Serious question: Why is this routine advice demanded of all noob linux admins? If my root password is geka#r#t-epu6ramAthap_eke (that's not my password) people can feel free to brute force away. Perhaps in 300 trillion years, they might have a 50/50 shot at breaking it, but I won't lose sleep over that. Besides, there are a lot of perfectly valid reasons to log in as root. Off the top of my head, you can't escalate to root permissions using SCP, so right there's a fine reason to have a remote account with root permissions enabled. Running certain remote backup jobs often requires root permissions. I realize that these concerns have workarounds, but why turn a 1-step process of transferring a file into a 6 step process for no real gain in security?
I use an Ubuntu USB drive that I created for the specific purpose of scanning systems before they boot into the OS. It won't detect malware in real-time, but it should, in theory, catch a root kit that's well hidden from being detected within the OS. What I don't understand is why there's not something commercial out there that does this. With my home-made drive, I can boot, mount a truecrypt volume (all our computers are truecrypted) and scan a Windows file system with several different free tools. The only problem is, since they are free, they tend to be not very good. I scanned a system I was working with yesterday, and ClamAV, Avast!, BitDefender and AVG all missed a boot sector virus. The system was clearly infected, judging by all the BSODs and other strange behavior, but all these tools came up clean. They were also slow as hell. Each scan took hours. Finally, I attached the hard drive to a Windows machine and ESET picked up the virus right away, although it wasn't able to clean it. Had to download a separate tool from Kaspersky to do that.
What I'm saying is most of the stuff I did is not accessible to the unwashed masses. On top of that, I would actually pay good money for a tool that I could use and not have to screw with 5 different immature anti-virus platforms that could be used to remove rootkits. Nothing about this virus was particularly fancy, once you got it outside of the OS. (It loaded kernel mode drivers to prevent it from being seen within Windows.) Why don't one of the major players start looking into something like this? Bootable, able to update definitions over the Internet and fast. I, and probably my company, would pay really good money for that.
Are you referring to HInkley as a Democrat? Jesus, dude, do just a little bit of research before posting bullshit. Hinkley was crazy out of his mind insane. He had been following Carter with a gun for months, but could never find his opportunity. Then Regan got elected, so he started following him. All it took was one opportunity. He was not a Republican nor a Democrat.
Most of the damning information in the cables about corrupt governments and civilian casualties was leaked over a year ago. What was leaked in February, and recently publicized, were the sources of those leaks. So all the moral people who risked their lives and the lives of their families to expose corruption are now being rooted out and killed by said corrupt governments.
So next time someone comes across something horrible and thinks about leaking it, they'll probably remember this incident and all of the attention that it generated and think better of doing it. Where's your indignation over that?
I'm sure you're correct in that most of the damage has already been done. I am, however, reacting to the cavalier attitude with which people seem to be treating this data. People have and will be killed over this information, and more importantly, next time someone is considering leaking something that may benefit the public as a whole, they're going to think twice about doing it. Because of that, this leak is a terrible thing for the world.
Information wants to be free, and I do appreciate your eagerness to propagate this information, but people will die as a result of these leaked cables.
How much money did Microsoft burn trying to get the XBOX off the ground? Sometimes it pays to make a little investment in the future. If HP had sold these even at $150/$200 or maybe $200/$250, sure they would have lost money on each unit, but how long until it overtook iPad? Tablets are going to be selling for $100 in 5 years anyway, and HP could have sold a LOT of them at a loss to make it into the market. Once the established leader had been displaced, they could have made tons of money on licensing, app store purchases, etc. Maybe even eventually on hardware. I think they were looking for a home-run, and when they didn't get it, they just gave up all hope. Bad move on HP's part.
Key word: removed. That means it was at one time in place. These type of restrictions should never be in place by default, as it took a lot of effort and protest to get that provision removed. At some point in the future, people will get tired of protesting and we will be without rights by default.
No. Completely different. Not even similar. What he's talking about is a wind tunnel that's turned up on its side, so that it's blowing upward rather than sideways. This way, people "float" around. It's nothing like a zero-G simulator. It's a skydiving simulator. NASA's vomit comet actually takes people up in in the body of a jet, and then goes into a calculated free-fall for a few seconds so that the plane, the pocket of air inside the plane and the people inside are all falling at the same rate, opposite the acceleration of gravity. This is what happens when a spacecraft is in orbit around Earth, except they can fall almost indefinitely because they fall at the same rate as the curvature of the earth.
This concern would be easily addressed if instead we tried putting these things in our back yards, and not in cars. Then, it would just be running all the time, possibly with enough power in batteries or capacitors to cover the power needs for a few start-ups. We already have small batteries that fit into cars, which could be charged at home. I can't fathom why we'd insist on carrying around a small nuclear reactor with us in our car.
What's more, you could charge a battery powered electric vehicle at your house, and save the need for you to lug around a small nuclear reactor in your car. The article talks about the difficulties of miniaturizing it for use in cars. Simple solution: don't. We already have batteries that fit nicely into a car and have a range nearing 300 miles, in 10 years that range will probably be 10 times what it is today. Plus, if it meant efficient energy, I wouldn't really mind something the size of a box truck in my backyard, or my basement. Hell, you could probably bury most of the reactor underground.
Who chooses when the polls are open? Who chooses the polling places?
Uhhh... this guy. And it's fishy as hell that he happened to have been a huge Bush fundraiser in Ohio as well as a dyed-in-the-wool partisan Republican. I won't say he's a crook, I have no idea. You have to admit, though, it all smells pretty bad.
Is that 15k RPM drive a "Western Digital Caviar Black 3.5" SATA 500GB hard drive (WD5002AALX)." It's stated pretty clearly in the rules that it needs to be that model. I don't think they're going for a speed test here, because there are plenty of SSDs that blow that speed away. They're trying to take a "normal" drive and super-speed it, for forensic purposes.
According to the rules, it needs to be reversible. They mention forensics, so maybe they're trying to do it undetected. At any rate, I'm pretty sure cracking the seal on the hard drive is verboten.
You may have made a conscious decision to not let advertising affect you, but there isn't a person in the world that isn't affected by advertising. (I'm assuming that since you post on slashdot, you're not a member of an elusive tribe in South America that hasn't encountered modern civilization.)
The truth is, if you've ever opened your eyes in public, your actions have been influenced. Maybe not on a conscious level, but your actions have doubtless been influenced in some way. Maybe you saw an attractive girl on a billboard and your eyes lingered a bit longer than normal. Then next time you want a beer your mind subconsciously wanders back to that woman and that's the brand of beer you end up buying. You don't think "hey they had a pretty girl on their ad, so I"m buying their beer" but their ad was effective nonetheless.
In addition, there are other ways besides sex of influencing you. Maybe some image subconsciously makes you feel inadequate because you don't use Tide with Bleach, or because your kids don't eat Jif peanut butter. I understand, and share, your anti-consumer mindset, but the truth is, you just can't avoid advertising in modern culture. And if you're telling yourself that you are, you're probably missing the tricks that are being played on you right now.
A car battery at full retail costs $50. I'd imagine you could tweak it a bit, put it in a waterproof container and have something that could power a very powerful signal for weeks. Don't have to worry so much about satellites, as transmitters on the right frequency could transmit hundreds, if not thousands, of miles. We're not transmitting complex data here, just some GPS coordinates repeated. Also, I was referring more to the containers that float, which is a majority of them. Some salvage and rescue operations could be done on the sinkers, but many of those (depending on contents) would not be worth salvaging even if their location was known.
I believe you are incorrect. Sirf Star III and IV chipsets are less than $20 - $30. That's not cell tower GPS, that's real GPS. How else would you explain why my $70 Garmin Forerunner watch can provide me with longitude/latitude on an airplane or in the middle of an ocean? Of course, that's just the price of a chip. You need a power supply and some sort of transmitter to relay the data back to somewhere, but I'd imagine that they could purpose-design a system like this for well under a couple hundred dollars, when purchased in bulk. Considering a new shipping container costs around $2000, it doesn't sound too unreasonable. And it'll have benefits for the shipper as well. I'd imagine an average container could easily contain a couple hundred thousand dollars worth of merchandise. A single recovered container could pay for thousands of GPS systems.
Slashdot Mirror
Disable root login via SSH as soon as possible
Serious question: Why is this routine advice demanded of all noob linux admins? If my root password is geka#r#t-epu6ramAthap_eke (that's not my password) people can feel free to brute force away. Perhaps in 300 trillion years, they might have a 50/50 shot at breaking it, but I won't lose sleep over that. Besides, there are a lot of perfectly valid reasons to log in as root. Off the top of my head, you can't escalate to root permissions using SCP, so right there's a fine reason to have a remote account with root permissions enabled. Running certain remote backup jobs often requires root permissions. I realize that these concerns have workarounds, but why turn a 1-step process of transferring a file into a 6 step process for no real gain in security?
Squab is considered a delicacy around the world, even in the best restaurants in the United States. It's just a fancy name for pigeon.
I use an Ubuntu USB drive that I created for the specific purpose of scanning systems before they boot into the OS. It won't detect malware in real-time, but it should, in theory, catch a root kit that's well hidden from being detected within the OS. What I don't understand is why there's not something commercial out there that does this. With my home-made drive, I can boot, mount a truecrypt volume (all our computers are truecrypted) and scan a Windows file system with several different free tools. The only problem is, since they are free, they tend to be not very good. I scanned a system I was working with yesterday, and ClamAV, Avast!, BitDefender and AVG all missed a boot sector virus. The system was clearly infected, judging by all the BSODs and other strange behavior, but all these tools came up clean. They were also slow as hell. Each scan took hours. Finally, I attached the hard drive to a Windows machine and ESET picked up the virus right away, although it wasn't able to clean it. Had to download a separate tool from Kaspersky to do that.
What I'm saying is most of the stuff I did is not accessible to the unwashed masses. On top of that, I would actually pay good money for a tool that I could use and not have to screw with 5 different immature anti-virus platforms that could be used to remove rootkits. Nothing about this virus was particularly fancy, once you got it outside of the OS. (It loaded kernel mode drivers to prevent it from being seen within Windows.) Why don't one of the major players start looking into something like this? Bootable, able to update definitions over the Internet and fast. I, and probably my company, would pay really good money for that.
Are you referring to HInkley as a Democrat? Jesus, dude, do just a little bit of research before posting bullshit. Hinkley was crazy out of his mind insane. He had been following Carter with a gun for months, but could never find his opportunity. Then Regan got elected, so he started following him. All it took was one opportunity. He was not a Republican nor a Democrat.
Most of the damning information in the cables about corrupt governments and civilian casualties was leaked over a year ago. What was leaked in February, and recently publicized, were the sources of those leaks. So all the moral people who risked their lives and the lives of their families to expose corruption are now being rooted out and killed by said corrupt governments.
So next time someone comes across something horrible and thinks about leaking it, they'll probably remember this incident and all of the attention that it generated and think better of doing it. Where's your indignation over that?
I'm sure you're correct in that most of the damage has already been done. I am, however, reacting to the cavalier attitude with which people seem to be treating this data. People have and will be killed over this information, and more importantly, next time someone is considering leaking something that may benefit the public as a whole, they're going to think twice about doing it. Because of that, this leak is a terrible thing for the world.
Information wants to be free, and I do appreciate your eagerness to propagate this information, but people will die as a result of these leaked cables.
I'm usually the first person to want to propagate information, but people will die as a result of these leaked cables.
Either Apple encourages their employees to have fun on the job, or they need to offer alcohol treatment for their employees.
How much money did Microsoft burn trying to get the XBOX off the ground? Sometimes it pays to make a little investment in the future. If HP had sold these even at $150/$200 or maybe $200/$250, sure they would have lost money on each unit, but how long until it overtook iPad? Tablets are going to be selling for $100 in 5 years anyway, and HP could have sold a LOT of them at a loss to make it into the market. Once the established leader had been displaced, they could have made tons of money on licensing, app store purchases, etc. Maybe even eventually on hardware. I think they were looking for a home-run, and when they didn't get it, they just gave up all hope. Bad move on HP's part.
Key word: removed. That means it was at one time in place. These type of restrictions should never be in place by default, as it took a lot of effort and protest to get that provision removed. At some point in the future, people will get tired of protesting and we will be without rights by default.
No. Completely different. Not even similar. What he's talking about is a wind tunnel that's turned up on its side, so that it's blowing upward rather than sideways. This way, people "float" around. It's nothing like a zero-G simulator. It's a skydiving simulator. NASA's vomit comet actually takes people up in in the body of a jet, and then goes into a calculated free-fall for a few seconds so that the plane, the pocket of air inside the plane and the people inside are all falling at the same rate, opposite the acceleration of gravity. This is what happens when a spacecraft is in orbit around Earth, except they can fall almost indefinitely because they fall at the same rate as the curvature of the earth.
Good catch! I'll half to be more careful!
Yeah, but it's a mute point.
This concern would be easily addressed if instead we tried putting these things in our back yards, and not in cars. Then, it would just be running all the time, possibly with enough power in batteries or capacitors to cover the power needs for a few start-ups. We already have small batteries that fit into cars, which could be charged at home. I can't fathom why we'd insist on carrying around a small nuclear reactor with us in our car.
What's more, you could charge a battery powered electric vehicle at your house, and save the need for you to lug around a small nuclear reactor in your car. The article talks about the difficulties of miniaturizing it for use in cars. Simple solution: don't. We already have batteries that fit nicely into a car and have a range nearing 300 miles, in 10 years that range will probably be 10 times what it is today. Plus, if it meant efficient energy, I wouldn't really mind something the size of a box truck in my backyard, or my basement. Hell, you could probably bury most of the reactor underground.
Really? Then what's the motivation to cure cancer if there's no profit in it? I mean, Pasteur, Salk and Fleming all retired multi-billionaires, right?
Who chooses when the polls are open? Who chooses the polling places?
Uhhh... this guy. And it's fishy as hell that he happened to have been a huge Bush fundraiser in Ohio as well as a dyed-in-the-wool partisan Republican. I won't say he's a crook, I have no idea. You have to admit, though, it all smells pretty bad.
It's a shame they didn't label it a "beta" product or something.
/sarcasm
Is that 15k RPM drive a "Western Digital Caviar Black 3.5" SATA 500GB hard drive (WD5002AALX)." It's stated pretty clearly in the rules that it needs to be that model. I don't think they're going for a speed test here, because there are plenty of SSDs that blow that speed away. They're trying to take a "normal" drive and super-speed it, for forensic purposes.
According to the rules, it needs to be reversible. They mention forensics, so maybe they're trying to do it undetected. At any rate, I'm pretty sure cracking the seal on the hard drive is verboten.
Excellent writeup. Worth the read. Let's hope CCP is reading.
You may have made a conscious decision to not let advertising affect you, but there isn't a person in the world that isn't affected by advertising. (I'm assuming that since you post on slashdot, you're not a member of an elusive tribe in South America that hasn't encountered modern civilization.)
The truth is, if you've ever opened your eyes in public, your actions have been influenced. Maybe not on a conscious level, but your actions have doubtless been influenced in some way. Maybe you saw an attractive girl on a billboard and your eyes lingered a bit longer than normal. Then next time you want a beer your mind subconsciously wanders back to that woman and that's the brand of beer you end up buying. You don't think "hey they had a pretty girl on their ad, so I"m buying their beer" but their ad was effective nonetheless.
In addition, there are other ways besides sex of influencing you. Maybe some image subconsciously makes you feel inadequate because you don't use Tide with Bleach, or because your kids don't eat Jif peanut butter. I understand, and share, your anti-consumer mindset, but the truth is, you just can't avoid advertising in modern culture. And if you're telling yourself that you are, you're probably missing the tricks that are being played on you right now.
A car battery at full retail costs $50. I'd imagine you could tweak it a bit, put it in a waterproof container and have something that could power a very powerful signal for weeks. Don't have to worry so much about satellites, as transmitters on the right frequency could transmit hundreds, if not thousands, of miles. We're not transmitting complex data here, just some GPS coordinates repeated. Also, I was referring more to the containers that float, which is a majority of them. Some salvage and rescue operations could be done on the sinkers, but many of those (depending on contents) would not be worth salvaging even if their location was known.
I believe you are incorrect. Sirf Star III and IV chipsets are less than $20 - $30. That's not cell tower GPS, that's real GPS. How else would you explain why my $70 Garmin Forerunner watch can provide me with longitude/latitude on an airplane or in the middle of an ocean? Of course, that's just the price of a chip. You need a power supply and some sort of transmitter to relay the data back to somewhere, but I'd imagine that they could purpose-design a system like this for well under a couple hundred dollars, when purchased in bulk. Considering a new shipping container costs around $2000, it doesn't sound too unreasonable. And it'll have benefits for the shipper as well. I'd imagine an average container could easily contain a couple hundred thousand dollars worth of merchandise. A single recovered container could pay for thousands of GPS systems.