This suffers from the usual problems. You need something like a balanced court process to be really sure the person you find really is guilty, and that means letting some 80% sure cases walk free. Also you can't make amends if you find out you killed the wrong person.
I refer you again to the line about keeping current keys in authorized keys and again to the fact you should not be allowed to managed anything more important than a pocket calculator.
I never said leave your car unlocked with the keys in the ignition, that doesn't mean I'm advising people to do that. I really hope you don't manage anything more serious than your home system because you don't have a clue.
'Check you only have current and correct keys in authorized_keys' means getting rid of keys that have, or may have, leaked. I never said don't use passphrases but ultimately you can't trust them because you can't trust users to do the right thing.
There is no security reason to move SSH to a different port. It's dead easy to work out what port it's on as it has a clear banner. VPN and ipsec are not more secure than SSH and often cause more problems as they can bridge trusted to untrusted networks.
If you want to setup SSH right:
Turn off all password authentication.
Turn off everything else in the config you are not using, like host based and kerberos authentication.
Use big key lengths.
Check you only have current and correct keys in authorized_keys
Limit keys by IP address or with forced commands if possible
Disable root logins and all common user names if it makes you feel more secure
Use privilege separation
You may optionally limit connections per IP with iptables or an equivalent firewall but don't trust that fail2ban crap
Set log level verbose so it actually logs what key was used to authenticate who
What moron decided to use the same key on all of them is my question. If it is really on EPROM then you really need to avoid stupidity like this since it is harder to change later.
Vendor: "But it's perfectly secure because we promise to keep the key safe!" PHB of whatever government department: "I see no problem with that"
It looks like this system is made for anyone who knows how to use SSH and can figure out how to get this emergency broadcast system to broadcast their message. I expect regular Zombie, Vampire, Killer Bee, and Klingon invasions for the next few months and maybe a few party political broadcasts by right-wing Christian nut-jobs.
Look on the bright side, it's better than regular TV.
Sorry, I do not see the machine gun nests set up around the American border with the intent to KEEP PEOPLE IN Until that happens, I have little cause to believe your NSA=Stasi story
Google for 'concentration camps in America', there are photos and videos of massive fully manned camps with fences designed to keep people in, not out. These camps are seemingly ready to be used yet empty and they are not part of the prison system.
Also there are enough government owned weapons in the US to setup gun nests all over the place at very short notice.
(yea, that's right, I called you all dicks. Prove me wrong.)
I do agree. NSA staff, GCHQ staff, and anyone else who does what they know to be wrong and try to justify it by claiming that their paymasters are morally culpable for their actions are all dicks. And cowards who hide in shadows. And leeches on an overburdened state.
I don't believe that most people choose their job based on "doing good", but not doing things that are repugnant to your person is always a consideration.
When I was in university the DRA ( UK Defence Research Agency ) were actively trying to recruit people and a lot of students applied. I avoided them because ultimately they were trying to find better ways to kill people. Not all of us will sell out everything we know to be right just to buy a bigger TV or a bigger car.
So you are saying there is no correlation between doing evil on a massive scale and people leaking details of your activities to the world? I think you are wrong.
The best way to get your employees not to stab you in the back is to not do things that are offensive to them because there will always be a few who will do what their convictions tell them regardless of consequences.
GPD/capita is lower, consumer price index is lower. US dominates world finance/economy/art.
GDP/capita is an average that includes some super rich people. Bill Gates could buy a thousand mansions, that doesn't help you buy a cup of coffee. The consumer price index is lower in Europe? I'm not so sure the cost of living is. Things are pretty cheap in the US I'll grant you that but I'm talking about safety from crime and quality of life here not how much cheap clothing people can buy. The US doesn't dominate finance/economy as you so say, it's all one big interconnected system with no center.
And ART? Are you kidding? In fact forget art, it's a silly thing to even mention.
Slashdot Mirror
Ein world, Ein company, Ein Steve Ballmer.
Yeah... a Christian fundamentalist is going to complain about pantheism not being respected. Definitely.
What's all this holy trinity stuff about then? And why do they on on about Jesus all the time and rarely about god?
Actually don't waste your time answering because I don't care.
Shall we play a game?
"What a strange game, the only winning move is not to play." - Or something like that, it's been a while since I saw that film.
Pedantic point - It's HAL 9000.
HAL 9000 was driven mad by the contradictory instructions from its management. There is a lesson for us all in there.
Flaming someone for their sig, really?
You sound like a Christian fundamentalist nut-job, maybe the invisible man pulling your invisible strings just pulled too hard.
This suffers from the usual problems. You need something like a balanced court process to be really sure the person you find really is guilty, and that means letting some 80% sure cases walk free. Also you can't make amends if you find out you killed the wrong person.
Assembler/Script/Language?
Ok, it's not funny but I tried.
Just wait until these slut-bots start falling to buffer overflows, SQL or shell injection attacks, or whatever.
Don't take criticism well do you?
It's not that, I just don't take ignorant fools who think they know what they are talking about well.
I refer you again to the line about keeping current keys in authorized keys and again to the fact you should not be allowed to managed anything more important than a pocket calculator.
I never said leave your car unlocked with the keys in the ignition, that doesn't mean I'm advising people to do that. I really hope you don't manage anything more serious than your home system because you don't have a clue.
'Check you only have current and correct keys in authorized_keys' means getting rid of keys that have, or may have, leaked. I never said don't use passphrases but ultimately you can't trust them because you can't trust users to do the right thing.
There is no security reason to move SSH to a different port. It's dead easy to work out what port it's on as it has a clear banner. VPN and ipsec are not more secure than SSH and often cause more problems as they can bridge trusted to untrusted networks.
If you want to setup SSH right:
Turn off all password authentication.
Turn off everything else in the config you are not using, like host based and kerberos authentication.
Use big key lengths.
Check you only have current and correct keys in authorized_keys
Limit keys by IP address or with forced commands if possible
Disable root logins and all common user names if it makes you feel more secure
Use privilege separation
You may optionally limit connections per IP with iptables or an equivalent firewall but don't trust that fail2ban crap
Set log level verbose so it actually logs what key was used to authenticate who
If Montana was overrun by Zombies would anyone care?
Now if Hannah Montana was fighting off a zombie invasion, maybe with a chainsaw, that would be a great film.
What moron decided to use the same key on all of them is my question. If it is really on EPROM then you really need to avoid stupidity like this since it is harder to change later.
Vendor: "But it's perfectly secure because we promise to keep the key safe!"
PHB of whatever government department: "I see no problem with that"
I agree... anyone who waives their hands is a moron. You can waive my hands from my cold dead (animated) body.
Anyone that waves their hands about, in an enclosed space such as a train or a bus, whilst talking on a phone, is beyond moron.
Nah, this system isn't made for you.
It looks like this system is made for anyone who knows how to use SSH and can figure out how to get this emergency broadcast system to broadcast their message. I expect regular Zombie, Vampire, Killer Bee, and Klingon invasions for the next few months and maybe a few party political broadcasts by right-wing Christian nut-jobs.
Look on the bright side, it's better than regular TV.
Although it may be true that most people do not work to "do good" they do tend to avoid work they consider manifest wickedness.
Sorry, I do not see the machine gun nests set up around the American border with the intent to KEEP PEOPLE IN
Until that happens, I have little cause to believe your NSA=Stasi story
Google for 'concentration camps in America', there are photos and videos of massive fully manned camps with fences designed to keep people in, not out. These camps are seemingly ready to be used yet empty and they are not part of the prison system.
Also there are enough government owned weapons in the US to setup gun nests all over the place at very short notice.
(yea, that's right, I called you all dicks. Prove me wrong.)
I do agree. NSA staff, GCHQ staff, and anyone else who does what they know to be wrong and try to justify it by claiming that their paymasters are morally culpable for their actions are all dicks. And cowards who hide in shadows. And leeches on an overburdened state.
I don't believe that most people choose their job based on "doing good", but not doing things that are repugnant to your person is always a consideration.
When I was in university the DRA ( UK Defence Research Agency ) were actively trying to recruit people and a lot of students applied. I avoided them because ultimately they were trying to find better ways to kill people. Not all of us will sell out everything we know to be right just to buy a bigger TV or a bigger car.
So you are saying there is no correlation between doing evil on a massive scale and people leaking details of your activities to the world? I think you are wrong.
The best way to get your employees not to stab you in the back is to not do things that are offensive to them because there will always be a few who will do what their convictions tell them regardless of consequences.
I agree. To retire I'd leave Europe and go to Thailand or somewhere pleasant and cheap.
GPD/capita is lower, consumer price index is lower. US dominates world finance/economy/art.
GDP/capita is an average that includes some super rich people. Bill Gates could buy a thousand mansions, that doesn't help you buy a cup of coffee.
The consumer price index is lower in Europe? I'm not so sure the cost of living is. Things are pretty cheap in the US I'll grant you that but I'm talking about safety from crime and quality of life here not how much cheap clothing people can buy.
The US doesn't dominate finance/economy as you so say, it's all one big interconnected system with no center.
And ART? Are you kidding? In fact forget art, it's a silly thing to even mention.
I'm leaving the US soon, for good. The rest of you sheep can have the
steaming pile. Fuck you all.
The rest of the world is messed up too, just in different ways.
All considered Europe is probably a better place to live than the US right now.
Fighting and losing while keeping your principles is far better than being a sniveling coward.
What use are your principles if you are dead?
I'd rather fight and win but pick my fights very carefully.