Furthermore, since most of the methods that people use to discover brute forcing attempts rely on a high rate of attack, these slow attacks are immune. I'm not sure how the oft mentioned denyhosts works but the author of the original article is using FreeBSD and OpenBSD with the pf filewall which can blackhole brute forcers based on rate of attack. Using the pf method with settings aggressive enough to catch the latest round of attacks runs a high risk of blocking valid users. I'm seeing the same issue as the original article's author and I've noticed as he has that my OpenBSD boxes have not been targeted. FreeBSD, NetBSD, Ubuntu and Debian on the other hand.
My suggestion: Use Public Keys as much as possible. Systems allowing only Public Keys are immune to these attacks and you don't get the nasty log messages as well. If you must allow passwords disallow them for root. You can get root access by configuring sudo for users and via Public Keys for scripts.
# PasswordAuthentication no ## Best -- Public keys required for login
# PasswordAuthentication yes ## Only if you must.
# PermitRootLogin no ## Best -- root cannot login remotely.
# PermitRootLogin without-password ## Better -- root can login via key but not with a password.
Not sure I agree on the predatory ink pricing but I solidly see your point if you are looking at their cheapest inkjet printer. For color output I have an HP 2250 that I've been happy with. Ink is $130 for all four cartridges but lasts about 2000 pages. The 2250 was marketed as a SOHO printer when I bought it in the late 1990s (perhaps 1999) I bought the postscript cartridge and maxed the memory later. It's okay but the cost to print is considerably higher than the laser but I expected that when I bought it. My experience with the 2250 led me to convince my father-in-law to buy an HP 7210 all-in-one. This was a solidly bad decision. The ink is expensive, and the networking is completely non-standard. I spent a week chasing network bugs with it before kicking it to static IP. Even after that the driver software basically hung up windows at shutdown or reboot.This was for lack of a routine to handle the UserDrivenShutdown() event.
-- Ecks
Here here, I replaced a NEC Silentwriter II model 290 with an HP laserjet 4000. As far as Postscript goes your experience is the same as mine: getting postscript future proofed a printer that I purchased in 1994 and retired in 2003. I got my HP on eBay from a guy 10 miles from my house to save on shipping. I added some memory from an old laptop that I had to max it out, and bought a duplexer on eBay for about $50.00. All told it cost me $200.00. It's 2009 and this printer has given me no hassles in 6 years. Even better than the NEC, I can leave this one turned on 24/7 without worrying about my electric bill because it does power save. Any HP 4xxx printer should do the same.
-- Ecks
The OP is trying to replace a laser printer. There shouldn't be a reciprocating head, just a rotating mirror and some electronic timers.
-- Ecks
Oh, also, anything that security sensitive on my USB stick is in a separate encrypted file system.
-- Ecks
Same here except I run FreeBSD so my USB stick has FFS on it. To solve the UID problem I use NIS/NFS on the machines in my network and syncronize the UID's on my network with the ones on my laptop. So effectively I'm always uid 501/ gid 501. I also keep an 8G stick with FAT32 on it for transfering with other people.
In today's world NIS is obsolete and NFSv3 or earlier has security issues that you can only solve partially and then only with hardware. If I had to do it all over again I'd use NIS/LDAP for UID management and NFSv4 for Unix - Unix file sharing.
-- Ecks
Does anyone have details on the backhaul? What you are saying certainly explains my "more bars in more places" and still dropped calls experience.
Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?