You don't have a simple right to remain silent, you have a right to not be compelled to be a witness against yourself. You can be compelled to testify if the testimony is not self-incriminating. So, for example, a grant of immunity could be given for any information developed from the password (e.g., the state couldn't use any logs made accessible by the password for prosecution).
More than that, Debian has a very limited set of security mirrors, and the default configuration points to a round-robin set of mirrors (so even if one of n was compromised and stopped serving updates, and nobody noticed--very unlikely--you'd only hit that mirror roughly one out of n updates).
This article has all the hallmarks of a sensationalized report from someone either trying to impress people or generate page views. Sure it's relatively easy to add a relatively untrusted tertiary debian mirror, but the article fails to explain how that's relevant to compromising security updates from the security mirrors (which are, by default, added as a separate entry in the sources.list file).
It's also possible to put a close, fast mirror at the top of the list and add another slower but more reliable one lower in the list. apt will automatically choose the newest package from the closest available mirror.
Did the article's authors really investigate the debian infrastructure before writing their faq entries?
Operating systems still aren't designed around these things, they are designed for physical rotating disks.
How exactly are current OSes designed for physical rotating disks?
You wouldn't design an OS around the hard disk any more than you would design one around the keyboard or power supply.
You should do more research before spouting off. Almost all current filesystems (generally regarded as an OS function) are designed with the assumptions that seeks are expensive, full block writes are no more expensive than single bit writes, and sequential writes are cheaper than random writes. The layout of the data and metadata on disk, as well as OS buffer behavior (e.g., write combining) is designed to optimize for those assumptions, which are untrue for SSDs. (In practice the assumptions are actually somewhat true because current SSDs pretend to be hard disks in order to be compatible with the assumptions of existing OSs--but if the OSs were smarter SSDs could expose an interface more suitable for their unique characteristics.)
This may be slightly off-topic, but after separating with Netflix about 5 years ago, the biggest obstacle of my return is their use of pop-under advertising windows. I'm not sure how they get past Firefox's pop blocks, but it is annoying as hell. They're the X10 of 2008.
I've never seen a pop under ad from netflix. Check your system for adware...
Lead was added because older engines benefitted from the lead coating. It had to do with high compression ratios and unhardened blocks. I found an article that seems to support my conclusion that lead was simply added, and not some necessary component for refining oil.
There's even more to the story. Some other posts have pointed out that the lead wasn't really necessary for passenger cars, so why was it so common? Guess who owned the patents for tetraethyl lead, and got a royalty for every gallon sold? General Motors and Standard Oil. So the people best in a position to force leaded gas into every gas station also had a financial incentive to do so...
Who's fault is it if some hacker deliberately sends him child porn labeled as regular porn? And what is he supposed to do? (Assuming the US) Check the United States Code, Title 18, 2252A(d)(2).
(OK, these binaries were text files, but the point remains) No, you negated the point yourself. Also negating the point is the fact that the ratio of reads to writes for those files back in the day was a lot higher than for the mess that's currently the binary news groups. (It's efficient for the ISP to store a copy of a usenet message if multiple clients read it locally. It's not efficient for the ISP to copy TB of data to prefill a cache which will never be read.)
Perhaps not. Isn't the whole point of carrying newsgroups for a provider to have a local copy (local to the ISP, that is)? Bandwidth from that local copy to users is cheap for an ISP. That's the theory. The reality is that providers spend a lot of money (disk and bandwidth) downloading binary crap that by and large nobody will ever look at before it expires. Usenet was great for text (better by far than web based forums) but people insisted on putting binaries (and spam) on it and killed it.
If they steal my unsigned card, sign it themselves, then go on making purchases, once i refute the charge, the CC company will check my most recent purchases, see that the signatures are nothing alike, and already I'm on my way to being in the clear. Well, in the US you'd be in the clear the moment you called the company and told them that the card was lost. (I'm saying lost for a reason here, because if the card is stolen along with your wallet, and presumably your DL, I don't know what any of this CID BS would do for you.) They'll tell you over the phone the last charge on the card, and you tell them whether or not that was you. They'll cancel the card right there on the phone, and send you a new one. The signatures aren't worth a warm bucket of spit. The funny thing is that some people think that they are. I wonder how those people explain buying things over the internet with a credit card? Do they shove a DL through the monitor? The most likely place for someone to use a stolen card are: grocery stores, gas stations, and internet stores. All of those support unsigned checkouts. Gas stations have started requiring ZIP codes, but if you're lost your wallet the crook can CID and read your address off your DL...
Spies use any means available to find information. If the Internet helps, they'll use it. That does not change their ornithological classification I'm missing what is doubtless a deep and subtle point about spies and birds.
How does the number of dynamic libraries affect it? Linux running on a desktop is made up of thousands of smaller projects and libraries. Microsoft is able to consolidate these into fewer, larger, libraries. Does that have any advantage? In other words, could Linux benefit from combining lots of the smaller dynamic libraries into more monolithic libraries? I just looked at random windows & linux sample systems. I found about 700 shared libraries on the linux system and about 2000 dll's on the windows system. I think you're starting from a flawed premise.
Seriously, what do AV companies have to do with phishing scams? [snip]...and I really have trouble understanding why AV companies should be the ones to come up with 'signatures' to detect this stuff... Well, AV companies are the ones who sold people snakeoil^H^H^H^H^H^H^H^H security in a bottle. It's the AV companies who have built a business model around the message "give us money every year or you won't be 'secure'"; I think it's perfectly reasonable for people to ask them to deliver the "security" they were promised. I can't count the number of times I've seen a user with a malware infection give me a confused look and say "but I've got antivirus installed". The fact is that the AV companies do a really shitty job at protecting people from current threats. The AV software by design only detects old malware that it has signatures for, and malware authors are now changing the malware on a better than daily basis to evade that detection model. AV vendors know that, and push this idea that they have super secret ninja technology that will detect malware that they don't have signatures for, so people shouldn't let that worry them. In the real world, computer science theory will tell you that it isn't possible to look at a program and tell up front whether it's malware--but that's what the AV people have been selling. So, yeah, I think it's past time for people to ask what value they get from their AV product.
The one thing holding me off FIOS is I heard they block inbound connections. Is this true? If I can't SSH into my box from the road when traveling then I'd rather not use the service. Not true. They block inbound 80/tcp to be obnoxious pricks, and 25/tcp in some areas, but 22/tcp should be fine. Some people get confused by the fact that the provided firewall blocked incoming connections, but that can be changed.
Re:And for those wondering what PCI refers to
on
PCI Compliance
·
· Score: 2, Insightful
I work for a retail chain that went PCI compliant recently. We had to put a separate firewalled network in each store, and that was very costly. Now it's a pain to access point of sale servers, because we can only access that network through a VPN. Um, good. As a consumer, I'm glad that you can no longer directly access my credit card information from any node on your corporate network. Score one for the good guys (PCI).
If sex is no big deal, then why the rush to do it? I ask this question not for my own enlightenment, as I've already been with more than a few women. It really isn't a big deal, and those waiting for someone they actually care about aren't missing out on anything they can't do for themselves. I kinda suspect that you're doing something wrong.
You can't snapshot anything that isn't a LVM logical volume
True, and what kind of sense does that make? It is purely an artifact of the incumbent low level LVM model. Please go back and read the original post and notice how you misinterpreted it. And you can't zfs snapshot anything that isn't a zfs filesystem. Is that really insightful? If you create a ufs filesystem you can't magically make it have all the attributes of a zfs filesystem, and if you create a linux filesystem on a raw device rather than an lvm you can't magically make it have all the attributes of an lvm. Sun lets you do the former, linux lets you do the latter--because that's what the users want. Why is it ok for you in solaris, but a horrible problem in linux?
Yes, but it can be a legit reason. Really, I don't expect a diamond selling company on the internet to know more about web building, then I expact a BnM Diamond store to know about building neon signs. You don't need to know a lot about computers to know that paying $35k for a guy to add links to/from a bunch of unrelated web sites to try to fool people into coming to your site is a bad idea. You just need a certain sense of ethics...
Yep it was really irritating. A lot like the Postgres users who kept claiming the next version of their server was going to be really fast. Of course, for non-trivial queries its been faster for some time. A few years ago when mysql 4 and postgres 7 were the latest and greatest, I recall being aghast at mysql's inability to use multiple indexes to optimize a complex join--but postgres did that just fine. Difference in runtime? Postgres could complete the query in under a second while mysql took 30-45s. I suppose the Mysql Way would be to break the complex query into braindead pieces and then do half the processing in the application. Yuck. So, yeah, mysql has traditionally been faster for pulling data values out by key--but you know what? a berkeley db is still faster if all you need is trivial queries.
How far do you trust your local PO to correctly transmit packets (mail) under load? Peace of mind is worth something. Pretty far. I can't remember them ever losing a tax return of mine, or anyone else that I know.
do you enjoy giving a company money to boost their profit margin just because their lobbyists made it impossible for people to send their data to the IRS without a middleman?
I enjoy getting my refund faster. I see no relevance in the fact that some company derives profit from this. What the hell do I care about that? Am I not explaining this well, or are you dense? There is no reason, other than lobbying by the tax preparation industry, that you couldn't send your return directly to the IRS without the middle man. Intuit isn't giving you the money faster, the IRS is--but you're paying Intuit. If you don't care that your tax dollars were used to spec the efile system but you can't use it without giving money to someone who lobbied for the privilege of collecting your money, well, all I can say is that you're a good little consumer.
"I did my taxes myself, and got a bottom line in which I owed the IRS a couple hundred dollars. I then did my taxes through Intuit's web site (I run Linux) and got a refund of $600. The same thing happened on my state return. Giving Intuit a few bucks seemed a rather petty expense compared to the benefits received. I think you've missed the point. Intuit charges one price for the software to calculate your tax. They charge an additional amount to then submit the data electronically. You get the same refund either way, it's just a question of whether you pay for a stamp to mail it or pay intuit to email it. (Now they've been running a promo where you can efile for free if you use the online version, but there's no way I'd trust their web site with my data.)
What does the cost to the IRS have to do with it? Are you just bitching because somebody somewhere is saving money and that person isn't you? Well, you see, I pay for the IRS's processing costs. As a taxpayer I'd like those costs to go down. OTOH, I don't see why I should give some company money for taking the data from me and giving it to the IRS. As I said in another post, my state manages to handle that without the middleman. You asked me a silly rhetorical question, so I'll ask you a question in return: do you enjoy giving a company money to boost their profit margin just because their lobbyists made it impossible for people to send their data to the IRS without a middleman?
Slashdot Mirror
You don't have a simple right to remain silent, you have a right to not be compelled to be a witness against yourself. You can be compelled to testify if the testimony is not self-incriminating. So, for example, a grant of immunity could be given for any information developed from the password (e.g., the state couldn't use any logs made accessible by the password for prosecution).
More than that, Debian has a very limited set of security mirrors, and the default configuration points to a round-robin set of mirrors (so even if one of n was compromised and stopped serving updates, and nobody noticed--very unlikely--you'd only hit that mirror roughly one out of n updates).
This article has all the hallmarks of a sensationalized report from someone either trying to impress people or generate page views. Sure it's relatively easy to add a relatively untrusted tertiary debian mirror, but the article fails to explain how that's relevant to compromising security updates from the security mirrors (which are, by default, added as a separate entry in the sources.list file).
It's also possible to put a close, fast mirror at the top of the list and add another slower but more reliable one lower in the list. apt will automatically choose the newest package from the closest available mirror.
Did the article's authors really investigate the debian infrastructure before writing their faq entries?
I get nothing from snopes. I always have adblock and noscript installed.
Operating systems still aren't designed around these things, they are designed for physical rotating disks.
How exactly are current OSes designed for physical rotating disks?
You wouldn't design an OS around the hard disk any more than you would design one around the keyboard or power supply.
You should do more research before spouting off. Almost all current filesystems (generally regarded as an OS function) are designed with the assumptions that seeks are expensive, full block writes are no more expensive than single bit writes, and sequential writes are cheaper than random writes. The layout of the data and metadata on disk, as well as OS buffer behavior (e.g., write combining) is designed to optimize for those assumptions, which are untrue for SSDs. (In practice the assumptions are actually somewhat true because current SSDs pretend to be hard disks in order to be compatible with the assumptions of existing OSs--but if the OSs were smarter SSDs could expose an interface more suitable for their unique characteristics.)
This may be slightly off-topic, but after separating with Netflix about 5 years ago, the biggest obstacle of my return is their use of pop-under advertising windows. I'm not sure how they get past Firefox's pop blocks, but it is annoying as hell. They're the X10 of 2008.
I've never seen a pop under ad from netflix. Check your system for adware...
Lead was added because older engines benefitted from the lead coating. It had to do with high compression ratios and unhardened blocks. I found an article that seems to support my conclusion that lead was simply added, and not some necessary component for refining oil.
There's even more to the story. Some other posts have pointed out that the lead wasn't really necessary for passenger cars, so why was it so common? Guess who owned the patents for tetraethyl lead, and got a royalty for every gallon sold? General Motors and Standard Oil. So the people best in a position to force leaded gas into every gas station also had a financial incentive to do so...
There's a qualitative difference in volume between binaries sent as uuencoded text and text that is actually written by humans.
Good grief, how many lights do you leave on all the time?
[snip]
True, and what kind of sense does that make? It is purely an artifact of the incumbent low level LVM model. Please go back and read the original post and notice how you misinterpreted it. And you can't zfs snapshot anything that isn't a zfs filesystem. Is that really insightful? If you create a ufs filesystem you can't magically make it have all the attributes of a zfs filesystem, and if you create a linux filesystem on a raw device rather than an lvm you can't magically make it have all the attributes of an lvm. Sun lets you do the former, linux lets you do the latter--because that's what the users want. Why is it ok for you in solaris, but a horrible problem in linux?
do you enjoy giving a company money to boost their profit margin just because their lobbyists made it impossible for people to send their data to the IRS without a middleman?
I enjoy getting my refund faster. I see no relevance in the fact that some company derives profit from this. What the hell do I care about that? Am I not explaining this well, or are you dense? There is no reason, other than lobbying by the tax preparation industry, that you couldn't send your return directly to the IRS without the middle man. Intuit isn't giving you the money faster, the IRS is--but you're paying Intuit. If you don't care that your tax dollars were used to spec the efile system but you can't use it without giving money to someone who lobbied for the privilege of collecting your money, well, all I can say is that you're a good little consumer.