Sounds like you could benefit from running GNU Screen on a server somewhere (assuming all those sessions are SSH or other cli friendly interfaces to the various places you do stuff).
Multiplexing is a great way to keep those sessions open and allow you the same access from other nodes pn the network. Besides, desktops really benefit from regular reboots - helps clear out the memory leaks and all.
It may well be that DEP's useful days are numbered. It's likely just a matter of time before these techniques are better researched, more widely understood and commonplace.
As always, the best defense is in depth, responsible disclosure, and patching, patching, patching.
This is interesting, considering the ad-hoc testing I did recently. I'm a Comcast customer in northern De, and DSL reports' speed test consistently gives me about 8Mbps down bs 1-2Mbps up.
My parents, I. Southeast PA, have FIOS. For giggles, I did the same DSL reports test, and got about the same results.
Do any other slashdotters have similar experiences?
So...it's more efficient for the central transaction processor (bank) to try and verify the legitimacy of transactions, rather than each individual? Let's break that down.
Let's just take an imaginary small consumer bank, with 10,000 customers in a local community. If we assume that, on average, their customers all have debit cards and use them to the tune of 20 times a week, that brings us right away to 200,000 transactions that the bank has to review and analyze per week. In the course of a month, it's 6,000,000.
So, how can the bank determine fraudulent transactions? Well, they can try and baseline everyone's average buying habits (stores, categories of purchasing), but that could cause false positives as people very often do unusual things. They can try and flag transactions based upon the use of the card in unusual places, but with so much interstate and even international commerce thanks to the Internet, that's not such a sure sign either, now.
Let's not forget that with a small bank, they don't have big and fancy computers with trained analysts to throw at the problem. I would think such small institutions have a staff on the order of a couple of hundred people, at best?
Of course, the big banks certainly have the money to throw at the problem to buy proper computers, software, and hire enough analysts, but the complexity is now far, far worse, as they service millions of customers all over the country (and possibly/probably international). Now we're talking probably in excess of billions of transactions for the same time period, and I think it's safe to say the complexity rockets up at an exponential rate, as you're now dealing with the rich, the poor, and everyone in between, all with their own buying patterns, habits, life changes, etc.
So, it's easier for the banks to be responsible for analyzing EVERYBODY'S transactions, which are complete black boxes to them?
Or, is it easier for us to log into our online account once or twice a week, scan our virtual checkbooks of 20(ish) transactions and say, "Yup, I remember buying all that stuff"...?
Whatever happened to taking a little personal responsibility?
For my part, I've been using Quicken for almost 5 years now to track every single account I have in my name, from mortgage to checking to retirement funds and all the rest. I'd venture to say nothing happens in my accounts without me noticing it in a few days. (It's a nice feeling to have such total understanding of your complete financial situation at any given moment.;-) Sure, it takes some discipline, but after a while, it becomes habit.
About that comment you linked? Interesting, and he makes a good point about identity theft - but that's not what we're talking about here.
The case of the original poster was simple theft. Yes, the debit card number was lost, but it wasn't his SSN or some other critical piece of Personally Identifiable Information that allowed the thief to then take out a loan in the guy's name and walk off with the money, never to be heard from again and ruining that victim's credit rating in the process while leaving him personally liable for a debt he probably could never cover.
I'm not sure I see what liability for identity theft has to do with the efficiencies of who should be ultimately responsible for monitoring an individual's banking transactions for fraud.
In this day and age, with online banking so prevalent, checking your account every few days is only prudent. It's not unreasonable for the consumer to have some burden of identifying the loss, since each of us are the best and most efficient judge as to whether or not the transactions on our accounts are in fact ones we performed. Millions of dollars in software development and analyst training have been spent on helping banks to detect fraud, but those systems aren't fail proof.
In the end, there's no substitute for each of us keeping an eye on our own accounts' transactions.
If we don't take responsibility for our own financial affairs, should we really expect the banks to carry the whole burden on our behalf? No matter how good it is, any security measure can (and likely will, sooner or later) be defeated. (and let's not forget good old fashioned social engineering...)
In the end, the best protection against a breach is constant vigilance. (Or, said another way, prevention only goes so far, detection is still requried;-)
Credit cards are limited by U.S. law to a maximum of $50 liability to the cardholder. Debit cards losses are usually covered by the bank, but they are under no legal obligation to do so.
(Emphasis mine).
Actually, I don't think the part about the lack of debit card consumer protections is factually accurate. Here's the blurb from The FTC's Facts for Consumers:
ATM or Debit Card Loss or Fraudulent Transfers (EFTA). Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss. If you report an ATM or debit card missing before it's used without your permission, the EFTA says the card issuer cannot hold you responsible for any unauthorized transfers. If unauthorized use occurs before you report it, your liability under federal law depends on how quickly you report the loss.
For example, if you report the loss within two business days after you realize your card is missing, you will not be responsible for more than $50 for unauthorized use. However, if you don't report the loss within two business days after you discover the loss, you could lose up to $500 because of an unauthorized transfer. You also risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you. That means you could lose all the money in your bank account and the unused portion of your line of credit established for overdrafts. However, for unauthorized transfers involving only your debit card number (not the loss of the card), you are liable only for transfers that occur after 60 days following the mailing of your bank statement containing the unauthorized use and before you report the loss.
If unauthorized transfers show up on your bank statement, report them to the card issuer as quickly as possible. Once you've reported the loss of your ATM or debit card, you cannot be held liable for additional unauthorized transfers that occur after that time.
Let's take a full look of that poll as of 8:30 tonight...
Upgrade - 15.06% - worked flawlessly Upgrade - 20.19% - worked but had few things to fix, nothing serious though Upgrade - 19.31% - got many problems that i've not been able to solve Install - 12.56% - worked flawlessly Install - 13.56% - worked but had few things to fix, nothing serious though Install - 19.31% - got many problems that i've not been able to solve
So, if we count "got many problems that I've not been able to solve" as failed upgrades (a reasonable thing to say) then 39% of the users who went to that forum have had unsuccessful upgrades.
By simple subtraction then, 61% of the users who went and voted in that poll had a working upgrade (I mean really...who really upgrades their computer and doesn't expect at least 1 or 2 little issues?;)
It's worth noting that this post was made from a laptop running an upgraded Ubuntu 9.10 from 9.04 - with 0 issues. It was actually the smoothest and easiest FOSS upgrade I've ever gone through in 10 years. That includes upgrades through the FreeBSD 3.x line (phear make world;), Redhat, Gentoo (emerge world - gah!), as well as from Ubuntu 6.x through now.
Props to Canonical, Ubuntu is about the cleanest, easiest to use Linux I've ever seen. Keep those releases rolling!:)
Re:Other sources of early 20th century recordings
on
Digitizing Rare Vinyl
·
· Score: 1
Seems that site is down now too, in addition to this guy's site?
I've done T-TAPP for the past 9 months in the privacy of my own home and it's done wonders. It's an innovative isometric workout for the whole body by Theresa Tapp that's easy and very effective, requiring no equipment whatsoever.
For the first six months, my workout consisted of 15 minutes a day, 5 days every week (2 days off). Lately, I've upped two of those days to her 50 minute routine (which will crush anyone who is new to T-TAPP, I don't care what else you've been doing). You'll end up working muscles that you didn't even realize you had.
Bottom line, I've lost a bunch of weight and look like I've been lifting weights for all that time. I don't have numbers, as I don't watch the scale, but I've dropped about a waist size and a half.
Oh, and it's important to mind the food, too. It's hard to lose weight without a healthy diet.
I've also been doing a sort of Southbeach program for almost a year, which I've found works fairly well. I'd strongly recommend some low-carb solution (Atkins is okay, but fairly impractical, in my experience).
The combination of religiously doing T-TAPP workouts and eating a low-carb diet has been tremendous. I'd highly recommend it to anyone.
I've never understood the trackball crowd (and I tried one for awhile). Simply put: the way our thumbs work is very sub-optimal for pointing.
I couldn't agree with you more - that's why I use the Logitech Marble Mouse instead of a classical trackball. By putting the track ball in the center, it moves the burden away from the thumb and shifts it to the fingers. I don't even really use my fingers, I just keep my hand flat on the ball and roll it around. That shifts the burden of movement further up my arm, allowing my to keep my wrist neutral and alleviate the strains that cause my RSI/carpal tunnel to flare up.
Having buttons on either side of the ball is a plus too, it allows me to handle mouse operations better, and one can emulate a middle-mouse button by "squeezing" the device (clicking left & right at the same time).
The other thing I do for my RSI/carpal tunnel is to use a Wacom Graphire Tablet The tablet is even better than the trackball, since the act of holding the stylus again shifts all of the burden of movement up one's arm, allowing the wrist to stay neutral and get some relief.
In actuality, I use both of them at my place of work. I have my tablet on my left (I'm a southpaw), my trackball on my right, and shift between whenever I feel one hand is receiving too much attention. I tend to favor the tablet, particularly for extended mouse operation. I fall back to the trackball whenever I feel my hand getting too tense from being in the same position for too long.
Naturally, I use the keyboard as much as I possibly can. (Thank heavens for keyboard shortcuts and vi!;)
It used to be so bad three years ago that I couldn't carry a full mug of coffee, my hands were so weak from the ill effects of bad posture. Now, I am rarely plagued by it, and I often spend up to 10 to 14 hours a day on the computer.
I've never had surgery, nor any kind of treatment.
They can re-org to get their products out the door! A clear sign of the efficiency, productivity, and qualtiy that can only be achieved in a hierarchical, proprietary shop.
No wonder Windows is so much better than Linux. You don't see Linus doing that kind of organizational work, now do you?:P Wouldn't it be great if he could? Too bad he can't cause it's Open Source. (Damned hippie commies!) Maybe if he could, then Linux could keep pace with the Windows release cycle...!
I guess that means we'll be seeing Vista any day now.
I hate to reply to such a rambling stream of consciousness that's likely about to be moderated into the cellar (am I feeding a troll, I wonder?;) BUT...debating whether this is a crime or not is a rather pointless discussion. The fact of the matter is that there are Federal Laws that define criminal activity with regard to computer systems, particularly computer systems owned by the Federal Government.
(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States...
...
(3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;...
shall be punished as provided in subsection (c) of this section.
...
(c) The punishment for an offense under subsection (a) or (b) of this section is--
(1)
(A) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and...
(B) a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;...
It is quite possible to win the war having never won a battle. Actually, there is a good example of this in the American war For independence - Gen. Green, an American leader in the fight for the South,lost every battle he fought, and yet he won the South. He did this by forcing the British to chase his forces deep inland, away from the coastal areas where the British troops were easily restocked or supplies by the Britist Navy. This forced the British forces to turn to the American populace for supplies, which the British often took by force. the British actions turned the majority of Southerners against the British cause, when at the start of their campaign, only a few Americans were dead set against the British.
Not sure if it qualifies as wierd but right now I'm reading Slashdot in the middle of JC Penny as my wife shops for clothes.
For extra geek points, I'rn able to do this by way of my HP iPaq 2215 PocketPC, which has a Bluetooth link with my Motorola V600 phone, which in turn has a GPRS Internet link with AT&T
(of course it took me 15 minutes to write this silly post with the damned hand writing recognition software!)
Wow. You really don't know a damned thing about the human condition, do you?
Show me one place in history - just one - where this theory of government being the end result, not the driver of, civil society is proven. It is people's nature to not behave civilly. That's why we have such a large book of criminal law in modern civilization! How many trials about murder, theft, rape, and so forth have there been? If human-kind's nature was civillity, would we need criminal law? (If you doubt the true state of human nature, try raising a toddler! You'll get some impressive insights...)
If there is no government, there is a power vacuum. As the trite saying goes "nature abhors a vacuum". While trite, it is a trueism, especially with human affairs. Where there is chaos/anarchy, a strong despotic dictatorship will quickly arise. Just look at the whole of Africa. Look at various spots in European history (France in the early 1800s, Germany in the early part of the last century, the Balkans post Cold War).
The question isn't whether or not we need government in society. One cannot have a society without government. The question is what kind of government will we have? Allow me now to invoke Winston Churchill, "Democracy is a terrible form of government - but it is better than all the rest".
It's taken Western Civilization over 2,000 years to get to where we are - a large community of peaceful and stable Democracies and Republics. Government is a necessity of society. The uneducated, uninformed opinion that a government is a by-product of society, rather than the skeleton of it, is an insult to our Founding Fathers, and all of the other good people who worked hard to answer the very difficult question "How can a governement be fair and good to its people"
People crave power over others and will take advantage of others to benefit themselves whenever they can. Look at Big Corporate, if you doubt me. The Founding Fathers did an astounding thing when they wrote the Constitution - they pitted ambition against ambition, so that the worst part of human nature would be transformed into the driver for a stable, beneficial government for and of the people.
Of course, as the individual you replied to stated - government needs tax dollars in order to sustain itself. The bureaucrats need to get paid, facilities for them need to be built, the courts need to have people running them and facilities themselves, etc, etc. The machinery of government requires cash to run. It's just the nature of the beast.
Is our government imperfect? Of course! Is it fair? Not regularly. It is a far cry better than anything that came before, though. Go ahead, try and prove me otherwise. Find a spot in history that was better - and lasted!
I think that if you translate from Dumb Reporter to Technical you get "server on a service network or DMZ, available to the Internet but segregated from their internal network."
Quite possibly so. Let's hope.
That's standard practice, the thing has to be available to the Internet.
I'm very well aware of standard practice, but I am also aware (from my own personal experience) of certain companies whom still have Internet-facing systems which are not behind a firewall. Legacy architecture has an amazing ability to hang around.
Again, you need to translate here. Based on personal experience with similar organizations, I believe this translates to "He sniffed the plaintext (non-anonymous) FTP passwords off the Internet and used them to log in himself and get files."
That's a reasonable guess. My post was a (I think) reasonable guess. I'll bet if we sit and guess for the next thirty minutes, we can come up with another half-dozen perfectly good guesses as to what the compromise really was. There isn't enough info to be sure of anything.
Translation: "We changed all the FTP passwords, so that they will be secure until the next time someone sniffs them.
Well of course...I guess I shouldn't have left off the sarcasm tags, but I thought my quip about users synchronizing their passwords would make it obvious.
The only sign of weak infrastructure here is FTP passing plaintext passwords over the Internet. I don't see any real evidence that anything else was compromised - except their PR shell.
As I said above, one assumption is not much more valid than any other assumption, given the information available.
...but let's see what we can figure out from the article:
The breach involved one FTP server outside the Acxiom firewall, the company said. No internal systems or internal databases were accessed, and there was no breach of the security firewall.
Why did they have a server outside their firewall?!?
The company said only a small percentage of its clients' data was involved in the incident, and the hacker, a former employee of an Acxiom client, was arrested.
I guess they were trying to keep the article under a certain word count, because they forgot the word "alleged".
According to law enforcement officials, the person arrested was a known sophisticated hacker. Acxiom said the person apparently gained access through the hacking of encrypted passwords.
Okay, so this was probably little more than an attack against the/etc/shadow file if it's a UNIX box, or the SAM file if it's NT. In either case, I'm guessing they brute-forced / dictionary attacked the file with John the Ripper or the like. If that's what they did, how did they get the password file to begin with? Perhaps the FTP was a bit too willing to follow instructions? (recursion anyone?;)
After learning of the breach, Acxiom immediately moved to close the security gap and changed all passwords on the FTP server involved. The company is now in the process of communicating with all clients who might be potentially affected.
Now, does that mean they had all users change their passwords, or just their passwords on that server? I wonder how many of those users have the same passwords on other machines as they had on the compromised FTP server...hmm.....
"Acxiom is proud of its long-standing commitment to the security of our systems and our efforts toward continuous improvements in that area, so we deeply regret this breach," said Acxiom Company Leader Charles Morgan in the statement.
Which is why their infrastructure was vulnerable to begin with? Why was their FTP server outside their firewall? Why aren't they using a Firewall proxy? How about FTP servers with jails? Without more details, it's impossible to be sure, but this smells like a successful attack due to careless configuration and insecure architecture
Ah, but your forgetting the "many eyeballs" theory.
I've forgotten nothing. The "many eyeballs" theory only works if one has code to review. If stolen code was submitted to Linus et al, how could they have known it was stolen? The SCO source is closed and proprietery. I'm sure, if there is stolen code, and SCO had brought it to the kernel team's attention, they would have replaced the offending lines promptly with a clean implementation.
I'm not a big believer in that theory, but many open-source advocates are.
Fortunately for the rest of us, others do, such as the scientific community for the past several hundred years. Good thing, too, or we'd still be living in the 17th century. (technology wise)
Linux advocates should have established early on what they considered adequate proof.
It's been very clear from the beginning - show us the code. SCO has failed to do so thus far, all they've been interested in doing is to grab headlines with the least data possible. They haven't even told us which parts of the kernel.
Since you've clearly not bothered to read the OSI paper, allow me to make it easy for you and bring some of the meat & potatoes right to you. It clearly shows how SCO has not done their homework on this one:
SCO/Caldera misrepresents the efforts of the open-source community
When SCO/Caldera asserts (Paragraph 75): "The name âoeLinusâ(sic) was taken from the person who introduced Linux to the computing world, Linus Torvalds." its use of the verb âoeintroducedâ appears to be an attempt to insinuate that Linux was in some way copied or pre-existent rather than an invention that Linus Torvalds originated.
Similarly, when SCO/Caldera asserts (Paragraph 78): âoeThe primary purpose of the GNU organization is to create free software based on valuable commercial software.â it portrays the GNU organization's original works as being mere derivatives or clones. In doing so, it flatly contradicts the evidence of major GNU projects such as the Emacs editor that is shipped by SCO/Caldera itself not merely on its Linux but on its Unix product as well. The Emacs editor predated every commercial product with even roughly comparable features.
Both implied claims cannot but be characterized as false, self-serving attempts to denigrate the work of others in order to magnify SCO/Caldera's imputed importance as the present owner of the historical Bell Labs code. Furthermore, they are offensive to the tens (perhaps hundreds) of thousands of skilled programmers who have collaborated in the invention of modern open-source Unixes.
SCO/Caldera misrepresents the state of Linux now
In paragraph 85, SCO/Caldera claims: âoeFor example, Linux is currently capable of coordinating the simultaneous performance of 4 computer processors. UNIX, on the other hand, commonly links 16 processors and can successfully link up to 32 processors for simultaneous operation.â
32-processor SMP was already implemented under Linux in 2000.[44] 24-processor operation, three times the 8-processor limit of UnixWare, was demonstrated in 1998 on a Sun E10000[45].
Today, SGI is shipping Altix 3000 cluster computers that run Linux over 64 processors[46].
SCO/Caldera grossly misrepresents the state of Linux before IBM
A major part of SCO/Caldera's complaint turns on (a) representing pre-IBM Linux as a primitive makeshift being slapped together by garage-band amateurs. Their implied narrative is that (b) only the corporate intervention of IBM made Linux a competitive product, and that (c) IBM's intervention was in turn only efficacious due to the ineffable superiority of the primal Bell Labs code base.
All three of these assertions are not merely false, they are profoundly disrespectful to the many, many developers worldwide who labored with sweat and brilliance to craft Linux into a
Slashdot Mirror
Sounds like you could benefit from running GNU Screen on a server somewhere (assuming all those sessions are SSH or other cli friendly interfaces to the various places you do stuff).
Multiplexing is a great way to keep those sessions open and allow you the same access from other nodes pn the network. Besides, desktops really benefit from regular reboots - helps clear out the memory leaks and all.
I guess it's a matter of perspective...
Insomnia Sec's SyScan presentation on defeating DEP [PPT warning]
Google cache HTML-ified alternative to the PPT
It may well be that DEP's useful days are numbered. It's likely just a matter of time before these techniques are better researched, more widely understood and commonplace.
As always, the best defense is in depth, responsible disclosure, and patching, patching, patching.
This is interesting, considering the ad-hoc testing I did recently. I'm a Comcast customer in northern De, and DSL reports' speed test consistently gives me about 8Mbps down bs 1-2Mbps up.
My parents, I. Southeast PA, have FIOS. For giggles, I did the same DSL reports test, and got about the same results.
Do any other slashdotters have similar experiences?
Yeah, I might, if my memory weren't failing with age. ;-)
After just 15 minutes of the story being posted?
Wow, that's gotta be a personal best for /. (or, the site is a wee bit underpowered... ;)
Here's the Google cache in the meanwhile: http://webcache.googleusercontent.com/search?q=cache:http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/
Very valid points, and I agree with you completely.
As a matter of fact, I follow the same practices myself, including the rewards program...all those credit card purchases add up quickly! ;-)
And yes, as you said - always, ALWAYS, ALWAYS pay off your credit card completely every month!
Those interest rates will quickly eat you alive and put a person in dept for years .
So...it's more efficient for the central transaction processor (bank) to try and verify the legitimacy of transactions, rather than each individual? Let's break that down.
Let's just take an imaginary small consumer bank, with 10,000 customers in a local community. If we assume that, on average, their customers all have debit cards and use them to the tune of 20 times a week, that brings us right away to 200,000 transactions that the bank has to review and analyze per week. In the course of a month, it's 6,000,000.
So, how can the bank determine fraudulent transactions? Well, they can try and baseline everyone's average buying habits (stores, categories of purchasing), but that could cause false positives as people very often do unusual things. They can try and flag transactions based upon the use of the card in unusual places, but with so much interstate and even international commerce thanks to the Internet, that's not such a sure sign either, now.
Let's not forget that with a small bank, they don't have big and fancy computers with trained analysts to throw at the problem. I would think such small institutions have a staff on the order of a couple of hundred people, at best?
Of course, the big banks certainly have the money to throw at the problem to buy proper computers, software, and hire enough analysts, but the complexity is now far, far worse, as they service millions of customers all over the country (and possibly/probably international). Now we're talking probably in excess of billions of transactions for the same time period, and I think it's safe to say the complexity rockets up at an exponential rate, as you're now dealing with the rich, the poor, and everyone in between, all with their own buying patterns, habits, life changes, etc.
So, it's easier for the banks to be responsible for analyzing EVERYBODY'S transactions, which are complete black boxes to them?
Or, is it easier for us to log into our online account once or twice a week, scan our virtual checkbooks of 20(ish) transactions and say, "Yup, I remember buying all that stuff"...?
Whatever happened to taking a little personal responsibility?
For my part, I've been using Quicken for almost 5 years now to track every single account I have in my name, from mortgage to checking to retirement funds and all the rest. I'd venture to say nothing happens in my accounts without me noticing it in a few days. (It's a nice feeling to have such total understanding of your complete financial situation at any given moment. ;-) Sure, it takes some discipline, but after a while, it becomes habit.
About that comment you linked? Interesting, and he makes a good point about identity theft - but that's not what we're talking about here.
The case of the original poster was simple theft. Yes, the debit card number was lost, but it wasn't his SSN or some other critical piece of Personally Identifiable Information that allowed the thief to then take out a loan in the guy's name and walk off with the money, never to be heard from again and ruining that victim's credit rating in the process while leaving him personally liable for a debt he probably could never cover.
I'm not sure I see what liability for identity theft has to do with the efficiencies of who should be ultimately responsible for monitoring an individual's banking transactions for fraud.
In this day and age, with online banking so prevalent, checking your account every few days is only prudent. It's not unreasonable for the consumer to have some burden of identifying the loss, since each of us are the best and most efficient judge as to whether or not the transactions on our accounts are in fact ones we performed. Millions of dollars in software development and analyst training have been spent on helping banks to detect fraud, but those systems aren't fail proof.
In the end, there's no substitute for each of us keeping an eye on our own accounts' transactions.
If we don't take responsibility for our own financial affairs, should we really expect the banks to carry the whole burden on our behalf? No matter how good it is, any security measure can (and likely will, sooner or later) be defeated. (and let's not forget good old fashioned social engineering...)
In the end, the best protection against a breach is constant vigilance. (Or, said another way, prevention only goes so far, detection is still requried ;-)
(Emphasis mine).
Actually, I don't think the part about the lack of debit card consumer protections is factually accurate. Here's the blurb from The FTC's Facts for Consumers:
Yeah, I just can't count the number of times I was too stressed out to do math...
What is this 35% of which you speak?
Let's take a full look of that poll as of 8:30 tonight...
So, if we count "got many problems that I've not been able to solve" as failed upgrades (a reasonable thing to say) then 39% of the users who went to that forum have had unsuccessful upgrades.
By simple subtraction then, 61% of the users who went and voted in that poll had a working upgrade (I mean really ...who really upgrades their computer and doesn't expect at least 1 or 2 little issues? ;)
It's worth noting that this post was made from a laptop running an upgraded Ubuntu 9.10 from 9.04 - with 0 issues. It was actually the smoothest and easiest FOSS upgrade I've ever gone through in 10 years. That includes upgrades through the FreeBSD 3.x line (phear make world ;), Redhat, Gentoo (emerge world - gah!), as well as from Ubuntu 6.x through now.
Props to Canonical, Ubuntu is about the cleanest, easiest to use Linux I've ever seen. Keep those releases rolling! :)
Seems that site is down now too, in addition to this guy's site?
I've done T-TAPP for the past 9 months in the privacy of my own home and it's done wonders. It's an innovative isometric workout for the whole body by Theresa Tapp that's easy and very effective, requiring no equipment whatsoever.
For the first six months, my workout consisted of 15 minutes a day, 5 days every week (2 days off). Lately, I've upped two of those days to her 50 minute routine (which will crush anyone who is new to T-TAPP, I don't care what else you've been doing). You'll end up working muscles that you didn't even realize you had.
Bottom line, I've lost a bunch of weight and look like I've been lifting weights for all that time. I don't have numbers, as I don't watch the scale, but I've dropped about a waist size and a half.
Oh, and it's important to mind the food, too. It's hard to lose weight without a healthy diet.
I've also been doing a sort of Southbeach program for almost a year, which I've found works fairly well. I'd strongly recommend some low-carb solution (Atkins is okay, but fairly impractical, in my experience).
The combination of religiously doing T-TAPP workouts and eating a low-carb diet has been tremendous. I'd highly recommend it to anyone.
Yeah...no kidding...
now go have a seat, newbie.
I couldn't agree with you more - that's why I use the Logitech Marble Mouse instead of a classical trackball. By putting the track ball in the center, it moves the burden away from the thumb and shifts it to the fingers. I don't even really use my fingers, I just keep my hand flat on the ball and roll it around. That shifts the burden of movement further up my arm, allowing my to keep my wrist neutral and alleviate the strains that cause my RSI/carpal tunnel to flare up.
Having buttons on either side of the ball is a plus too, it allows me to handle mouse operations better, and one can emulate a middle-mouse button by "squeezing" the device (clicking left & right at the same time).
The other thing I do for my RSI/carpal tunnel is to use a Wacom Graphire Tablet The tablet is even better than the trackball, since the act of holding the stylus again shifts all of the burden of movement up one's arm, allowing the wrist to stay neutral and get some relief.
In actuality, I use both of them at my place of work. I have my tablet on my left (I'm a southpaw), my trackball on my right, and shift between whenever I feel one hand is receiving too much attention. I tend to favor the tablet, particularly for extended mouse operation. I fall back to the trackball whenever I feel my hand getting too tense from being in the same position for too long.
Naturally, I use the keyboard as much as I possibly can. (Thank heavens for keyboard shortcuts and vi!
Those mouse alternatives, coupled with an ergonomic keyboard, keyboard tray, and better overall ergonomic posture from head to toe and I've learned how to manage my carpal tunnel condition.
It used to be so bad three years ago that I couldn't carry a full mug of coffee, my hands were so weak from the ill effects of bad posture. Now, I am rarely plagued by it, and I often spend up to 10 to 14 hours a day on the computer.
I've never had surgery, nor any kind of treatment.
This is false. Common Carrier status indeed applies to ISP's.
Are you sure about that in the context of DSL providers? (which BellSouth is, I believe)
FCC Reclassifies DSL, Drops Common Carrier Rules
...someone already updated the Wikipedia entry to include this story.
They can re-org to get their products out the door! A clear sign of the efficiency, productivity, and qualtiy that can only be achieved in a hierarchical, proprietary shop.
No wonder Windows is so much better than Linux. You don't see Linus doing that kind of organizational work, now do you? :P Wouldn't it be great if he could? Too bad he can't cause it's Open Source. (Damned hippie commies!) Maybe if he could, then Linux could keep pace with the Windows release cycle...!
I guess that means we'll be seeing Vista any day now.
...That's right! Annnny day now.....
I hate to reply to such a rambling stream of consciousness that's likely about to be moderated into the cellar (am I feeding a troll, I wonder? ;) BUT...debating whether this is a crime or not is a rather pointless discussion. The fact of the matter is that there are Federal Laws that define criminal activity with regard to computer systems, particularly computer systems owned by the Federal Government.
The primary law to be familiar with in this context is Title 18 of the United States Code, section 1030., which states, in part:
'nuff said.
It is quite possible to win the war having never won a battle.
Actually, there is a good example of this in the American war For independence - Gen. Green, an American leader in the fight for the South,lost every battle he fought, and yet he won the South. He did this by forcing the British to chase his forces deep inland, away from the coastal areas where the British troops were easily restocked or supplies by the Britist Navy. This forced the British forces to turn to the American populace for supplies, which the British often took by force. the British actions turned the majority of Southerners against the British cause, when at the start of their campaign, only a few Americans were dead set against the British.
Not sure if it qualifies as wierd but right now I'm reading Slashdot in the middle of JC Penny as my wife shops for clothes.
For extra geek points, I'rn able to do this by way of my HP iPaq 2215 PocketPC, which has a Bluetooth link with my Motorola V600 phone, which in turn has a GPRS Internet link with AT&T
(of course it took me 15 minutes to write this silly post with the damned hand writing recognition software!)
Wow. You really don't know a damned thing about the human condition, do you?
Show me one place in history - just one - where this theory of government being the end result, not the driver of, civil society is proven. It is people's nature to not behave civilly. That's why we have such a large book of criminal law in modern civilization! How many trials about murder, theft, rape, and so forth have there been? If human-kind's nature was civillity, would we need criminal law? (If you doubt the true state of human nature, try raising a toddler! You'll get some impressive insights...)
If there is no government, there is a power vacuum. As the trite saying goes "nature abhors a vacuum". While trite, it is a trueism, especially with human affairs. Where there is chaos/anarchy, a strong despotic dictatorship will quickly arise. Just look at the whole of Africa. Look at various spots in European history (France in the early 1800s, Germany in the early part of the last century, the Balkans post Cold War).
The question isn't whether or not we need government in society. One cannot have a society without government. The question is what kind of government will we have? Allow me now to invoke Winston Churchill, "Democracy is a terrible form of government - but it is better than all the rest".
It's taken Western Civilization over 2,000 years to get to where we are - a large community of peaceful and stable Democracies and Republics. Government is a necessity of society. The uneducated, uninformed opinion that a government is a by-product of society, rather than the skeleton of it, is an insult to our Founding Fathers, and all of the other good people who worked hard to answer the very difficult question "How can a governement be fair and good to its people"
People crave power over others and will take advantage of others to benefit themselves whenever they can. Look at Big Corporate, if you doubt me. The Founding Fathers did an astounding thing when they wrote the Constitution - they pitted ambition against ambition, so that the worst part of human nature would be transformed into the driver for a stable, beneficial government for and of the people.
Of course, as the individual you replied to stated - government needs tax dollars in order to sustain itself. The bureaucrats need to get paid, facilities for them need to be built, the courts need to have people running them and facilities themselves, etc, etc. The machinery of government requires cash to run. It's just the nature of the beast.
Is our government imperfect? Of course! Is it fair? Not regularly. It is a far cry better than anything that came before, though. Go ahead, try and prove me otherwise. Find a spot in history that was better - and lasted!
I'm very well aware of standard practice, but I am also aware (from my own personal experience) of certain companies whom still have Internet-facing systems which are not behind a firewall. Legacy architecture has an amazing ability to hang around. That's a reasonable guess. My post was a (I think) reasonable guess. I'll bet if we sit and guess for the next thirty minutes, we can come up with another half-dozen perfectly good guesses as to what the compromise really was. There isn't enough info to be sure of anything.Well of course...I guess I shouldn't have left off the sarcasm tags, but I thought my quip about users synchronizing their passwords would make it obvious.As I said above, one assumption is not much more valid than any other assumption, given the information available.
Why did they have a server outside their firewall?!?
I guess they were trying to keep the article under a certain word count, because they forgot the word "alleged".
Okay, so this was probably little more than an attack against the
Now, does that mean they had all users change their passwords, or just their passwords on that server? I wonder how many of those users have the same passwords on other machines as they had on the compromised FTP server...hmm.....
Which is why their infrastructure was vulnerable to begin with? Why was their FTP server outside their firewall? Why aren't they using a Firewall proxy? How about FTP servers with jails? Without more details, it's impossible to be sure, but this smells like a successful attack due to careless configuration and insecure architecture
I've forgotten nothing. The "many eyeballs" theory only works if one has code to review. If stolen code was submitted to Linus et al, how could they have known it was stolen? The SCO source is closed and proprietery. I'm sure, if there is stolen code, and SCO had brought it to the kernel team's attention, they would have replaced the offending lines promptly with a clean implementation.
I'm not a big believer in that theory, but many open-source advocates are.
Fortunately for the rest of us, others do, such as the scientific community for the past several hundred years. Good thing, too, or we'd still be living in the 17th century. (technology wise)
Linux advocates should have established early on what they considered adequate proof.
It's been very clear from the beginning - show us the code. SCO has failed to do so thus far, all they've been interested in doing is to grab headlines with the least data possible. They haven't even told us which parts of the kernel.
Since you've clearly not bothered to read the OSI paper, allow me to make it easy for you and bring some of the meat & potatoes right to you. It clearly shows how SCO has not done their homework on this one: