Comment Where was the warrant? (Score 1) 233
If the homeowner let a bunch of asshats into their house to perform a search without a warrant signed by a judge
Badge or no badge
The owner is an idiot.
If the homeowner let a bunch of asshats into their house to perform a search without a warrant signed by a judge
Badge or no badge
The owner is an idiot.
I've got news for you: there's no such thing as anonymity on the Internet.
Just ask Anonymous who found out the hard way earlier this week.
Besides, if I'm doing anything online I don't want Google to track, I sure as hell aren't going to be logged-in to my Google account while I'm doing it, will make sure I'm tunneling my connection through several remote proxies, and would probably be using a Live CD distribution of my favorite Linux.
Even then, I'm still not 100% anonymous. Only obfuscated enough to hopefully make it not worth anyone's while to track me down.
I'm sure members of Anonymous did something similar. Only difference was, what they were doing WAS worth somebody's "while" to track them down.
I would seriously pay twice what I'm paying Netflix for now for unlimited streaming and if it helped provide a better selection.
Seriously.
Netflix is by far the best value on the Internet today.
That and they treat their employees with respect. Especially their customer service folks.
My Hulu Plus subscription isn't giving me shit.
My recommendation: pfSense.
Or ClearOS.
pfSense is FreeBSD based. ClearOS is linux-based.
Easy -
Request, log, and record, only that information that is absolutely necessary and nothing more, and keep it only for as long as you'll need it and not a bit longer.
You can save yourself some heartache by not storing any PII and PFI.
Don't store payment information.
Don't store credentials. Consider using OpenID or Google or (shudder) Facebook Connect for accounts.
Keep sensitive information off any internet-accessible systems.
And last, don't trust any input from your visitors.
Sanitize all input.
Declare all variables.
Don't assume anything.
If you're expecting an integer, make sure you convert the submitted form data to an integer for that variable implicitly.
Same for dates, strings.
Normalize all input.
Sanitize all input.
Never trust any input.
Consider using a database abstraction library with well documented and mature APIs. Don't code things yourself.
Don't turn on ssh password authentication. Require only public/ private keys.
Turn register globals off in PHP. Use safe mode.
Make sure MySQL is on a separate server, with an RFC-1918 address, accessible from a dedicated NIC that is not on the Internet.
Consider a security audit and professional code review if you're planning on taking any money.
As the Iranians found out the hard way, it's difficult to keep an intruder out despite the obscure nature of PLC (most people probably don't even know what that is.)
Programmable Logic Controllers.
I prefer Allen-Bradley PLCs myself.
Where do you get "twice as expense per month"? Maybe for DSL.
Not for Comcast Business.
It's $20.00 extra per month.
50/10 residential is $169.95 w/ a 250GB cap.
50/10 business is $189.95 w/ no cap, and I can get static IPs, and run as many servers as I want.
(Atlanta region)
You know, for $59.95/ month you can get Comcast Business and have no bandwidth caps, no ports blocked, 4 hour response times in the event something gets frakked, and techs that actually know what the hell they're talking about, and the ability to run whatever servers you want without them saying shit about it.
(You also get your own Sharepoint server and Exchange mailboxes for those that are OS challenged.)
Best decision I ever made. (Switching to Comcast Business).
(Don't get me wrong, I hate Comcast with a passion, but it makes you wonder if Comcast is able to afford unlimited bandwidth for $10/ month than what's the real purpose of those 250GB caps?)
Everything should be made as simple as possible, but not simpler. -- Albert Einstein