Oh yeah! You think that's annoying, try typing 'ls' into a Command Prompt session on Windows. Instant D'oh! instead of delayed D'oh! Fucking hate WIndows!
Extra "kruft" from a person that uses BBEdit?!?!?! You want less kruft, try TextWrangler. And who runs a GUI on a goddamn server?!?! Even Microsoft finally gave it up, FCOL!
I've worked in academia for a while and early in my 20+ year career I learned vi simply because it WAS on every *nix variant I touched; IRIX, Solaris, HP-UX, Linux, AIX and a couple others I can't remember the names of (DECs *nix's name escapes me, for instance). Most *nix servers didn't have a GUI (and in my opinion shouldn't have one; yeah, get off my lawn, blah, blah, blah) so vi was almost compulsory to know if you needed to do anything with a config or script file. I wouldn't say I am a master at vi by any means; still look up commands from time to time. I wouldn't try writing a journal article with it, but it is powerful and once you learn the basics you can edit just about anything with a.txt at the end of it. Simple 3x5 card with the commands on it is all you need to be proficient enough to get most things done. Hell, a Post-It note would do.
In GUI environments I try to use bare bones editors (sometimes literally) as the others just get in the way or like NotePad and WordPad screw up line feeds and other basic UTF formatting. I do like ones that highlight code in the GUI environment, but I only use those in conjunction with other GUI tools I use for web work. I am just not impressed by any of these new GUI editors, mostly because I do UI/UX design and they just suck from that standpoint. It's like all we learned about proper GUI design in the 1980s and 1990s was forgotten, or something and everyone wants to reinvent the wheel, badly. [shakes head and goes back to coding]
There are far scarier things being developed in the heart of the country, down wind from a majority of the population of the US and Canada, in Dugway, Utah. One Ebola patient in isolation in Atlanta is really and truly nothing to get upset about. Be more afraid of what's at the Dugway Proving Ground. That's where they make and test biological and chemical weapons. Yes, make. They have things there that make Ebola look like the common cold.
A list of recently purchased/downloaded or even new additions would cycle a larger group of useful apps to the app store audience.
New apps should be featured, not most popular or most sold. Right now there are an extremely limited number of ways to filter apps when you browse and this more than anything is hurting the smaller, startup app developers. I know, I've been one!
The key is to only ever run the services that are absolutely needed, carefully configure these and keep them up to date. If you follow that advice a firewall is an added level of security but not necessarily needed.
The main caveat or gotcha to that approach is the time between vulnerability discovery and patch. There are services that may also be a requisite to a mission critical service that have exposed ports without a firewall. These can create vulnerabilities without a firewall protecting them. Let's put it this way, there are A LOT more reasons to run a firewall than to not run one. It's always better to err on the side of caution/paranoia when it comes to net security.
As soon as they start handling credit card transactions, they will need to conform with PCI standards, which will mandate much much higher levels of protections. There are significant fines associated with non-compliance so you may want to forward them over information about this.
Very true and the changeover process for the required configuration is non-trivial as well. I remember when our organization met PCI compliance for CCs and it took months and lots of dollars to get all the systems that were processing credit cards up to spec. If they're going to do CC processing, even on an off chance, they should look into the requirements and do the setup that way NOW! It's more secure overall anyway so why not just do it from the ground up rather than trying to go through the Hell of modifying the setup for compliance later.
Have you actually got this in practice somewhere? I've theorized on this setup for over a decade now and have not had the time to implement a test case. I was looking at this as a solution for remote user access and security overall. The remote users login via VPN (IPSEC) when they're on the road now, so why not just have everyone use VPN all the time to connect to services, local and remote users. In a lot of ways it makes sense. Users use the same procedures for service access wherever they are and the servers in turn talk to each other and users all over IPSEC. I am sure someone will bring up some caveat to this setup that might ruin the idea, but it really seems solid.
I've set up networks where the server infrastructure itself is on its own segment, so there's no need for firewalls between the servers themselves, but the whole subnet is firewalled by a border router.
Ask Target how well that scheme worked out from them.
It sounds a little like you're trying to just fling a firewall at the system and improve some sort of objective security metric.
What threats are you risks to mitigate with the firewall? What threats will it help guard against?
They don't come for free, and configuring them don't come for free.
What planet are you from? You don't setup a firewall to counter known threats. That's what software patches are for. You setup a firewall to prevent unknown threats on unused network ports. Just because you're not using a port doesn't mean there isn't a service attached to it that's vulnerable. That's why we have firewalls. And yes, firewalls do indeed come for free as part of most operating systems and network switch OSes and configuring them should take minutes for anyone with half a brain and some level of network admin competency. If in today's server admin world you take longer than a few minutes to setup the firewall as part of your config you've got a ridiculously complex set of services or you're in the wrong profession!
And, you forgot DDoS and relay attacks from your machine! Even if you have "nothing of value" on your system (your identity info, tax returns, etc. count, duh!) the system itself is valuable to an attacker if they can gain control of it. When the DHS guys show up on YOUR doorstep because someone hacked into Pentagon computers from YOUR machine that's going to be an interesting day for you, until they figure out you were a pawn. That last bit can take a long time, btw and in the mean time you have no computer and usually can't go near one until the investigation is over. If this happens as part of your job, well, then there's the job hunting that will need to start and the trying to change careers because no one will hire a DUMBASS server admin!
The abstract from the Nature Communications article is easier to read and understand what they've accomplished:
From its very beginning, quantum theory has been revealing extraordinary and counter-intuitive phenomena, such as wave-particle duality, Schrodinger cats and quantum non-locality. Another paradoxical phenomenon found within the framework of quantum mechanics is the ‘quantum Cheshire Cat’: if a quantum system is subject to a certain pre- and post-selection, it can behave as if a particle and its property are spatially separated. It has been suggested to employ weak measurements in order to explore the Cheshire Cat’s nature. Here we report an experiment in which we send neutrons through a perfect silicon crystal interferometer and perform weak measurements to probe the location of the particle and its magnetic moment. The experimental results suggest that the system behaves as if the neutrons go through one beam path, while their magnetic moment travels along the other.
You're not the only one. I've studied particle physics for some time now and that summary was gibberish! I will go read the paper and see if it is any easier to follow. The broken and horribly constructed English isn't helping either!
That is what I don't understand about the previous replies. They make it sound like all the chips in a device store data.
Open the device, use Google to identify the storage chips and destroy those chips only, that still leaves 95% of the useful parts available for sale.
I don't just give this advice to wireheads like ourselves. Everyone needs to understand that their data doesn't go away with a "wipe" of NVRAM and the only way to be sure it's not readable is to destroy the electronics. Most people aren't interested in piecing out their prior electronic devices anyway, so saving certain bits is really bad advice for most people. The best advice is to crack it open, smash anything that even remotely looks like a piece of logic or memory and dump the dust into the trash. I'm sorry, but I don't support the guerilla market for replacement cellphone parts. If you're too cheap to buy a new phone or replace a component through the manufacturer then you probably shouldn't be using the device anyway because you cannot financially support its maintenance and upkeep. Or, you should pay the little bit extra and get the drop/damage insurance.
[Slaps Bennett and the editors in the head] Wake Up! It's 2014. We've moved on from English-only keyboards on our personal devices because not everyone in the world that buys these devices speaks and writes in English, nationalistic bastards!
Built-in storage is going to be an IC or two that are soldered to a PCB. If the device won't boot, the only really safe way to delete the data is to dismantle the unit and totally destroy the board and make sure all ICs are broken.
Bingo, give this man a cigar. With modern NVRAM the only way to be sure it's safe is to destroy it. Yes, really! So my advice to anyone parting with a personal electronic device is, "Pulverise it with a hammer on a concrete slab." Becuase the money you get back from its sale will not offset identity theft or whatever other havoc can be delivered from data left on the device in NVRAM. I still have ALL my old phones and other devices from the last twelve years and will eventually destroy them. Don't get on the recycle kick either. I know, there are some things in there that would be better recycled but any possible data on the device trumps environmental concerns. I don't go through a phone every year so it's not a lot of devices for me.
1. The Linux community has been elitist and abusive since it began. Why is Linus's "tirade" anything new, unexpected, or outside the norm of the community that has taken pride in its arrogance and mean, nasty treatment of anyone daring to ask a legitimate question about something related to Linux and its underpinnings?
2. Words exist for a reason, even the "abusive" ones. They convey meaning that cannot be properly conveyed by using other words; it's why they're in our lexicon to begin with! If you have to sugar coat things and dance around the issue then you are only beleaguring a point. Having said that do I believe that Linus was NOT out of bounds in this case... YES!
3. I think there was a comment above that said, "Let he who is without sin cast the first stone." I don't think anyone that does development work hasn't had a tirade like that, unless they're über pious or something. It's easy to armchair quarterback and snipe from the bushes on the Internet where no one knows your own prior workplace behavior for reference. Don't throw asteroids when you're standing in a glass cathedral! This is aimed at you SuperBanana...
Keep everything ready, so you can switch back when the cloud services fail and/or your management team changes.
That was going to be my suggestion as well. I would not "get rid of it" or "donate it", Hell, I wouldn't let the lease expire either! I would keep that half-rack-o-stuff around for at least the next two years to see how well the "Cloud" does for you with the provider of choice. Plus, it never hurts to have a set of backup servers around that you control (that mirrors the data in the cloud, at least!). I have absolutely no faith in third-parties controlling my data and critical services. I might take advantage of some services but I would NEVER, EVER put my data under someone else's control... did I say EVER? It's just a really bad idea and experience will teach you why. Good luck!
Battery swaps might make this even less of an issue (a two minute pit stop rather than a thirty minute pit stop), but I'm a bit more skeptical about the practicality of those.
Why?! We do it with propane tanks now and doing it with EV batteries makes MUCH more sense. Only problem is getting everyone to agree on a standard size/configuration to make the stations just like gas stations, minus the pumps.
While perhaps to be taken with a pinch of salt - http://www.teslamotors.com/en_... - with the larger battery - at 65MPH claims to get 261 miles.
To get a Tesla to 350 miles needs an extra 30kWh of battery - about 120kg at the same performance as the existing battery.
This will easily fit in the trunk.
Better yet, pull the seats and anything else you don't need out of the car and try. The big battery gets 306 miles (492km) out of a 4600+ lb vehicle so getting an extra 8km isn't going to be that hard, even if it was 80km I think it could be done without modifying the production car much at all. This "record" is laughable. The only reason Tesla doesn't have it is that they don't care about non-practical applications of electric vehicles, it would seem. Elon has a rocket company for going farther, faster.
Slashdot Mirror
Oh yeah! You think that's annoying, try typing 'ls' into a Command Prompt session on Windows. Instant D'oh! instead of delayed D'oh! Fucking hate WIndows!
apt-get? Who uses apt-get? Real men use make, make dep, make install!!!
Extra "kruft" from a person that uses BBEdit?!?!?! You want less kruft, try TextWrangler. And who runs a GUI on a goddamn server?!?! Even Microsoft finally gave it up, FCOL!
And the congregation says, AMEN!
Brought to you by qed. The first to bring you regular expressions.
I've worked in academia for a while and early in my 20+ year career I learned vi simply because it WAS on every *nix variant I touched; IRIX, Solaris, HP-UX, Linux, AIX and a couple others I can't remember the names of (DECs *nix's name escapes me, for instance). Most *nix servers didn't have a GUI (and in my opinion shouldn't have one; yeah, get off my lawn, blah, blah, blah) so vi was almost compulsory to know if you needed to do anything with a config or script file. I wouldn't say I am a master at vi by any means; still look up commands from time to time. I wouldn't try writing a journal article with it, but it is powerful and once you learn the basics you can edit just about anything with a .txt at the end of it. Simple 3x5 card with the commands on it is all you need to be proficient enough to get most things done. Hell, a Post-It note would do.
In GUI environments I try to use bare bones editors (sometimes literally) as the others just get in the way or like NotePad and WordPad screw up line feeds and other basic UTF formatting. I do like ones that highlight code in the GUI environment, but I only use those in conjunction with other GUI tools I use for web work. I am just not impressed by any of these new GUI editors, mostly because I do UI/UX design and they just suck from that standpoint. It's like all we learned about proper GUI design in the 1980s and 1990s was forgotten, or something and everyone wants to reinvent the wheel, badly. [shakes head and goes back to coding]
There are far scarier things being developed in the heart of the country, down wind from a majority of the population of the US and Canada, in Dugway, Utah. One Ebola patient in isolation in Atlanta is really and truly nothing to get upset about. Be more afraid of what's at the Dugway Proving Ground. That's where they make and test biological and chemical weapons. Yes, make. They have things there that make Ebola look like the common cold.
A list of recently purchased/downloaded or even new additions would cycle a larger group of useful apps to the app store audience.
New apps should be featured, not most popular or most sold. Right now there are an extremely limited number of ways to filter apps when you browse and this more than anything is hurting the smaller, startup app developers. I know, I've been one!
The key is to only ever run the services that are absolutely needed, carefully configure these and keep them up to date. If you follow that advice a firewall is an added level of security but not necessarily needed.
The main caveat or gotcha to that approach is the time between vulnerability discovery and patch. There are services that may also be a requisite to a mission critical service that have exposed ports without a firewall. These can create vulnerabilities without a firewall protecting them. Let's put it this way, there are A LOT more reasons to run a firewall than to not run one. It's always better to err on the side of caution/paranoia when it comes to net security.
As soon as they start handling credit card transactions, they will need to conform with PCI standards, which will mandate much much higher levels of protections. There are significant fines associated with non-compliance so you may want to forward them over information about this.
Very true and the changeover process for the required configuration is non-trivial as well. I remember when our organization met PCI compliance for CCs and it took months and lots of dollars to get all the systems that were processing credit cards up to spec. If they're going to do CC processing, even on an off chance, they should look into the requirements and do the setup that way NOW! It's more secure overall anyway so why not just do it from the ground up rather than trying to go through the Hell of modifying the setup for compliance later.
Have you actually got this in practice somewhere? I've theorized on this setup for over a decade now and have not had the time to implement a test case. I was looking at this as a solution for remote user access and security overall. The remote users login via VPN (IPSEC) when they're on the road now, so why not just have everyone use VPN all the time to connect to services, local and remote users. In a lot of ways it makes sense. Users use the same procedures for service access wherever they are and the servers in turn talk to each other and users all over IPSEC. I am sure someone will bring up some caveat to this setup that might ruin the idea, but it really seems solid.
I've set up networks where the server infrastructure itself is on its own segment, so there's no need for firewalls between the servers themselves, but the whole subnet is firewalled by a border router.
Ask Target how well that scheme worked out from them.
It sounds a little like you're trying to just fling a firewall at the system and improve some sort of objective security metric.
What threats are you risks to mitigate with the firewall? What threats will it help guard against?
They don't come for free, and configuring them don't come for free.
What planet are you from? You don't setup a firewall to counter known threats. That's what software patches are for. You setup a firewall to prevent unknown threats on unused network ports. Just because you're not using a port doesn't mean there isn't a service attached to it that's vulnerable. That's why we have firewalls. And yes, firewalls do indeed come for free as part of most operating systems and network switch OSes and configuring them should take minutes for anyone with half a brain and some level of network admin competency. If in today's server admin world you take longer than a few minutes to setup the firewall as part of your config you've got a ridiculously complex set of services or you're in the wrong profession!
And, you forgot DDoS and relay attacks from your machine! Even if you have "nothing of value" on your system (your identity info, tax returns, etc. count, duh!) the system itself is valuable to an attacker if they can gain control of it. When the DHS guys show up on YOUR doorstep because someone hacked into Pentagon computers from YOUR machine that's going to be an interesting day for you, until they figure out you were a pawn. That last bit can take a long time, btw and in the mean time you have no computer and usually can't go near one until the investigation is over. If this happens as part of your job, well, then there's the job hunting that will need to start and the trying to change careers because no one will hire a DUMBASS server admin!
From its very beginning, quantum theory has been revealing extraordinary and counter-intuitive phenomena, such as wave-particle duality, Schrodinger cats and quantum non-locality. Another paradoxical phenomenon found within the framework of quantum mechanics is the ‘quantum Cheshire Cat’: if a quantum system is subject to a certain pre- and post-selection, it can behave as if a particle and its property are spatially separated. It has been suggested to employ weak measurements in order to explore the Cheshire Cat’s nature. Here we report an experiment in which we send neutrons through a perfect silicon crystal interferometer and perform weak measurements to probe the location of the particle and its magnetic moment. The experimental results suggest that the system behaves as if the neutrons go through one beam path, while their magnetic moment travels along the other.
You're not the only one. I've studied particle physics for some time now and that summary was gibberish! I will go read the paper and see if it is any easier to follow. The broken and horribly constructed English isn't helping either!
That is what I don't understand about the previous replies. They make it sound like all the chips in a device store data.
Open the device, use Google to identify the storage chips and destroy those chips only, that still leaves 95% of the useful parts available for sale.
I don't just give this advice to wireheads like ourselves. Everyone needs to understand that their data doesn't go away with a "wipe" of NVRAM and the only way to be sure it's not readable is to destroy the electronics. Most people aren't interested in piecing out their prior electronic devices anyway, so saving certain bits is really bad advice for most people. The best advice is to crack it open, smash anything that even remotely looks like a piece of logic or memory and dump the dust into the trash. I'm sorry, but I don't support the guerilla market for replacement cellphone parts. If you're too cheap to buy a new phone or replace a component through the manufacturer then you probably shouldn't be using the device anyway because you cannot financially support its maintenance and upkeep. Or, you should pay the little bit extra and get the drop/damage insurance.
[Slaps Bennett and the editors in the head] Wake Up! It's 2014. We've moved on from English-only keyboards on our personal devices because not everyone in the world that buys these devices speaks and writes in English, nationalistic bastards!
/. is a hipster site focused on Tesla, global climate change, and trendy-fad-du-jour.
Clearly someone who hasn't been on /. very long if they think this crowd is "hipsters". ROFLMFAO
Sometimes you can get the NSA to help you with this...
Uhhh, no, the NSA would rather you NOT do this, SMASH SMASH SMASH SMASH! They can't get the goods on you if you pulverise the chips.
Built-in storage is going to be an IC or two that are soldered to a PCB. If the device won't boot, the only really safe way to delete the data is to dismantle the unit and totally destroy the board and make sure all ICs are broken.
Bingo, give this man a cigar. With modern NVRAM the only way to be sure it's safe is to destroy it. Yes, really! So my advice to anyone parting with a personal electronic device is, "Pulverise it with a hammer on a concrete slab." Becuase the money you get back from its sale will not offset identity theft or whatever other havoc can be delivered from data left on the device in NVRAM. I still have ALL my old phones and other devices from the last twelve years and will eventually destroy them. Don't get on the recycle kick either. I know, there are some things in there that would be better recycled but any possible data on the device trumps environmental concerns. I don't go through a phone every year so it's not a lot of devices for me.
1. The Linux community has been elitist and abusive since it began. Why is Linus's "tirade" anything new, unexpected, or outside the norm of the community that has taken pride in its arrogance and mean, nasty treatment of anyone daring to ask a legitimate question about something related to Linux and its underpinnings?
2. Words exist for a reason, even the "abusive" ones. They convey meaning that cannot be properly conveyed by using other words; it's why they're in our lexicon to begin with! If you have to sugar coat things and dance around the issue then you are only beleaguring a point. Having said that do I believe that Linus was NOT out of bounds in this case ... YES!
3. I think there was a comment above that said, "Let he who is without sin cast the first stone." I don't think anyone that does development work hasn't had a tirade like that, unless they're über pious or something. It's easy to armchair quarterback and snipe from the bushes on the Internet where no one knows your own prior workplace behavior for reference. Don't throw asteroids when you're standing in a glass cathedral! This is aimed at you SuperBanana...
Keep everything ready, so you can switch back when the cloud services fail and/or your management team changes.
That was going to be my suggestion as well. I would not "get rid of it" or "donate it", Hell, I wouldn't let the lease expire either! I would keep that half-rack-o-stuff around for at least the next two years to see how well the "Cloud" does for you with the provider of choice. Plus, it never hurts to have a set of backup servers around that you control (that mirrors the data in the cloud, at least!). I have absolutely no faith in third-parties controlling my data and critical services. I might take advantage of some services but I would NEVER, EVER put my data under someone else's control ... did I say EVER? It's just a really bad idea and experience will teach you why. Good luck!
Battery swaps might make this even less of an issue (a two minute pit stop rather than a thirty minute pit stop), but I'm a bit more skeptical about the practicality of those.
Why?! We do it with propane tanks now and doing it with EV batteries makes MUCH more sense. Only problem is getting everyone to agree on a standard size/configuration to make the stations just like gas stations, minus the pumps.
While perhaps to be taken with a pinch of salt - http://www.teslamotors.com/en_... - with the larger battery - at 65MPH claims to get 261 miles. To get a Tesla to 350 miles needs an extra 30kWh of battery - about 120kg at the same performance as the existing battery. This will easily fit in the trunk.
Better yet, pull the seats and anything else you don't need out of the car and try. The big battery gets 306 miles (492km) out of a 4600+ lb vehicle so getting an extra 8km isn't going to be that hard, even if it was 80km I think it could be done without modifying the production car much at all. This "record" is laughable. The only reason Tesla doesn't have it is that they don't care about non-practical applications of electric vehicles, it would seem. Elon has a rocket company for going farther, faster.