I run SSH on non-standard ports. That's "security by obscurity", and guess what? IT WORKS! Because every scanner out there is looking on port 22. Do you know how many login attempts you get when you run SSH on port 22? Way too many. Do you know how many you get when you run SSH on port other-than-22? Zero.
Saying that security by obscurity is "brittle" or "fragile", or whatever, doesn't mean that there is such thing as "security by transparency". I don't go publishing all my server's configuration, ports, addresses, VPN endpoints and other stuff out there, because it doesn't make my system any more secure. In fact, keeping that information private actually decreases the chances of getting h4x0red.
Of course, I also firewall the servers, run SELinux on them, run sensitive services in chroots (or FreeBSD jails, or solaris zones, etc), I keep everything patched and up-to-date, and try to subscribe to security mailing lists.
Same thing with AMEX. When I signed up I was in electronic billing, my e-mail address was was wrong. So they almost canceled my card and lowered my limit. So I told them "oh.. well, then I don't want your card anymore. put me through with someone who can cancel it". 30 seconds of music later, my credit limit was back.
My current bank has an interesting thing: my savings and checking accounts have the same number, but that's not how it works in the bank system. So it's actually a checking account "front end", which is always on zero balance, and the bank automatically transfers from/to the "back end" savings account, which gives me interest. A useless 0.25% annual interest rate. But interest anyway.
Yes, I thought that too, in fact I think the promo is half of the "lock in" thing, that's why I was surprised when I called.
Even so, apparently the "early cancellation fee" is about 1 month service. So if you cancel and pay the fee, and re-subscribe for another 6-12 months at half price, it makes sense.
Well, you can try asking if they can lower the price. I live in Argentina, and this happened to me:
ISPs have "promos" where you sign up and for the first 6-12 months the price is, say, $15. After that period it raises to $30. Since there are 3 ISPs in the area, I thought, well, I can play the game too, and periodically switch ISPs. So I called my ISP and told them I wanted to cancel. They told me they can renew the promo and be on the 6-months-half-price again. WTF? Yep. I need to remember to call every 6-12 months and renew.
I also have accounts with two different banks. Since banks here charge you for basically everything, I was going to cancel one of the accounts I wasn't using. About $30 a month that gave me: credit card, debit card, loan (up to USD15k which is a lot translated to Argentine Pesos), savigs acct, checking acct and all. I called and said I didn't want the service anymore because I wasn't really using it and didn't want to spend $30 a month for nothing. Guess what? They gave me a 50% discount for the next 6 months. And they told me to call again in the next 6 months to renew my discount so I could keep "saving".
I had no idea you could do that, much less in a country where you're supposed to pay 30% interest rate in your credit card, $5 for "billing charge", and $100 per year for your "credit card renewal".
The current government is trying to convert the country from a raw materials + agricultural country to an industrialized country. So far, they haven't succeeded. The current workforce is a mess - strikes every day, protests, and other annoyances are commonplace. Out of control inflation (a judge recently ordered to investigate journalists "asking private consultants about inflation". It's currently illegal to publish an inflationary index other than the official. Consulting companies doing so face fines over $100.000). if you have a factory, you're likely to get a strike every 4-6 months demanding at least a 25% raise.
The customs are pretty much closed. BMW can't sell cars anymore here - the government demands that for every imported dollar, there must be a dollar in exports as well. How long is this going to last? I'm not sure. Most people claim that BMW is simply not interested in selling cars here anymore, others say BMW is preparing a factory in Brazil, which will make it easier to import cars into Argentina. Local cars, of course, are a joke. Local manufacturers simply make the cheapest car possible, cheaper, and sell it for ridiculous prices. No car is less than $15.000 and those don't have powered windows, ABS, Airbag or anything like that, and engines are 1.6L or less.
The government now requires import "licenses" which aren't automatically renewed (you need a new license every time you're importing something). And licenses can take 60-180 days to process. That's on purpose, to discourage you from importing.
So basically, instead of setting up a safe environment for companies to invest (like it's already done in Tierra del Fuego - guess where most factories are set up now? yep. there), the government is simply shutting down imports. That's how it's always been tho. The oldest institution in Argentina is actually the customs, founded in 1536 (link in spanish). Imported goods have tax of at least 50% but most sell for 3x USA street price. The MacBook Pro 17" is over USD 5000, for example.
Samsung is currently producing some phone models in Argentina (for the internal market only). Motorola-BGH has been doing it for over 40 years AFAIK, so Moto phones are relatively inexpensive and easier to get than, say, HTC, which isn't sold by any carrier.
My lady who has traveled through Europe says that she was never harassed so much as in Italy,
Because your wife must be an uptight anglo-saxon woman, who doesn't like being complimented by strangers a lot. In countries with "latin" culture, like all of South America and also Spain and Italy, it's socially accepted for a man to yell "que bella ragazza!!!" or similar. Sometimes (playfully) standing in their way. If you do that in any anglo-saxon country, the woman is likely to scream for help. It's a culture thing. Oddly enough, anglo-saxons like to be flattered. Saying "you look so good" to someone will generate a "thank you!" response from an american, but more like "oh please, don't say that" from a mexican.
I'm surprised Gigabyte doesn't include something like this in their motherboards. After all, they like to add useless things to sell more. Like twice as much copper on their boards, or "3x technology" (1.5Amps per USB connector, instead of the standard 500mA).
Microsoft patented a battery holder that let you slide batteries in any way. Guess what? Slashdotters laughed at it, said it was useless, retard, and that only idiots would need a thing like this...
The tearing on the secondary display is present in every card. I've had it since my first GeForce2 MX 10 years ago, GF4MX, GF 5200, 7300GT, 6150 IGP, intel GMA950 (i think), and now with Intel Core i5 on-CPU graphics. Seen it with VGA, DVI, Component, and HDMI outs. The secondary display always has tearing. That's why I have to switch primary/secondary screens when I want to watch a movie on my TV.
Not sure how it is in AMD land, but on nVidia and Intel, that's what it's like.
2003 SP1? HA! I've seen stuff running on Win98, because the electric engineers in charge are out of their league when it comes to computers, and win98 "just works"
I took some PLC introduction course in 2006 or 2007 and the guy was bitching about linux, because linux doesn't have support. And he liked linux because it's stable, but manufacturers only support Windows, and the only way to be SURE that your software is going to work AND last for many years, is to use a not-so-new computer. I'm glad that guy only does small things like cooling control and wood drying facilities.
But at least he got one thing right: All the control LOGIC has to be in the PLCs. The SCADA is for a nice GUI and logging ONLY. You should add enough buttons, switches and lights to make the system fully usable even if all the SCADA computers are down. And that doesn't mean "manual override", which is something else you should have too.
I doubt there are applications where a SCADA system should be making decisions.
Web Of Trust, really, are you fucking kidding me? This has been implemented for how long already? Thawte personal certificates for e-mail work like that, with "trusted" notaries and shit.
And this is somehow a NEW AND REVOLUTIONARY idea, because it has a Web 2.0 name like "Convergence"?
Yeah that's the other thing too. SELinux doesn't "protect" you against attacks more than mosquito repellant doesn't protect you against mosquito bites... there's always going to be a way. But the more precautions you take, less chances of getting hacked you have.
Or in more technical terms, SELinux doesn't protect you from a malicious user hacking into your system more than giving him a regular user account instead of root access. There are exploits to gain root access, and I guess SELinux can be exploited too.
Most competent sysadmins try to do their best to secure their system, and those worth their salt, succeed to do so. SELinux (and Tomoyo) are painful to use, easy to lock yourself out, and cumbersome. But that's the price to pay, I guess. Some admins decide the price is too high.
Slashdot Mirror
I run SSH on non-standard ports. That's "security by obscurity", and guess what? IT WORKS! Because every scanner out there is looking on port 22. Do you know how many login attempts you get when you run SSH on port 22? Way too many. Do you know how many you get when you run SSH on port other-than-22? Zero.
Saying that security by obscurity is "brittle" or "fragile", or whatever, doesn't mean that there is such thing as "security by transparency". I don't go publishing all my server's configuration, ports, addresses, VPN endpoints and other stuff out there, because it doesn't make my system any more secure. In fact, keeping that information private actually decreases the chances of getting h4x0red.
Of course, I also firewall the servers, run SELinux on them, run sensitive services in chroots (or FreeBSD jails, or solaris zones, etc), I keep everything patched and up-to-date, and try to subscribe to security mailing lists.
One more thing: I ALLOW SSH root access.
I thought the Manaus area workforce was mostly natives they made come down from trees and put some clothes on...
Wait, we still have to test in all browsers? I thought if you used CSS and "em"s instead of "px"s, you were safe! I was LIED to!
It doesn't support my WRT600N, which is like 4 years old.
Openwrt hardware support sucks.
Same thing with AMEX. When I signed up I was in electronic billing, my e-mail address was was wrong. So they almost canceled my card and lowered my limit. So I told them "oh.. well, then I don't want your card anymore. put me through with someone who can cancel it". 30 seconds of music later, my credit limit was back.
My current bank has an interesting thing: my savings and checking accounts have the same number, but that's not how it works in the bank system. So it's actually a checking account "front end", which is always on zero balance, and the bank automatically transfers from/to the "back end" savings account, which gives me interest. A useless 0.25% annual interest rate. But interest anyway.
Yes, I thought that too, in fact I think the promo is half of the "lock in" thing, that's why I was surprised when I called.
Even so, apparently the "early cancellation fee" is about 1 month service. So if you cancel and pay the fee, and re-subscribe for another 6-12 months at half price, it makes sense.
Well, you can try asking if they can lower the price. I live in Argentina, and this happened to me:
ISPs have "promos" where you sign up and for the first 6-12 months the price is, say, $15. After that period it raises to $30. Since there are 3 ISPs in the area, I thought, well, I can play the game too, and periodically switch ISPs. So I called my ISP and told them I wanted to cancel. They told me they can renew the promo and be on the 6-months-half-price again. WTF? Yep. I need to remember to call every 6-12 months and renew.
I also have accounts with two different banks. Since banks here charge you for basically everything, I was going to cancel one of the accounts I wasn't using. About $30 a month that gave me: credit card, debit card, loan (up to USD15k which is a lot translated to Argentine Pesos), savigs acct, checking acct and all. I called and said I didn't want the service anymore because I wasn't really using it and didn't want to spend $30 a month for nothing. Guess what? They gave me a 50% discount for the next 6 months. And they told me to call again in the next 6 months to renew my discount so I could keep "saving".
I had no idea you could do that, much less in a country where you're supposed to pay 30% interest rate in your credit card, $5 for "billing charge", and $100 per year for your "credit card renewal".
The current government is trying to convert the country from a raw materials + agricultural country to an industrialized country. So far, they haven't succeeded. The current workforce is a mess - strikes every day, protests, and other annoyances are commonplace. Out of control inflation (a judge recently ordered to investigate journalists "asking private consultants about inflation". It's currently illegal to publish an inflationary index other than the official. Consulting companies doing so face fines over $100.000). if you have a factory, you're likely to get a strike every 4-6 months demanding at least a 25% raise.
The customs are pretty much closed. BMW can't sell cars anymore here - the government demands that for every imported dollar, there must be a dollar in exports as well. How long is this going to last? I'm not sure. Most people claim that BMW is simply not interested in selling cars here anymore, others say BMW is preparing a factory in Brazil, which will make it easier to import cars into Argentina. Local cars, of course, are a joke. Local manufacturers simply make the cheapest car possible, cheaper, and sell it for ridiculous prices. No car is less than $15.000 and those don't have powered windows, ABS, Airbag or anything like that, and engines are 1.6L or less.
The government now requires import "licenses" which aren't automatically renewed (you need a new license every time you're importing something). And licenses can take 60-180 days to process. That's on purpose, to discourage you from importing.
So basically, instead of setting up a safe environment for companies to invest (like it's already done in Tierra del Fuego - guess where most factories are set up now? yep. there), the government is simply shutting down imports. That's how it's always been tho. The oldest institution in Argentina is actually the customs, founded in 1536 (link in spanish). Imported goods have tax of at least 50% but most sell for 3x USA street price. The MacBook Pro 17" is over USD 5000, for example.
Samsung is currently producing some phone models in Argentina (for the internal market only). Motorola-BGH has been doing it for over 40 years AFAIK, so Moto phones are relatively inexpensive and easier to get than, say, HTC, which isn't sold by any carrier.
How is this any safe than having a normal user be able to "su" anyway?
How is it any safer than having root access with only certificates and no keyboard-interactive?
Disabling SSH root acess is as stupid as blocking ICMP for "security". Man, all those ICMP-blocking fags are in for a surprise with IPv6...
For that matter, your pentium 133 runs SNES games much slower, on an emulator, than native on a real SNES...
Why? This is not 1999. We don't "hate" javascript anymore, like we did years ago.
Now we hate flash. Get on the wave, man.
Because Google needs you to run everything in their cloud so the NSA,FBI,CIA, and even the DMV can get easy access to all your documents.
Because your wife must be an uptight anglo-saxon woman, who doesn't like being complimented by strangers a lot. In countries with "latin" culture, like all of South America and also Spain and Italy, it's socially accepted for a man to yell "que bella ragazza!!!" or similar. Sometimes (playfully) standing in their way. If you do that in any anglo-saxon country, the woman is likely to scream for help. It's a culture thing. Oddly enough, anglo-saxons like to be flattered. Saying "you look so good" to someone will generate a "thank you!" response from an american, but more like "oh please, don't say that" from a mexican.
https://secure.wikimedia.org/wikipedia/en/wiki/Complimentary_language_and_gender#Cross-cultural_overview_of_compliments
So what did they do to her in Italy? Introduced her to Berlusconi?
I'm surprised Gigabyte doesn't include something like this in their motherboards. After all, they like to add useless things to sell more. Like twice as much copper on their boards, or "3x technology" (1.5Amps per USB connector, instead of the standard 500mA).
Microsoft patented a battery holder that let you slide batteries in any way. Guess what? Slashdotters laughed at it, said it was useless, retard, and that only idiots would need a thing like this...
http://mobile.slashdot.org/story/10/07/02/0641200/MS-Design-Lets-You-Put-Batteries-In-Any-Way-You-Want
And you cannot expect to design a submarine from end-to-end using Linux either...
The tearing on the secondary display is present in every card. I've had it since my first GeForce2 MX 10 years ago, GF4MX, GF 5200, 7300GT, 6150 IGP, intel GMA950 (i think), and now with Intel Core i5 on-CPU graphics. Seen it with VGA, DVI, Component, and HDMI outs. The secondary display always has tearing. That's why I have to switch primary/secondary screens when I want to watch a movie on my TV.
Not sure how it is in AMD land, but on nVidia and Intel, that's what it's like.
2003 SP1? HA! I've seen stuff running on Win98, because the electric engineers in charge are out of their league when it comes to computers, and win98 "just works"
I took some PLC introduction course in 2006 or 2007 and the guy was bitching about linux, because linux doesn't have support. And he liked linux because it's stable, but manufacturers only support Windows, and the only way to be SURE that your software is going to work AND last for many years, is to use a not-so-new computer. I'm glad that guy only does small things like cooling control and wood drying facilities.
But at least he got one thing right: All the control LOGIC has to be in the PLCs. The SCADA is for a nice GUI and logging ONLY. You should add enough buttons, switches and lights to make the system fully usable even if all the SCADA computers are down. And that doesn't mean "manual override", which is something else you should have too.
I doubt there are applications where a SCADA system should be making decisions.
Only Jobs can pull the RDF, fanboi. Your comment doesn't make any sense.
Web Of Trust, really, are you fucking kidding me? This has been implemented for how long already? Thawte personal certificates for e-mail work like that, with "trusted" notaries and shit.
And this is somehow a NEW AND REVOLUTIONARY idea, because it has a Web 2.0 name like "Convergence"?
Sheesh, the shit one has to put up with.
Yeah that's the other thing too. SELinux doesn't "protect" you against attacks more than mosquito repellant doesn't protect you against mosquito bites... there's always going to be a way. But the more precautions you take, less chances of getting hacked you have.
Or in more technical terms, SELinux doesn't protect you from a malicious user hacking into your system more than giving him a regular user account instead of root access. There are exploits to gain root access, and I guess SELinux can be exploited too.
Most competent sysadmins try to do their best to secure their system, and those worth their salt, succeed to do so. SELinux (and Tomoyo) are painful to use, easy to lock yourself out, and cumbersome. But that's the price to pay, I guess. Some admins decide the price is too high.
It's a trap! It HAS to be. /tinfoil
Just answering to GP on his own language.
Also, I was on dialup. USR Sportster 33.6. I didn't have broadband until mid-2001.