is really, really juicy.
OK, I've mangled enough metaphors to traumatize an entire English Department, so I'd best stop here.
Unfortunately the soft pink human underbelly of your network is the most glaring weak point for attackers targetting your systems, and we can't really firewall their voice-boxes and fingers if we expect to keep doing business.
I often think security would be so easy if we just didn't have those darn users...
I agree that people repeat that "security by obscurity doesn't work" without really understanding the concept. I mean, what is a password but an obscured piece of information? Still, the origin of the phrase is attacking the idea that an obscured algorithm will protect you; you have to assume that an attacker will capture one of your en/de-cryption devices, and learn the algorithm.
;)
That being said, I disagree with your assertion that 20 dictionary attacks a day is 20 times more likely to get into an SSH server than 0 dictionary attacks. If your passwords are any good, they won't get in either way.
Yes, your "obscure" port protects you from the dumber automated scripts. That could buy you a little time if a genuine vulnerability shows up in the sshd. But it's only a matter of time before the stupid scripts scan for sshd on other ports.
Then you'll have to switch to port knocking
I still have Hamm on a backup server. I figured I went through the trouble of upgrading from Bo, so I shoudl leave it alone.
It's a mighty, mighty Pentium 75, with a whoppin' 64M of memory.
Maybe it's time to retire that box. It's just that when I want to get to it stuck out in the back of the garage, I have to cut through so many spider webs that it's a full day project.