Denyhosts depends on login failures being logged to/var/log/auth (or similar) and it only checks those logs periodically (maybe once a minute?) The article indicates this bug allows a large number of attempts per *connection*. Does ssh even log the failure if the connection is not closed? I don't know the answer to that. In any case, it can make a lot of attempts in the interval between checks of the log.
At least with Android you get a pop-up asking if you want to perform the upgrade. And you can say "not now."
I've been refusing to "upgrade" my phone to KitKat for a year and a half now. You do have to face the annoyance of the pop-up every 24 hours, but at least you're not forced into a regression.
Our Computer Science alumni get to keep their email account on the departmental server. (At least until we replace that server.) Students elsewhere on campus? Not so much.
As a matter of fact, for the last 5 years or so, non-CS students aren't provided with any university associated email address -- they have to provide their own. To be fair, this was largely because most of them already had an address of their own and weren't responding to emails sent to the campus address.
That's a good point, and it makes his argument even more unsupportable. My experience was between 35 and 40 years ago.
I did get scholarships -- a $1000 one-time scholarship and $1500 a year for 4 years. With that and working part time during the year and full time in the summers, I finished a bachelor in physics with no debt. I wasn't living high on the hog, but I wasn't slumming it either. This was at the University of Colorado, so I wasn't getting a bargain basement education, but I also wasn't being extravagant.
I checked a few years ago, and there's no way I would have been able to do that with current prices. But 35 or 40 years ago? If he couldn't get a *good* education without going seriously into debt, he wasn't trying.
My Dahlquist DQ10s are practically brand new. Bought them in 1975. Still sound great, even though I had to re-cone the woofers about 15 years ago when the paper gave out.
Since that's not an option, maybe the smart thing to do (now that we know the problem) would be to keep your Sourceforge account current and periodically upload a "special" version that pops up a warning, "This software has been downloaded from an untrusted site. Please go to...."
If you renew this version every six months or so they'll have to find a new excuse beyond, "Hey, it was abandoned."
That may not help projects that have already been hijacked.
ACLU for New Jersey has had a camera app that transmits to the cloud for years. ACLU just recently (as in days ago) rolled out versions for multiple states, apparently only differing by which ACLU office they notify.
Good points. I'd been under the impression that link local addresses were the only ones based on MAC address, but a little investigation shows me that there are schemes that also use the MAC address for public addresses.
And you're also right that admins are likely to choose addresses that are simpler for them if they assign them manually.
But all this is moot if a working firewall is in place. And that's really no different than the IPV4 situation.
I live next door to a Costco. If I'm running low, I can run next door.
If I had one of these buttons, its battery would be dead by the time I need to order again. My Costco package of TP or paper towels usually lasts me about three years. Laundry detergent maybe a year or so. My 4-pack of giant toothpaste tubes is a couple of years worth.
It's not so much that I'm organized, but I usually become aware that I'm low on those things a month or two in advance, when the gaping hole in the closet where I keep that stuff jumps out at me.
I don't have any experience with MOOCs, but I can tell you that (in general) if I get an older student (30+) in my class, he or she is very likely to be near the top of the class.
The older students generally know why they're there. They have motivation.
There was a time when I looked forward to coming to Slashdot on the 1st of April. All of the April Fool gags from around the Internet (or at least most of the ones of nerd interest) were linked here.
It's OK to have *one* home-grown gag. **One**. After that, it just doesn't work.
I'm not exactly sure what the rules are. My initial attempts at a password contained "^" -- I figured it was safe, because it was in the list they suggested. I kept simplifying the password and it kept rejecting me. Each time I had to re-enter half the security choices -- it kept my answers, but not the questions.
I finally gave up and chose a completely new password, and this one didn't include "^". Took it the first time.
That turns out not really to be the case. If you had said the most repetitive jobs, I'd be more likely to buy it.
A housekeeper or a janitor is a fairly menial job, but it is a very difficult one to automate. It involves recognising randomly present items (clutter) and dealing with them (putting them away, straightening them or whatever.)
Assembly lines are different -- those are very repetitive. It's not nearly so hard to automate, since the variety of actions and the judgment of when and how they should be carried out doesn't change much.
Don't lose sight of the fact that the majority of stories in I, Robot were about the failure modes of the Three Laws. Why they didn't quite work as intended.
Slashdot Mirror
Locking accounts? Wow, that could never be used for a denial of service attack.
Denyhosts depends on login failures being logged to /var/log/auth (or similar) and it only checks those logs periodically (maybe once a minute?) The article indicates this bug allows a large number of attempts per *connection*. Does ssh even log the failure if the connection is not closed? I don't know the answer to that. In any case, it can make a lot of attempts in the interval between checks of the log.
At least with Android you get a pop-up asking if you want to perform the upgrade. And you can say "not now."
I've been refusing to "upgrade" my phone to KitKat for a year and a half now. You do have to face the annoyance of the pop-up every 24 hours, but at least you're not forced into a regression.
Our Computer Science alumni get to keep their email account on the departmental server. (At least until we replace that server.) Students elsewhere on campus? Not so much.
As a matter of fact, for the last 5 years or so, non-CS students aren't provided with any university associated email address -- they have to provide their own. To be fair, this was largely because most of them already had an address of their own and weren't responding to emails sent to the campus address.
That's a good point, and it makes his argument even more unsupportable. My experience was between 35 and 40 years ago.
I did get scholarships -- a $1000 one-time scholarship and $1500 a year for 4 years. With that and working part time during the year and full time in the summers, I finished a bachelor in physics with no debt. I wasn't living high on the hog, but I wasn't slumming it either. This was at the University of Colorado, so I wasn't getting a bargain basement education, but I also wasn't being extravagant.
I checked a few years ago, and there's no way I would have been able to do that with current prices. But 35 or 40 years ago? If he couldn't get a *good* education without going seriously into debt, he wasn't trying.
Hmmph.
My Dahlquist DQ10s are practically brand new. Bought them in 1975. Still sound great, even though I had to re-cone the woofers about 15 years ago when the paper gave out.
As long as you've brought up toilets...
If there are any males in the house (heh, who am I kidding, this is Slashdot) you want oval, not round.
Since that's not an option, maybe the smart thing to do (now that we know the problem) would be to keep your Sourceforge account current and periodically upload a "special" version that pops up a warning, "This software has been downloaded from an untrusted site. Please go to...."
If you renew this version every six months or so they'll have to find a new excuse beyond, "Hey, it was abandoned."
That may not help projects that have already been hijacked.
You sure it's not just a case of all of them getting ahold of the same batch of bad drugs?
I don't think anyone hates Comcast because they're number 1. People hate Comcast because they're Comcast.
I never gave them any false information.
I told them my name was Cash.
ACLU for New Jersey has had a camera app that transmits to the cloud for years. ACLU just recently (as in days ago) rolled out versions for multiple states, apparently only differing by which ACLU office they notify.
https://play.google.com/store/...
http://www.androidheadlines.co...
Could be worse. There are sites (yes, slashdot, I'm looking at you) that re-edit your URL to put the mobile site back.
Good points. I'd been under the impression that link local addresses were the only ones based on MAC address, but a little investigation shows me that there are schemes that also use the MAC address for public addresses.
And you're also right that admins are likely to choose addresses that are simpler for them if they assign them manually.
But all this is moot if a working firewall is in place. And that's really no different than the IPV4 situation.
Simple nmap scan? Yeah.
If they can scan 10,000 addresses a second they should be able to scan your home address space in not much under a million years.
Assuming you didn't do something radical, like, maybe, used a firewall.
It's more like saying a fax isn't an answering machine. Both use the phone network, but neither depend on the other.
I live next door to a Costco. If I'm running low, I can run next door.
If I had one of these buttons, its battery would be dead by the time I need to order again. My Costco package of TP or paper towels usually lasts me about three years. Laundry detergent maybe a year or so. My 4-pack of giant toothpaste tubes is a couple of years worth.
It's not so much that I'm organized, but I usually become aware that I'm low on those things a month or two in advance, when the gaping hole in the closet where I keep that stuff jumps out at me.
OK, now that the whole front page is non-fool gags, are we done now?
Either post some actual April-fool type stories, or go back to regular news.
Please?
I don't have any experience with MOOCs, but I can tell you that (in general) if I get an older student (30+) in my class, he or she is very likely to be near the top of the class.
The older students generally know why they're there. They have motivation.
I'd imagine the same thing holds true with MOOCs.
There was a time when I looked forward to coming to Slashdot on the 1st of April. All of the April Fool gags from around the Internet (or at least most of the ones of nerd interest) were linked here.
It's OK to have *one* home-grown gag. **One**. After that, it just doesn't work.
I briefly had a roommate who was a pilot with a commuter airline. His salary was $8K. This was in 1983 or so.
Image a robot that can only pick things up off the floor and put them away.
Then work on that problem for ten or twenty years until you can build what you imagined.
It's not conglomerating a bunch of tasks together that's hard, it's that some of the tasks themselves are very hard.
I'm not exactly sure what the rules are. My initial attempts at a password contained "^" -- I figured it was safe, because it was in the list they suggested. I kept simplifying the password and it kept rejecting me. Each time I had to re-enter half the security choices -- it kept my answers, but not the questions.
I finally gave up and chose a completely new password, and this one didn't include "^". Took it the first time.
The most menial.
That turns out not really to be the case. If you had said the most repetitive jobs, I'd be more likely to buy it.
A housekeeper or a janitor is a fairly menial job, but it is a very difficult one to automate. It involves recognising randomly present items (clutter) and dealing with them (putting them away, straightening them or whatever.)
Assembly lines are different -- those are very repetitive. It's not nearly so hard to automate, since the variety of actions and the judgment of when and how they should be carried out doesn't change much.
Don't lose sight of the fact that the majority of stories in I, Robot were about the failure modes of the Three Laws. Why they didn't quite work as intended.