I use Google Authenticator on my home server (and on Google itself). It's a great solution to this problem and works very well.
Some ssh clients (notably on iOS) can't handle the two-factor authentication, but I just set those up with private key authentication.
I'm in exactly the same situation, with no regrets. Interviews were a little tough early on, but once you have it, experience trumps education. My lack of a degree hasn't been an issue in a long time.
And the great thing about this industry is that you can get the experience and prove yourself without anybody else's permission. Contribute to open source, release a smartphone app, etc. It's in your hands: just do it.
There is no room for approximations in a supposed 'COMPUTATIONAL ENGINE' and if YOU can't understand this then I think you should go back to the fantasy world you live in where exact numbers don't matter.
*All* non-integral math done by a computer is an approximation.
Gmail also flagged suspicious failed login attempts on my e-mail account, so I had to go through a password reset process on it. Although I used a unique password at Mt.Gox, the attacker apparently is running automated login attempts using the stolen e-mail addresses and Mt.Gox passwords, so anyone using non-unique passwords is likely in trouble.
Yep. Same story for me too. Glad I enabled two-factor authentication on my Google account (and SSH to my home server while I was at it).
No, everybody wouldn't need to. The threat would be enough of a deterrent in general, and in the area immediately surrounding the polluter it would not be a difficult case to make.
You're right that the devil is in the details. But this is even more true when you're trying to attack such problems head-on with direct, one-size-fits-all legislation. A legal framework based on property rights would decentralize these decisions and apply local considerations.
"I've known people who have sued over blatant property rights violations..."
Yeah, but this isn't surprising since property rights are not properly protected these days. Instead of clear lines, there are fuzzy rules fraught with exceptions and loopholes.
Lack of regulations wouldn't. But stronger property rights, which are another essential ingredient, would. Their neighbors should have the ability to sue when their property is polluted (read: damaged) by the nearby factory.
This requires no strong central government or anti-business regulations, and would not be prone to political manipulation by the rich and well connected. Simply apply the same rules to everybody.
He was making a joke, yes- that's what he does. But that line reflects his (and my) actual views on the subject. Laws can set the general rules (eg. no fraud), but they can't get into the specifics of individual deals without inviting corruption.
As opposed to the cancer patients that are dying because they're denied access to experimental treatments? The FDA cuts both ways, and it's not at all clear to me that it's a net win, especially when you consider where health care could be if it were allowed to flourish like the computer industry.
"When buying and selling are controlled by legislation, the first things bought and sold are legislators."
What's really funny is that the people who want the government involved in everything are the same who act outraged when the inevitable corruption follows.
What, are they nuts? Who would want to live in a place where barroom brawls give way to deluges of bullets? Or where would-be minor road rage incidents end up in cars full of corpses? The violent crime rate there must be through the roof!
I don't think it's realistic to expect people to check certificates before giving out sensitive data (or ever, really). And since that's the case, having encryption-but-not-really seems worse to me than encryption-only-if-it's-secure. The average person won't understand the distinction, and will assume encryption=safe. Since the user can't be expected to check the certificate's authenticity, the CA steps in to fill this role.
If you give your POP3 or FTP password over a self-signed SSL connection, you might as well send it over plain text. It's not a whole lot harder for somebody in the middle to read, unless you're checking the signature out-of-band. Which you're not.
The general consensus in the encryption community is that bad encryption is worse than no encryption, and I think they're right. On the surface, it is marginally "better" than cleartext, but in the real world it changes people's behavior and makes life much easier for the bad guys.
Your point about spoofed URLs and such is correct, but that's a different problem.
But that doesn't actually protect you - it just gives you a false sense of security.
If there is no way to verify the identity of the other side, then it's dead simple to stick yourself in the middle, unbeknownst to either legitimate participant. You may think you're having an encrypted conversation with GMail, but you're really having one with me, and I'm having one with GMail pretending to be you. See the problem?
It's like putting black tape over the warning lights in your car. Sure, it makes the problem "go away", but you haven't actually fixed anything.
Use self-signed certificates if you must, but I damn well want my browser to tell me about it. The certificate authorities are far from perfect, but at least you have to create a paper trail of some sort when you want a fraudulent one.
Now the meddling do-gooders want to do to the environment what they've done to the economy. Enough with the grand schemes to control complex systems you don't understand, assholes.
They may share some common libraries, etc., but programming for one isn't like the other.
It's not "some common libraries", it's a common kernel, base system, and the exact same core libraries. Far beyond POSIX - iOS is built on NextSTEP APIs just like OS X, because iOS is based on OS X. For nearly everything except the user interface, the APIs are not just similar, they are identical (though sometimes the iOS version has some functionality removed).
Even the OS-level filesystem layout is the same./Library,/System/Library, ~/Library/Application Support, and so on, are all there and all serve the same purposes as in OS X. Unix stuff is hidden under/private. Devices under/dev use the same naming conventions. Apps are bundles, with an Info.plist and all else that you'd expect, that live in/Applications.
These are not coincidences, and Apple didn't go out of their way to make them appear similar, because all of this is hidden from your average user anyway. It's similar because it's a different version of the same OS.
If you were correct, that means I can run the full OSX environment on my PC. But I can't.
No, that has nothing to do with what I said. Android is based on Linux, but that doesn't mean it's a full desktop Linux system, or that you can run Android on a PC.
Re:Autotools do not need a book
on
Autotools
·
· Score: 1, Troll
Just no. The two are not the same. IPhone, IPod, and IPad are the same. Development is not the same for the Mac. They are totally different.
No they're not. They use the same development tools, language, and base APIs. The UI toolkits are different, out of necessity, and iOS is missing many of OS X's frameworks, but the two platforms are very similar.
Please. OS X Snow Leopard has absolutely nothing to do with iOS. They are two totally different entities.
Wrong again. iOS is essentially a stripped down OS X with a new UI:
iPhone4:~ mobile$ uname -a
Darwin Take-2 10.3.1 Darwin Kernel Version 10.3.1: Wed May 26 22:28:33 PDT 2010; root:xnu-1504.50.73~2/RELEASE_ARM_S5L8930X iPhone3,1 arm N90AP Darwin
Yep. Tor, like everything else in this world, isn't perfect. If you have a high-level view of the network, you can trace anything.
As for adjacent nodes knowing your IP, though, the whole point of Tor is that they don't know if the data is coming from your or somebody 10 hops back. All they know is that you're using Tor.
Yeah, that's useful, but I don't trust it as a full solution. I would make sure to firewall it off externally too. All it would take would be a web browser hole and somebody could run a script resetting your filters. Tor users are uniquely vulnerable to such things from rogue exit nodes.
There's really only one way to do it - run it on a freshly-installed (probably virtual) machine (so there's no personal data on the system) with a non-public IP address, and then firewall it off so it cannot make any non-Tor network connections. Then apps can leak all the data they want, but they have no useful info to leak.
Slashdot Mirror
I use Google Authenticator on my home server (and on Google itself). It's a great solution to this problem and works very well. Some ssh clients (notably on iOS) can't handle the two-factor authentication, but I just set those up with private key authentication.
I'm in exactly the same situation, with no regrets. Interviews were a little tough early on, but once you have it, experience trumps education. My lack of a degree hasn't been an issue in a long time.
And the great thing about this industry is that you can get the experience and prove yourself without anybody else's permission. Contribute to open source, release a smartphone app, etc. It's in your hands: just do it.
*All* non-integral math done by a computer is an approximation.
Yep. Same story for me too. Glad I enabled two-factor authentication on my Google account (and SSH to my home server while I was at it).
There are places online that sell preloaded credit Visa cards for BitCoins. Is that liquid enough for you?
No, everybody wouldn't need to. The threat would be enough of a deterrent in general, and in the area immediately surrounding the polluter it would not be a difficult case to make.
You're right that the devil is in the details. But this is even more true when you're trying to attack such problems head-on with direct, one-size-fits-all legislation. A legal framework based on property rights would decentralize these decisions and apply local considerations.
"I've known people who have sued over blatant property rights violations..."
Yeah, but this isn't surprising since property rights are not properly protected these days. Instead of clear lines, there are fuzzy rules fraught with exceptions and loopholes.
Lack of regulations wouldn't. But stronger property rights, which are another essential ingredient, would. Their neighbors should have the ability to sue when their property is polluted (read: damaged) by the nearby factory.
This requires no strong central government or anti-business regulations, and would not be prone to political manipulation by the rich and well connected. Simply apply the same rules to everybody.
The general idea is that it would force corporations to compete by meeting their customers' needs instead of buying political influence.
He was making a joke, yes- that's what he does. But that line reflects his (and my) actual views on the subject. Laws can set the general rules (eg. no fraud), but they can't get into the specifics of individual deals without inviting corruption.
As opposed to the cancer patients that are dying because they're denied access to experimental treatments? The FDA cuts both ways, and it's not at all clear to me that it's a net win, especially when you consider where health care could be if it were allowed to flourish like the computer industry.
"When buying and selling are controlled by legislation, the first things bought and sold are legislators."
What's really funny is that the people who want the government involved in everything are the same who act outraged when the inevitable corruption follows.
Except that reality doesn't match left-wing fantasy, and Vermont has one of the lowest murder rates in the country.
Because when seconds count, the police are only minutes away.
I don't think it's realistic to expect people to check certificates before giving out sensitive data (or ever, really). And since that's the case, having encryption-but-not-really seems worse to me than encryption-only-if-it's-secure. The average person won't understand the distinction, and will assume encryption=safe. Since the user can't be expected to check the certificate's authenticity, the CA steps in to fill this role.
If you give your POP3 or FTP password over a self-signed SSL connection, you might as well send it over plain text. It's not a whole lot harder for somebody in the middle to read, unless you're checking the signature out-of-band. Which you're not.
The general consensus in the encryption community is that bad encryption is worse than no encryption, and I think they're right. On the surface, it is marginally "better" than cleartext, but in the real world it changes people's behavior and makes life much easier for the bad guys.
Your point about spoofed URLs and such is correct, but that's a different problem.
But that doesn't actually protect you - it just gives you a false sense of security.
If there is no way to verify the identity of the other side, then it's dead simple to stick yourself in the middle, unbeknownst to either legitimate participant. You may think you're having an encrypted conversation with GMail, but you're really having one with me, and I'm having one with GMail pretending to be you. See the problem?
It's like putting black tape over the warning lights in your car. Sure, it makes the problem "go away", but you haven't actually fixed anything.
Use self-signed certificates if you must, but I damn well want my browser to tell me about it. The certificate authorities are far from perfect, but at least you have to create a paper trail of some sort when you want a fraudulent one.
Without validation, encryption is worthless. You'd never know a man-in-the-middle attack was occurring, and then what's the point?
Now the meddling do-gooders want to do to the environment what they've done to the economy. Enough with the grand schemes to control complex systems you don't understand, assholes.
That was very well done.
It's not "some common libraries", it's a common kernel, base system, and the exact same core libraries. Far beyond POSIX - iOS is built on NextSTEP APIs just like OS X, because iOS is based on OS X. For nearly everything except the user interface, the APIs are not just similar, they are identical (though sometimes the iOS version has some functionality removed).
Even the OS-level filesystem layout is the same. /Library, /System/Library, ~/Library/Application Support, and so on, are all there and all serve the same purposes as in OS X. Unix stuff is hidden under /private. Devices under /dev use the same naming conventions. Apps are bundles, with an Info.plist and all else that you'd expect, that live in /Applications.
These are not coincidences, and Apple didn't go out of their way to make them appear similar, because all of this is hidden from your average user anyway. It's similar because it's a different version of the same OS.
No, that has nothing to do with what I said. Android is based on Linux, but that doesn't mean it's a full desktop Linux system, or that you can run Android on a PC.
Here you go.
No they're not. They use the same development tools, language, and base APIs. The UI toolkits are different, out of necessity, and iOS is missing many of OS X's frameworks, but the two platforms are very similar.
Wrong again. iOS is essentially a stripped down OS X with a new UI:
iPhone4:~ mobile$ uname -a
Darwin Take-2 10.3.1 Darwin Kernel Version 10.3.1: Wed May 26 22:28:33 PDT 2010; root:xnu-1504.50.73~2/RELEASE_ARM_S5L8930X iPhone3,1 arm N90AP Darwin
What is? Government-mandated scarcity? No. Copyrights and patents (but not trademarks) are fundamentally anti-market constructs.
Good thing I'm only College-Dropout Sp0ng. They'll never find me.
Yep. Tor, like everything else in this world, isn't perfect. If you have a high-level view of the network, you can trace anything.
As for adjacent nodes knowing your IP, though, the whole point of Tor is that they don't know if the data is coming from your or somebody 10 hops back. All they know is that you're using Tor.
Yeah, that's useful, but I don't trust it as a full solution. I would make sure to firewall it off externally too. All it would take would be a web browser hole and somebody could run a script resetting your filters. Tor users are uniquely vulnerable to such things from rogue exit nodes.
There's really only one way to do it - run it on a freshly-installed (probably virtual) machine (so there's no personal data on the system) with a non-public IP address, and then firewall it off so it cannot make any non-Tor network connections. Then apps can leak all the data they want, but they have no useful info to leak.