No thanks, but I'll wait for when it can be done as a replacement for TN screens of larger sizes (14", 15", (17"?)) and proves to be better at quality than *-IPS panels.

Netbooks might be a proof-of-concept, but notebooks of larger sizes and higher quality would be a better application.

aye, and if you're truly paranoid, implement port knocking.

I think this sort of thing cannot be decided in general. You would have to consider the individual case.

As far as I am concerned, I believe interpersonal relations should be mutually beneficial. I wouldn't keep someone else alive just because _I_ want them to live; they have to want it as well. Similarly, I wouldn't want others to keep me alive just because I want to live. The last thing I want is for my loved ones to spend all their time, energy, and money so they can watch me suffer longer, when they could instead let me pass away and find happiness with the billions of people still alive.

I'm pretty sure he's restricting his proposition to the terminally (or likely terminally) ill.

that's why you pay a good sysadmin (for a lot of money) if you need good security, and don't if you don't.

if your server is important economically or even supports some life saving tools/etc and it doesn't have a good sysadmin, that's your error.

If you get an unimportant server hacked, well, no big deal. Rather that than being disabled or die etc by like.. far.

on the other hand, you probably want 100% of the surgeries to be successful.

We did have laws against abortion once, it just pushed abortion "underground" where their was no counseling, no safety. We were killing the mothers, and the kid without any chance to tell of other options (like birth+adoption.) I realize you may think it is OK to kill the woman having a abortion as retribution for her acts. But the majority of people do not agree, and thus we have the more humane law (again in the eyes of most people) allowing them.

This is _not_ a good idea. Aside from the fact that now any n00b client that needs SSH access to the server is going to have to also remember a new port number, a sufficiently determined logged in user can cause the SSH daemon to crash and then replace it with one of their own which can sniff keys and passwords, contains back doors, etc.

You can get around this by changing the privileged port numbers using a sysctl, but that has other drawbacks. You could do a little firewall trickery to redirect a higher order port to the lower one and blocking the low port from external access.

But I reiterate, unless it's just for your own private use changing the SSH port is not a sufficiently good solution.

Tarpitting seems like a really good solution to me. Configuring SSH better is also a good start.

Settings like LoginGraceTime, PermitRootLogin=no and MaxStartups, MaxAuthTries, MaxSessions are all good to reduce the number of failed login attempts. Most scripts (what you are seeing) use a single session and try to stuff as many auth tries down it as possible. The do this to avoid firewall-based IDS systems from rate limiting or blacklisting them. Reducing the grace time to 15 seconds is a good start (if your clients do not have reverse lookup PTRs on their addresses this will be bad). Reducing MaxAuthTries to 2 or 3 will help. MaxSessions can be reduced also. Of course these also have drawbacks. If you're only using shell access to the machine you don't really need many sessions on a single TCP connection.

My users have complained about that before. Especially with respect to SVN over SSH, because SVN has a nasty habit of creating a few connections and if they are quickly browsing the repository with `svn ls` of looking at log messages with different ranges the connections add up very quickly. This led to frustrated users yelling at me. I dialed back the numbers a bit to minimize the impact, but the invalid attempts started scaling back up.

I paid a few dollars more and got a Xeon W3520.

That gives me a 130W thermal envelope, and ECC if I want it.