Sounds like a good argument for a strong 2nd Amendment and a well-armed society. Remember, when trouble shows up: the police are only 15 minutes away. Good luck with that cell phone.
But most prison sentences are given in months, and months are based on the Moon's orbit around its (dwarf) Planet, and Charon orbits Pluto every 6.387230 days. So that would be a blessing, no?
There’s no point acting all surprised about it. All the planning charts and discontinuance notices have been on display in your local planning department in Alpha Centauri for fifty of your Earth years, so you’ve had plenty of time to lodge any formal complaint and it’s far too late to start making a fuss about it now.
Do you have even the slightest clue of how many police it would take to provide one for any random collection of 6 or more people at every car-pool waiting zone, or every bus stop? Seriously, have you spent even a minute thinking about this?
Do you seriously think that city can afford to have a cop everywhere one might be needed, 24/7? Do you want to pay that level of taxation? (Judging from your slashdot Id, I suspect your aren't even old enough to be paying taxes). Would you actually want to live in any society that had that many cops?
If only there were some mechanism where a large portion of the population could give some money to people to provide law enforcement services to a community before the Internet was invented.
Oh, yes, very cute. Aren't you so very clever.
The point is that it doesn't work. It never has, and in a city like Oakland it never will.
Police don't prevent crime. At best they solve easy crimes, and catch stupid criminals. After the fact. Maybe. Nationally, robbery has a 27% clearance rate (% "solved"). Even that percentage is biased because most solved street robberies are those where weapons were actually used. Police don't actually have much time for robberies unless someone gets hurt. They will tell you to file an insurance claim.
You seem to suggest we should employ a police force large enough that when ever 6 or more people congregate on a street corner a cop will magically appear to "protect" them. Would you actually want to live in such a society?
Employing private protection of people and property is FAR more effective than relying on police. Armed or not. You only need them for the hours you are at most risk.
The best solution in this case might be to use crowd funding to hire off duty police officers to stand around in uniform only during the hours they are needed. Asking the city to guard these car-pool waiting lines preferentially in a city as crime ridden as Oakland simply means some other area goes less-guarded, and is bound to attract objections from other groups or areas. This is what every venue does for any event, and it is a reasonable alternative to raising all taxes to have enough police to station one on every street corner.
That seems like the sort of function that should be designed with a multi-step process to execute, to eliminate precisely that kind of error. How in the world did that get implemented?
I suggest one more step in the process might be effective.
That the Japanese government a) allows TEPCO to 'clean up' Fukushima and b) refuses any foreign help shows that the problem with Fukushima is and always has been a political one.
If the Japanese government is anything like our government, (or most governments), suddenly tossing them into a critical situation in a plant they are not familiar with (which is already fundamentally compromised), is just BEGGING for a far worse Chinese fire-drill than is currently going on.
If it is in fact a political problem as you suggest, then implying that the government should do anything differently is pointless, because governments are, by definition, political.
You are missing the fact that the the summary, the article, and the so called detail description give not a single clue about how it works, or even precisely what it does.
One would have to assume its some sort of elaborate ruse to see if they can sucker more people into handing over more data by offering a nebulously described so called private data gatekeeper as a free app. Undomesticated equines could not drag me to installing that app.
So he open sources the plugin, publishes it somewhere else for free.
They can't sue the totality of git-hub or Source Forge.
As long as he puts nothing on Facebook's website they can't touch him.
I'm sure there are several dozen sites in the EU that would host his project for free. Facebook's legal department would know better than to try. Most lawyers have heard of the Streisand effect.
I already monitor all the traffic into and out of my network - there's lots you have no idea about.
Has to be an appliance.. but that's cheap. Making it easy to understand might open quite a few people's eyes...
Really? All traffic? Seems unlikely. Or, that your network actually does nothing, and has no significant data.
Because there are a million ways insiders can sneak data out, some of which requires visual inspection. (That email with pictures? No algorithm is going to detect that it is a screen shot of your secret stuff). That wrist watch? Its really a USB drive. Someone filling out a form on a SSL website?
This is one reason why people recommend sudo instead of su. The admin logs in as himself and gains root privilege using his personal password. There is no shared root password, so you only have to disable the old admin's account and sudo access.
The problem with sudo is that often the complexity of setting it up is time consuming when you have a fleet of admins for a large network, or even a small network with more than a couple admins. Not only do you have to kill the departing admin's account, you have to review the sudoers to make sure no other accounts crept in there as a root equivalent. Some middle management account it unlikely to ever discover they have sudo capability, so someone could simply add that account to sudoers as a root equivalent, steal a password or insert their public key into said person's authorized keys, and ssh in as job-Payroll, and su to root.
I like having only one door to guard. SSH with key only access, no passwords, no su to root, no sudo, just seems more secure. Each admin has his own public key appended to authorized_keys for root in one place. Nobody has to actually know root's real password (or it can be kept in a vault as you mention).
So one line gets added to authorized keys for each admin, and one line gets deleted when they leave.
He actually mentions port knocking, but I think he mis-understands it. He makes a mathematical argument, without addressing the fact that the sequence of ports can be as long as you want. He seems to think port knocking is used to grant access, when most of the users I know who use it do so only to start sshd so that they can then log in via secure means.
But having to log in from a multitude of places is pretty common. Less common these days than in the past is having to log in from some random machine. Everyone has a cell phone or tablet or laptop. With those, you can store your private keys, and then totally disallow password logins via ssh.
You can then decide whether to allow root login via ssh or not as a separate issue.
not permitting direct login as root at all is a good idea - it what su was invented for (amongst other things)
Acually, on a new Freebsd install, out of the box, ssh to root was not permitted nor was su to root. So on new installs, you have to pick your poison before you walk away from the console.
The rationale for not allowing su to root is because an attacker who (by what ever means) logs into some random account has a dramatically more advantageous position than one banging on the doors of ssh. That being said, unless you have convenient access to the console you are going to have to choose ssh or su or something similar.
By far the easiest, and the one that most admins default to using is ssh with big keys, and don't allow password logins (or su to root).
(I make this claim without a shred of evidence to support it, other than knowing what I see among the Admins I work with. When an admin quits or moves on, its easy to remove his key from Authorized_keys but hard to remove a password from his head. I'm sure someone will school me on why this is wrong headed).
I'm pretty sure I didn't miss the point, as you would have realized if you read past the first sentence. (Yeah, I know, its slashdot, but for gods sake the world does not stop at the first piece of punctuation you encounter.!!)
Even after his experiment, he will need a new router, for all of the reasons mentioned by several posters above.
Add to this the fact that a laptop wifi card is not exactly known for its range, or power.
I understand that this is slashdot and people want to turn sow's ears into silk purses and run Linux on their toaster ovens, but that doesn't make it a good solution. Just about ANY off the shelf wifi router will be a better solution.
Slashdot Mirror
Sounds like a good argument for a strong 2nd Amendment and a well-armed society. Remember, when trouble shows up: the police are only 15 minutes away. Good luck with that cell phone.
http://www.cnn.com/2013/10/05/us/bikers-attack-video/
"It was Lien's wife who made the last of three 911 calls the family placed during the incident."
In that particular case the truth is leaking out that Police were on the scene immediately. As many as 6 of the bikers were off duty police officers and at least 3 were On Duty (undercover) officers.
Protect and serve my ass!
But most prison sentences are given in months, and months are based on the Moon's orbit around its (dwarf) Planet, and Charon orbits Pluto every 6.387230 days. So that would be a blessing, no?
Exactly!
There’s no point acting all surprised about it. All the planning charts and discontinuance notices have been on display in your local planning
department in Alpha Centauri for fifty of your Earth years, so you’ve had plenty of time to lodge any formal complaint and it’s far too late to start
making a fuss about it now.
Do you have even the slightest clue of how many police it would take to provide one for any random collection of 6 or more people at every car-pool waiting zone, or every bus stop? Seriously, have you spent even a minute thinking about this?
Oakland Police patrol officers make a median salary of around $56.8K, which as $6K greater than the national average.
Do you seriously think that city can afford to have a cop everywhere one might be needed, 24/7? Do you want to pay that level of taxation? (Judging from your slashdot Id, I suspect your aren't even old enough to be paying taxes). Would you actually want to live in any society that had that many cops?
Far better we shoot kids privately?
If only there were some mechanism where a large portion of the population could give some money to people to provide law enforcement services to a community before the Internet was invented.
Oh, yes, very cute. Aren't you so very clever.
The point is that it doesn't work. It never has, and in a city like Oakland it never will.
Police don't prevent crime. At best they solve easy crimes, and catch stupid criminals. After the fact. Maybe. Nationally, robbery has a 27% clearance rate (% "solved"). Even that percentage is biased because most solved street robberies are those where weapons were actually used. Police don't actually have much time for robberies unless someone gets hurt. They will tell you to file an insurance claim.
You seem to suggest we should employ a police force large enough that when ever 6 or more people congregate on a street corner a cop will magically appear to "protect" them. Would you actually want to live in such a society?
Employing private protection of people and property is FAR more effective than relying on police. Armed or not. You only need them for the hours you are at most risk.
The best solution in this case might be to use crowd funding to hire off duty police officers to stand around in uniform only during the hours they are needed. Asking the city to guard these car-pool waiting lines preferentially in a city as crime ridden as Oakland simply means some other area goes less-guarded, and is bound to attract objections from other groups or areas. This is what every venue does for any event, and it is a reasonable alternative to raising all taxes to have enough police to station one on every street corner.
That seems like the sort of function that should be designed with a multi-step process to execute, to eliminate precisely that kind of error. How in the world did that get implemented?
I suggest one more step in the process might be effective.
They need a slight reconfiguration of the Cooling Pump Switch. It would be relatively cheap, and pretty much idiot proof.
That the Japanese government a) allows TEPCO to 'clean up' Fukushima and b) refuses any foreign help shows that the problem with Fukushima is and always has been a political one.
If the Japanese government is anything like our government, (or most governments), suddenly tossing them into a critical situation in a plant they are not familiar with (which is already fundamentally compromised), is just BEGGING for a far worse Chinese fire-drill than is currently going on.
If it is in fact a political problem as you suggest, then implying that the government should do anything differently is pointless, because governments are, by definition, political.
How many people are Chinese, but are not Chinese nationals?
Anyone who is Chinese but not a citizen of the People's Republic of China.
Somehow, I don't feel I owe you a number.
The ban isn't against Chinese people, just Chinese nationals.
How could anyone capable of writing code be incapable incapable of using Google or Bing or Yandex?
You are missing the fact that the the summary, the article, and the so called detail description give not a single
clue about how it works, or even precisely what it does.
One would have to assume its some sort of elaborate ruse to see if they can sucker more people into handing over more data by offering a nebulously described so called private data gatekeeper as a free app. Undomesticated equines could not drag me to installing that app.
LLCs for Corporations have never been pierced.
LLCs for sole proprietorship have only rarely been pierced.
Your Personal finances are pretty safe behind an LLC, that is after all precisely what they are for.
So he open sources the plugin, publishes it somewhere else for free.
They can't sue the totality of git-hub or Source Forge.
As long as he puts nothing on Facebook's website they can't touch him.
I'm sure there are several dozen sites in the EU that would host his project for free.
Facebook's legal department would know better than to try. Most lawyers have heard of the Streisand effect.
I already monitor all the traffic into and out of my network - there's lots you have no idea about.
Has to be an appliance.. but that's cheap. Making it easy to understand might open quite a few people's eyes...
Really? All traffic?
Seems unlikely. Or, that your network actually does nothing, and has no significant data.
Because there are a million ways insiders can sneak data out, some of which requires visual
inspection. (That email with pictures? No algorithm is going to detect that it is a screen shot
of your secret stuff). That wrist watch? Its really a USB drive. Someone filling out a form
on a SSL website?
What the hell does it matter what percent of the world population are Chinese nationals?
The Chinese don't let US scientists wander unfettered around their various government campuses either.
Sorry i meant to say only allow su to root only from the physical console
I didn't even know it was possible to limit su to a specific terminal. I suppose with SELinux it would be, or via pam.
This is one reason why people recommend sudo instead of su. The admin logs in as himself and gains root privilege using his personal password. There is no shared root password, so you only have to disable the old admin's account and sudo access.
The problem with sudo is that often the complexity of setting it up is time consuming when you have a fleet of admins for a large network, or even a small network with more than a couple admins. Not only do you have to kill the departing admin's account, you have to review the sudoers to make sure no other accounts crept in there as a root equivalent. Some middle management account it unlikely to ever discover they have sudo capability, so someone could simply add that account to sudoers as a root equivalent, steal a password or insert their public key into said person's authorized keys, and ssh in as job-Payroll, and su to root.
I like having only one door to guard.
SSH with key only access, no passwords, no su to root, no sudo, just seems more secure. Each admin has his own public key appended to authorized_keys for root in one place. Nobody has to actually know root's real password (or it can be kept in a vault as you mention).
So one line gets added to authorized keys for each admin, and one line gets deleted when they leave.
He actually mentions port knocking, but I think he mis-understands it. He makes a mathematical argument, without addressing the fact that the sequence of ports can be as long as you want. He seems to think port knocking is used to grant access, when most of the users I know who use it do so only to start sshd so that they can then log in via secure means.
But having to log in from a multitude of places is pretty common. Less common these days than in the past is having to log in from some random machine. Everyone has a cell phone or tablet or laptop. With those, you can store your private keys, and then totally disallow password logins via ssh.
You can then decide whether to allow root login via ssh or not as a separate issue.
not permitting direct login as root at all is a good idea - it what su was invented for (amongst other things)
Acually, on a new Freebsd install, out of the box, ssh to root was not permitted nor was su to root.
So on new installs, you have to pick your poison before you walk away from the console.
The rationale for not allowing su to root is because an attacker who (by what ever means) logs into some random account has a dramatically more advantageous position than one banging on the doors of ssh. That being said, unless you have convenient access to the console you are going to
have to choose ssh or su or something similar.
By far the easiest, and the one that most admins default to using is ssh with big keys, and don't allow password logins (or su to root).
(I make this claim without a shred of evidence to support it, other than knowing what I see among the Admins I work with. When an admin quits or moves on, its easy to remove his key from Authorized_keys but hard to remove a password from his head. I'm sure someone will school me on why this is wrong headed).
I'm pretty sure I didn't miss the point, as you would have realized if you read past the first sentence. (Yeah, I know, its slashdot, but for gods sake the world does not stop at the first piece of punctuation you encounter.!!)
Even after his experiment, he will need a new router, for all of the reasons mentioned by several posters above.
Not to mention several routers use admin and support ssh connections.
Router software virtually never gets updated.
Add to this the fact that a laptop wifi card is not exactly known for its range, or power.
I understand that this is slashdot and people want to turn sow's ears into silk purses and run Linux on their toaster ovens, but that doesn't make it a good solution. Just about ANY off the shelf wifi router will be a better solution.
So that's your example of a quality product?
When the prior team deserted their project en-mass you certainly were a clown for accepting the assignment.