The bulk attacks that are likely enabled by XP/2003 I would agree with you on. However, they are representative of many other problems with brand new Pyxis units from what I hear. The unspoken word seems to be that it is still less vulnerable than the traditional human-centric supply systems. The typical solution is defense in depth, with a key-code door lock to the room and a camera in the room-- so things can be tracked by belt and suspenders in a failure/attack.
On our work asterisk system I am going to try and get some anti-robodialer defenses in place... Hello, you appear to be a robot... Please go into detail on what you are trying to sell. Please enter your telephone number and we will call you back at our earliest convenience.
There have been multiple plans in the past, but they never go anywhere. Bay bridge was one, and looping BART via San Jose were leading contenders. Ultimately there needs to be a connection between SFO and OAK that acts as a reliever... At least in my mind.
Yeah... mdsolar skews the discussion way too much. But, would it be better for the same person to have 10-20 different identities and post the same themes?
Now, at least I can temper my discussions knowing that mdsolar posted it.
Well, if I hadn't posted above, I would have modded you up.
It is a little on the bizarre side, true. As a logged in user, you are (I think still) given an immediate +1 relative to an AC. If you have the additional +1 karma bonus, you can choose to post AC with an initial score of 1.
It is true that when you have a starting score of 2 you are more likely to be modded up to a 3 or 4 than if you start with a 0-- and it also takes less when you start with a 0 to get modded out of the discussion entirely.
It seems to work pretty well to keep the trolls out of the discussion, although it is abused on certain topics for sure, notably gun control and politics. It also works pretty well to keep the paid shills from having a disproportionate role in the discussion, although certain topics will pull them in quickly.
The moderation system used to have meta-moderation, not sure if that still happens. That helped to enforce "good mods", but is extremely cumbersome because you need to know not only the moderation made, the post it was made to, but also the context. The system would most likely be improved with additional moderation options and scaling factors for each... such as "-1 disagree" "+1 agree"-- which are sometimes trivial but not always. (over/under rated are often used for this purpose, but that is a harder to see through.)
Um... yeah... no. I felt the same way about 16 years ago when I broke down and created an account after using the site for a year or two. However, it made a huge impact on the usability of the site-- made the spam easier to block, discussions easier to follow, and certain discussions easier to establish credibility. Using Bruce as a specific example (along with Dan Kaminsky and a few others), "back in the day" it was much easier to find true insight to the discussion.
Honestly... compare the quality of discussion on slashdot and just about any other general access site, and you quickly come to the conclusion that credibility and history play a huge role in trust and discourse-- and that requires identity.
I don't know how long you need to be active to get the +1 Karma bonus nowadays, but in the scheme of things it was never that long. I still see plenty of 1 and a few 0 posts each thread I read, but it sure is nice to get the racist trolling crap modded to -1 quickly to keep the discussions flowing.
Yes and no; the system has expanded over the years to allow for additional ridership, which is a significant burden.
The real failure of the system today is the lack of redundancy on the transbay tube. For the quantity of trains using it, they absolutely need a bypass track to allow maintenance of one tube. More broadly, they need bypass track sections in other areas to allow more maintenance to occur during the daytime without premium wage rates.
The drivers are mainly a red herring. They should not be a choke point, but they are a part of the safety equation. The system does not have everything requires to operate fully autonomously. They should be working towards that end, and to reducing or eliminating the human driver count of course, but it doesn't make a huge difference in costs.
Exactly. However, the capitalized cost of building a nuclear power plant is about $0.01/kWh. A natural gas turbine is closer to $0.45/MWh, with lead times also similarly skewed. This makes it a more risky investment for the utilities.
Incidentally, solar panels have a capital cost of $0.15/kWh, which only makes them cost effective for distributed generation where the capital cost is the only cost in the equation.
Let's get real though: How are you going to stop an ignorant person like an orderly or doctor from doing really stupid things 0.1% of the time?
In my mind, the only way to control the issue of ransomware is to limit the potential impact a user can have. Comparing $2,000 to the time required to shut systems down, grab a tape, and restore files... you really need to be in a situation where the recovery takes less than an hour rather than paying the ransom. To make that viable no user would be able to encrypt more than (say) 50GB before their network connection is shut down. By my math, that gives you somewhere between 5 minutes and an hour to detect and act. If they distribute the infection before starting encryption in a synchronized manner, you would be down to mere seconds; with sufficient computers and users infected you could even rate-limit to limit the easiest means of detection.
The only thing I can think of is an antivirus in reverse, confirming that files written are valid, but how would you pull that off?!
The saved recovery time compared to restoring from tape would make it worthwhile for a number of organizations-- which is what becomes very scary for the long-term prospects of this type of attack. Have a low enough ransom and it can last forever.
How do you make the dotfiles hidden on Samba, but still accessible for the resource fork? I love the reliability of our Samba server at work; 400 days of uptime (between power outages) is normal. Really looking forward to rebooting a Windows server every month...
No first hand experience, but based on other products I expect good things from Ubiquity's NVR and cameras. The NVR is $300 and supports external USB drives, cameras are pretty much market rate.
The resource forks are transparent to UNIX users, but Windows users complain about the garbage dotfiles. Dropping connections though, predominantly on sleep but also other random cases, is the killer. Logging out to reconnect makes me love my Mac...
Fortunately, only have to log out and/or reboot about 10% of the time.
Glad I have shell access and can SFTP when using the VPN though.
I use my Air 1 daily-- the iPad outlasted the fricking "smart" leather case. The oilophobic coating on the screen is long gone, I wish I had Touch ID, and the body is starting to get nicks and dents... but I am hesitant to upgrade since I splurged for the 128GB flash and cellular, and the cost of replacing those features has been too high. The new Pro will get a buy from me, but the wife is going to need to start using her iPad more if she wants an upgrade-- she uses it mainly for travel.
The iPad will have a long future, but 256GB and cellular should be less than a MacBook...
I used one for several years, but it isn't a panacea. The important thing for any chair is that once you start slouching it can really be damaging.
Now I stand 90% on a good day due to a couple bulged disks. The other 10% is generally split between sitting and laying on the floor in my office.
Up shots of standing: I do burn substantially more calories, back doesn't hurt as much, reduces length of meetings.
Cons: for me, substantially reduced focus, does not actually improve my situation (just keeps it from getting worse), and you still need to be able to change positions frequently.
But, sit/stand desks are a lot like inversion tables and trampolines: easy to get for free from someone who doesn't want it anymore.
We are looking for additional office space to help 8-10 commuting employees reduce drive time. (40 People total)
"This day in age" you would think being in a Class A building in California would nearly guarantee fiber availability. Not so, by a long shot. Once I get addresses from our real estate broker I send them to our Level 3 rep to see what is lit, and what would be a trivial install. I'm running about 3 for 20 at this point.
If I ask the broker if the buildings have fios or ATT Business fiber they just look at me with glazed over eyes.
Pro tip: if you really need fiber look at areas with overhead telephone poles. Not as reliable, but you can have an install done in weeks.
Far too often these things aren't done because they are too hard. Glad to see them take it seriously and check everything out, although I feel the pain for commuters in DC.
The extra 16% on install cost takes a lot out of it, but for what it is worth, the delta between your cost of capital and rate of return is what gives you your net metering "guarantee."
If you want to lower your risk just put in a smaller system though-- go for 4 or 5kW now and leave space to add later. Then you have substantially lower net metering risk (the system isn't likely to ever produce more energy than you consume within a month, which will be the last type of plan to be dropped). You get the feel-good of being "green," and lower your long term bills. Micro inverters work well for this type of setup.
Slashdot Mirror
The bulk attacks that are likely enabled by XP/2003 I would agree with you on. However, they are representative of many other problems with brand new Pyxis units from what I hear. The unspoken word seems to be that it is still less vulnerable than the traditional human-centric supply systems. The typical solution is defense in depth, with a key-code door lock to the room and a camera in the room-- so things can be tracked by belt and suspenders in a failure/attack.
On our work asterisk system I am going to try and get some anti-robodialer defenses in place... Hello, you appear to be a robot... Please go into detail on what you are trying to sell. Please enter your telephone number and we will call you back at our earliest convenience.
There have been multiple plans in the past, but they never go anywhere. Bay bridge was one, and looping BART via San Jose were leading contenders. Ultimately there needs to be a connection between SFO and OAK that acts as a reliever... At least in my mind.
I know... I was shocked that they re-branded and made it so awful! Does it work better in an all-windows environment?
I actually told a client that we needed to re-group and use my webex account.
Yeah... mdsolar skews the discussion way too much. But, would it be better for the same person to have 10-20 different identities and post the same themes?
Now, at least I can temper my discussions knowing that mdsolar posted it.
Well, if I hadn't posted above, I would have modded you up.
It is a little on the bizarre side, true. As a logged in user, you are (I think still) given an immediate +1 relative to an AC. If you have the additional +1 karma bonus, you can choose to post AC with an initial score of 1.
It is true that when you have a starting score of 2 you are more likely to be modded up to a 3 or 4 than if you start with a 0-- and it also takes less when you start with a 0 to get modded out of the discussion entirely.
It seems to work pretty well to keep the trolls out of the discussion, although it is abused on certain topics for sure, notably gun control and politics. It also works pretty well to keep the paid shills from having a disproportionate role in the discussion, although certain topics will pull them in quickly.
The moderation system used to have meta-moderation, not sure if that still happens. That helped to enforce "good mods", but is extremely cumbersome because you need to know not only the moderation made, the post it was made to, but also the context. The system would most likely be improved with additional moderation options and scaling factors for each... such as "-1 disagree" "+1 agree"-- which are sometimes trivial but not always. (over/under rated are often used for this purpose, but that is a harder to see through.)
Um... yeah... no. I felt the same way about 16 years ago when I broke down and created an account after using the site for a year or two. However, it made a huge impact on the usability of the site-- made the spam easier to block, discussions easier to follow, and certain discussions easier to establish credibility. Using Bruce as a specific example (along with Dan Kaminsky and a few others), "back in the day" it was much easier to find true insight to the discussion.
Honestly... compare the quality of discussion on slashdot and just about any other general access site, and you quickly come to the conclusion that credibility and history play a huge role in trust and discourse-- and that requires identity.
I don't know how long you need to be active to get the +1 Karma bonus nowadays, but in the scheme of things it was never that long. I still see plenty of 1 and a few 0 posts each thread I read, but it sure is nice to get the racist trolling crap modded to -1 quickly to keep the discussions flowing.
Yes and no; the system has expanded over the years to allow for additional ridership, which is a significant burden.
The real failure of the system today is the lack of redundancy on the transbay tube. For the quantity of trains using it, they absolutely need a bypass track to allow maintenance of one tube. More broadly, they need bypass track sections in other areas to allow more maintenance to occur during the daytime without premium wage rates.
The drivers are mainly a red herring. They should not be a choke point, but they are a part of the safety equation. The system does not have everything requires to operate fully autonomously. They should be working towards that end, and to reducing or eliminating the human driver count of course, but it doesn't make a huge difference in costs.
Exactly. However, the capitalized cost of building a nuclear power plant is about $0.01/kWh. A natural gas turbine is closer to $0.45/MWh, with lead times also similarly skewed. This makes it a more risky investment for the utilities.
Incidentally, solar panels have a capital cost of $0.15/kWh, which only makes them cost effective for distributed generation where the capital cost is the only cost in the equation.
Contrast ratios are too high when reading in bed. Warmer light is perceived as less bright, reducing apparent contrast.
I am happy they have it now, rather than making white backgrounds gray as an alternate.
Thanks; I was thinking you used veto_files. Wasn't aware of hide_files until you sparked my curiosity.
Does Netatalk have issues with file locking when "sharing" with Samba?
Clearly; their core competency is in invoicing.
Let's get real though: How are you going to stop an ignorant person like an orderly or doctor from doing really stupid things 0.1% of the time?
In my mind, the only way to control the issue of ransomware is to limit the potential impact a user can have. Comparing $2,000 to the time required to shut systems down, grab a tape, and restore files... you really need to be in a situation where the recovery takes less than an hour rather than paying the ransom. To make that viable no user would be able to encrypt more than (say) 50GB before their network connection is shut down. By my math, that gives you somewhere between 5 minutes and an hour to detect and act. If they distribute the infection before starting encryption in a synchronized manner, you would be down to mere seconds; with sufficient computers and users infected you could even rate-limit to limit the easiest means of detection.
The only thing I can think of is an antivirus in reverse, confirming that files written are valid, but how would you pull that off?!
The saved recovery time compared to restoring from tape would make it worthwhile for a number of organizations-- which is what becomes very scary for the long-term prospects of this type of attack. Have a low enough ransom and it can last forever.
$1.6K is the cost of an aspirin in the ER.
How do you make the dotfiles hidden on Samba, but still accessible for the resource fork? I love the reliability of our Samba server at work; 400 days of uptime (between power outages) is normal. Really looking forward to rebooting a Windows server every month...
No first hand experience, but based on other products I expect good things from Ubiquity's NVR and cameras. The NVR is $300 and supports external USB drives, cameras are pretty much market rate.
The resource forks are transparent to UNIX users, but Windows users complain about the garbage dotfiles. Dropping connections though, predominantly on sleep but also other random cases, is the killer. Logging out to reconnect makes me love my Mac...
Fortunately, only have to log out and/or reboot about 10% of the time.
Glad I have shell access and can SFTP when using the VPN though.
Samba sucks with OSX. Stupid UNIX rights-carryover issues, dotfiles, broken connections, sleep issue... it is horrible.
--"Proud" Samba, Linux, and OSX user for well over a decade, stuck switching to Windows servers.
I use my Air 1 daily-- the iPad outlasted the fricking "smart" leather case. The oilophobic coating on the screen is long gone, I wish I had Touch ID, and the body is starting to get nicks and dents... but I am hesitant to upgrade since I splurged for the 128GB flash and cellular, and the cost of replacing those features has been too high. The new Pro will get a buy from me, but the wife is going to need to start using her iPad more if she wants an upgrade-- she uses it mainly for travel.
The iPad will have a long future, but 256GB and cellular should be less than a MacBook...
And I have it on my watch. Generally works with two partially free hands, don't need to reach for wallet, and faster than chip.
The process is still far from ideal though, needing to confirm amount and sign...
I used one for several years, but it isn't a panacea. The important thing for any chair is that once you start slouching it can really be damaging.
Now I stand 90% on a good day due to a couple bulged disks. The other 10% is generally split between sitting and laying on the floor in my office.
Up shots of standing: I do burn substantially more calories, back doesn't hurt as much, reduces length of meetings.
Cons: for me, substantially reduced focus, does not actually improve my situation (just keeps it from getting worse), and you still need to be able to change positions frequently.
But, sit/stand desks are a lot like inversion tables and trampolines: easy to get for free from someone who doesn't want it anymore.
We are looking for additional office space to help 8-10 commuting employees reduce drive time. (40 People total)
"This day in age" you would think being in a Class A building in California would nearly guarantee fiber availability. Not so, by a long shot. Once I get addresses from our real estate broker I send them to our Level 3 rep to see what is lit, and what would be a trivial install. I'm running about 3 for 20 at this point.
If I ask the broker if the buildings have fios or ATT Business fiber they just look at me with glazed over eyes.
Pro tip: if you really need fiber look at areas with overhead telephone poles. Not as reliable, but you can have an install done in weeks.
Far too often these things aren't done because they are too hard. Glad to see them take it seriously and check everything out, although I feel the pain for commuters in DC.
The extra 16% on install cost takes a lot out of it, but for what it is worth, the delta between your cost of capital and rate of return is what gives you your net metering "guarantee."
If you want to lower your risk just put in a smaller system though-- go for 4 or 5kW now and leave space to add later. Then you have substantially lower net metering risk (the system isn't likely to ever produce more energy than you consume within a month, which will be the last type of plan to be dropped). You get the feel-good of being "green," and lower your long term bills. Micro inverters work well for this type of setup.