Forgot your password?

Comment: Re:Stop the idiocracy (Score 0) 168

by geminidomino (#47569157) Attached to: Jesse Jackson: Tech Diversity Is Next Civil Rights Step

It's urban black culture that disparages intellect.

It's hardly limited to that.

* The 20% of the country's land area called "the bible belt", especially the more rural chunks of it fit neatly into that box.

* Enough of the boob-tube watching population that it's a trope second only to "oafish husband-father/long-suffering wife-mother."

* All of Washington DC.

Comment: Re:Fire(wall) and forget (Score 1) 257

Put the firewall up FIRST, and open essential ports as necessary. This is network security 101.


I think the question is whether or not you trust iptables to be the firewall, or whether or not you have a dedicated device as a firewall.

  Sadly, as a security device, dedicated firewalls are their own can of worms. For example, firmware updates for dedicated firewall devices are often much less frequently issued, and the update process is typically far more painful than you'd see as a mindful admin for a Linux box. Many "dedicated firewall" devices are little more than Linux + iptables + proprietary interface anway, meaning you aren't protected at all if there's a common kernel flaw found. Lastly, being heavily stripped down, you have no way to audit them to see if they *are* compromised, because half your toolchain is missing even if you do have shell access, even though, as a full-fledged, turing complete computing device, they are quite useful to a black hat.

All that said, I do frequently use dedicated firewalls, but also use locked down Linux servers interchangeably. Given the 10+ years of excellent security track record I've maintained going this route, I'm pretty confident this doesn't mean I'm incompetent, as would seem to be the opinion around here.

I am a bit paranoid about security, disabling password access anywhere possible, relying on default-deny firewalls, using port-knocking & non-standard ports for SSH, not using non-ssl connections for *anything* administrative, VPNs required for access to insecure services like IPMI, etc.

Comment: Re:Reject all proprietary software and "choice" to (Score 1) 305

by geminidomino (#47564787) Attached to: Which Is Better, Adblock Or Adblock Plus?

Did you know that you can buy high end phones with Cyanogen as the default OS?

I didn't. Which phones? I've never been able to get a decent experience from cyanogen on a phone (My Nook color and tablet are a different matter) because the lack of the little "optimizations" individual to the phone models usually ends up breaking something like voicemail, battery life, or actually detecting a cell signal.

If someone's putting out an actual CM out of the box, I might want to have a look at it.

Comment: Re:None of them. (Score 1) 305

by geminidomino (#47564711) Attached to: Which Is Better, Adblock Or Adblock Plus?

The downside to it, though, is that it doesn't extend to guests access your network.

It's a pretty simple perl script to translate the MVP list into a bind zone file, though. I do it once per week in a cron job on the local DNS. At least then, my sister-in-law whipping out her iPad after dinner doesn't give these scumbags a foothold in.

Comment: Re:The advertising is okay (Score 1) 245

We paid Comcast to bring broadband to us in the first place. That they haven't done it yet means we'd only have to pay twice to get it if we went the municipal route, whereas we won't get it at all from Comcast.

Even if we did "get" the broadband, they've shown perfect willingness to simply refuse to upgrade their networks to allow bandwidth to flow from Internet companies they don't like. (*cough*Netflix*/cough*)

One small step for man, one giant stumble for mankind.