Not officially, no.

Like the author Jeffrey Grupp explains, corporatism (as Mussolini called it) is the idea that the government, the major corporations, and the military function as one entity. It's always been this way since the kings of old; read up on the East India Company sometime. Eisenhower focused on the military and defense contract aspects and referred to it as the military-industrial complex. Sometimes it's called the military-industrial-media complex (so how 'bout those scary WMDs Iraq was supposedly threatening us with?). To focus on "government being evil" or "evil corporation" is a form of tunnel vision that denies the scope of the problem. It's one of those "pet causes" people get caught up in while nothing changes.

The problem with the marketing datamining is that many of these organizations are in bed with the government. There's a definite double standard here. If you hired someone to perform an illegal act on your behalf, both you and your hireling would be guilty of a crime. Yet somehow the government can pay companies for data that would be illegal for the government to directly collect itself and this is legal.

So if it were merely about trying to sell you "adult diapers" versus the regular kind, it would be more benign. At least in G. Gordon Liddy's day, surveillance was expensive, required a certain determination and commitment of resources, and consequently would only be done on targets considered important enough. With modern tech, the idea that "obviously I'm not interesting enough to spy on" is obsolete. This didn't happen though without plenty of support from government, media, marketers, and various other corporations all working towards their own common interests.

IIRC, you are using the term NAT when you really mean PAT. In true NAT, you will have X internal addresses mapped to Y external addresses.

If X>Y, then you may have requests get dropped or mangled.

PAT is 1 external to many internal shifting/translating the port numbers to create a unique channel.

As long as Internal32768, then you should be okay ; you need to reserve a port for each end of the channel. Realistically, most channels will have 80\443 as an end point. On those types of networks, you can get much closer to 65535. Still, a few badly.configured torrent clients can easily exhaust ports and bring the network down with almost no utilization.

You'll see a lot of references to defense in depth. If you browse a CISSP syllabus, you'll see they talk about everything from parking lot lighting to ring 0 code. Between an adequately lit parking structure and ring 0, there are a lot of things you can do. Each one adds a bit more security. You do hit diminishing returns quickly, but host-based firewalls are quick and cheep.

To harden a host based fw, turn on remote logging and have the logging server flag configuration changes as critical.

No one should be doing a configuration change without notifying your change mgmt team. If they get a red line on their monitor, they contact and chew out the offending employee. If no one feses up, nuke the server, restore, and re-harden.

It is important to know that your server administration can also be the change manager on small teams. You just need to have him/her mentally firewall the two jobs.

TOTP (time-based one time keys), HOTP (hmac? one time keys), and RFC6238 are todays friendly search terms.

TOTP is what the traditional RSA tokens use, in which the time is a component of the encryption used so the code generated from the private key changes (usually every 30 or 60 seconds)

HOTP is the latest in one time pads, where each code generated is good until used but only once.
It differs from true OTPs in that the data is procedurally generated from a private key instead of all the keys/data being generated in bulk ahead of time. One hopes the private key is smaller than a crap-ton of bulk keys or binary data needed for a true OTP.

Google Authenticator is one pre-made generic solution, and you don't need to use Google to utilize it.
The encryption it uses is open and has an RFC, and their own software lets you input the private key via QR code for the user if you wish, and utilize multiple profiles/keys.

Google released an open source PAM module for all your Linux authentication needs, including SSH.
I use this myself for access to my home network (ssh + port forwards)

There are also tons of programs that run the identical encryption methods, lots being open source.
I've seen them available for every OS commonly used (and then some) plus every smartphone out there.

I've also recently purchased a Yubico key, which is a hardware version of the RSA token.
The basic model runs $25 each if you buy single keys, and they can be loaded with up to two profiles using various encryption methods and keys.

Instead of an LCD display with a rolling code, they are USB devices that show up as USB keyboard HIDs. You plug it in and once the OS has it powered and ready, there is a touch-sensitive "button" you touch and the dongle types in the code valid for that 30 second period.
It also takes into account how long it needs to type the codes (sha256 with serial can be 158 characters and takes ~3-4 seconds to type in at the default key rate)
It will always type the key that will be valid at the time its about to hit enter.

Yubico is RFC6238 compatible, and also can utilize OpenRADIUS which then makes it compatible with pretty much everything.

A third option, though more for Windows login / Active Directory, and definitely not open source, is EIDVirtual.
It basically lets you reformat a USB flash drive to contain a 4k private key and special header so along with its smartcard driver extension, the keys show up as smart cards and USB flash (technically you can still store data on the drive if you want)

The software is very cheap (7 euro if I recall), works flawlessly in AD setups (tested on XP, 7, and 8), and uses any old flash drive with 1mb of storage.
The downside of course is you don't get any of the fancy (or even required) hardware protection of the private key. I believe it uses the USB drives serial and model/make as part of its formula so blind copying isn't trivial, but the hardware exists to easily fake that info for anyone intent on doing so.
Not nearly as secure as the other options, but it is at least priced accordingly, and doesn't try to add 2-3 zeros to the pricetag for the "enterprise" label.

Ahh, thank you for the correction. I guess that makes this a full height drive?
That does sound a bit familiar now that you mention it actually. My memory of "the dark ages" is getting more fuzzy as time goes on.

http://oi57.tinypic.com/2u7lmr...

From left to right in that image is the MFM drive, a more normal 3.5" IDE drive, a 2.5" drive and a CF card.

I was only half joking about its metal casing. Probably not actually steel but between the HD and my foot stubbing it in the dark, it was my foot that gave way and moved, not the HD ;P

SD cards were still new and pricy so I didn't have one on hand to complete the set.
Now I need an SD and micro SD to add in, and somehow squeeze a Sun RMS platter array into the picture and the new cycle of life will be complete!

I mean, maybe you could say that it's African in that it is most prevalent in countries in Africa. But it is significant in Iran and Iraq, as well. You can check out this link I painstakingly researched: http://en.wikipedia.org/wiki/P...

I still have a functioning MFM double-height 5.25" (Yes it requires two bays) 10MB hard drive here that, judging purely from scar I still have after stubbing my toe on it a decade ago, I'm pretty sure actually does contain rotating clay tablets inside its steal frame as well as a stocky overweight gnome with an actual iron chisel.
I wonder if our drives share the same encoding scheme...
 

Parent said this form of panhandling exists.
Reply said no it never once ever happened.
Reply provided (in your own words) five examples of it happening.
5 %gt; 1

How it is not statistically factual to say "We need one example to disprove this statement, here is more than the one required example"?

Perhaps you can explain better, as your post still doesn't clear that bit up.

How does traffic generated within verisonz ASN, and exists within the same verizon ASN, even need BGP to function?

Start there at basics, and once you explain how internal traffic that never once touches a peer point still relies on this BGP "magic", then you can go into details about BGP...

No no, it's all a matter of internal accounts you see.

The money used to purchase bandwidth throttling equipment was taken from the subscriber payments account, so you are only due a refund if they failed to slow your connection to a standstill.

The money to upgrade infrastructure was taken from us all by force by convincing the government to tax us each and every year for the past decade and a half, and the government isn't likely to ask for a refund from their overlords, nor would we see it refunded to us even if they did.

The more you know, epic half battles, all of that.

That's what decriminalization means, and it only deals with half of the problem. 2 possible outcomes:

1) Drop in addicts is such that selling drugs is no longer profitable. Drug cartels go home, take up another profession.

or

2) The number of addicts drops by some percentage, leaving the other percentage of the addicts still buying from and still ultimately empowering some very undesirable people. In this case, you get to endlessly continue the war on drugs.



Or you could legalize, as in, make drugs actually legal, to buy, sell, use, make - and affordable to the point at which cartels can't make the kind of money they do now. If we're lucky, number 1 above takes care of this for us; if we're not lucky, the drugs remain a profit maker for cartels and the like.