I think every U.S. politician should watch this at least once a week, both during session and during their fundraising runs.
Returning to the topic, it sounds like you have until they turn 18 to make that decision. By then, they can consider all the pros and cons and make their own decision, right?
The Jabra Speak 410 is also an excellent USB speakerphone with feedback suppression. Works well with Lync on Windows or Mac, in my personal experience. This would require someone bringing their laptop into the conference room just to run the VoIP app of your choice, though, but is likely to be a cheaper solution than any Polycom phone.
I'd be surprised if the drive even spins though. Most of the time when I go to try ancient hardware, the drives don't spin, or spin enough, even though the owner remembers that it was working when they shut it off.
I've heard the fix for that is to spin the entire drive while applying power; kind of nudge it along the platter's axis to get the bearings unstuck. It involves "open-case surgery," where you have the drive out of the case and free to move while you first apply power. Once it starts spinning, you'll want to power down and reinstall into the case so you don't knock it around while it's operating and damage it further.
OK, this is clearly a bad thing, but I don't think it means that your private LAN is immediately accessible to people all over the world does it? Multiple routers using the same keys means you could be tricked into logging in to someone else's router without knowing, but that would still require some way of directing your traffic to the impostor's device to begin with, such as DNS hijacking.
Finally, a breath of sanity... Thank you, nuckfuts! A shame this is the bottom thread in the post.. at least when I got here.
There is a huge difference between a host key and a user key. These consumer devices all share the same host key, which is only used by the client to verify that the host you're connecting to is the host you think you're connecting to. This is the key in/etc/ssh/ssh_host_rsa_key for those with access to a Linux shell, and is never encrypted or password protected. How do I know this? Because there's no way to determine what user keys are in a host's authorized_keys file with just an unauthenticated connection. However, when a client connects, the server always sends the host's public key along with a challenge signed by the host's private key.
The host key is only ever used for authentication, never for authorization, which is to say it identifies the server you're connecting to, but in no way grants any privilege to access it. The only risk here that I can think of is a MITM attack. Since the host key is well known, someone could fiddle with your DNS or local ARP tables and make a victim connect to their evil server without the scary "MAY HAVE BEEN COMPROMISED!!!" warning you get when the destination host key doesn't match what's in the known_hosts file.
If someone can paint a more frightening scenario (based on known host keys, not user keys), I'd like to hear it. If you don't understand the difference, don't bother trying.
I'm sure it's commercially viable, easy and cheap to do. We'll see this in real world applications in about 2 years if all goes well.
NOT!
But good luck with it. This is the kind of breakthrough that may one day lead to viable quantum computers, teleportation, and other things that are relegated to the SyFy channel for now.
So the boss came to you with the offer, and you, being the weasel that you are, accepted. Conversely, he didn't go to the guy in the next cubicle, so he knows nothing about this, right? That's a messed up place to work. The guy in the next cubicle should find a place that's not full of weasels and let you and your boss dig your own holes.
Not to mention that it's a good opportunity to strengthen whistleblower protections so that you can roll on your weasel boss without fear of retribution and loss of job/position...
As your employer, I'm still going to need to see that full ID. Remember, you are an At Will Employee.
As your federal government, I'm investigating claims that you are asking for your employee's voting IDs. Remember, you are subject to the laws of the federal government, and the fine for this particular infraction will surely put you out of business.
A good AC can easily move 3-5 watts of heat for each watt of energy it requires to operate. No such luck with heating systems, they at best get you 1 watt of heat for each watt they take.
You really need to qualify that statement. You get 1 watt of heat for each watt you use... for resistive heating. Many places that need both cooling and heating don't run an A/C and an electric heater, they run a heat pump, which pumps heat either into or out of the house. Because of the heat differential, one direction may be more efficient than the other, but it is still much better than a resistive heating element
In one minute of research, comparing a 2.5 ton 13 SEER A/C to an equivalent heat pump, the ability to both heat and cool adds a little less than %20 to the price at Home Depot. Installation costs are likely identical, as they both consist of the same components. With that cost differential, an A/C + resistive heat solution is only smart for a place that only needs heat a few nights per year.
That's what I was thinking. Comcast would no doubt complain about what a burden it is, but would ultimately agree because their lawyers found a loophole. They would then roll out a free public service that technically complies with their requirements, but is useless in actual application.
... when configured to boot straight into Steam Big Picture mode, the influence of the underlying OS is visible only in the larger game library.
... and the considerable additional maintenance requirements that go along with a full fledged operating system. Considering that Windows has required more frequent patches for security issues than Linux for the past few years, that's not a trivial distinction.
PP:
With Windows on it, this little machine can fulfill most of my needs for the living room / home and offers me a platform that i am already familiar with to play my games, (Steam supported or not), get some work done (Office etc) and watch movies.
While this is a valid point, it is a realization of this change in paradigm. With Windows 8.1, it is a regular desktop computer, not a gaming console. While that gives you the ability to do office work and more, it takes it out of the single-purpose, dedicated function, "appliance" category that consoles usually fall in.
With Linux running as essentially an embedded OS, it's likely that updates would be less frequent, smaller, and less crucial to it's overall suitability if skipped. As an example, how long has it been since you've updated your smart TV or DVR as opposed to your desktop or laptop?
Ok, seems like you're trying to do things the windows way, i.e. blocking outbound connections based which application is running. Things are not done that way on Linux. Outbound connections are open and most of us are fine with it.
The Window Firewall, the original BlackIce for Windows, and AVG as well, I believe, all fall in the category of Application Firewalls, as they base their actions with knowledge of the application holding the IP connection endpoint. IPtables is a Stateful Firewall, so named because it relies solely on the connection's state, without regard to the application at the sending or receiving end of the connection.
The Application Firewall link above actually does have some suggestions about how such things can be handled on Linux using utilities others have described. Mandatory Access Control tools such as SELinux and grsecurity can allow or deny access to resources (such as the network interface) to applications, but I don't believe they have fine-grained controls for conditional access based on IPs or ports.
None of these are as easy to use as AVG for Windows is.. (This could be the new definition of "understatement!") In fact, I would like to think I know Linux quite well, have used it as a desktop and server platform for years, have written patches for kernel modules, and can configure a solid IPtables firewall ruleset from scratch, but AppArmor and SELinux still scare me...
There's a link here describing how to mark packets based on an application's uid (user). This might be a basis for controlling permissions per app, but you're talking about a very complex IPtables ruleset. Definitely not for someone only two days into their Linux journey.
Any missing footage should result in someone being fired.
Agreed.
There is one plus side to ubiquitous cameras operated by the police: It will be harder for the police to justify denying us the ability to record our interactions with them.Somepolicedepartments haven't gotten the memoyet...
This was my thought on reading the article as well. "Adobe is doing more to kill DRM with this move than anything they've done in the past." There's nothing like punishing the innocent to get people's attention.
Or what about renting a server? For the RAM requirements you're going to need, you'll likely need more than the entry level offering, but the capital expenses are lower than having to buy a new computer...
Now contrast this statement from the recent "STFU" response to AT&T's shareholders. And the complete silence from Verizon, whose name was on the first round of the salvo.
At least these eight are making noise, rather than just hoping the issue fades from the public's consciousness. Here's wishing there was a telecom provider that wasn't so obviously in bed with the spooks...
So are you saying that if the files had been encrypted, they wouldn't have been confiscated, all of this would not have happened?
What else precautions one should make not to become the victim of one's own government? Is leaving home allowed? Is there a list of approved websites to visit?
You are making the case that the government is a bullying criminal. And while you can and perhaps should avoid getting the attention of a hooligan/bully/criminal, the government is at least in principle there for you. And in my mind this makes the situation completely different. One shouldn't bow to bullies, but having a bullying government is worse.
And yes, of course the files should have been encrypted. I wonder if they would have detained her in that case.
If the files had been encrypted (after transcription, if needed), then this would be a case about overreaching warrants and illegal government actions, not a case about overreaching warrants, illegal government actions, and wrongful terminations, as that last item will undoubtedly be the end result of the intelligence DHS has collected on the whistle-blowers.
You are right in that she shouldn't have to protect herself and her informants from the government, but such is the imperfect world we find ourselves in while we try to dig our way out of it. She failed her informants. She should have known better than to depend on legal principle to protect her informants from the current administration.
I did say his research skills could use some polish. And I figure one more developer that is at least semi-aware of security is a good thing. Many don't even consider the security implications of what they write.
Yes, I did enjoy it. So you didn't. To each his own.
Jeff Cogswell is the author of several tech books including “C++ All-In-One Desk Reference For Dummies,” “C++ Cookbook,” and “Designing Highly Useable Software.” A software engineer for over 20 years, Jeff has written extensively on many different development topics. An expert in C++ and JavaScript, he has experience starting from low-level C development on Linux, up through modern Web development in JavaScript and jQuery, PHP, and ASP.NET MVC.
Good job, Jeff! Welcome to the exciting world of security research!
I applaud you for (re)discovering these techniques on your own. Your out-of-box thinking and problem solving are to be commended, but your research skills could use some polish. Please don't let the negative comments above discourage you from exploring this rewarding field of knowledge, however I would recommend you run your findings by some existing security folks before announcing your next big discovery, lest you find you're just rehashing something else that has long been known.
Seriously; good job! I enjoyed reading how you worked your way up to your conclusions, even though I knew from the start how it would end...
I should add that your sentiment of "we know better than you so you should trust us" is exactly what the government is spewing, and you see how well that's working.
While the kernel source is the epitome of transparency, and the NSA is the exact opposite, there will always be people who cannot or will not read the source. That does not mean they don't want to know some of the details so they can make informed decisions. That curiosity should be welcomed, not derided.
Slashdot Mirror
Obligatory The Newsroom opening sequence
I think every U.S. politician should watch this at least once a week, both during session and during their fundraising runs.
Returning to the topic, it sounds like you have until they turn 18 to make that decision. By then, they can consider all the pros and cons and make their own decision, right?
The Jabra Speak 410 is also an excellent USB speakerphone with feedback suppression. Works well with Lync on Windows or Mac, in my personal experience. This would require someone bringing their laptop into the conference room just to run the VoIP app of your choice, though, but is likely to be a cheaper solution than any Polycom phone.
...but buggars can't be choosers I guess...
Fixed that for ya...
I'd be surprised if the drive even spins though. Most of the time when I go to try ancient hardware, the drives don't spin, or spin enough, even though the owner remembers that it was working when they shut it off.
I've heard the fix for that is to spin the entire drive while applying power; kind of nudge it along the platter's axis to get the bearings unstuck. It involves "open-case surgery," where you have the drive out of the case and free to move while you first apply power. Once it starts spinning, you'll want to power down and reinstall into the case so you don't knock it around while it's operating and damage it further.
OK, this is clearly a bad thing, but I don't think it means that your private LAN is immediately accessible to people all over the world does it? Multiple routers using the same keys means you could be tricked into logging in to someone else's router without knowing, but that would still require some way of directing your traffic to the impostor's device to begin with, such as DNS hijacking.
Finally, a breath of sanity... Thank you, nuckfuts! A shame this is the bottom thread in the post.. at least when I got here.
/etc/ssh/ssh_host_rsa_key for those with access to a Linux shell, and is never encrypted or password protected. How do I know this? Because there's no way to determine what user keys are in a host's authorized_keys file with just an unauthenticated connection. However, when a client connects, the server always sends the host's public key along with a challenge signed by the host's private key.
There is a huge difference between a host key and a user key. These consumer devices all share the same host key, which is only used by the client to verify that the host you're connecting to is the host you think you're connecting to. This is the key in
The host key is only ever used for authentication, never for authorization, which is to say it identifies the server you're connecting to, but in no way grants any privilege to access it. The only risk here that I can think of is a MITM attack. Since the host key is well known, someone could fiddle with your DNS or local ARP tables and make a victim connect to their evil server without the scary "MAY HAVE BEEN COMPROMISED!!!" warning you get when the destination host key doesn't match what's in the known_hosts file.
If someone can paint a more frightening scenario (based on known host keys, not user keys), I'd like to hear it. If you don't understand the difference, don't bother trying.
I'm sure it's commercially viable, easy and cheap to do. We'll see this in real world applications in about 2 years if all goes well.
NOT!
But good luck with it. This is the kind of breakthrough that may one day lead to viable quantum computers, teleportation, and other things that are relegated to the SyFy channel for now.
So the boss came to you with the offer, and you, being the weasel that you are, accepted. Conversely, he didn't go to the guy in the next cubicle, so he knows nothing about this, right? That's a messed up place to work. The guy in the next cubicle should find a place that's not full of weasels and let you and your boss dig your own holes.
Not to mention that it's a good opportunity to strengthen whistleblower protections so that you can roll on your weasel boss without fear of retribution and loss of job/position...
As your employer, I'm still going to need to see that full ID. Remember, you are an At Will Employee.
As your federal government, I'm investigating claims that you are asking for your employee's voting IDs. Remember, you are subject to the laws of the federal government, and the fine for this particular infraction will surely put you out of business.
A good AC can easily move 3-5 watts of heat for each watt of energy it requires to operate. No such luck with heating systems, they at best get you 1 watt of heat for each watt they take.
You really need to qualify that statement. You get 1 watt of heat for each watt you use... for resistive heating. Many places that need both cooling and heating don't run an A/C and an electric heater, they run a heat pump, which pumps heat either into or out of the house. Because of the heat differential, one direction may be more efficient than the other, but it is still much better than a resistive heating element
In one minute of research, comparing a 2.5 ton 13 SEER A/C to an equivalent heat pump, the ability to both heat and cool adds a little less than %20 to the price at Home Depot. Installation costs are likely identical, as they both consist of the same components. With that cost differential, an A/C + resistive heat solution is only smart for a place that only needs heat a few nights per year.
That's what I was thinking. Comcast would no doubt complain about what a burden it is, but would ultimately agree because their lawyers found a loophole. They would then roll out a free public service that technically complies with their requirements, but is useless in actual application.
Been there before; got the t-shirt.
I'm with you. Show me video, or it didn't happen!
... when configured to boot straight into Steam Big Picture mode, the influence of the underlying OS is visible only in the larger game library.
... and the considerable additional maintenance requirements that go along with a full fledged operating system. Considering that Windows has required more frequent patches for security issues than Linux for the past few years, that's not a trivial distinction.
PP:
With Windows on it, this little machine can fulfill most of my needs for the living room / home and offers me a platform that i am already familiar with to play my games, (Steam supported or not), get some work done (Office etc) and watch movies.
While this is a valid point, it is a realization of this change in paradigm. With Windows 8.1, it is a regular desktop computer, not a gaming console. While that gives you the ability to do office work and more, it takes it out of the single-purpose, dedicated function, "appliance" category that consoles usually fall in.
With Linux running as essentially an embedded OS, it's likely that updates would be less frequent, smaller, and less crucial to it's overall suitability if skipped. As an example, how long has it been since you've updated your smart TV or DVR as opposed to your desktop or laptop?
Ok, seems like you're trying to do things the windows way, i.e. blocking outbound connections based which application is running. Things are not done that way on Linux. Outbound connections are open and most of us are fine with it.
The Window Firewall, the original BlackIce for Windows, and AVG as well, I believe, all fall in the category of Application Firewalls, as they base their actions with knowledge of the application holding the IP connection endpoint. IPtables is a Stateful Firewall, so named because it relies solely on the connection's state, without regard to the application at the sending or receiving end of the connection.
The Application Firewall link above actually does have some suggestions about how such things can be handled on Linux using utilities others have described. Mandatory Access Control tools such as SELinux and grsecurity can allow or deny access to resources (such as the network interface) to applications, but I don't believe they have fine-grained controls for conditional access based on IPs or ports.
None of these are as easy to use as AVG for Windows is.. (This could be the new definition of "understatement!") In fact, I would like to think I know Linux quite well, have used it as a desktop and server platform for years, have written patches for kernel modules, and can configure a solid IPtables firewall ruleset from scratch, but AppArmor and SELinux still scare me...
There's a link here describing how to mark packets based on an application's uid (user). This might be a basis for controlling permissions per app, but you're talking about a very complex IPtables ruleset. Definitely not for someone only two days into their Linux journey.
Any missing footage should result in someone being fired.
Agreed.
There is one plus side to ubiquitous cameras operated by the police: It will be harder for the police to justify denying us the ability to record our interactions with them. Some police departments haven't gotten the memo yet...
Feedback: VLC is my first install regardless of OS. Damn thing just runs anything I throw at it. Used it for years now.
I hope you're not running on Dell hardware...
Why not perhaps a more majestic creature?
Similar facial hair...
This was my thought on reading the article as well. "Adobe is doing more to kill DRM with this move than anything they've done in the past." There's nothing like punishing the innocent to get people's attention.
This.
Or what about renting a server? For the RAM requirements you're going to need, you'll likely need more than the entry level offering, but the capital expenses are lower than having to buy a new computer...
Now contrast this statement from the recent "STFU" response to AT&T's shareholders. And the complete silence from Verizon, whose name was on the first round of the salvo.
At least these eight are making noise, rather than just hoping the issue fades from the public's consciousness. Here's wishing there was a telecom provider that wasn't so obviously in bed with the spooks...
So are you saying that if the files had been encrypted, they wouldn't have been confiscated, all of this would not have happened?
What else precautions one should make not to become the victim of one's own government? Is leaving home allowed? Is there a list of approved websites to visit?
You are making the case that the government is a bullying criminal. And while you can and perhaps should avoid getting the attention of a hooligan/bully/criminal, the government is at least in principle there for you. And in my mind this makes the situation completely different. One shouldn't bow to bullies, but having a bullying government is worse.
And yes, of course the files should have been encrypted. I wonder if they would have detained her in that case.
If the files had been encrypted (after transcription, if needed), then this would be a case about overreaching warrants and illegal government actions, not a case about overreaching warrants, illegal government actions, and wrongful terminations, as that last item will undoubtedly be the end result of the intelligence DHS has collected on the whistle-blowers.
You are right in that she shouldn't have to protect herself and her informants from the government, but such is the imperfect world we find ourselves in while we try to dig our way out of it. She failed her informants. She should have known better than to depend on legal principle to protect her informants from the current administration.
Do they still require a paid license to forward a USB device to the guest?
That killed it for me when they added that "feature" a few years ago now... I think it was the first major release after Oracle took over.
Hah! That's Rich(ie)...
A bit AWK-ward, though.
I did say his research skills could use some polish. And I figure one more developer that is at least semi-aware of security is a good thing. Many don't even consider the security implications of what they write.
Yes, I did enjoy it. So you didn't. To each his own.
p.s. Vitriol is no way to go through life, son.
Good job, Jeff! Welcome to the exciting world of security research!
I applaud you for (re)discovering these techniques on your own. Your out-of-box thinking and problem solving are to be commended, but your research skills could use some polish. Please don't let the negative comments above discourage you from exploring this rewarding field of knowledge, however I would recommend you run your findings by some existing security folks before announcing your next big discovery, lest you find you're just rehashing something else that has long been known.
Seriously; good job! I enjoyed reading how you worked your way up to your conclusions, even though I knew from the start how it would end...
I should add that your sentiment of "we know better than you so you should trust us" is exactly what the government is spewing, and you see how well that's working.
While the kernel source is the epitome of transparency, and the NSA is the exact opposite, there will always be people who cannot or will not read the source. That does not mean they don't want to know some of the details so they can make informed decisions. That curiosity should be welcomed, not derided.