Aw, yeah! You've done it again, Slashdot! Thanks, I've been putting off finding a decent iGoogle replacement. This will do quite nicely. Kind of wish I could find out more about the company behind it, though... Not quite ready to trust them enough to log in to gmail through their widget.

That's all well and good until you're given a notice that they will be shutting down the automated driving service because they have Google Taxi now.

Freewill is fun to debate. There are so many levels:

• 1) If It bothers you to be following somebody else's orders, then you probably have free will.
• 2) If you can ask: "Do I have Free Will?" then you have finished level 2.
• 3) You complete Level 3 by doing a random thing, and then saying: "I'll bet they didn't predict that!"
• 4) Level 4 consists of unproductive analysis of the limits of comprehension and influence of an unknown Capable Mind.
• 5) Level 5 is when you realize that you don't need to know everything, you just need to know yourself. Once you clearly understand yourself, you lose free will.
• 6) Level 6 mostly consists of drunken babbling.

Agreed. Abelson should be ashamed of himself.

Can someone tell me why it's newsworthy that MIT clowns exonerate themselves & blame their victim?

Other than to demonstrate how low some people can go.

Here is the guide we provide to the SSH users at our University: https://it.wiki.usu.edu/ssh_description

Some of the major points:

• We try to use multiple overlapping security layers to protect SSH:
• * The firewall limits the vulnerable scope of SSH to a few trusted hosts.
• * The firewall can also be used to prevent credential guessing by rate-limiting connections to the SSH port.
• * The SSH Port is treated as a shared secret. Only interesting, targeted attacks find the SSH server.
• * The SSH server should not allow known usernames including root. The attacker must find a username.
• * The admin is trained to create good passwords for his usernames.
• * SSH users are taught to verify the identity of their systems when they first connect.
• * System admins must regularly review the activity of their SSH servers.
• * USU IT Security monitors all SSH connections, including ones on non-standard ports. We follow up on interesting connections.
• * USU has SSH Honeypots that help us respond to SSH attack.

Hi Ruir,

I work for USU. We are the Land Grant university for Utah. We built the WISE satellite for NASA.

If you are interested in our approach to security, I made a couple introductory Youtube videos:

• https://www.youtube.com/watch?v=LDah5RdP3gc describes our security approach for our people.
• https://www.youtube.com/watch?v=dQc5FU_jqCk describes some of the legal implications of our security monitoring.

Good Luck!

I have been doing IT for 30 years. I have been doing Security for a University for about the last 15 years. I have found that security is possible, but you have to focus.

The biggest problem is we are not taught how to do security. We are taught attack. But attack is not security. We are taught checklists, but checklists are not security.

Security is a meaningful assurance that your goals are being accomplished. The details are transitory. But, without goals, security has no point. Sticking to your goals when attacked is the heart of defense. Ultimately, it is the only thing that matters in security. Your organization adds value by sticking to it's goals. But this is more than just a matter of value added. Goals are the spirit of the organization. If you don't stick to your goals when attacked, then you have lost. The attacker may not have won, but you have lost.

But, security folks are not taught how to support institutional goals. Instead, we are taught myriads of other things. You can see examples of the mechanics of security defeating meaningful security all over the place. One striking example is the SANS 20 Critical Controls: http://www.sans.org/critical-security-controls/ While they contain many good points, they fail to teach security. When we analyzed them, we found that they tended to replace security process with checklist. When we had finished the evaluation process we had eliminated, reordered and replaced many of their controls. Our most important control was not even mentioned. It is:

Critical Control 1: Unity of Vision

Security is a MEANINGFUL Assurance that YOUR goals are being Accomplished. Most security failures are enabled and enhanced by disagreement of purpose. Are the fundamentals of management in place?

• A. How does your organization create a sense of community?
• B. What are your Institution's Goals?
• C. How are those goals propagated throughout the organization?
• D. How do your security actions promote your institutional goals?
• E. How do your security actions provide assurance to your institution?
• F. How does your institution reward long term loyalty?

Another glaring omission is the complete lack of strategic thinking in the security community. Winning battles, but loosing the war is our way of life. Nothing in the SANS controls guides you to ask the important questions like: "Were am I going?" and "How did I get in this handbasket?" and "Do I HAVE to eat this crap?" For our analysis of the SANS Controls, we added another Control. We valued it at number 3:

Critical Control 3: Enable a Better Future

This control assumes that our actions affect the future. Do your actions enable a more secure future?

• A. How do you increase the cost of attack?
• B. Do you report attack to the remote ISP/attacker?
• C. How do you coordinate with law enforcement?
• D. How do you decrease the cost of defense for yourself and others?
• E. How do you reduce the motivation for local attack?
• F. Do you disclose vulnerabilities to others? If so, will your institution protect it’s people when others attempt to punish disclosure?
• G. Do you facilitate others disclosing vulnerabilities to you?
• H. Do you help your peers improve their security?

The SANS 20 Controls were originally written by the NSA for the Department of Defense: http://www.sans.org/critical-security-controls/history.php The recent NSA disclosures make me wonder if maybe they are flawed, because the NSA simply doesn't value effective security?

Great that you found good people to handle those important things.

Thanks, bro :)

All riggghhhhtttt. Thanks Amicus :) I always wanted to have a big brother :)

Oh. OK. How many words do they want?

The legal fees alone are the killer. Veoh won every round, but had to go out of business due to the legal fees.

In my experience, their primary goal in every instance is to put people out of business, if at all possible. YouTube has been 'playing nice' with them for many years, but they haven't dropped the pending case.