I do this too. The problem is when all the candidates in a particular race have called me, and this happens quite often. I can't do a write in. The best I can do is not vote for anyone in that race, which doesn't really send any message. Ugggh!!!
...not having a minimal level of antivirus/firewall software is a sure way to join a botnet lately...
Even having one isn't nearly as much protection as most of us would like to believe. A 2007 research study by Panda Labs found that about 23% of infected machines had active and up-to-date AV software.
My own tests of AV software were less than encouraging and made the 23% quite believable. The better software either had more than a few false positives (Avira), or can be a PITA for non-techie users, and even techie users, (Comodo).
There comes a point where I would rather take my chances with the bad guys than see our basic freedoms and way of life eroded any further.
Agreed. It's sad it comes down to taking your chances with terrorists or taking your chances with your own government's jack-booted thugs.
A while ago I read an interesting article about terrorists. According to the article, many (most?) terrorists came from countries with oppressive governments despite being somewhat well off money-wise. This was compared to very few terrorists from countries that while poor, gave their citizens freedom and human rights. The upshot was/is oppression breeds terrorism, not freedom and liberty. Wish I could find it again.
...let's ignore for a moment the fact that water vapor is a greenhouse gas responsible for up to 76% of the greenhouse effect (as opposed to CO2 which is responsible for 1/3)
Lets also ignore 76 + 33 = 109%. Let's also ignore methane, another potent greenhouse gas.
...but water vapor in the form of clouds reflects a lot of energy...
I actually studied this as part of my Master's. IIRC, the number is around 13 watts per square meter overall (this is a net loss of energy, aka cooling). This number includes the net heat gain from the clouds at night. (Clouds at night prevent IR radiation from escaping into space, thereby warming the Earth.)
Before there are rants on the unapproved use of medical procedures on the troops, as suggested by the summary, read the article. It states they are only doing clinical trials, and mention the difficulty in getting FDA approval.
...Call me crazy, but I'm pretty sure that somebody at Digg is aware of that particular catchphrase...
Well, I've seen switches to new software and OSs because a new exec decreed it, regardless of how well what they had was working. Could be he (or she) got kickbacks, or some smooth talking salesman pulled the wool over his eyes, his son got a job with the new company, etc. Change is sometimes made for political reasons rather than technical ones.
While I see no evidence that was the case this time, it has happened, and will happen again.
Well, right now it seems only the pirates are still going to play, while those legitimate customers will not. Reminds me of a quote I saw:
The Arch Demon's mantra has always been they will do it The Arch Demon's way once the pain becomes severe enough. However, it absolutely amazes The Arch Demon how much pain the IDOITS [legitimate customers in this case] can endure.
...A court might not let the prosecution retrieve that information, but won't help you much if they already got it through an usb interface in the dashboard of your car.
Courts can and have dis-allowed information to be used. Just because they have it doesn't guarantee it can be used. It has to be obtained legally...in theory at least - there are judges that shouldn't be judges.
They tried to gloss over it, but in the end it still takes in oxygen and releases CO2 while burning hydrocarbons...
Yes, but it uses the much more carbon neutral fuel natural gas. Natural gas is easy to produce from plant biomass. Easier than ethanol or gasoline. It happens in swamps naturally. Even people can do it. Why just last night I was turning some baked beans I had for dinner into natural gas in my sleep.
Be warned, Hostgator has (or at least used to) have a nasty gotcha with email services they provide. If you don't need the email, then it's not a problem for you.
I'm with Powweb.com too, and I'm not terribly thrilled with them either. When I migrated from my old host, they were the best I found, but even then, I rated them only a B. Now, more like a C+, on a good day.
Disclaimer: I live in Houston, I do like to cycle, but I'm limited to trails because of the issues the parents mention (i.e. I'm not suicidal).
...can't you get their license plate number and have them arrested for battery? Doesn't Houston have a police force?
Good luck with that. It's your word against theirs. And as for the police force, they're only really interested in three things: bodies, donuts, and traffic tickets. And the body interest isn't that strong.
...they'll be liable for three times the medical bills for pain and suffering
This assumes two very iffy things:
You'll be able to get their license plate number. Kid of hard to do as your being launched in the air. Cyclists being the victims of hit and run is common in Houston.
They have insurance. As a parent mentioned, we have a lot of illegals driving illegally down here without a license or insurance. Drunks are another major problem here too. When I have to go out late at night (driving), I fear drunks more than some junkie with a weapon.
...There must be SOME good to that state.
Not all parts of the state are anti-biking. When I lived in Bryan/College Station, I found it to be a rather bike friendly town. And lots of us rode bikes. I had a car, and I would use it maybe a few times a month, at most.
The Woodlands has miles and miles of bike trails/sidewalks. Not quite as bike friendly as Bryan/College Station, but still relatively safe, except near the one Catholic church. (I swear the Catholics do NOT look before turning.)
Yes, but the US government is a "do as I say, not as I do" government and is either immune to or ignores their own laws. I remember reading somewhere that the largest distributor of child porn is the US government - they use it as bait.
First example, yes it was before HIPAA, not that HIPAA has any real teeth. The second example is not a medical business. And I have tried to persuade them. My boss believes me. It's his boss that is the problem. My boss is apparently under orders himself.
Good thought, but even then if your boss thinks you go behind his or back, expect to find yourself fired real soon. In this economy, labor is real cheap, and easily replaced.
What? Any user can set something executable and run it in a Unix system. It'll just run with the privileges of the user, which in this case is more than enough.
Of course, there is always privilege escalation, but at least that's another hurdle.
Also the admin needs to get fired too, he is not doing his job!
So many attempts to blame the admin, without knowing the circumstances. In the real world, security costs money. Money is limited. Security "interferes" with work. Interfering with work too much won't be tolerated by the higher ups. I've seen it multiple times. If security interferes with some new wiz-bang software that management wants, then the security goes. An admin that refuses get fired. For those that don't work in IT, you'd be surprised how many security decisions are made by people not qualified to make such decisions.
Let me give you two real-life examples. I worked as the IT head at a medical clinic. Some medical billing software was leased with my knowledge and it came with it's own AIX server. The root password was blank and it had to be connected to the rest of the LAN. I was not allowed to touch the machine by my boss's boss. Later on, she had the bright idea of allowing remote access. I objected in writing, backed by my boss. Objection overruled. Within a week, the server was rooted. It took the company who owned the server 3 months to figure out it wasn't a hardware issue, despite my warnings on the first day of trouble.
Second, more recent example, from just two weeks ago. I was ordered to connect an XP SP2 machine (not under my control) directly to the Internet AND the internal LAN. I was not allowed to filter any traffic (I tried and was ordered to stop) or purchase/install any additional hardware (no approval), including wiring. It's a VOIP server and the company higher ups what to be able to have a company phone anywhere. A port scan shows Windows Firewall is disabled, and I have no idea if there is at least any AV software (not allowed to touch it). Remember, I'm under orders to give it unfettered Internet and LAN access, at the same time. Secure? No. But I'm under direct orders to do it this way. At this point, the best I can think to do is put my objections in writing so I have a CYA paper trail (already done).
Nice ideas, but there are flaws so big you could drive an 18 wheeler through them.
Could we at least start by replacing the freaking pin numbers with something meaningful? A four digit numeric does NOT make a password FFS!!
Remember the user. If we make the password/pin to big, it will be hard to remember for a major segment of the users. What happens then is it gets written down, and from my experience, more than few will just write down on the card itself. This makes everyone less secure, as thieves will realize this rather quickly and start stealing the cards, by force if necessary. And they won't stop to check first if your card has your pin number written on it or not.
Maybe next, we could graduate the bank's computers from Windows 2000 up to something remotely sane - like Redhat SEL.
While I certainly think this is a great idea, it solves very little. The problem is the end user's computer is getting compromised, not the banks' computers, at least as far as the article is concerned. (Yes, I know about Heartland.) Now, the banks could definitely improve transaction security...
The idea of a biometric ID in conjuntion with a reasonably secure password hash has it's appeal, as well. If my bank would use it, I'd install a fingerprint reader on my HOME computer. Businesses should just jump on that idea - it's a small price to increase security dramatically.
Fingerprint readers have been beaten many times already. I won't list all the ways and times, but I will give a link to one such story. But let's say you can magically make a cheap fingerprint reader that is totally unbeatable. Guess what? At some point, the fingerprint reader has to convert the fingerprint into electronic data and transmit that. I doubt it will take the bad guys very long to target this link in the security chain.
...no unix-like machine is open to as many exploits as Windows is...
That should read no properly configured unix-like machine is open to as many exploits as a fully patched, properly configured Windows is. Remember that many, perhaps even a majority, of the exploits take advantage of already patched holes.
There is a big difference here. If you lose your license, it's because a court took it away. The government has to prove you are no longer worthy of that right and you have the chance to defend yourself. With Hull, no proof is required, only an accusation, and you don't get to defend yourself.
...why would someone qualified for a profession who can earn upwards of $100,000 per year, work in PC repair...
Because those $100K jobs are few and far between and usually go to people with connections. Don't believe those salary surveys. Those that have great paying jobs are easy to find. Those that have given up on engineering because they can't get a job or have low paying jobs are generally not as easy to find and therefore excluded from the surveys. Result: Surveys don't represent reality.
How do I know this? I have a master's degree in chemical engineering plus my state EIT (Engineer In Training) cert, but have been working in the computer field since 1997. I got laid off and couldn't get another engineering job. I spent 3 years trying. I've since quit the engineering profession. I have made more as a computer tech than I did as an engineer. I've got a neighbor who has a BS in chemical engineering, and his experience mirrors mine. He does not want his kids going into engineering. Even when I was working as an engineer, my coworkers would often gather and read the salary surveys and laugh at them.
I'm suspecting they are not. I'm doing a AV research project for my LUG, and at least some of the results I'm getting in my tests differ markedly from the link you posted. First problem is the test isn't dated. From the comments, I would say it was released about September 3, 2008. But that's a minor point.
Let's take a look at the speed results, since they are the easiest to compare meaningfully. In their tests, AVG is given a good scan speed rating, yet my test results show it to be dead last among the 7 I'm focusing on. ClamAV is given a poor rating, yet in my tests (using WinClam to make things as fair as possible considering all the rest are Windows only), AVG makes Clam look fast by comparison, and Clam was the second slowest! Avast is given the same speed rating as AVG, yet in my tests, Avast is only slightly slower than Avira, which is given the highest scan speed rating, something my tests confirm. For any that care, Comodo won the speed tests, a program VB didn't bother testing.
Admittedly, I'm using more current versions then they did, but the results shouldn't be THAT different.
Actually, it takes only about 30 seconds, at room temperature, for it to settle back down. I've used this fact as an impromptu magic trick on more than one occasion. Remember, magic is merely science one man knows and another does not.
...The moment the malware makes itself known (for example, by making the computer unusable) is the moment when the victim can take some action to protect his private data, alert credit card companies and credit record agencies...
This assumes of course that the victim will make the leap in logic that it was malware that did it and not bad hardware, or a mistake on their part. Those who get infected in the first place are far less likely to know enough to make the connection. Therefore, it probably would buy some time. Whether the time is worth the cost of losing a zombie is another story though...
Slashdot Mirror
I do this too. The problem is when all the candidates in a particular race have called me, and this happens quite often. I can't do a write in. The best I can do is not vote for anyone in that race, which doesn't really send any message. Ugggh!!!
Even having one isn't nearly as much protection as most of us would like to believe. A 2007 research study by Panda Labs found that about 23% of infected machines had active and up-to-date AV software.
My own tests of AV software were less than encouraging and made the 23% quite believable. The better software either had more than a few false positives (Avira), or can be a PITA for non-techie users, and even techie users, (Comodo).
There comes a point where I would rather take my chances with the bad guys than see our basic freedoms and way of life eroded any further.
Agreed. It's sad it comes down to taking your chances with terrorists or taking your chances with your own government's jack-booted thugs.
A while ago I read an interesting article about terrorists. According to the article, many (most?) terrorists came from countries with oppressive governments despite being somewhat well off money-wise. This was compared to very few terrorists from countries that while poor, gave their citizens freedom and human rights. The upshot was/is oppression breeds terrorism, not freedom and liberty. Wish I could find it again.
Lets also ignore 76 + 33 = 109%. Let's also ignore methane, another potent greenhouse gas.
I actually studied this as part of my Master's. IIRC, the number is around 13 watts per square meter overall (this is a net loss of energy, aka cooling). This number includes the net heat gain from the clouds at night. (Clouds at night prevent IR radiation from escaping into space, thereby warming the Earth.)
Before there are rants on the unapproved use of medical procedures on the troops, as suggested by the summary, read the article. It states they are only doing clinical trials, and mention the difficulty in getting FDA approval.
Human life trumps money or reputation any day of the week. But then I'm probably in the minority on that one.
No, you're not in the minority. It's just that you're not a lawyer or corporation. You're a human being.
Well, I've seen switches to new software and OSs because a new exec decreed it, regardless of how well what they had was working. Could be he (or she) got kickbacks, or some smooth talking salesman pulled the wool over his eyes, his son got a job with the new company, etc. Change is sometimes made for political reasons rather than technical ones.
While I see no evidence that was the case this time, it has happened, and will happen again.
Well, right now it seems only the pirates are still going to play, while those legitimate customers will not. Reminds me of a quote I saw:
The Arch Demon's mantra has always been they will do it The Arch Demon's way once the pain becomes severe enough. However, it absolutely amazes The Arch Demon how much pain the IDOITS [legitimate customers in this case] can endure.
Courts can and have dis-allowed information to be used. Just because they have it doesn't guarantee it can be used. It has to be obtained legally...in theory at least - there are judges that shouldn't be judges.
They tried to gloss over it, but in the end it still takes in oxygen and releases CO2 while burning hydrocarbons...
Yes, but it uses the much more carbon neutral fuel natural gas. Natural gas is easy to produce from plant biomass. Easier than ethanol or gasoline. It happens in swamps naturally. Even people can do it. Why just last night I was turning some baked beans I had for dinner into natural gas in my sleep.
Be warned, Hostgator has (or at least used to) have a nasty gotcha with email services they provide. If you don't need the email, then it's not a problem for you.
I'm with Powweb.com too, and I'm not terribly thrilled with them either. When I migrated from my old host, they were the best I found, but even then, I rated them only a B. Now, more like a C+, on a good day.
Disclaimer: I live in Houston, I do like to cycle, but I'm limited to trails because of the issues the parents mention (i.e. I'm not suicidal).
Good luck with that. It's your word against theirs. And as for the police force, they're only really interested in three things: bodies, donuts, and traffic tickets. And the body interest isn't that strong.
This assumes two very iffy things:
Not all parts of the state are anti-biking. When I lived in Bryan/College Station, I found it to be a rather bike friendly town. And lots of us rode bikes. I had a car, and I would use it maybe a few times a month, at most.
The Woodlands has miles and miles of bike trails/sidewalks. Not quite as bike friendly as Bryan/College Station, but still relatively safe, except near the one Catholic church. (I swear the Catholics do NOT look before turning.)
Yes, but the US government is a "do as I say, not as I do" government and is either immune to or ignores their own laws. I remember reading somewhere that the largest distributor of child porn is the US government - they use it as bait.
First example, yes it was before HIPAA, not that HIPAA has any real teeth. The second example is not a medical business. And I have tried to persuade them. My boss believes me. It's his boss that is the problem. My boss is apparently under orders himself.
Good thought, but even then if your boss thinks you go behind his or back, expect to find yourself fired real soon. In this economy, labor is real cheap, and easily replaced.
Should be without my knowledge on the AIX.
What? Any user can set something executable and run it in a Unix system. It'll just run with the privileges of the user, which in this case is more than enough.
Of course, there is always privilege escalation, but at least that's another hurdle.
Also the admin needs to get fired too, he is not doing his job!
So many attempts to blame the admin, without knowing the circumstances. In the real world, security costs money. Money is limited. Security "interferes" with work. Interfering with work too much won't be tolerated by the higher ups. I've seen it multiple times. If security interferes with some new wiz-bang software that management wants, then the security goes. An admin that refuses get fired. For those that don't work in IT, you'd be surprised how many security decisions are made by people not qualified to make such decisions.
Let me give you two real-life examples. I worked as the IT head at a medical clinic. Some medical billing software was leased with my knowledge and it came with it's own AIX server. The root password was blank and it had to be connected to the rest of the LAN. I was not allowed to touch the machine by my boss's boss. Later on, she had the bright idea of allowing remote access. I objected in writing, backed by my boss. Objection overruled. Within a week, the server was rooted. It took the company who owned the server 3 months to figure out it wasn't a hardware issue, despite my warnings on the first day of trouble.
Second, more recent example, from just two weeks ago. I was ordered to connect an XP SP2 machine (not under my control) directly to the Internet AND the internal LAN. I was not allowed to filter any traffic (I tried and was ordered to stop) or purchase/install any additional hardware (no approval), including wiring. It's a VOIP server and the company higher ups what to be able to have a company phone anywhere. A port scan shows Windows Firewall is disabled, and I have no idea if there is at least any AV software (not allowed to touch it). Remember, I'm under orders to give it unfettered Internet and LAN access, at the same time. Secure? No. But I'm under direct orders to do it this way. At this point, the best I can think to do is put my objections in writing so I have a CYA paper trail (already done).
Nice ideas, but there are flaws so big you could drive an 18 wheeler through them.
Could we at least start by replacing the freaking pin numbers with something meaningful? A four digit numeric does NOT make a password FFS!!
Remember the user. If we make the password/pin to big, it will be hard to remember for a major segment of the users. What happens then is it gets written down, and from my experience, more than few will just write down on the card itself. This makes everyone less secure, as thieves will realize this rather quickly and start stealing the cards, by force if necessary. And they won't stop to check first if your card has your pin number written on it or not.
Maybe next, we could graduate the bank's computers from Windows 2000 up to something remotely sane - like Redhat SEL.
While I certainly think this is a great idea, it solves very little. The problem is the end user's computer is getting compromised, not the banks' computers, at least as far as the article is concerned. (Yes, I know about Heartland.) Now, the banks could definitely improve transaction security...
The idea of a biometric ID in conjuntion with a reasonably secure password hash has it's appeal, as well. If my bank would use it, I'd install a fingerprint reader on my HOME computer. Businesses should just jump on that idea - it's a small price to increase security dramatically.
Fingerprint readers have been beaten many times already. I won't list all the ways and times, but I will give a link to one such story. But let's say you can magically make a cheap fingerprint reader that is totally unbeatable. Guess what? At some point, the fingerprint reader has to convert the fingerprint into electronic data and transmit that. I doubt it will take the bad guys very long to target this link in the security chain.
That should read no properly configured unix-like machine is open to as many exploits as a fully patched, properly configured Windows is. Remember that many, perhaps even a majority, of the exploits take advantage of already patched holes.
There is a big difference here. If you lose your license, it's because a court took it away. The government has to prove you are no longer worthy of that right and you have the chance to defend yourself. With Hull, no proof is required, only an accusation, and you don't get to defend yourself.
Because those $100K jobs are few and far between and usually go to people with connections. Don't believe those salary surveys. Those that have great paying jobs are easy to find. Those that have given up on engineering because they can't get a job or have low paying jobs are generally not as easy to find and therefore excluded from the surveys. Result: Surveys don't represent reality.
How do I know this? I have a master's degree in chemical engineering plus my state EIT (Engineer In Training) cert, but have been working in the computer field since 1997. I got laid off and couldn't get another engineering job. I spent 3 years trying. I've since quit the engineering profession. I have made more as a computer tech than I did as an engineer. I've got a neighbor who has a BS in chemical engineering, and his experience mirrors mine. He does not want his kids going into engineering. Even when I was working as an engineer, my coworkers would often gather and read the salary surveys and laugh at them.
I'm suspecting they are not. I'm doing a AV research project for my LUG, and at least some of the results I'm getting in my tests differ markedly from the link you posted. First problem is the test isn't dated. From the comments, I would say it was released about September 3, 2008. But that's a minor point.
Let's take a look at the speed results, since they are the easiest to compare meaningfully. In their tests, AVG is given a good scan speed rating, yet my test results show it to be dead last among the 7 I'm focusing on. ClamAV is given a poor rating, yet in my tests (using WinClam to make things as fair as possible considering all the rest are Windows only), AVG makes Clam look fast by comparison, and Clam was the second slowest! Avast is given the same speed rating as AVG, yet in my tests, Avast is only slightly slower than Avira, which is given the highest scan speed rating, something my tests confirm. For any that care, Comodo won the speed tests, a program VB didn't bother testing.
Admittedly, I'm using more current versions then they did, but the results shouldn't be THAT different.
Actually, it takes only about 30 seconds, at room temperature, for it to settle back down. I've used this fact as an impromptu magic trick on more than one occasion. Remember, magic is merely science one man knows and another does not.
This assumes of course that the victim will make the leap in logic that it was malware that did it and not bad hardware, or a mistake on their part. Those who get infected in the first place are far less likely to know enough to make the connection. Therefore, it probably would buy some time. Whether the time is worth the cost of losing a zombie is another story though...