Let's be honest here. In my lifetime, I've spent less than $100 (one hundred dollars) on my security systems. That gives me a D-Link firewall, Avast!, and Spybot. The hackers have access to the same materials. If they want to write a program that gets around my meager defences, then they can. I live only by my obscurity, enhanced by my slight tweaks to my firewall. (Dropping pings, blocking port 113, etc.) As far as a passive scan goes, I don't exist. I simply wouldn't survive a concentrated attack.
That's probably okay, though - it's like when I lock up my bike. I have a kryptonite U-lock that I put through both wheels and the frame. I also take the seat with me and remove all the shiny bits. (It also has a VHF transmitter, but that's another story.) It would take someone with a plasma torch two or three seconds to cut the bike rack and put my bike into a truck. However, that's not worth your average meth-headed bike thief's time. It's easier for him to take another bike that's not as secure. If a dedicated professional wants my bike, then he's going to get it.
The major problem with Windows is that when you take your machine home and plug it in, it can be easily compromised. The same is true with a lot of commercial-grade routers with firewalls. The default settings leave a lot to be desired. Your firewall still sort of works, but you're not getting the same level of protection that you'd get by changing some settings. Just two days ago, we had an article about the 2-wire security holes, showing that a large percentage of IDSN home users in North America are wholly unprotected against external attacks.
So why do we have what we have? It's simple. We have a lot of programs written by people who simply do not understand security issues. Windows, for example, is perfectly stable until you start to put 3rd-party software on it. Then it starts to crash because the memory is being used in two or more different ways. Take a look at some of the snippets on thedailywtf to see what sort of quality work you end up with when you have people who "can program" and can't understand basic math (if you work unpaid overtime, that's you.) writing important code for important systems.
What's required to fix it is a wholesale change in CPU architecture along with mandatory licencing and regulation for anyone who wants to program anything in any language and sell it. (If you put up a dividing wall in your house, you can get the supplies at Home Depot and DIY. If you want to sell a wall-building service to the public, you have to be licenced.)
Only once we take programming as seriously as we take bridge construction and land surveying will we start to see safer computing.
Yes, that's what it does. If your car is stolen, it can use satellites to relay the position to the Lo-Jack folks.
It's easy to put the system on a car since you can get the 12V 1A power easily and the smoke-detector-sized transmitter isn't adding much weight to the car.
The devices in TFA are probably pager or cellular tech. You can get smaller satellite transmitters but they would be quite expensive. I built one board that's about the size of a Bic lighter and is suitable for implanting into a duck but that's the limit. IIRC, the four prototypes cost the customer $150k. Note that when you send data to a satellite, the satellite also knows the approximate GPS location of the transmitter.
Satellite transmission is always expensive. An eight-byte message costs about $5. (You would use this in an emergency.) Normal traffic is about $1 for the same message.
I've thought that the banks are the ones who are primarily responsible. Here's an easy fix:
1. Add a photo to your credit report. 2. Add a phone number that is always called when your credit report is accessed. "Hello. This is equifax. Please call 1-800-eqi-faxx to confirm your application for a mortgage." 3. Replace the magnetic bank cards with proximity cards that have a random number generator built into them. You have to enter your RN and your PIN into the machine to buy something / use the ATM. 4. Have the POS machines and the ATM use encrpyted communication to reduce wireless snooping. Generate noise on the channel when not in use, so you can't tell when it's broadcasting or not.
Don't you remember just 8 years ago? Stocks are a gamble, nothing more. Like any other casino, you will eventually lose your cash.
My extra money goes into a 4% savings account. I can get it any time with 24 hours notice. Yeah, yeah, I can get 10% on the stock market. Sounds great, until it crashes - again or you get caught in a bad trade.
I tend to keep about a thousand in my chequing account. (Which works out to... calculating... a "loss" of about 50 cents a month compared to the parent putting his on the stock market.) My savings account generates about half the interest it would in the stock market (call it money market if you think it sounds better) but my money will never fail to generate. End of story. He can lose all of his money in a crash, scandal, bad report, low earnings, etc. Mine is insured against loss - even if the bank goes bankrupt, I get my money.
Now, the regular chequing account has basically no interest. That's typical, and you shouldn't have just that kind of account, because that's just silly.
I also pay $0 yearly in bank fees. $0. That's right, no monthly fees, no brokerage fees, no debit card fees, no interac fees, etc.
In the meantime, I put extra money onto my mortgage. That's the only place I owe money to. No student loans, no credit card debt, etc. I put 25% down on my house. I owe about 48% of the value of the house on a fixed rate mortgage.
I use some credit cards, but those are only for specific reasons, like 4.5% off gasoline or for tracking costs on vacation. Those are paid off monthly.
Most Engineers are reasonably well-adjusted socially. We tend to move into Management due to our combination of technical knowledge and interpersonal skills.
My idea of a good time isn't to go out and get drunk and risk an STI from a cougar in a dimly-lit bar. I like spending time with my friends playing board games, Wii games, or tabletop games (DnD). I play an instrument (and there are... 5 Engineers in the band I play in) and can sing. I can SCUBA dive.
I am married and have two children. Most of the Engineers I know are also married (or are in long-term relationships). Many of them have children as well.
If you have issues, get a hobby that gets you out of the house. Learn to SCUBA dive. Get on a bike and go for a trail ride. Volunteer for Habitat for Humanity (egads man, an Engineer with a hammer!). Learn to play the oboe or the bassoon or something. Have a hobby that isn't buying things from Best Buy.
Get off Craigslist and/. Go outside and enjoy real life. There are women out there looking for employable, stable, and reliable men.
What if you start out as a fresh, recent graduate? You didn't get to the top of the class, since you realized that you could get a B average with just a little work. That left more time for fun and family.
The other students hated you for it. They picked on you, stole your stuff, and set fire to it. You let it go rather than force expulsion. You graduate.
Then you get a real job. You do your job well, and then you get told that you can't get a raise because you didn't put in enough unpaid overtime. "If you want to be a computer guy, that's how the industry works." You reply with "A carpenter isn't a hammer guy." Work goes downhill from there.
So you get another job. Your supervisor got his training from a company so he's an "Alphabet Soup" quasi-engineer. You work with him. A while later, you find out that he spends all his time saying how you don't do any work, and look at all the accomplishments he's made. They look familiar, but it's too late. You say that the thing you're working on probably isn't safe, and there's a chance that someone will die if they use it. Of course, you don't have the experience to form such an opinion.
Then tragedy strikes. Personal tragedy - and an Engineering failure to boot. Not yours, but it actually physically hurts your family. Your work morale goes to shit. You don't want to go to work, and you don't want to cancel on your obligations. You get worse and worse assignments. So you say something in public. A joke. To kids. It gets taken out of context. Your Big Boss hears about it. You find yourself on the carpet.
Then you're unemployed. Months pass. Unemployment doesn't pay the bills. You take a few side jobs to keep ends together, but you can't take too many of those or you lose your benefits, and then your house. You still don't have a job. You get leaned on by everyone in your family - "Hey, the unemployment rate is at 4% - why aren't you working yet?" There aren't any holes in your resume, you don't talk badly about your last jobs, there's nothing wrong with your references.
So then, someone says, "Hey, I've got a job for you. It pays cash."
I used to daydream about that last paragraph. The rest is true.
THIS MAKES ME SO ANGRY I WANT TO BLOW SOMETHING UP!
And yeah, C&C had Engineers. You could take over buildings with them, as long as the building health was below 50%. Otherwise, they would damage the building.
I have a Radeon 9200. I'd run any Ubuntu driver that's available, but there aren't any. Obviously, if I'm willing to run a Windows driver, I'm willing to put up with a proprietary driver. I use my computer for work. I don't have any games installed on either my work or home machines.
The forum response was, "lol get a better video card". I'm done with buying video cards. That's the extent of the support I got. On/., I got the response ATI is a bunch of amateurs and it's all their fault.
I installed the proprietary drivers, the auto-loading GPL equivalent, etc. Nobody wanted to help or explain. I gave up.
The best part was how when you tested the settings, it would display as "fine" then when you'd apply the new settings, you would get a blank screen and you'd have to reboot.
Other than that, I liked Ubuntu. It detected a lot more than Win2k did, and the setup was really easy. Having said that, I'm done. Linux fails me every time I try it. (Just for the record, I've successfully set up servers using Linux before, and those have worked. I can use a command line just fine, thank you.)
The students I went to school with were, for the most part, arrogant, stuck-up, and useless. One guy said, "It's nice that there are stupid people - otherwise we'd have to scrub toilets."
I pointed out that the janitor worked part-time, was a union employee, and probably got paid about 50k a year. (For part-time, remember?) The janitor was a nice guy, actually, and he was aware that most people thought of him as a "non-entity."
I've always felt that the other subjects are just as hard as Engineering to complete - they just require a different mindset. Yes, some people can game the system to get a bunch of slacktastic courses. That's true for 1st year, for certain. It's not true for later years. Sure, second year math has a 70% failure rate. I'm sure that there's some musical course or art appreciation course that's just as tricky. What about Ethical matrices for solving very difficult situations? Or something else that I'm not aware of because I didn't take 4th year A&S electives? University and College are hard, no matter what degree you try to attain. Engineering isn't some elite cadre of the Brainiacs.
Other students despised me because I invented things and didn't bother going for the 9.0 average. (I realized that I could do half the work and get a nice B average.) One of my friends said "they hate you because you don't give a FUCK. Not at all. It's all they care about, and you're still here, and you don't give a FUCK. It's hilarious."
I also realized that what we learn at school has NOTHING TO DO WITH ENGINEERING. IEEE taught me that with a phrase akin to, "It's hard for people who have entered the workforce to pursue a Master's Degree, because they haven't used the theories or mathematics since graduation."
I don't paint. I can't think of what I'd make. (Although I can put a fresh coat of latex on a wall with the best of them.;) ) I can play a musical instrument quite well (20 years) and I can sing (8 years in a classical choir).
I use my router as the main firewall for my system. (my primary defense system is "not being an idiot")
If you put your unknown computer with some unknown infection on my network, I'm going to be pissed off. I don't know what kind of care you take with your system, but frankly, if you're so careless about connecting that you'll connect to a network that isn't secured, I don't want you to connect to mine. Seriously, do you really want to connect to some readily-available WAN that's still set to the factory defaults? What's protecting your machine? Luck?
Now, my network is encrypted, doesn't SSID broadcast, requires a password, whitelisted MAC address, etc. From what I can tell with online scans, it's about as good as a cheap residential-class router can be set.
Thank you, that's what I came in to comment about. Everyone I shared that book with thought it was horrifying and bloodthirsty......but good, and plausible, which made it even worse.
Slashdot Mirror
Third time posting this link in this thread:
Compromised Linux machines are an integral part of the botnet.
No technology can replace determined stupidity... or just plain arrogance.
But... you are INVINCIBLE!, right?
Linux boxes are the sergeants in the Botnet army.
If you think you're immune just because you're running Linux, then you're part of the problem.
You're just as bad as someone with an unpatched HP-branded WinXP system fresh from Office Depot.
You can't.
Not even Linux boxes are safe from hacking.
An anti-virus scan is totally worthless. In fact, most systems slow your machine down so badly that they're worse than useless. Norton slows your machine down by thousands of percent!
Let's be honest here. In my lifetime, I've spent less than $100 (one hundred dollars) on my security systems. That gives me a D-Link firewall, Avast!, and Spybot. The hackers have access to the same materials. If they want to write a program that gets around my meager defences, then they can. I live only by my obscurity, enhanced by my slight tweaks to my firewall. (Dropping pings, blocking port 113, etc.) As far as a passive scan goes, I don't exist. I simply wouldn't survive a concentrated attack.
That's probably okay, though - it's like when I lock up my bike. I have a kryptonite U-lock that I put through both wheels and the frame. I also take the seat with me and remove all the shiny bits. (It also has a VHF transmitter, but that's another story.) It would take someone with a plasma torch two or three seconds to cut the bike rack and put my bike into a truck. However, that's not worth your average meth-headed bike thief's time. It's easier for him to take another bike that's not as secure. If a dedicated professional wants my bike, then he's going to get it.
The major problem with Windows is that when you take your machine home and plug it in, it can be easily compromised. The same is true with a lot of commercial-grade routers with firewalls. The default settings leave a lot to be desired. Your firewall still sort of works, but you're not getting the same level of protection that you'd get by changing some settings. Just two days ago, we had an article about the 2-wire security holes, showing that a large percentage of IDSN home users in North America are wholly unprotected against external attacks.
So why do we have what we have? It's simple. We have a lot of programs written by people who simply do not understand security issues. Windows, for example, is perfectly stable until you start to put 3rd-party software on it. Then it starts to crash because the memory is being used in two or more different ways. Take a look at some of the snippets on thedailywtf to see what sort of quality work you end up with when you have people who "can program" and can't understand basic math (if you work unpaid overtime, that's you.) writing important code for important systems.
What's required to fix it is a wholesale change in CPU architecture along with mandatory licencing and regulation for anyone who wants to program anything in any language and sell it. (If you put up a dividing wall in your house, you can get the supplies at Home Depot and DIY. If you want to sell a wall-building service to the public, you have to be licenced.)
Only once we take programming as seriously as we take bridge construction and land surveying will we start to see safer computing.
Lo-Jack.
Yes, that's what it does. If your car is stolen, it can use satellites to relay the position to the Lo-Jack folks.
It's easy to put the system on a car since you can get the 12V 1A power easily and the smoke-detector-sized transmitter isn't adding much weight to the car.
The devices in TFA are probably pager or cellular tech. You can get smaller satellite transmitters but they would be quite expensive. I built one board that's about the size of a Bic lighter and is suitable for implanting into a duck but that's the limit. IIRC, the four prototypes cost the customer $150k. Note that when you send data to a satellite, the satellite also knows the approximate GPS location of the transmitter.
Satellite transmission is always expensive. An eight-byte message costs about $5. (You would use this in an emergency.) Normal traffic is about $1 for the same message.
I've thought that the banks are the ones who are primarily responsible. Here's an easy fix:
1. Add a photo to your credit report.
2. Add a phone number that is always called when your credit report is accessed. "Hello. This is equifax. Please call 1-800-eqi-faxx to confirm your application for a mortgage."
3. Replace the magnetic bank cards with proximity cards that have a random number generator built into them. You have to enter your RN and your PIN into the machine to buy something / use the ATM.
4. Have the POS machines and the ATM use encrpyted communication to reduce wireless snooping. Generate noise on the channel when not in use, so you can't tell when it's broadcasting or not.
That's it. That's all there is.
Don't you remember just 8 years ago? Stocks are a gamble, nothing more. Like any other casino, you will eventually lose your cash.
... calculating ... a "loss" of about 50 cents a month compared to the parent putting his on the stock market.) My savings account generates about half the interest it would in the stock market (call it money market if you think it sounds better) but my money will never fail to generate. End of story. He can lose all of his money in a crash, scandal, bad report, low earnings, etc. Mine is insured against loss - even if the bank goes bankrupt, I get my money.
My extra money goes into a 4% savings account. I can get it any time with 24 hours notice. Yeah, yeah, I can get 10% on the stock market. Sounds great, until it crashes - again or you get caught in a bad trade.
I tend to keep about a thousand in my chequing account. (Which works out to
Now, the regular chequing account has basically no interest. That's typical, and you shouldn't have just that kind of account, because that's just silly.
I also pay $0 yearly in bank fees. $0. That's right, no monthly fees, no brokerage fees, no debit card fees, no interac fees, etc.
In the meantime, I put extra money onto my mortgage. That's the only place I owe money to. No student loans, no credit card debt, etc. I put 25% down on my house. I owe about 48% of the value of the house on a fixed rate mortgage.
I use some credit cards, but those are only for specific reasons, like 4.5% off gasoline or for tracking costs on vacation. Those are paid off monthly.
Sweeeeeeet. I've been waiting for this font for years.
YEARS!
(Check my user name.)
Here we go again.
... 5 Engineers in the band I play in) and can sing. I can SCUBA dive.
/. Go outside and enjoy real life. There are women out there looking for employable, stable, and reliable men.
Most Engineers are reasonably well-adjusted socially. We tend to move into Management due to our combination of technical knowledge and interpersonal skills.
My idea of a good time isn't to go out and get drunk and risk an STI from a cougar in a dimly-lit bar. I like spending time with my friends playing board games, Wii games, or tabletop games (DnD). I play an instrument (and there are
I am married and have two children. Most of the Engineers I know are also married (or are in long-term relationships). Many of them have children as well.
If you have issues, get a hobby that gets you out of the house. Learn to SCUBA dive. Get on a bike and go for a trail ride. Volunteer for Habitat for Humanity (egads man, an Engineer with a hammer!). Learn to play the oboe or the bassoon or something. Have a hobby that isn't buying things from Best Buy.
Get off Craigslist and
Stats don't lie. Half the world is women.
That was my point.
Win2k -> 1280 x 1024 @ 70Hz
Ubuntu -> 1024 x 768 @ 60Hz
That Ubuntu resolution is basically unusable. 60Hz = flicker-o-matic vision and about 15 minutes of usable time.
I don't care what excuses you make about ATI being bastards. You work with the bastards.
Look at what MS had to do for SimCity. Go ahead, look it up.
Did you read my sig?
They've had to read every post and email for... oh, hey, 10 years now.
But then, what if you're not?
What if you start out as a fresh, recent graduate? You didn't get to the top of the class, since you realized that you could get a B average with just a little work. That left more time for fun and family.
The other students hated you for it. They picked on you, stole your stuff, and set fire to it. You let it go rather than force expulsion. You graduate.
Then you get a real job. You do your job well, and then you get told that you can't get a raise because you didn't put in enough unpaid overtime. "If you want to be a computer guy, that's how the industry works." You reply with "A carpenter isn't a hammer guy." Work goes downhill from there.
So you get another job. Your supervisor got his training from a company so he's an "Alphabet Soup" quasi-engineer. You work with him. A while later, you find out that he spends all his time saying how you don't do any work, and look at all the accomplishments he's made. They look familiar, but it's too late. You say that the thing you're working on probably isn't safe, and there's a chance that someone will die if they use it. Of course, you don't have the experience to form such an opinion.
Then tragedy strikes. Personal tragedy - and an Engineering failure to boot. Not yours, but it actually physically hurts your family. Your work morale goes to shit. You don't want to go to work, and you don't want to cancel on your obligations. You get worse and worse assignments. So you say something in public. A joke. To kids. It gets taken out of context. Your Big Boss hears about it. You find yourself on the carpet.
Then you're unemployed. Months pass. Unemployment doesn't pay the bills. You take a few side jobs to keep ends together, but you can't take too many of those or you lose your benefits, and then your house. You still don't have a job. You get leaned on by everyone in your family - "Hey, the unemployment rate is at 4% - why aren't you working yet?" There aren't any holes in your resume, you don't talk badly about your last jobs, there's nothing wrong with your references.
So then, someone says, "Hey, I've got a job for you. It pays cash."
I used to daydream about that last paragraph. The rest is true.
I'm an Electrical Engineer.
THIS MAKES ME SO ANGRY I WANT TO BLOW SOMETHING UP!
And yeah, C&C had Engineers. You could take over buildings with them, as long as the building health was below 50%. Otherwise, they would damage the building.
I have a Radeon 9200. I'd run any Ubuntu driver that's available, but there aren't any. Obviously, if I'm willing to run a Windows driver, I'm willing to put up with a proprietary driver. I use my computer for work. I don't have any games installed on either my work or home machines.
/., I got the response ATI is a bunch of amateurs and it's all their fault.
The forum response was, "lol get a better video card". I'm done with buying video cards. That's the extent of the support I got. On
I installed the proprietary drivers, the auto-loading GPL equivalent, etc. Nobody wanted to help or explain. I gave up.
The best part was how when you tested the settings, it would display as "fine" then when you'd apply the new settings, you would get a blank screen and you'd have to reboot.
Other than that, I liked Ubuntu. It detected a lot more than Win2k did, and the setup was really easy. Having said that, I'm done. Linux fails me every time I try it. (Just for the record, I've successfully set up servers using Linux before, and those have worked. I can use a command line just fine, thank you.)
4. Get laughed at for having an ATI video card.
5. Install Windows again since Ubuntu doesn't support ATI cards.
The pentagon got hit too.
Yes. They're very enterprisey now.
;)
You aren't still using a plain flashlight with an incandescent bulb, are you?
You had a Girls Gone Wild NES game?
Huh.
LED flashlights.
Mine has a voltage detector built into it.
We're planet fuckers. It's what we do.
Hear, hear.
;) ) I can play a musical instrument quite well (20 years) and I can sing (8 years in a classical choir).
I'm an EE. (EIT)
The students I went to school with were, for the most part, arrogant, stuck-up, and useless. One guy said, "It's nice that there are stupid people - otherwise we'd have to scrub toilets."
I pointed out that the janitor worked part-time, was a union employee, and probably got paid about 50k a year. (For part-time, remember?) The janitor was a nice guy, actually, and he was aware that most people thought of him as a "non-entity."
I've always felt that the other subjects are just as hard as Engineering to complete - they just require a different mindset. Yes, some people can game the system to get a bunch of slacktastic courses. That's true for 1st year, for certain. It's not true for later years. Sure, second year math has a 70% failure rate. I'm sure that there's some musical course or art appreciation course that's just as tricky. What about Ethical matrices for solving very difficult situations? Or something else that I'm not aware of because I didn't take 4th year A&S electives? University and College are hard, no matter what degree you try to attain. Engineering isn't some elite cadre of the Brainiacs.
Other students despised me because I invented things and didn't bother going for the 9.0 average. (I realized that I could do half the work and get a nice B average.) One of my friends said "they hate you because you don't give a FUCK. Not at all. It's all they care about, and you're still here, and you don't give a FUCK. It's hilarious."
I also realized that what we learn at school has NOTHING TO DO WITH ENGINEERING. IEEE taught me that with a phrase akin to, "It's hard for people who have entered the workforce to pursue a Master's Degree, because they haven't used the theories or mathematics since graduation."
I don't paint. I can't think of what I'd make. (Although I can put a fresh coat of latex on a wall with the best of them.
I use my router as the main firewall for my system. (my primary defense system is "not being an idiot")
If you put your unknown computer with some unknown infection on my network, I'm going to be pissed off. I don't know what kind of care you take with your system, but frankly, if you're so careless about connecting that you'll connect to a network that isn't secured, I don't want you to connect to mine. Seriously, do you really want to connect to some readily-available WAN that's still set to the factory defaults? What's protecting your machine? Luck?
Now, my network is encrypted, doesn't SSID broadcast, requires a password, whitelisted MAC address, etc. From what I can tell with online scans, it's about as good as a cheap residential-class router can be set.
Thank you, that's what I came in to comment about. Everyone I shared that book with thought it was horrifying and bloodthirsty... ...but good, and plausible, which made it even worse.
Have fun doing any development work if you're not a local administrator.
You can write programs but not run them. That's just plain awesome.
Apparently, it's not actually slower, but it appears slower due to the UI changes. The algorithm is apparently more efficient.
Coding Horror entry on Vista copying speeds.
Not that I care. I run Win2000 at home because Ubuntu doesn't run properly on my machine.
Exactly.
Plus, a gun beats any security measure you can come up with. Just hold it to the head of a guy who knows the password.
"Hey, see my gun? What's the password?"
"It's 12345. Here, let me press the thumb scanner for you while I'm here anyway."