You are right about proxies/botnets, but speaking as someone who gets a few thousand of these attacks per week, the attack script that is in current use will launch several hundred or thousand dictionary attempts all from the same IP.
When they start using botnets to assault my box, then I'll have to respond differently, but for now this solution looks beautiful.
I consider myself a poweruser, but that statement alone is enough to turn me away from even using linux as my main OS. It's like getting the response "don't use FTP, it's insecure" when asking what FTP server to use on your brand new linux install -- it doesn't answer the question.
The problem is, its not a black and white world, where one linux distro is good, and ALL the rest of them are inferior. There are a thousand different distros because thousands of people have different goals and ideas of what works best. "There is no best", is a perfectly reasonably answer that should make you read some descriptions and apply some critical thinking skills to make your own choices rather than be force-fed along one path. Thats what linux is all about, and if you get turned off by that statement, then yeah, you are right, linux isnt for you.
Linux people are too idealistic. The second they put pragmatism over idealism is the second they can start getting desktop marketshare.
Idealism is bad? Marketshare is good? Really? Marketshare... matters?
P.S. Dont use ftp, its not secure, use scp or sftp
Vendors like intel cooperate just the same with windows as they do with Linux
Some Vendors will spend the same amount of time writing drivers for windows, which 97% of their customer base uses, and linux, which 3% of their customer base uses.
I wish I could think of one that did... in the real world drivers for linux do NOT get the same level of attention.
Thats the reason why linux users prefer drivers be open source, so they could fix the broken, buggy code that only works right on one version of Red Hat. Not to rip off somebodys freaking device driver. We just want our hardware to work.
The great thing about php and mysql is that its very simple. If you already know SQL commands, and C#, then you can probably code 90% of what you need to do already. PHP accepts very generic commands that are common among a lot of languages, so there isnt much to learn. I don't know offhand how well it can scale into the really big league stuff, my php/mysql site got one million hits this month, and it handled that just fine.
The history books I've read have a slightly different take on things. Not everyone agrees the bombing was a necessary thing. Japan was already in the middle of negotiating a surrender. The bombs were dropped at least partially to force surrender before the Russians could be involved.
Did you not grow up during the cold war? You seem to have forgotten that the USSR had the bomb for decades.
There were people screaming for blood on both sides, talking about how the other side was evil and needed to be stopped, etc etc. But, people with cooler heads prevailed, and the cold war ended in time. The nuclear threat remains- the genie is out of the bottle and can never be put back in. The only thing we can do is to encourage countries not to develop nukes.
Its scary, but you should really study what worked in the cold war to prevent millions of deaths before advocating 'decisive action' against countries which will result in catastrophic loss of life.
What they deserve? They applied to the school, and then somebody told them they could find out if they were admitted by typing in a url.
How many students were even aware that it was a big secret whether they were admitted, and they werent allowed to actually know. Why was it even a big secret in the first place? Shouldn't they be telling the students as soon as its reasonably possible, and not dangle it over their heads making them waste time if they werent accepted.
So, Stanford wants to make claims that these students are morally corrupt by typing a couple letters into their browser, when the school itself is keeping secrets about the students futures hidden for no reason at all and punishing them for being curious. Who is morally corrupt in this scenario i ask...
I think its more fair to say that most people are ignorant about technology. Police understanding of social-technology issues doesn't seem much different from the general public to me. I work with several police officers and speak to them often about the introduction of new laws related to p2p, anonymity, computer crimes, and the like.
Even the geeks here debate whether truly anonymous speech is a good thing or not. (Personally I believe the good outweighs the bad, but make no mistake, there are drawbacks.) I followed those links that you've posted as an AC, and it provides the perfect argument of why anonymity isn't always positive.
Reminds me of the girl who was arrested for possession and distribution of kiddie porn with pictures of herself.
Please explain to me again how throwing a teenage girl in jail, and making her become a registered sex offender for the rest of her life, does something positive and helps her.
How can somebody be both the victim and the abuser?
Theaters that were showing it at midnight got the prints on Monday evening or Tuesday. Thousands of projectionists and theater employees got to watch it before the smelly people who spent weeks in line.
I would expect a company like google to use Cinema Source since they are the #1 database clearinghouse of movietime information, that nearly every cinema in America communicates with.
Unfortunately, they seem to be using some other service which has incomplete records and doesn't even list some of my local theaters.
Compare for yourself by doing a search on moviefone or yahoo, and then check google.
The problem is, there are many people who believe they are obviously right and others are obviously wrong. Take extreme liberals and conservatives. They are so convinced that their side is "right", they don't think the other side should say anything at all.
Now, ignoring what a person has to say is fine, but personally I don't believe in taking away their voice and ability to say crazy things.
I am glad that both my government and wikipedia believe in Free Speech even if it means I hear some people make absurd claims sometimes. I'd rather hear both sides and be free to make my own choices and decisions. If the idea of free speech worries you, then you worry me.
The government -- the armed forces -- have the ability to mobilize so quickly and so efficiently that any significant, gathered attempt to resist could be quashed with incredible speed.
Which is exactly the reason why armed resistance was crushed so quickly and thoroughly in Iraq and no longer exists.
Learn more about statistics before claiming the number is completely insignificant. Sample size is not as important as making sure your samples are randomized.
The EXACT percentage of errors may not be 90%, but it certainly indicates a trend of errors, and is significant enough to prove that billions of dollars are mismanaged through faulty figures.
In my own company, there are spreadsheet errors all the time despite our best efforts to keep track of everything.
A few years ago I was doing temp work for a large multimillion dollar corporation. As a temp, I was given the job of manually entering data from financial records into spreadsheets that would be used by accountants. I pointed out several times to my supervisor that I suspected typos, needed more time to doublecheck everything, and recommended writing a computer program to translate between their two systems rather than manual entry.
But in the end, he kept rushing me, and wasn't bothered at all when I told him I realized I made several mistakes in previous work from confusion over some of the records. I think the company was screwed, and just wanted to blame their faulty and sloppy financial records on a temp.
Passwords are still useful. What is absolutely required though, is to detect and block brute force attempts.
Yes, computers are fast enough to geuss 10 million combinations within minutes and break into your system. Thats why you cannot let somebody make more than a few geusses without locking them out. Don't let somebody keep hammering away with geusses.
You're screwed if they get your/etc/passwd (or equivalent) file, but its been that way for a long long time.
I use mag strips where I work. For a while, I tried to enforce it on everyone, but now I only enforce it on people with any kinds of admin privledges.
People will always report a loss immediately, because they cannot log into a computer and cannot clock in, and hence cannot get paid without it.
The problem with the regular users was they would lose it constantly, forcing me to issue several cards every day, and it just got to be too much hassle when they have generic system privledges anyways.
I wanted to just fire them for being idiots, but HR wouldn't let me fire half the buildings workforce.
What I do for passwords is to sing a song lyric, and use the first letter of each word.
For example, "When I was younger, so much younger than today," "I never needed anybody's help in any way"
wiwysmytt Innahiaw
Mix in a couple leetspeak characters or other subsitutes, and its more or less random gibberish thats easy to remember. Sing the song in your head every time you type it in, and you can associate certain songs with certain systems, and then if you have your password expire, you can do another line from the song.
The problem is, that as nerds most of us recognize that its completely trivial to get around most kinds of filtration system.
Proxies, P2P, alternative keywords, etc, and people will still be able to find porn.
Basically, the law of diminishing returns applies. You can block 90% of porn easily, and only affect 2% of the regular internet. But once you start to block 99% or more, you're gonna be cutting out a huge swath of the internet.
I don't think its a bad thing to not allow public access porn, but how they can effectively stop it without massive censorship and oversight is beyond me.
A Car is simple to operate, you turn the car, put it in drive, and push the pedal.
That doesn't mean its simple to fix. A car is a complex piece of machinery. Computers are simple to operate, but they are not always simple to fix.
I agree that most people don't take the time to learn the basics, like learning how to keep their AV software updated, just like my girlfriend didn't realize thats cars actually need regular oil changes until one day her engine totally died.
Stating that computers are inherently simple devices, is absolutely wrong. There have been millions upon millions of man-hours put into making them (barely) usable by average people, but that doesn't make them simple devices.
Slashdot Mirror
You are right about proxies/botnets, but speaking as someone who gets a few thousand of these attacks per week, the attack script that is in current use will launch several hundred or thousand dictionary attempts all from the same IP.
When they start using botnets to assault my box, then I'll have to respond differently, but for now this solution looks beautiful.
I consider myself a poweruser, but that statement alone is enough to turn me away from even using linux as my main OS. It's like getting the response "don't use FTP, it's insecure" when asking what FTP server to use on your brand new linux install -- it doesn't answer the question.
The problem is, its not a black and white world, where one linux distro is good, and ALL the rest of them are inferior. There are a thousand different distros because thousands of people have different goals and ideas of what works best. "There is no best", is a perfectly reasonably answer that should make you read some descriptions and apply some critical thinking skills to make your own choices rather than be force-fed along one path. Thats what linux is all about, and if you get turned off by that statement, then yeah, you are right, linux isnt for you.
Linux people are too idealistic. The second they put pragmatism over idealism is the second they can start getting desktop marketshare.
Idealism is bad? Marketshare is good? Really? Marketshare... matters?
P.S. Dont use ftp, its not secure, use scp or sftp
Vendors like intel cooperate just the same with windows as they do with Linux
Some Vendors will spend the same amount of time writing drivers for windows, which 97% of their customer base uses, and linux, which 3% of their customer base uses.
I wish I could think of one that did... in the real world drivers for linux do NOT get the same level of attention.
Thats the reason why linux users prefer drivers be open source, so they could fix the broken, buggy code that only works right on one version of Red Hat. Not to rip off somebodys freaking device driver. We just want our hardware to work.
Dont some wireless setups automatically search for an open wifi channel to use?
Dont lots of businesses leave open wifi connections for customers to use?
The great thing about php and mysql is that its very simple. If you already know SQL commands, and C#, then you can probably code 90% of what you need to do already. PHP accepts very generic commands that are common among a lot of languages, so there isnt much to learn. I don't know offhand how well it can scale into the really big league stuff, my php/mysql site got one million hits this month, and it handled that just fine.
new IT director-minion-worked-at-walmart-last-week
As much as I hate Walmart, they might be better off with IT staff from there. You have any idea how MASSIVE Walmarts databases are?
Inventory control on billions of items with the smallest possible margin of markup isnt easy.
The history books I've read have a slightly different take on things. Not everyone agrees the bombing was a necessary thing. Japan was already in the middle of negotiating a surrender. The bombs were dropped at least partially to force surrender before the Russians could be involved.
Look at the quotes from men who were involved:
"P.M. [Churchill} & I ate alone. Discussed Manhattan (it is a success). Decided to tell Stalin about it. Stalin had told P.M. of telegram from Jap Emperor asking for peace." -President Harry S. Truman
"During his recitation of the relevant facts, I had been conscious of a feeling of depression and so I voiced to him my grave misgivings, first on the basis of my belief that Japan was already defeated and that dropping the bomb was completely unnecessary, and secondly because I thought that our country should avoid shocking world opinion by the use of a weapon whose employment was, I thought, no longer mandatory as a measure to save American lives." -Dwight Eisenhower
Did you not grow up during the cold war? You seem to have forgotten that the USSR had the bomb for decades.
There were people screaming for blood on both sides, talking about how the other side was evil and needed to be stopped, etc etc. But, people with cooler heads prevailed, and the cold war ended in time. The nuclear threat remains- the genie is out of the bottle and can never be put back in. The only thing we can do is to encourage countries not to develop nukes.
Its scary, but you should really study what worked in the cold war to prevent millions of deaths before advocating 'decisive action' against countries which will result in catastrophic loss of life.
What they deserve? They applied to the school, and then somebody told them they could find out if they were admitted by typing in a url.
How many students were even aware that it was a big secret whether they were admitted, and they werent allowed to actually know. Why was it even a big secret in the first place? Shouldn't they be telling the students as soon as its reasonably possible, and not dangle it over their heads making them waste time if they werent accepted.
So, Stanford wants to make claims that these students are morally corrupt by typing a couple letters into their browser, when the school itself is keeping secrets about the students futures hidden for no reason at all and punishing them for being curious. Who is morally corrupt in this scenario i ask...
I think its more fair to say that most people are ignorant about technology. Police understanding of social-technology issues doesn't seem much different from the general public to me. I work with several police officers and speak to them often about the introduction of new laws related to p2p, anonymity, computer crimes, and the like.
Even the geeks here debate whether truly anonymous speech is a good thing or not. (Personally I believe the good outweighs the bad, but make no mistake, there are drawbacks.) I followed those links that you've posted as an AC, and it provides the perfect argument of why anonymity isn't always positive.
Reminds me of the girl who was arrested for possession and distribution of kiddie porn with pictures of herself.
Please explain to me again how throwing a teenage girl in jail, and making her become a registered sex offender for the rest of her life, does something positive and helps her.
How can somebody be both the victim and the abuser?
However, as a server admin trying to fight off attacks from the Russians, Koreans and Chinese script kiddies, I disagree.
Now you get to add Germans.
Theaters that were showing it at midnight got the prints on Monday evening or Tuesday. Thousands of projectionists and theater employees got to watch it before the smelly people who spent weeks in line.
I would expect a company like google to use Cinema Source since they are the #1 database clearinghouse of movietime information, that nearly every cinema in America communicates with.
Unfortunately, they seem to be using some other service which has incomplete records and doesn't even list some of my local theaters.
Compare for yourself by doing a search on moviefone or yahoo, and then check google.
The problem is, there are many people who believe they are obviously right and others are obviously wrong. Take extreme liberals and conservatives. They are so convinced that their side is "right", they don't think the other side should say anything at all.
Now, ignoring what a person has to say is fine, but personally I don't believe in taking away their voice and ability to say crazy things.
I am glad that both my government and wikipedia believe in Free Speech even if it means I hear some people make absurd claims sometimes. I'd rather hear both sides and be free to make my own choices and decisions. If the idea of free speech worries you, then you worry me.
Why sell twice the machines at half the price ? That's double the amount of work for the same profit.
Marketshare.
A larger percentage of the market can mean more than a linear increase in profit.
The government -- the armed forces -- have the ability to mobilize so quickly and so efficiently that any significant, gathered attempt to resist could be quashed with incredible speed.
Which is exactly the reason why armed resistance was crushed so quickly and thoroughly in Iraq and no longer exists.
Learn more about statistics before claiming the number is completely insignificant. Sample size is not as important as making sure your samples are randomized.
The EXACT percentage of errors may not be 90%, but it certainly indicates a trend of errors, and is significant enough to prove that billions of dollars are mismanaged through faulty figures.
In my own company, there are spreadsheet errors all the time despite our best efforts to keep track of everything.
A few years ago I was doing temp work for a large multimillion dollar corporation. As a temp, I was given the job of manually entering data from financial records into spreadsheets that would be used by accountants. I pointed out several times to my supervisor that I suspected typos, needed more time to doublecheck everything, and recommended writing a computer program to translate between their two systems rather than manual entry.
But in the end, he kept rushing me, and wasn't bothered at all when I told him I realized I made several mistakes in previous work from confusion over some of the records. I think the company was screwed, and just wanted to blame their faulty and sloppy financial records on a temp.
Passwords are still useful. What is absolutely required though, is to detect and block brute force attempts.
/etc/passwd (or equivalent) file, but its been that way for a long long time.
Yes, computers are fast enough to geuss 10 million combinations within minutes and break into your system. Thats why you cannot let somebody make more than a few geusses without locking them out. Don't let somebody keep hammering away with geusses.
You're screwed if they get your
China has to maintain some distance from us until 2047
You sure about that? Everything I read indicates that China may not be so happy with that idea.
I use mag strips where I work. For a while, I tried to enforce it on everyone, but now I only enforce it on people with any kinds of admin privledges.
People will always report a loss immediately, because they cannot log into a computer and cannot clock in, and hence cannot get paid without it.
The problem with the regular users was they would lose it constantly, forcing me to issue several cards every day, and it just got to be too much hassle when they have generic system privledges anyways.
I wanted to just fire them for being idiots, but HR wouldn't let me fire half the buildings workforce.
What I do for passwords is to sing a song lyric, and use the first letter of each word.
For example,
"When I was younger, so much younger than today,"
"I never needed anybody's help in any way"
wiwysmytt
Innahiaw
Mix in a couple leetspeak characters or other subsitutes, and its more or less random gibberish thats easy to remember. Sing the song in your head every time you type it in, and you can associate certain songs with certain systems, and then if you have your password expire, you can do another line from the song.
Its easy to remember songs.
The problem is, that as nerds most of us recognize that its completely trivial to get around most kinds of filtration system.
Proxies, P2P, alternative keywords, etc, and people will still be able to find porn.
Basically, the law of diminishing returns applies. You can block 90% of porn easily, and only affect 2% of the regular internet. But once you start to block 99% or more, you're gonna be cutting out a huge swath of the internet.
I don't think its a bad thing to not allow public access porn, but how they can effectively stop it without massive censorship and oversight is beyond me.
Using the car metaphor...
A Car is simple to operate, you turn the car, put it in drive, and push the pedal.
That doesn't mean its simple to fix. A car is a complex piece of machinery. Computers are simple to operate, but they are not always simple to fix.
I agree that most people don't take the time to learn the basics, like learning how to keep their AV software updated, just like my girlfriend didn't realize thats cars actually need regular oil changes until one day her engine totally died.
Stating that computers are inherently simple devices, is absolutely wrong. There have been millions upon millions of man-hours put into making them (barely) usable by average people, but that doesn't make them simple devices.
This is your first mistake. Computers are not inherently complex (even Windows)
How many other devices in your home have millions of transistors?
Does your fridge have millions of lines of code like your computer?