The question is do people really want the lack of personalization that anonymity implies.
Turn on anonymity and get google in a random language, based on the country of the proxy server you are connecting to google from, or get search results that are skewed based on what you have searched for and to a lesser extent, what has been searched for from your ipaddress. If a slashdot searches on google for boa, one of the top results is an IDE for python. I suspect that for a user that spends most of their time searching for the interests of seven year olds they could get a harry potter link in the top ten.
For a website that makes no personalization, and is just looking to scrape data to sell to advertisers, sure, there is basically no reason not to use anonymization software.
The reason that google gets so much information is that their services work better if you give them a fair amount of information, The fact that they do this quietly without you having to click a million checkboxes is viewed as a good thing by people that are stressed for time.
The viability of anonymization is very dependent on what the user is doing, and which sites they are using. The problems for people promoting anonymity also include: anonymizing tends to be slower than regular browsing (tor, for example); Anonymization tends to be work; Most people, most of the time, don't care about their surfing habits.
Another problem is the lack of awareness that the net is not all love and happiness. For example, most reporters, including several linux focused reporters, first reported that the solution to firesheep was to use WEP, without understanding that as soon as the packet goes out on the net it is at least as vulnerable as an unprotected wireless lan, and possibly more so, as wireless networks are somewhat more unstable due to electrical interference an dpor signal quality on a lot of wireless networks.
I just don't see how anonymous browsing gets traction, unless there is civil unrest NATO countries, or some other compelling external event to make people care about their privacy.
I don't mean to be a downer, but I have watched a lot of not too difficult things never catch on. (https on all authenticated connections, pgp, tor, personalized certificates, and more)
The article is complaining about the fact that if you type in goog in the search bar, the first two inches are the top result of google finance, if you type in 1 + 1 you get the result of google calculator, and if you type in an address you get the first google map entry, followed by the search results.
There is no accusation about the search results themselves being doctored.
If you search for goog above of the search results you have links to Google Finance, Yahoo Finance, MSN Money, Daily Finance, CNN Money, and Reuters. These links are the "hard-coded bias". They show up in the same place as ads in other searches.
You seem to be misled by your prejudices into reading things that are not there.
The article that you pointed to claims that there is no bias in google search results other than the little box at the top of certain searches like addresses, and stock quotes, that most people would be upset if they went away.
Most people have a hard time figuring out how showing a google map of an address after someone searches for an address is biasing the search results.
This will mean that the person that has to clean up after you, does not have to start with ripping out all the wiring.
Second, set up a wiki for documentation so the person that comes in after you doesn't have to rip and replace because it is cheaper and quicker than figuring out what you have done.
Third, install network monitoring software such as opennms. (if you have a choice between one $1,500 server and two $500 servers go with the two $500 servers)
Fourth, do a netwok audit of all hardware and what software is on that hardware.
Fifth, price out what it will cost to bring your organization into compliance, if you are in the US and not a 501(c)3 this will probably be expensive.
Sixth, install project management issue tracking software, I use recommend redmine.
Now you are ready to start doing your job. (or at least you have not made the situation worse, and could possibly contract out your job.)
Yep, true dat. I remember when Adobe Reader first came out, it was the cat's ass - lightweight, did it's job, nothing else. In fact at one time PDFs were used to avoid those infamous MS-Word viruses that spread in the '90's. Now it's suffering from the same feature creep that affects every other (commercial) software vendor - add features or else you don't think you're "adding value". And those new features carry with them all manner of attack vectors and vulnerabilities.
Which is why I don't think vi will suffer the same fate. I'm not an avid follower of it's development, I just use it, but it seems to me that they're keeping it pretty much the way it was intended to be.
Although vim keeps adding new features, and nvi has had a security vulnerability as recently as 2008.
It's also fine and dandy if you have an in-house systems engineering team who can hack anything from the kernel through the app layer.
But how much does it cost your employer to maintain that full time, full service, in-house team?
Probably the same as it would cost someone from outside, but if it is in house, there is minimal sales and marketing overhead. (Oh, and the outside vendor probably wants to turn a profit as well.)
No, it's just that if you are sued for infringement, the burden is on the plaintiff to prove that you infringed; his mere assertion would not be enough. This hasn't got anything to do with downloading in the abstract, but is just how one goes about proving a specific case of infringement. No one presumes that murder is legal, but it is still the obligation of a prosecutor to prove that the accused committed the murder. It's the same sort of thing.
Let me try and clarify: Downloading a file from the internet is presumed to be legal. If the copyright holder can prove that you downloaded something from the internet, that is not enough to prove that you committed copyright infringement. The copyright holder must also demonstrate that you did not have permission to download the file.
If you distribute a file, it is presumed to be copyright infringement, if you are not the copyright holder. As the party doing the distribution you have to show that you have a licence to distribute the software.
In otherwords, the copyright holder has to make two points on downloads, 1) That it happened. 2) That there was no permission. While on uploads, the copyright holder only has to prove that the upload happened. The party that uploads the file has to explain why this is allowed, not the copyright holder.
If this is correct, it seems that pragmatically, one would go after the file uploaders more often than downloaders as the case is easier to make.
Copyright is about whether or not a person has a right to make a copy of something. By downloading a song, you are creating a new copy. If you are not given the right to do this, it is copyright infringement.
Whether or not the concept of copyright is beneficial to society is a completely different argument, and I personally agree that the current limits on length of copyright need to be revisited. However, downloading music that is still under copyright without the copyright holder's permission is blatant copyright infringement, and a violation of the law.
A quick search showed that the download situation is one of those, it depends on the specific facts part of the law. With at least one case going on the idea of "Did the person downloading know that they did not have permission from the copyright owner?" (The jury declared yes, and ergo it was infringement.)
If I am reading the law correctly, downloading is presumed to be legal, so for downloading the burden of proof is on the copyright holder, but if the copyright holder crosses the burden of proof, parent is then correct.
That doesn't matter at all. It's still infringement, just (I believe) potentially criminal.
Besides, people would sell downloaded music if they could get away with it -- but people won't buy it. In fact you'd see more illegal downloading if people could turn around and sell it.
IINAL.
That said, my understanding is you are WRONG.
Downloading songs is not a copyright violation, it is uploading the songs that is a copyright violation.
Peer to peer networks generally require you to upload part of the file while you are downloading the file, it is the uploading portion that is getting you in trouble.
This is also why the "making available" theory is is so popular with the RIAA, because if you put up a song, but nobody downloads it, did you violate the copyright, or were you willing to violate the copyright, but never actually violated the copyright? Currently the law is leaning against the RIAA, but they are trying to change that.
Selling works copyrighted by somebody else, without permission, is the most egregious violation of copyright law.
If you distribute something for free, that nobody would be willing to pay for, what is the monetary harm that you have caused? This is a question that the RIAA has gotten very good at answering, but you will need to answer it if you want to succeed in a copyright violation suit.
Also, based on the piratebay top 100 statistics people seem to be sharing more video that music.
So, the corrected version of the great grandparents post should probably read:
Seriously, though, I'll bet half the folks complaining on Facebook have illegally uploaded videos themselves.
Apparently someone doesn't know what the term "beta" means.
Very few people do anymore, what with Google releasing all of their products with the "Beta" label and never, ever releasing a production version of anything;)
IIRC, Google's definition of beta is "not showing a profit"
Never? Really? I thought the goal of most corporations was to make as much money as possible. Or are you claiming to have read every single corporation charter that is in existence and zero of them stated the goal was to make as much money as possible?
Or are you possible confusing the term "never" with "not always"?
Grand parent probably should have said rarely is the goal "make as much money as possible".
I cannot recall seeing "make as much money as possible" in any sample corporate documents, as a matter of fact having that in your corporate charter seems like a really stupid thing to do as your share holders would seem to have an almost cart blanch reason to sue, you made 800% ROI this quarter, but you know you might have been able to eek out an extra 5% so off to court.
I wonder if the book covers how to hack JomSocial?;)
http://www.exploit-db.com/exploits/15164/
Having sifted through Joomla extension exploit reports, and found a lot of false reports, I will say that this report looks real http://www.exploit-db.com/exploits/15164/
I would also suspect that on various versions of php, it should be possible to guess the file name of the upload, even if the display index feature is disabled n the webserver, so the workaround may not be as useful as it is suggested.
I have not looked at the code, but I suspect that one could make an educated guess about the file name if one uploaded a couple videos.
I guess the moral is that if you are using jomsocial, UPGRADE.
And Oracle has the people who actually know the code.
I would guess that Novell has people that know the spreadsheet code better than Oracle.
Whatever you think about Miguel's Microsoft fascination that caused him to clone C# with mono, he wrote gnumeric which is a more accurate clone of excel, and most of the improvements to the openoffice.orgs spreadsheet seem to have come from Miguel.
My guess is that libreoffice will have a much better spreadsheet program than openoffice in short order, most of the features that Staroffice has that Openoffice does not have will be in libreoffice in the next couple months.
Sun's insistence that Openoffice be crippleware means that a lot of people know the code enough to add at least some of the missing features.
Seriously though, what other reason do we need this besides spying on people? I can see it would make logistics easier. No need to give microphones to each person who might need to talk on camera, just mic up the whole room and then dial in on whoever you want to listen to.
Especially a sporting event like Soccer (football to you non US/Canadians) where there is no real way to mike the participants.
Actually most pro sports could have this work for them, Then again in baseball this could be the ultimate home field advantage. (on the batter when the visitors are batting, and on the pitchers mound while the home team is batting)
I suspect the next NFL stadium will have this tech built into it.
Why in the devil do you have ssh available to the world?
I almost automatically moderated this up, but decided instead to respond.
ssh is Secure Shell. It is supposed to be a secure method of accessing a system (remote or otherwise). It does this job well.
So well, in fact, that there are computers out there whose job it is to bounce username/password combos off machines, slowly, in order to attempt to compromise them. Some (most?) of these machines are simply poorly secured systems that have been previously compromised, and are now doing the bidding of an outside force. Many of these "compromised hosts" can act in concert, spreading the attacks out not only over time, but also over IPs, making them difficult to detect and/or block.
One solution is to watch vigilantly for these attacks, and block the IP addresses of those machines from your ssh port, or (as is more common) to block them from touching your network at all. Those machines will get lonely, eventually...
Another solution is to implement some other form of security, either replacing the default security (using ssh keys instead of passwords, for example), or augmenting (read: hiding) it (using port-knocking, non-standard ssh ports, etc). These methods can be combined, to make an even more secure system.
Unfortunately for all of these methods, the average user is unable or unwilling to perform them, due to complexity. Unfortunately for all of us, the moment it becomes simple enough for the average user to figure out (and thus use) these methods, there will be an exploit that attacks the newly-simplified access method.
In short, having sshd open to the world, on the standard port, is probably an indication that a system can be broken into more easily than one which does not appear to be running sshd on the standard port. This really says not much about the security of the system itself, and the only reason to secure your ssh more than the default configuration already is (valid username/password required) is to keep from having huge log files full of failed attempts to crack into your system.
Personally, I use a combination of several of the ideas I offered above, because I am lazy and hate reading logfiles, especially when it seems critical that I must do so (30 attempts to crack my ssh key in an hour? bad monkey, no cheeto!) It is much easier, less stressful, and not time-consuming in the slightest to have my firewall simply drop all packets destined for port 22.
It was pointed out on the freebsd security mailing list that changing the port of sshd is only a stop gap, what you need is a way to deal with a large number of invalid attempts to log into the machine via ssh.
Eventually, what ever port you have sshd running on will come under attack, and it would be best to have a plan for how to handle the malicious traffic.
The best advice is move sshd off of port 22, establish and configure your IDS and response, move sshd back to port 22.
Would it be theoretically possible for him to walk into the court, and pay in cash?
Assuming such an amount of money (~870 billion) could be printed in bills, would it fit in the largest courtroom of the US. Assuming it would fit, there's the even more significant issue of weight; that amount of paper might well destroy the floors of the building by sheer weight alone. (on the plus side, that would mean more space to fit more money into).
I once calculated something similar for Bill Gates' fortune expressed in the largest bills one could get from an ATM in the Netherlands. It amounted to about 26 large shipping containers, limited by weight not volume. I forget the number of special heavy-cargo shipping containers you'd need, but it was still be limited by weight.
In short; I highly doubt any courtroom would have the physical capacity to hold that much money.
Well, if they went on a printing spree of 10,000 dollar bills, (not printed in over 60 years) you could get your 870 billion in about 93 cubic meters, which should fit in most court rooms, with a little room left over. If you were forced to use hundred dollar bills, I suspect it would take about 70 average court rooms to hold them.
Ironically, I came to read the comments here while waiting for my webmail to load. By the time I finished reading these comments, the spinner on my other tab had stopped. The result?
Request Timed Out.... Version Information: Microsoft.NET Framework Version:2.0.50727.3607; ASP.NET Version:2.0.50727.3614
The parent is right. I try not to get involved in platform wars, but the same hardware running windows + mssql + iis + asp.net simply cannot keep up with any *nix + mysql + apache + php stack....
Hmm, too bad that Wordpress doesn't run apache, they run nginx.
Last time I investigated this you really can get a prepaid debit card from your local check cashing place that is not FDIC insured, does not pay interest, and charges you a fee every time you use it.
Governmental agencies are pretty incompetent, and wasteful. That does not mean that they serve no purpose.
If it was not for that government agency you would have had the ACH deposit reversed, and then not got any money for many months.
The FDIC did not undo that transaction, your bank did, because it was no longer cleared (guaranteed). I have seen several attempts to steal money from an institution just before the SPIC took over institutions. I would assume that there are controls at the FDIC that are designed to prevent the bankers from stealing money.
Seconded this. PNC lets me have three months back for free--anything past that I have to request. The request fee, however, is static--it doesn't change based on how much material you want. If you're concerned about your info, you might try to go this route even if you end up switching banks. Last time I checked the fee was modest ($5).
At most US banks, fees are negotiable and somewhat arbitrary, so if you ask for a fee to be waived you have a reasonable chance that it will be waived.
Slashdot Mirror
The question is do people really want the lack of personalization that anonymity implies.
Turn on anonymity and get google in a random language, based on the country of the proxy server you are connecting to google from, or get search results that are skewed based on what you have searched for and to a lesser extent, what has been searched for from your ipaddress. If a slashdot searches on google for boa, one of the top results is an IDE for python. I suspect that for a user that spends most of their time searching for the interests of seven year olds they could get a harry potter link in the top ten.
For a website that makes no personalization, and is just looking to scrape data to sell to advertisers, sure, there is basically no reason not to use anonymization software.
The reason that google gets so much information is that their services work better if you give them a fair amount of information, The fact that they do this quietly without you having to click a million checkboxes is viewed as a good thing by people that are stressed for time.
The viability of anonymization is very dependent on what the user is doing, and which sites they are using. The problems for people promoting anonymity also include: anonymizing tends to be slower than regular browsing (tor, for example); Anonymization tends to be work; Most people, most of the time, don't care about their surfing habits.
Another problem is the lack of awareness that the net is not all love and happiness. For example, most reporters, including several linux focused reporters, first reported that the solution to firesheep was to use WEP, without understanding that as soon as the packet goes out on the net it is at least as vulnerable as an unprotected wireless lan, and possibly more so, as wireless networks are somewhat more unstable due to electrical interference an dpor signal quality on a lot of wireless networks.
I just don't see how anonymous browsing gets traction, unless there is civil unrest NATO countries, or some other compelling external event to make people care about their privacy.
I don't mean to be a downer, but I have watched a lot of not too difficult things never catch on. (https on all authenticated connections, pgp, tor, personalized certificates, and more)
The article is complaining about the fact that if you type in goog in the search bar, the first two inches are the top result of google finance, if you type in 1 + 1 you get the result of google calculator, and if you type in an address you get the first google map entry, followed by the search results.
There is no accusation about the search results themselves being doctored.
If you search for goog above of the search results you have links to Google Finance, Yahoo Finance, MSN Money, Daily Finance, CNN Money, and Reuters. These links are the "hard-coded bias". They show up in the same place as ads in other searches.
You seem to be misled by your prejudices into reading things that are not there.
The article that you pointed to claims that there is no bias in google search results other than the little box at the top of certain searches like addresses, and stock quotes, that most people would be upset if they went away.
Most people have a hard time figuring out how showing a google map of an address after someone searches for an address is biasing the search results.
First Get the Zwicky book and follow the pretty pictures that do NOT have the universal no symbol next to them.
http://oreilly.com/catalog/9781565928718
This will mean that the person that has to clean up after you, does not have to start with ripping out all the wiring.
Second, set up a wiki for documentation so the person that comes in after you doesn't have to rip and replace because it is cheaper and quicker than figuring out what you have done.
Third, install network monitoring software such as opennms. (if you have a choice between one $1,500 server and two $500 servers go with the two $500 servers)
Fourth, do a netwok audit of all hardware and what software is on that hardware.
Fifth, price out what it will cost to bring your organization into compliance, if you are in the US and not a 501(c)3 this will probably be expensive.
Sixth, install project management issue tracking software, I use recommend redmine.
Now you are ready to start doing your job. (or at least you have not made the situation worse, and could possibly contract out your job.)
Yep, true dat. I remember when Adobe Reader first came out, it was the cat's ass - lightweight, did it's job, nothing else. In fact at one time PDFs were used to avoid those infamous MS-Word viruses that spread in the '90's. Now it's suffering from the same feature creep that affects every other (commercial) software vendor - add features or else you don't think you're "adding value". And those new features carry with them all manner of attack vectors and vulnerabilities.
Which is why I don't think vi will suffer the same fate. I'm not an avid follower of it's development, I just use it, but it seems to me that they're keeping it pretty much the way it was intended to be.
Although vim keeps adding new features, and nvi has had a security vulnerability as recently as 2008.
It's also fine and dandy if you have an in-house systems engineering team who can hack anything from the kernel through the app layer.
But how much does it cost your employer to maintain that full time, full service, in-house team?
Probably the same as it would cost someone from outside, but if it is in house, there is minimal sales and marketing overhead. (Oh, and the outside vendor probably wants to turn a profit as well.)
shoplift 75 thousand or more, get second degree
How do you shoplift $75,000 and not have it be armed robbery?
Pocket a diamond watch at Shreve and Co. on Union Square in San Francisco
No, it's just that if you are sued for infringement, the burden is on the plaintiff to prove that you infringed; his mere assertion would not be enough. This hasn't got anything to do with downloading in the abstract, but is just how one goes about proving a specific case of infringement. No one presumes that murder is legal, but it is still the obligation of a prosecutor to prove that the accused committed the murder. It's the same sort of thing.
Let me try and clarify: Downloading a file from the internet is presumed to be legal. If the copyright holder can prove that you downloaded something from the internet, that is not enough to prove that you committed copyright infringement. The copyright holder must also demonstrate that you did not have permission to download the file.
If you distribute a file, it is presumed to be copyright infringement, if you are not the copyright holder. As the party doing the distribution you have to show that you have a licence to distribute the software.
In otherwords, the copyright holder has to make two points on downloads, 1) That it happened. 2) That there was no permission. While on uploads, the copyright holder only has to prove that the upload happened. The party that uploads the file has to explain why this is allowed, not the copyright holder.
If this is correct, it seems that pragmatically, one would go after the file uploaders more often than downloaders as the case is easier to make.
Copyright is about whether or not a person has a right to make a copy of something. By downloading a song, you are creating a new copy. If you are not given the right to do this, it is copyright infringement.
Whether or not the concept of copyright is beneficial to society is a completely different argument, and I personally agree that the current limits on length of copyright need to be revisited. However, downloading music that is still under copyright without the copyright holder's permission is blatant copyright infringement, and a violation of the law.
A quick search showed that the download situation is one of those, it depends on the specific facts part of the law. With at least one case going on the idea of "Did the person downloading know that they did not have permission from the copyright owner?" (The jury declared yes, and ergo it was infringement.)
If I am reading the law correctly, downloading is presumed to be legal, so for downloading the burden of proof is on the copyright holder, but if the copyright holder crosses the burden of proof, parent is then correct.
Messy.
That doesn't matter at all. It's still infringement, just (I believe) potentially criminal.
Besides, people would sell downloaded music if they could get away with it -- but people won't buy it. In fact you'd see more illegal downloading if people could turn around and sell it.
IINAL.
That said, my understanding is you are WRONG.
Downloading songs is not a copyright violation, it is uploading the songs that is a copyright violation.
Peer to peer networks generally require you to upload part of the file while you are downloading the file, it is the uploading portion that is getting you in trouble.
This is also why the "making available" theory is is so popular with the RIAA, because if you put up a song, but nobody downloads it, did you violate the copyright, or were you willing to violate the copyright, but never actually violated the copyright? Currently the law is leaning against the RIAA, but they are trying to change that.
Selling works copyrighted by somebody else, without permission, is the most egregious violation of copyright law.
If you distribute something for free, that nobody would be willing to pay for, what is the monetary harm that you have caused? This is a question that the RIAA has gotten very good at answering, but you will need to answer it if you want to succeed in a copyright violation suit.
Also, based on the piratebay top 100 statistics people seem to be sharing more video that music.
So, the corrected version of the great grandparents post should probably read:
Apparently someone doesn't know what the term "beta" means.
Very few people do anymore, what with Google releasing all of their products with the "Beta" label and never, ever releasing a production version of anything ;)
IIRC, Google's definition of beta is "not showing a profit"
Hmm, I didn't think anyone would take a reply to a +5 funny post seriously.
> World domination follows . . .
Except on the desktop... :D
Embrace the server space, extend the server space to the cloud, extinguish the desktop.
Never? Really? I thought the goal of most corporations was to make as much money as possible. Or are you claiming to have read every single corporation charter that is in existence and zero of them stated the goal was to make as much money as possible?
Or are you possible confusing the term "never" with "not always"?
Grand parent probably should have said rarely is the goal "make as much money as possible".
I cannot recall seeing "make as much money as possible" in any sample corporate documents, as a matter of fact having that in your corporate charter seems like a really stupid thing to do as your share holders would seem to have an almost cart blanch reason to sue, you made 800% ROI this quarter, but you know you might have been able to eek out an extra 5% so off to court.
I wonder if the book covers how to hack JomSocial? ;)
http://www.exploit-db.com/exploits/15164/
Having sifted through Joomla extension exploit reports, and found a lot of false reports, I will say that this report looks real http://www.exploit-db.com/exploits/15164/
I would also suspect that on various versions of php, it should be possible to guess the file name of the upload, even if the display index feature is disabled n the webserver, so the workaround may not be as useful as it is suggested.
I have not looked at the code, but I suspect that one could make an educated guess about the file name if one uploaded a couple videos.
I guess the moral is that if you are using jomsocial, UPGRADE.
As I said earlier Redhat, Canonical, and Novell are putting money behind this.
I would not be surprised if Novell alone has more money budgeted development of libreoffice than Oracle does of openoffice.org.
Personally I would like neooffice to offer their name and logo to libreoffice. (I like the boat icon.)
I would say long term the big winner is everyone except Microsoft.
Oracle gets to dump a consumer product, which is not part of their business model.
Google apps devs will probably be able to provide more features and better print features and formating by leveraging the libreoffice code.
Openoffice users will be able to migrate over to libreoffice and get a better office suite.
Neooffice will have a more cooperative upstream.
Long term I like how this looks. Short term many bruised egos.
And Oracle has the people who actually know the code.
I would guess that Novell has people that know the spreadsheet code better than Oracle.
Whatever you think about Miguel's Microsoft fascination that caused him to clone C# with mono, he wrote gnumeric which is a more accurate clone of excel, and most of the improvements to the openoffice.orgs spreadsheet seem to have come from Miguel.
My guess is that libreoffice will have a much better spreadsheet program than openoffice in short order, most of the features that Staroffice has that Openoffice does not have will be in libreoffice in the next couple months.
Sun's insistence that Openoffice be crippleware means that a lot of people know the code enough to add at least some of the missing features.
How much of the openoffice code was created by sun employees?
Can libreoffice stay relevant without coorperate backing?
No flames please. I ask because I want to know.
Nobody will know the answer to your question, because libreoffice has corporate backing of both Redhat (RHT:NYSE) and Canonical Ltd.
I would assume that Novell will merge oo-go into libreoffice and add their support to libreoffice.
Seriously though, what other reason do we need this besides spying on people?
I can see it would make logistics easier. No need to give microphones to each person who might need to talk on camera, just mic up the whole room and then dial in on whoever you want to listen to.
Especially a sporting event like Soccer (football to you non US/Canadians) where there is no real way to mike the participants.
Actually most pro sports could have this work for them, Then again in baseball this could be the ultimate home field advantage. (on the batter when the visitors are batting, and on the pitchers mound while the home team is batting)
I suspect the next NFL stadium will have this tech built into it.
Why in the devil do you have ssh available to the world?
I almost automatically moderated this up, but decided instead to respond.
ssh is Secure Shell. It is supposed to be a secure method of accessing a system (remote or otherwise). It does this job well.
So well, in fact, that there are computers out there whose job it is to bounce username/password combos off machines, slowly, in order to attempt to compromise them. Some (most?) of these machines are simply poorly secured systems that have been previously compromised, and are now doing the bidding of an outside force. Many of these "compromised hosts" can act in concert, spreading the attacks out not only over time, but also over IPs, making them difficult to detect and/or block.
One solution is to watch vigilantly for these attacks, and block the IP addresses of those machines from your ssh port, or (as is more common) to block them from touching your network at all. Those machines will get lonely, eventually...
Another solution is to implement some other form of security, either replacing the default security (using ssh keys instead of passwords, for example), or augmenting (read: hiding) it (using port-knocking, non-standard ssh ports, etc). These methods can be combined, to make an even more secure system.
Unfortunately for all of these methods, the average user is unable or unwilling to perform them, due to complexity. Unfortunately for all of us, the moment it becomes simple enough for the average user to figure out (and thus use) these methods, there will be an exploit that attacks the newly-simplified access method.
In short, having sshd open to the world, on the standard port, is probably an indication that a system can be broken into more easily than one which does not appear to be running sshd on the standard port. This really says not much about the security of the system itself, and the only reason to secure your ssh more than the default configuration already is (valid username/password required) is to keep from having huge log files full of failed attempts to crack into your system.
Personally, I use a combination of several of the ideas I offered above, because I am lazy and hate reading logfiles, especially when it seems critical that I must do so (30 attempts to crack my ssh key in an hour? bad monkey, no cheeto!) It is much easier, less stressful, and not time-consuming in the slightest to have my firewall simply drop all packets destined for port 22.
It was pointed out on the freebsd security mailing list that changing the port of sshd is only a stop gap, what you need is a way to deal with a large number of invalid attempts to log into the machine via ssh.
Eventually, what ever port you have sshd running on will come under attack, and it would be best to have a plan for how to handle the malicious traffic.
The best advice is move sshd off of port 22, establish and configure your IDS and response, move sshd back to port 22.
In other words, Brits are great at creating innovative technology, while Americans are good at exploiting it to make as much money as possible?
That was before the copyright everything mindset took over American Businesses.
Yankee Doodle was a song about the blatant counterfeiting of European goods by the colonists.
Would it be theoretically possible for him to walk into the court, and pay in cash?
Assuming such an amount of money (~870 billion) could be printed in bills, would it fit in the largest courtroom of the US. Assuming it would fit, there's the even more significant issue of weight; that amount of paper might well destroy the floors of the building by sheer weight alone. (on the plus side, that would mean more space to fit more money into).
I once calculated something similar for Bill Gates' fortune expressed in the largest bills one could get from an ATM in the Netherlands. It amounted to about 26 large shipping containers, limited by weight not volume. I forget the number of special heavy-cargo shipping containers you'd need, but it was still be limited by weight.
In short; I highly doubt any courtroom would have the physical capacity to hold that much money.
Well, if they went on a printing spree of 10,000 dollar bills, (not printed in over 60 years) you could get your 870 billion in about 93 cubic meters, which should fit in most court rooms, with a little room left over. If you were forced to use hundred dollar bills, I suspect it would take about 70 average court rooms to hold them.
Ironically, I came to read the comments here while waiting for my webmail to load. By the time I finished reading these comments, the spinner on my other tab had stopped. The result?
The parent is right. I try not to get involved in platform wars, but the same hardware running windows + mssql + iis + asp.net simply cannot keep up with any *nix + mysql + apache + php stack. ...
Hmm, too bad that Wordpress doesn't run apache, they run nginx.
Last time I investigated this you really can get a prepaid debit card from your local check cashing place that is not FDIC insured, does not pay interest, and charges you a fee every time you use it.
Governmental agencies are pretty incompetent, and wasteful. That does not mean that they serve no purpose.
If it was not for that government agency you would have had the ACH deposit reversed, and then not got any money for many months.
The FDIC did not undo that transaction, your bank did, because it was no longer cleared (guaranteed). I have seen several attempts to steal money from an institution just before the SPIC took over institutions. I would assume that there are controls at the FDIC that are designed to prevent the bankers from stealing money.
Seconded this. PNC lets me have three months back for free--anything past that I have to request. The request fee, however, is static--it doesn't change based on how much material you want. If you're concerned about your info, you might try to go this route even if you end up switching banks. Last time I checked the fee was modest ($5).
At most US banks, fees are negotiable and somewhat arbitrary, so if you ask for a fee to be waived you have a reasonable chance that it will be waived.