I switched him to Mozilla Thunderbird with the Lightning Calendar Addon and the problem has been solved. It is now 2 years later and haven't heard a peep about his email.
Email didn't happen to be your only method of communication with him was it?
I get what you are getting at, and it's funny, but no.
I had physical access to the office to set it up properly. He even brought in his home laptop so I could configure it the same way for him.
While I have no doubt Outlook can be useful in a giant corporate environment, its IMAP implementation is a horribly slow pile of excrement.
I had a client consistently complain to me his email was always so slow, and he wanted to switch email providers. Specifically, things like loading hia mailbox in the morning would take up to 10 seconds just to sync the header info of less than 20 emails, let alone actually download the whole message. Simple things like moving emails into folders/subfolders was even slower. There were points where the application would freeze up and Windows would do its thing and notify you the application had haulted. Waiting it out it would usually sort itself out in 25+ seconds.
I looked into it and he was using Outlook 2010 and Google Apps over IMAP. I, at the time, was using Google Apps over IMAP in Mozilla Thunderbird with zero issues. Always speedy and never an issue, despite the fact I am not a fan of how Google handles IMAP.
I switched him to Mozilla Thunderbird with the Lightning Calendar Addon and the problem has been solved. It is now 2 years later and haven't heard a peep about his email.
And just for reference the office computers are all of the same built. AMD 6-core full size CPU (not APU), 8GB RAM, Win7 Pro.
You can usually find ~$100 laptop with a broken screen with reasonable specs on Craigslist, Ebay, etc. Connect to TV, plug in your mouse/keyboard, connect to Wifi (preferably N, or run a string of copper).
Use some form of remote desktop software to connect to primary workstation.
Essentially you've created a thin client. Network bandwidth and wifi latency will be the killer in this situation, though. As mentioned above, run a string of Copper if possible.
As Tenebrousedge already stated, you're talking about websites related to gaming that are recommending NVIDIA.
I personally have used Linux exclusively (both on desktop and laptop computers) since 2003. I have also used AMD GPU & CPUs exclusively since 2008. The most graphics intensive thing I've ever run is Youtube in Firefox. My current video card in my primary workstation is from 2011.
My wife and young children have no problem navigating my linux based systems. We as a family use it for regular every day things such as browsing the web, writing documents, watching netflix, downloaded movies and music. I will admit we don't play video games, and do not own any gaming consoles. I encourage my children to go outside and play (we play a lot of soccer in the field next to our home), or do something more constructive like building things with Lego or Meccano.
The only people who care about the latest and greatest graphics and drivers are gamers. Period. Frankly, Linux is not for them. The Linux community accepts and understands that. Most of us would rather the masses stick to what they know.
1. Buy stock in $LARGE_CORP, sit on it a while 2. Register bloomberg domain under generic, believable gTLD. 3. Create fake report about $LARGE_CORP being bought out at high valuation. 4. Spread fake article around social media. 5. Profit!
I think we finally found out what the value of ??? is.
I'm in a similar boat. 5-6 hours seems to be perfect. I typically go to bed between Midnight and 1AM. My alarm is set for 6:30AM, some mornings I am up before it, sometimes I hit the snooze button for that extra 7 minutes it gives me.
There is the odd time I go to bed between 3AM and 5AM, and still up before 7:00AM. I will admit those days are not a walk in the park, but I certainly don't go about my day like a zombie. I'm still functioning and get my work done, though I may be a little more irritable than normal.
For what it's worth, I'm in my mid-twenties. It's possible I'm still too young to value sleep.
Six or so years ago I was using a (fairly cheap) Virtual Private Server as a dev/testing box for a pet project of mine.
The VPS company was bought by a larger company, and prices were to double on the next billing period. I hastily chose a new provider without doing any research. I paid for 3 months of service in advance, got the container set up the way I like, migrated all of my data over, and was up and running.
2 months in the new provider vanished, along with all of my data. I wasn't very concerned about the months worth of money I had lost by not getting the 3 months I had paid for, I think it was only about $15. "Okay," I thought. I'll just pull my data out of my nightly backups and move on. It turns out I forgot to adjust my local cron script that pulled the data over rsync to the new IP address. My backups had not been pulled in over 2 months.
Luckily it wasn't very important, as it didn't make me any month and was mostly just for fun. I ended up starting over from scratch and ended up with a better system anyway.
I have yet to hear any a solution to this problem from you. So far just a repetitious whining about how what I wrote is just so horribly broken. I see even worse solutions implemented in sites that may cause even more havoc in a persons life, such as financial institutions, and government departments.
What would you do? How would it be any better? Please provide full details. If all you are going to do is bitch and whine but not bring any solutions to the table, you're even WORSE than me. At least I'm making an effort.
I see your point. We make it abundantly clear what the security questions are for upon registration, and encourage the users to answer correctly. The questions we ask are not something that would normally be found in a users inbox, and most average users do not index and archive their e-mail. I do, personally, but I archive anything older than 2 years locally on my workstation(s).
We'll consider the idea of skipping of sending a new password to the user. Thanks for your input.
Your first example is acceptable in my opinion, as that password was probably random and (essentially) single use. After logging in, you should immediately change the password to something you can remember.
The second example, however, is a big no-no in my books. I develop web based applications for a living. The only time we send a password over e-mail (or SMS) is when a user has locked themselves out of their account, and are using the account recovery tool to regain access. This is how we handle it: 1. Click on "Forgot Password" 2. Enter your e-mail address (and username if different from e-mail address), click "Begin Recovery" 3. Send an e-mail with a verification URL for them to continue the process, this is to confirm they actually are the owner of the email address, and also to weed out people trying to use the recovery process maliciously. 4. Upon following the URL you will be prompted to answer two security questions you set up on registration from a set of predefined questions. You must answer both correctly to proceed. Internally, when this URL is hit, the account in question is flagged in the DB that it is now in Recovery Mode. 5. Upon answering the questions correctly, you will be e-mailed a single-use password you can log in with. 6. Upon logging in, you are required to change your password to something you can remember (or store in a password DB, like you should be doing).
If they didn't want off-network users to use it, they would firewall it to just their subnets. I get they have a very large network that is ever expanding, and it may just be easier to not lock it to their subnets, but seriously it's not that hard.
I don't use my ISPs DNS because they resolve non-existent zones to some bullshit landing page in which they try to "help" users find what they were looking for, effectively breaking DNS in my opinion.
I don't use Google's because it sucked the last time I used it (when it was new, I suppose it is probably better now). Tracking isn't a real concern of mine in terms of DNS, although I do block Google Analytics via dnsmasq on my router. I just don't trust Google. They abandon services all the time. Quite frankly, I didn't expect their resolvers to stick around this long.
I own a web hosting business. We have a few servers in a datacenter. I run my own resolvers that are locked down to my/25 subnet, they resolve off the roots, specifically d.root-servers.net, and e.root-servers.net. Get less than 2ms on those.
At home, however, Level3 is still faster than any of the roots.:-/
Really depends on the nature of the software, I guess. For Malwarebytes it probably isn't the best idea, but at the same time it could easily de-reg the install ID upon uninstall.
There are various ways to do it. My example was one such way, that is all. There is no one-size-fits-all.
To expand on this... you should also generate an "Installation ID" upon validation, stored server and client side along with the key.
This prevents users from trying to activate the key on more than one system, and allows you to offer controlled multi-system installs if you so choose.
On update you validate both the key, and the installation ID.
In the event a user needs to move the software to another install, you can contact the licensing dept and revoke the previous installation ID.
Syncthing looks interesting. Even has an Android client to boot. Thank you for sharing.
I currently use BTSync, but it seems I have problems every time I upgrade, having to recreate the shares and such. Kind of a PITA. I also firewall it, so it doesn't sync outside of my home or office network, so, hopefully keeping any potential back doors out.
I personally use a KeePass 2.x database. I use it across my computers and Android phone.
For convenience, I use BitTorrent Sync to keep the file updated across devices. I have it set to only sync on the local network(s), instead of over the internet. So, all if I add or change a password at home, it will sync to my phone and laptop via the local network. When I go to my office, when my phone connects to the local wifi it will sync the file to my work computer.
I use a password and keyfile. I copied the key file over to my devices manually, and is not within the Sync share.
This is the best security:convenience ratio I could come up with.
Not that it's really any of your business, my wife was using the birth control pill, and it failed. It happens.
With that said, I'm glad we had our second child so close to the first. They are best friends, partners in crime. They get along very well, and will hopefully continue to be close going into the future.
Slashdot Mirror
Just to clarify, and while I don't think it actually makes a difference, he is using a paid subscription of Google Apps. Not the free Gmail service.
I switched him to Mozilla Thunderbird with the Lightning Calendar Addon and the problem has been solved. It is now 2 years later and haven't heard a peep about his email.
Email didn't happen to be your only method of communication with him was it?
I get what you are getting at, and it's funny, but no.
I had physical access to the office to set it up properly. He even brought in his home laptop so I could configure it the same way for him.
While I have no doubt Outlook can be useful in a giant corporate environment, its IMAP implementation is a horribly slow pile of excrement.
I had a client consistently complain to me his email was always so slow, and he wanted to switch email providers. Specifically, things like loading hia mailbox in the morning would take up to 10 seconds just to sync the header info of less than 20 emails, let alone actually download the whole message. Simple things like moving emails into folders/subfolders was even slower. There were points where the application would freeze up and Windows would do its thing and notify you the application had haulted. Waiting it out it would usually sort itself out in 25+ seconds.
I looked into it and he was using Outlook 2010 and Google Apps over IMAP. I, at the time, was using Google Apps over IMAP in Mozilla Thunderbird with zero issues. Always speedy and never an issue, despite the fact I am not a fan of how Google handles IMAP.
I switched him to Mozilla Thunderbird with the Lightning Calendar Addon and the problem has been solved. It is now 2 years later and haven't heard a peep about his email.
And just for reference the office computers are all of the same built. AMD 6-core full size CPU (not APU), 8GB RAM, Win7 Pro.
You can usually find ~$100 laptop with a broken screen with reasonable specs on Craigslist, Ebay, etc. Connect to TV, plug in your mouse/keyboard, connect to Wifi (preferably N, or run a string of copper).
Use some form of remote desktop software to connect to primary workstation.
Essentially you've created a thin client. Network bandwidth and wifi latency will be the killer in this situation, though. As mentioned above, run a string of Copper if possible.
Good luck.
As Tenebrousedge already stated, you're talking about websites related to gaming that are recommending NVIDIA.
I personally have used Linux exclusively (both on desktop and laptop computers) since 2003. I have also used AMD GPU & CPUs exclusively since 2008. The most graphics intensive thing I've ever run is Youtube in Firefox. My current video card in my primary workstation is from 2011.
My wife and young children have no problem navigating my linux based systems. We as a family use it for regular every day things such as browsing the web, writing documents, watching netflix, downloaded movies and music. I will admit we don't play video games, and do not own any gaming consoles. I encourage my children to go outside and play (we play a lot of soccer in the field next to our home), or do something more constructive like building things with Lego or Meccano.
The only people who care about the latest and greatest graphics and drivers are gamers. Period. Frankly, Linux is not for them. The Linux community accepts and understands that. Most of us would rather the masses stick to what they know.
Literally the first few words say they released it yesterday.
1. Buy stock in $LARGE_CORP, sit on it a while
2. Register bloomberg domain under generic, believable gTLD.
3. Create fake report about $LARGE_CORP being bought out at high valuation.
4. Spread fake article around social media.
5. Profit!
I think we finally found out what the value of ??? is.
I'm in a similar boat. 5-6 hours seems to be perfect. I typically go to bed between Midnight and 1AM. My alarm is set for 6:30AM, some mornings I am up before it, sometimes I hit the snooze button for that extra 7 minutes it gives me.
There is the odd time I go to bed between 3AM and 5AM, and still up before 7:00AM. I will admit those days are not a walk in the park, but I certainly don't go about my day like a zombie. I'm still functioning and get my work done, though I may be a little more irritable than normal.
For what it's worth, I'm in my mid-twenties. It's possible I'm still too young to value sleep.
Six or so years ago I was using a (fairly cheap) Virtual Private Server as a dev/testing box for a pet project of mine.
The VPS company was bought by a larger company, and prices were to double on the next billing period. I hastily chose a new provider without doing any research. I paid for 3 months of service in advance, got the container set up the way I like, migrated all of my data over, and was up and running.
2 months in the new provider vanished, along with all of my data. I wasn't very concerned about the months worth of money I had lost by not getting the 3 months I had paid for, I think it was only about $15. "Okay," I thought. I'll just pull my data out of my nightly backups and move on. It turns out I forgot to adjust my local cron script that pulled the data over rsync to the new IP address. My backups had not been pulled in over 2 months.
Luckily it wasn't very important, as it didn't make me any month and was mostly just for fun. I ended up starting over from scratch and ended up with a better system anyway.
I learned my lesson, though.
I have yet to hear any a solution to this problem from you. So far just a repetitious whining about how what I wrote is just so horribly broken. I see even worse solutions implemented in sites that may cause even more havoc in a persons life, such as financial institutions, and government departments.
What would you do? How would it be any better? Please provide full details. If all you are going to do is bitch and whine but not bring any solutions to the table, you're even WORSE than me. At least I'm making an effort.
Yeah, unfortunately the web hosting companies that are handing out dedicated IPv4 addresses are still considered small fry to companies like General Electric, Hewlett Packard, Ford Motor Company... see https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
I was not aware of scrypt. Thank you for pointing it out. It appears to be pretty new. PBKDF2 has been a published standard since the year 2000.
Wow. Anger problem much?
I see your point. We make it abundantly clear what the security questions are for upon registration, and encourage the users to answer correctly. The questions we ask are not something that would normally be found in a users inbox, and most average users do not index and archive their e-mail. I do, personally, but I archive anything older than 2 years locally on my workstation(s).
We'll consider the idea of skipping of sending a new password to the user. Thanks for your input.
In 2015, passwords should be stored in a one-way hash. Preferably in the PBKDF2 format.
Your first example is acceptable in my opinion, as that password was probably random and (essentially) single use. After logging in, you should immediately change the password to something you can remember.
The second example, however, is a big no-no in my books. I develop web based applications for a living. The only time we send a password over e-mail (or SMS) is when a user has locked themselves out of their account, and are using the account recovery tool to regain access. This is how we handle it:
1. Click on "Forgot Password"
2. Enter your e-mail address (and username if different from e-mail address), click "Begin Recovery"
3. Send an e-mail with a verification URL for them to continue the process, this is to confirm they actually are the owner of the email address, and also to weed out people trying to use the recovery process maliciously.
4. Upon following the URL you will be prompted to answer two security questions you set up on registration from a set of predefined questions. You must answer both correctly to proceed. Internally, when this URL is hit, the account in question is flagged in the DB that it is now in Recovery Mode.
5. Upon answering the questions correctly, you will be e-mailed a single-use password you can log in with.
6. Upon logging in, you are required to change your password to something you can remember (or store in a password DB, like you should be doing).
I know it's long and cumbersome, but it works.
If they didn't want off-network users to use it, they would firewall it to just their subnets. I get they have a very large network that is ever expanding, and it may just be easier to not lock it to their subnets, but seriously it's not that hard.
I don't use my ISPs DNS because they resolve non-existent zones to some bullshit landing page in which they try to "help" users find what they were looking for, effectively breaking DNS in my opinion.
I don't use Google's because it sucked the last time I used it (when it was new, I suppose it is probably better now). Tracking isn't a real concern of mine in terms of DNS, although I do block Google Analytics via dnsmasq on my router. I just don't trust Google. They abandon services all the time. Quite frankly, I didn't expect their resolvers to stick around this long.
I own a web hosting business. We have a few servers in a datacenter. I run my own resolvers that are locked down to my /25 subnet, they resolve off the roots, specifically d.root-servers.net, and e.root-servers.net. Get less than 2ms on those.
At home, however, Level3 is still faster than any of the roots. :-/
Really depends on the nature of the software, I guess. For Malwarebytes it probably isn't the best idea, but at the same time it could easily de-reg the install ID upon uninstall.
There are various ways to do it. My example was one such way, that is all. There is no one-size-fits-all.
I've always used Level3, personally. Its anycast based, like Google's service.
Just pick 2 or more of the following:
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
It is even somehow faster than my ISP in terms of response time.
To expand on this... you should also generate an "Installation ID" upon validation, stored server and client side along with the key.
This prevents users from trying to activate the key on more than one system, and allows you to offer controlled multi-system installs if you so choose.
On update you validate both the key, and the installation ID.
In the event a user needs to move the software to another install, you can contact the licensing dept and revoke the previous installation ID.
Syncthing looks interesting. Even has an Android client to boot.
Thank you for sharing.
I currently use BTSync, but it seems I have problems every time I upgrade, having to recreate the shares and such. Kind of a PITA.
I also firewall it, so it doesn't sync outside of my home or office network, so, hopefully keeping any potential back doors out.
I agree. I don't use it... just the standalone client on Linux and KeePass2Android on Android.
I personally use a KeePass 2.x database. I use it across my computers and Android phone.
For convenience, I use BitTorrent Sync to keep the file updated across devices. I have it set to only sync on the local network(s), instead of over the internet. So, all if I add or change a password at home, it will sync to my phone and laptop via the local network. When I go to my office, when my phone connects to the local wifi it will sync the file to my work computer.
I use a password and keyfile. I copied the key file over to my devices manually, and is not within the Sync share.
This is the best security:convenience ratio I could come up with.
The first child was not an accident.
I guess I never clarified that, but I also never said it was.
Not that it's really any of your business, my wife was using the birth control pill, and it failed. It happens.
With that said, I'm glad we had our second child so close to the first. They are best friends, partners in crime. They get along very well, and will hopefully continue to be close going into the future.