It's so much easier not to say anything.
Related- why the hell would you want to innovate at a place that looks unfavorably upon independent thinking? The absolute best thing that could happen is for that business to die a flaming death, consumed by their own ineptitude and bureaucracy. Taking matters into your own hands only extends their reach, propping up their inefficiencies to suck the life out of even more people.
Mooch a paycheck if it is the only thing available, but definitely keep your best work under wraps. They've made it abundantly clear that's not what they are paying you for, so oblige them, even going so far as to gleefully compound their organizational problems. You'll probably get a promotion out of it, which will set yourself up better for finding another job.
Can't use sshguard if I've never heard of it. However it does look superior, and I'm a fan of anything that doesn't pull in a crapton of python libs on install.
Because it's hard enough letting people use the servers already if no one can access the server then I'm going to be replaced rather quickly. Having said that. At this point, I see more attacks against SASL than SSH and root usually has password based logins disabled.
n00bs, eh? I've been in the software business for almost 40 years, you young whippersnapper.
I suggest you study texts on encryption, and maybe read the technical details of how a good cloud-based password manager like LastPass actually works. https://lastpass.com/whylastpa... https://lastpass.com/support.p...
Your super-whiz-bang method still requires a password, it seems. Without a password manager, users will still need to remember their password and many will either reuse passwords from other sites or choose simple ones. The image/caption thing you talk about is often used as an anti-phishing technique, but that's not authentication. If you're requiring the user to choose from among multiple pictures or captions, then that's effectively another one or two passwords. Yes, it will make it harder to attack YOUR site through the web interface, but doesn't itself strengthen protection of the users' passwords.
The goal for password managers is not to protect individual sites, it's to protect the users against their own misuse of passwords and reducing the risk when some site (not yours, hopefully) gets hacked and has their password database stolen. (How do you hash the passwords for your sites? Still using MD5?)
Obviously you have limited experience or familiarity with password managers. LastPass, among others, keeps your encrypted passwords "in the cloud", so that they are accessible even if your local disk "takes a dump". For LastPass, there's also a local copy of the encrypted database, and yes, I do have backups. (If you don't have backups, you have a lot more problems than losing passwords.)
Image/phrase/password verification is hardly "better" (better than what?). How many of those can you remember? If you can come up with an authentication scheme better than passwords that you can get every online service to use, then please let us know. The reality is that passwords are what we use today and password managers make them easier to use in a more secure fashion, so that one has a different, strong password for every login. Two-factor authentication is also very helpful (and I enable that where supported.)
Currently the biggest weakness of passwords, other than most people using them poorly, is sites that store passwords insecurely. This, combined with the tendency of those NOT using password managers to reuse passwords, is what leads to the majority of account hacking.
I agree with the article - blocking password managers lowers security.
Or the way I do it: Complex passwords for a few critical accounts and my password manager. Sites that don't hold my personal or financial info get to use the password manager
My server logs disagree with your assumptions. Fail2ban is running constant blocks on botnets trying to guess passwords on SSH, FTP, SASL and webesites and this goes for my day job, my personal server and my evening contracts.
.. all at the behest of the tinfoil industry.
But you are a sheep. Just not Microsoft's sheep.
Like this white supremacist who found out that he's 14% African.
Just use Detroit: it's full of real roads and building, full of perils, and many parts of the city are virtually devoid of people.
And your entire argument is essentially framing the discourse into something no has demanded.
However, there is a bit of misrepresentation, as reddit originally posited that they were a bastion of free speech. And while it is fashionable to view it as reddit, out of the goodness of their hearts, provided a free platform for miscreants to corrupt the youth, the other side to that is users operated in good faith that reddit would keep their end of the agreement in creating free content.
Not like they can take their ball and go home now is it?
And regardless, criticizing reddit does fall under free speech, does it not? The government aspect is just a red herring.
Similarly, being in prison doesn't prevent you from voicing your opinions. Nor does being fined millions of dollars (just earn more money, citizen, so you too can enjoy the same freedoms of billionaires!) Nor does it prevent you from setting up a website to discuss controversial opinions.
Except when it does (funny how credit card companies refused to process donations to Wikileaks right after the release of the Afghan War Diary. But that was just private companies exercising their rights not to make a profit, and had nothing to do with government collusion. Nosiree!).
You might be a little slow on the uptake, but the definition of censorship doesn't specify government and non-government, and as there have been numerous other websites that were harangued by both governments and private companies being leaned on by governments.
You probably think a private company contracted by the government to doesn't abridge 4th amendment protections because, get this, it isn't the government doing it.
Except for the legislative framework that made it legal in the first place.