The Window Firewall, the original BlackIce for Windows, and AVG as well, I believe, all fall in the category of Application Firewalls, as they base their actions with knowledge of the application holding the IP connection endpoint. IPtables is a Stateful Firewall, so named because it relies solely on the connection's state, without regard to the application at the sending or receiving end of the connection.

The Application Firewall link above actually does have some suggestions about how such things can be handled on Linux using utilities others have described. Mandatory Access Control tools such as SELinux and grsecurity can allow or deny access to resources (such as the network interface) to applications, but I don't believe they have fine-grained controls for conditional access based on IPs or ports.

None of these are as easy to use as AVG for Windows is.. (This could be the new definition of "understatement!") In fact, I would like to think I know Linux quite well, have used it as a desktop and server platform for years, have written patches for kernel modules, and can configure a solid IPtables firewall ruleset from scratch, but AppArmor and SELinux still scare me...

There's a link here describing how to mark packets based on an application's uid (user). This might be a basis for controlling permissions per app, but you're talking about a very complex IPtables ruleset. Definitely not for someone only two days into their Linux journey.

Agreed.

There is one plus side to ubiquitous cameras operated by the police: It will be harder for the police to justify denying us the ability to record our interactions with them. Some police departments haven't gotten the memo yet...

I hope you're not running on Dell hardware...

Similar facial hair...

This was my thought on reading the article as well. "Adobe is doing more to kill DRM with this move than anything they've done in the past." There's nothing like punishing the innocent to get people's attention.

This.

Or what about renting a server? For the RAM requirements you're going to need, you'll likely need more than the entry level offering, but the capital expenses are lower than having to buy a new computer...

Now contrast this statement from the recent "STFU" response to AT&T's shareholders. And the complete silence from Verizon, whose name was on the first round of the salvo.

At least these eight are making noise, rather than just hoping the issue fades from the public's consciousness. Here's wishing there was a telecom provider that wasn't so obviously in bed with the spooks...

It's not clear from the context whether you're calling the parent an idiot, or if that's how you normally sign your comments.
Many researchers have concluded that overuse of antibiotics is linked to the increase of MRSA. (citation)

If the files had been encrypted (after transcription, if needed), then this would be a case about overreaching warrants and illegal government actions, not a case about overreaching warrants, illegal government actions, and wrongful terminations, as that last item will undoubtedly be the end result of the intelligence DHS has collected on the whistle-blowers.

You are right in that she shouldn't have to protect herself and her informants from the government, but such is the imperfect world we find ourselves in while we try to dig our way out of it. She failed her informants. She should have known better than to depend on legal principle to protect her informants from the current administration.

Do they still require a paid license to forward a USB device to the guest?

That killed it for me when they added that "feature" a few years ago now... I think it was the first major release after Oracle took over.

Hah! That's Rich(ie)...

A bit AWK-ward, though.

I did say his research skills could use some polish. And I figure one more developer that is at least semi-aware of security is a good thing. Many don't even consider the security implications of what they write.

Yes, I did enjoy it. So you didn't. To each his own.

p.s. Vitriol is no way to go through life, son.

Jeff Cogswell is the author of several tech books including “C++ All-In-One Desk Reference For Dummies,” “C++ Cookbook,” and “Designing Highly Useable Software.” A software engineer for over 20 years, Jeff has written extensively on many different development topics. An expert in C++ and JavaScript, he has experience starting from low-level C development on Linux, up through modern Web development in JavaScript and jQuery, PHP, and ASP.NET MVC.

Good job, Jeff! Welcome to the exciting world of security research!

I applaud you for (re)discovering these techniques on your own. Your out-of-box thinking and problem solving are to be commended, but your research skills could use some polish. Please don't let the negative comments above discourage you from exploring this rewarding field of knowledge, however I would recommend you run your findings by some existing security folks before announcing your next big discovery, lest you find you're just rehashing something else that has long been known.

Seriously; good job! I enjoyed reading how you worked your way up to your conclusions, even though I knew from the start how it would end...

I should add that your sentiment of "we know better than you so you should trust us" is exactly what the government is spewing, and you see how well that's working.

While the kernel source is the epitome of transparency, and the NSA is the exact opposite, there will always be people who cannot or will not read the source. That does not mean they don't want to know some of the details so they can make informed decisions. That curiosity should be welcomed, not derided.

While I respect your technical prowess and make great use of your work, every time you go off like this, you move a little further down the "crackpot" scale. You know, the one anchored firmly by RMS...

Instead of blowing a gasket, why not nicely suggest that a read of the source code will show that rdrand is just one of the entropy sources used, and it is used in such a way that it cannot compromise the end result. Vitriol is no way to go through life, son.