Some sort of minimum security standard across the damn board would be greatly appreciated.
Set minimum password strength, length, type requirements. Set standards for hashing and storing login credentials, etc. You adhere to the standard and become certified to do business out on the web. No certification, no web business for you. Though, we sorely need the same standards applied to corporate networks that carry customer information as well. ( Eg: Home Depot, Target, etc )
Every site has different requirements. Password length, characters used, characters that cannot be used, password reuse, etc. etc. Password change day absolutely SUCKS because the password I choose to use for site X may or may not work for site Y. Like most of you, I have to keep a list of all the sites that are on the password rotation schedule because there are so damn many.
Related:
Passwords and encryption keys can be pretty strong but upon reaching a certain strength, will no longer be the focus of an attack. Keyloggers and the like pretty much negate the strongest encryption key or passwords you can come up with ( if using single factor authentication ) so I'm not sure what the charade by the government is about decrying strong encryption when all they have to do ( and they know it ) is exploit a bug or deploy malware into the software that drives your keyboard.
Encryption by default on the latest $smartphone is nice, but when the NSA's greatest buddy is responsible for updating your software ( say . . . AT&T ) then it's a pretty good chance your device is nowhere near as secure as you might like to think it is.
Even with a hard case and real lock, they're vulnerable. I had a firearm going through with dual locks and the lovely TSA sticker on it that said " firearm inside ".
Both locks were present when TSA put it on the conveyer belt, only one came out the other side. My guess is some idiot was in the process of cutting them off when they noticed the TSA sticker:|
No way it broke off on its own without damaging the case.
When done correctly, there are no " signs of lockpicking " unless you start analysing bits of trace metal left behind.
Besides, it doesn't matter if a pick is used or a compromised master key, locks are for honest folks. Don't put any trust in them to protect your valuables.
For example, Adobe Premiere 2015, which is part of Adobe Creaative Cloud, is pretty much broken as it exists today. If you want it functional, you have to roll back to the 2014 version.
Subscription services suck because they already have your money, so they're in no hurry to fix their broken product. They'll get around to it eventually. Maybe.
Otherwise, a stand alone edition suffering the same problem would be critical fix numero uno or they don't get to sell any.
Another company going the same route is Autodesk. Both Maya and Max are going subscription only starting next year. Max will run about $1500 / year. I have no idea what Maya will cost. Doesn't matter, I'm switching to Blender because I'm not going to pay a subscription to be a permanent beta tester.
It would be one thing if updates were Earth shattering and can't live without sort of things, but the reality is usually something far less impressive. Mostly bug fixes that should have been dealt with during beta.:|
Besides, no one updates to a new version of anything mid-project.
I guess they'll figure that out a few years from now when most of their user base has left and they go the way of Silicon Graphics.
I'm done with companies switching to subscription models based on the sole needs of increasing their monthly revenue.
I would buy / lease an island. Move to it. Say my final goodbyes to humanity. Buy a rather large telescope. Maybe open an endangered animal preserve on the island with me. ( Dino's optional )
Food / supplies can be air dropped periodically. Get a pilots license for when you have to venture back to civilization.
Retire. Enjoy life as it's meant to be instead of being a wage slave who spends their life doing nothing but sitting in a cubicle, working to pay off some debt. Travel, see how the rest of the world really is vs what the media tries to portray. Keep a low profile, be humble.
Maybe start another Nobel prize sort of thing for stuff you consider important. Try to make a difference in the lives of those who aren't as fortunate. Disease research, fresh water projects, clean energy research, etc. There is an awful lot wrong with the world that funding can help with. I wish the folks who keep buying yachts, mega-mansions, and their seventh gold plated Ferrari would understand that concept.:|
I mean, seriously, how much money do you need to live an amazing life for the rest of your days ?
Figure that out, then become a name that folks will remember for making positive things in the world a reality instead of the usual ultra-rich and greedy we usually get.
"Why do you need to route more than two networks for a home router? This is consumer grade equipment, it should only route two ports no more no less. Some routers include built in switches so they switch more than two ports, but as you just said you're not expecting to be a switch."
Because it's risky ( and foolish ) to mix all of your networked devices under a single network.
For every device that is both wifi and cellular capable ( Eg: Your smartphones and even alarm systems ) you have introduced a potential backdoor into your home network. The cellular capable device can be used as a jump point for either a real time intrusion or automated via malware / virus / trojan.
Isolate your devices into multiple vlans / networks to minimize exposure and risk. Don't let devices in the same vlan talk to each other unless you really need that functionality. Absolutely do not let devices in one vlan talk to devices in another for the same reasons. If you require it, write explicit rules to allow for it. ( X can talk to the printer, Y to the NAS drive, etc )
Because I don't trust Microsoft, the Xbox sits on its own vlan. Because the alarm system has a cellular connection as a backup, it also sits by itself in its own vlan. The media center ( TV, BlueRay, etc ) all sit in their own vlan. Wireless has it's own vlan. Wired systems reside within their own vlan.
Access to the routers / switches are restricted to specific devices on the wired vlan only. ( Yes, you can try and spoof it. Yes, I verify it. )
Because I absolutely do not trust Google, I most certainly would never utilize one of their pieces of hardware as the front-end for my home network. Google is in the information gathering business. Period. That is their entire reason for existing. There is no WAY, I would even consider using their hardware. Ever. Even if it was given to me for free.
While Gigabit speeds are nice I guess a few questions came to mind:
1) Will we be forced to utilize their hardware to support these speeds or can I use my own ? ( You KNOW they will charge monthly for hardware rental ) 2) Is the service symmetrical or is it something ludicrous like 1000 down / 10 up ? 3) I have absolutely zero need for Gigabit Ethernet outside the home. Can I get 100 / 100 for a decent price ? I would be thrilled with that. 4) Can I get it by itself without having to bundle some silly cable package ( that I don't want or need ) with it ? 5) Is there a minimum contract involved ? Eg: Two years
If they're actually trying to get ahead of Google on this instead of just coming up with creative ways to charge more, then maybe I'll start looking at the hardware required to route / switch it.
I had my brand new enhanced security chip embedded credit card from my bank for all of thirty days before it was compromised and utilized to purchase some porn subscription out of Europe. ( Likely wait staff at the restaurants I frequent, since that's the only thing I had used it for before it was hit. I pay cash only now when I eat out. )
Since I have account alerts active on all my accounts, I get shot a text message the instant anything happens to any of my accounts so I was able to shut down the card within minutes of its use.
The takeaway here is my name will still show up in their database as being a " customer " for whatever they were selling even though I personally never utilized their services.
I suppose the point of view is determined by several variables. Some of which would be:
1) Are you content with your relationship ? Is your partner ? ( Your answer may be one thing today, and something far different twenty years from now ) 2) Your beliefs ( religion and non-religion ) 3) Your societies beliefs ( some are strictly monogamy, others polyamory )
Marriage has devolved into something to fear these days. If you get married and something doesn't go right ( and last I checked quite a few marriages end prematurely ), a divorce not only tears families apart ( ask the kids how they feel about the whole thing ) but someone is going to be absolutely destroyed financially. Imagine working towards retirement only to have half of everything you own taken away from you a few years out. You would never recover from it. You'll be working until you die.
It's such a potential risk that prenuptial agreements are a thing. However, using them puts one of the biggest factors in the reasons marriages fail into play right from the beginning: Mistrust. So you get to choose: You're either telling your partner you don't fully trust them or you're running the risk of financial ruin later in life if a divorce is granted and it doesn't play out in your favor.:|
Just stay single. Co-habitate if you want ( take steps to ensure common-law cannot be declared ) and things are much easier to deal with if either of you ever decide you need to make a change.
Well, I suppose if you try to envision far enough ahead where advances in AI,Robotics and automation offload much of the existing labor force, we'll probably need something along these lines to ensure folks have the ability to purchase goods at all.
I don't have to explain what happens to Big Business when no one can buy their products.
May as well run the experiment now to see what issues come of it.
It is a prison offense for us lowly peasants. The elite, otoh, won't even get a hand slap for it.:|
True Story: Officer in charge of the radio dept on one of my ships was put in prison for a while after a TS / SCI document was found in the trash instead of the burn bag.
He didn't even do it, but since that dept was his responsibility, it became his problem.
If you must use Windows 10, ( believe it or not there is some software that is still Windows only, or would cost a fortune to purchase new licences for another OS, if it's even an option ) just air gap the damn thing.
Load it, patch it to current, get all your software running on it, then deny it internet access completely. You can air gap it, but then you'll need to manually transfer your data over to another non Win 10 system. Use it as a workstation, not an all in one solution.
Or ( what I would do ) is simply put a route map or ACL on the router that explicitly denies access for that machine off the local network or Vlan. Hell, put it in its own VLAN and block the whole damn thing if you have to. Personally, I would disallow any talking between it and any other device on the local network outside of a network connected NAS drive so you can still transfer files. If you gotta get your game on I suppose you could allow very specific connections to very specific addresses, but block everything else.
Use a Windows box for specialized applications, use anything but to connect to the internet.
I assure you, AT&T is right behind them. They did a trial run up in the SNET region maybe a year or so ago to determine the process and identify problem areas.
Does that 6.8 cents include the transmission line costs or no ? If it does where in Texas you living ? I would guess the Austin area where rates stay low to ensure the legislators don't have to pay too much for their electricity.
The lowest I have found near the coast is 9 cents / KwH.
I would really like to see Government v2.0 where candidates are held accountable for lying to the public when they fail to follow through on the promises that got them elected in the first place:|
that you are competent enough on the defensive side of things first and we'll talk about it.
When your company can't even be bothered to properly secure our personal information on your servers ( plaintext files . . . really ? ) what sort of insanity is it to even CONSIDER giving these very same folks offensive capabilities ?
It's like giving a shotgun to a monkey and hoping nothing bad comes of it:|
"If you shoot and injure (or kill) a 15 year old who has walked in your back door in the middle of the night, but is otherwise unarmed and not a direct threat, you will be charged. Whether you go to jail or not will depend on a lot of factors, but you will probably also be a defendant in a civil suit which, if case law is any guide, you *will* lose."
Potentially incorrect depending on where you live and the State Laws that govern such actions. Especially considering these factors:
1) Trespassing during the night 2) Back door vs front ( means you intentionally had to climb my fence to get there ) 3) Unarmed is irrelevant based on # 1 4) Especially if they walked through the door and entered the home
Call the police ? Tell them a drone is flying over your home and won't leave ? What do you expect their response will be when you can't tell them who is piloting it ?
And like I stated in another response, firing on a drone over a populated area is no more / less stupid than FLYING said drone over the same populated area. Especially if you're using it to circumvent privacy laws and spy on others.
Slashdot Mirror
Some sort of minimum security standard across the damn board would be greatly appreciated.
Set minimum password strength, length, type requirements. Set standards for hashing and storing login credentials, etc. You adhere to the standard and become certified to do business out on the web. No certification, no web business for you. Though, we sorely need the same standards applied to corporate networks that carry customer information as well. ( Eg: Home Depot, Target, etc )
Every site has different requirements. Password length, characters used, characters that cannot be used, password reuse, etc. etc. Password change day absolutely SUCKS because the password I choose to use for site X may or may not work for site Y. Like most of you, I have to keep a list of all the sites that are on the password rotation schedule because there are so damn many.
Related:
Passwords and encryption keys can be pretty strong but upon reaching a certain strength, will no longer be the focus of an attack. Keyloggers and the like pretty much negate the strongest encryption key or passwords you can come up with ( if using single factor authentication ) so I'm not sure what the charade by the government is about decrying strong encryption when all they have to do ( and they know it ) is exploit a bug or deploy malware into the software that drives your keyboard.
Encryption by default on the latest $smartphone is nice, but when the NSA's greatest buddy is responsible for updating your software ( say . . . AT&T ) then it's a pretty good chance your device is nowhere near as secure as you might like to think it is.
Even with a hard case and real lock, they're vulnerable. I had a firearm going through with dual locks and the lovely TSA sticker on it that said " firearm inside ".
Both locks were present when TSA put it on the conveyer belt, only one came out the other side. My guess is some idiot was in the process of cutting them off when they noticed the TSA sticker :|
No way it broke off on its own without damaging the case.
" without any signs of lockpicking "
When done correctly, there are no " signs of lockpicking " unless you start analysing bits of trace metal left behind.
Besides, it doesn't matter if a pick is used or a compromised master key, locks are for honest folks. Don't put any trust in them to protect your valuables.
For example, Adobe Premiere 2015, which is part of Adobe Creaative Cloud, is pretty much broken as it exists today. If you want it functional, you have to roll back to the 2014 version.
Subscription services suck because they already have your money, so they're in no hurry to fix their broken product. They'll get around to it eventually. Maybe.
Otherwise, a stand alone edition suffering the same problem would be critical fix numero uno or they don't get to sell any.
Another company going the same route is Autodesk. Both Maya and Max are going subscription only starting next year. Max will run about $1500 / year. I have no idea what Maya will cost. Doesn't matter, I'm switching to Blender because I'm not going to pay a subscription to be a permanent beta tester.
It would be one thing if updates were Earth shattering and can't live without sort of things, but the reality is usually something far less impressive. Mostly bug fixes that should have been dealt with during beta. :|
Besides, no one updates to a new version of anything mid-project.
I guess they'll figure that out a few years from now when most of their user base has left and they go the way of Silicon Graphics.
I'm done with companies switching to subscription models based on the sole needs of increasing their monthly revenue.
I would buy / lease an island. Move to it. Say my final goodbyes to humanity. Buy a rather large telescope.
Maybe open an endangered animal preserve on the island with me.
( Dino's optional )
Food / supplies can be air dropped periodically. Get a pilots license for when you have to venture back to civilization.
Retire. Enjoy life as it's meant to be instead of being a wage slave who spends their life doing nothing but sitting in a cubicle, working to pay off some debt.
Travel, see how the rest of the world really is vs what the media tries to portray. Keep a low profile, be humble.
Maybe start another Nobel prize sort of thing for stuff you consider important. Try to make a difference in the lives of those who aren't as fortunate. Disease research, fresh water projects, clean energy research, etc. There is an awful lot wrong with the world that funding can help with. I wish the folks who keep buying yachts, mega-mansions, and their seventh gold plated Ferrari would understand that concept. :|
I mean, seriously, how much money do you need to live an amazing life for the rest of your days ?
Figure that out, then become a name that folks will remember for making positive things in the world a reality instead of the usual ultra-rich and greedy we usually get.
"Why do you need to route more than two networks for a home router? This is consumer grade equipment, it should only route two ports no more no less. Some routers include built in switches so they switch more than two ports, but as you just said you're not expecting to be a switch."
Because it's risky ( and foolish ) to mix all of your networked devices under a single network.
For every device that is both wifi and cellular capable ( Eg: Your smartphones and even alarm systems ) you have introduced a potential backdoor into your home network. The cellular capable device can be used as a jump point for either a real time intrusion or automated via malware / virus / trojan.
Isolate your devices into multiple vlans / networks to minimize exposure and risk. Don't let devices in the same vlan talk to each other unless you really need that functionality. Absolutely do not let devices in one vlan talk to devices in another for the same reasons. If you require it, write explicit rules to allow for it. ( X can talk to the printer, Y to the NAS drive, etc )
Because I don't trust Microsoft, the Xbox sits on its own vlan.
Because the alarm system has a cellular connection as a backup, it also sits by itself in its own vlan.
The media center ( TV, BlueRay, etc ) all sit in their own vlan.
Wireless has it's own vlan.
Wired systems reside within their own vlan.
Access to the routers / switches are restricted to specific devices on the wired vlan only.
( Yes, you can try and spoof it. Yes, I verify it. )
Because I absolutely do not trust Google, I most certainly would never utilize one of their pieces of hardware as the front-end for my home network.
Google is in the information gathering business. Period. That is their entire reason for existing. There is no WAY, I would even consider using their
hardware. Ever. Even if it was given to me for free.
we could put all SPI ( Sensitive Personal Information ) customer data under the same umbrella that HIPPA covers.
Yes it would be expensive, but if you're going to collect and store private customer data, you damn well better protect it.
While Gigabit speeds are nice I guess a few questions came to mind:
1) Will we be forced to utilize their hardware to support these speeds or can I use my own ? ( You KNOW they will charge monthly for hardware rental )
2) Is the service symmetrical or is it something ludicrous like 1000 down / 10 up ?
3) I have absolutely zero need for Gigabit Ethernet outside the home. Can I get 100 / 100 for a decent price ? I would be thrilled with that.
4) Can I get it by itself without having to bundle some silly cable package ( that I don't want or need ) with it ?
5) Is there a minimum contract involved ? Eg: Two years
If they're actually trying to get ahead of Google on this instead of just coming up with creative ways to charge more, then maybe I'll start looking at the hardware required to route / switch it.
Pffff.
Still can't be trusted. Case in point:
I had my brand new enhanced security chip embedded credit card from my bank for all of thirty days before it was compromised and utilized to purchase some porn subscription out of Europe. ( Likely wait staff at the restaurants I frequent, since that's the only thing I had used it for before it was hit. I pay cash only now when I eat out. )
Since I have account alerts active on all my accounts, I get shot a text message the instant anything happens to any of my accounts so I was able to shut down the card within minutes of its use.
The takeaway here is my name will still show up in their database as being a " customer " for whatever they were selling even though I personally never utilized their services.
You're assuming that everyone that signed up on the site is married . . . .
Yes, that's what it's SUPPOSED to be for, but I doubt anyone is requiring marriage licenses to prove they're part of the club
I suppose the point of view is determined by several variables. Some of which would be:
1) Are you content with your relationship ? Is your partner ? ( Your answer may be one thing today, and something far different twenty years from now )
2) Your beliefs ( religion and non-religion )
3) Your societies beliefs ( some are strictly monogamy, others polyamory )
Marriage has devolved into something to fear these days. If you get married and something doesn't go right ( and last I checked quite a few marriages end prematurely ), a divorce not only tears families apart ( ask the kids how they feel about the whole thing ) but someone is going to be absolutely destroyed financially. Imagine working towards retirement only to have half of everything you own taken away from you a few years out. You would never recover from it. You'll be working until you die.
It's such a potential risk that prenuptial agreements are a thing. However, using them puts one of the biggest factors in the reasons marriages fail into play right from the beginning: Mistrust. So you get to choose: You're either telling your partner you don't fully trust them or you're running the risk of financial ruin later in life if a divorce is granted and it doesn't play out in your favor. :|
Just stay single. Co-habitate if you want ( take steps to ensure common-law cannot be declared ) and things are much easier to deal with if either of you ever decide you need to make a change.
Well, I suppose if you try to envision far enough ahead where advances in AI,Robotics and automation offload much of the existing labor force, we'll probably need something along these lines to ensure folks have the ability to purchase goods at all.
I don't have to explain what happens to Big Business when no one can buy their products.
May as well run the experiment now to see what issues come of it.
It is a prison offense for us lowly peasants. The elite, otoh, won't even get a hand slap for it. :|
True Story: Officer in charge of the radio dept on one of my ships was put in prison for a while after a TS / SCI document was found in the trash instead of the burn bag.
He didn't even do it, but since that dept was his responsibility, it became his problem.
If you must use Windows 10, ( believe it or not there is some software that is still Windows only, or would cost a fortune to purchase new licences for another OS, if it's even an option ) just air gap the damn thing.
Load it, patch it to current, get all your software running on it, then deny it internet access completely. You can air gap it, but then you'll need to manually transfer your data over to another non Win 10 system. Use it as a workstation, not an all in one solution.
Or ( what I would do ) is simply put a route map or ACL on the router that explicitly denies access for that machine off the local network or Vlan. Hell, put it in its own VLAN and block the whole damn thing if you have to. Personally, I would disallow any talking between it and any other device on the local network outside of a network connected NAS drive so you can still transfer files. If you gotta get your game on I suppose you could allow very specific connections to very specific addresses, but block everything else.
Use a Windows box for specialized applications, use anything but to connect to the internet.
I don't think 'Murica was the target for the DirecTV acquisition. Included, yes, but not sure about the primary target.
We have that neighboring country to the South you see. . . . .
I assure you, AT&T is right behind them. They did a trial run up in the SNET region maybe a year or so ago to determine the process and identify problem areas.
Does that 6.8 cents include the transmission line costs or no ? If it does where in Texas you living ? I would guess the Austin area where rates stay low to ensure the legislators don't have to pay too much for their electricity.
The lowest I have found near the coast is 9 cents / KwH.
I would really like to see Government v2.0 where candidates are held accountable for lying to the public when they fail to follow through on the promises that got them elected in the first place :|
Afterthought:
This is coming from a counter-terrorism " expert ". :|
Dear Anti-Terrorist Experts:
We won't tell you how to do your jobs if you agree to keep your $boogeymanofthemonth sensationalism and " The sky is falling " mentality out of ours.
that you are competent enough on the defensive side of things first and we'll talk about it.
When your company can't even be bothered to properly secure our personal information on your servers ( plaintext files . . . really ? ) what sort of insanity is it to even CONSIDER giving these very same folks offensive capabilities ?
It's like giving a shotgun to a monkey and hoping nothing bad comes of it :|
Seriously. . . . wtf ?
No problem.
As a high powered air-rifle does not qualify as a firearm, that device can be used to take down a flying drone while following the letter of the law :D
"If you shoot and injure (or kill) a 15 year old who has walked in your back door in the middle of the night, but is otherwise unarmed and not a direct threat, you will be charged. Whether you go to jail or not will depend on a lot of factors, but you will probably also be a defendant in a civil suit which, if case law is any guide, you *will* lose."
Potentially incorrect depending on where you live and the State Laws that govern such actions. Especially considering these factors:
1) Trespassing during the night
2) Back door vs front ( means you intentionally had to climb my fence to get there )
3) Unarmed is irrelevant based on # 1
4) Especially if they walked through the door and entered the home
Pfffff . . . . don't go there. Folks are already losing their minds that this guy shot the drone down with a shotgun.
If you start talking lasers, the same folks will want you in prison for putting commercial aircraft at risk by pointing your laser at the sky :|
Assuming they even bother to show up at all after you tell them there is a small drone flying over your property. :|
So I'm curious what your approach would be.
Call the police ? Tell them a drone is flying over your home and won't leave ? What do you expect their response will be when you can't tell them who is piloting it ?
And like I stated in another response, firing on a drone over a populated area is no more / less stupid than FLYING said drone over the same populated area. Especially if you're using it to circumvent privacy laws and spy on others.