Assuming you don't do silly things like run completely unknown commands, you're pretty safe. JavaScript and Flash is cross-platform, though. I've seen one Linux system where their Yahoo email account was compromised, probably by malicious JavaScript. It might have been phishing, though, or a combination. The main things I do for security are - run most updates provided by the distro and browser, have backups, don't run services I don't use, and I have a separate browser for Flash and Java. Most Flash is ads or pointless eyecandy so I don't miss not having Flash in my daily browser. Even YouTube doesn't need Flash these days, so I open the Flash browser maybe once per month, if that.

TEEX.com has some free online cybersecurity courses that may have good reminders for your and your family members regarding safe browsing habits and simple security practices.

I do see your point. On the other hand, if I have some evidence of your innocence locked in a safe and I'm ordered to turn it over, I have to unlock the safe and hand you the evidence. I can't just hand you the safe and say "good luck".

More accurately, if it's good encryption, it would be more like encasing the paper evidence in concrete, then handing you the block of concrete.

There are two sides to this question. The fact that the judge ruled he did NOT have to decrypt it, then when the facts changed ruled the other way means that the judge is considering both sides.

Spending 30-60 minutes per day learning so you become competent yourself works a lot better then whining about people knowing that you're not very good yet. So does finding where your talent lies, if programing isn't something you can learn to do well.

I am in process of learning myself. I would like to be a competent kernel programer and competent to code on world class projects like Apache. So far, I'm a competent business applications programmer.

Two internets for you, and for GP

Do you actually have a plan to do that? A plan, as opposed to a nebulous wish? I had such a plan. My plan was 15% increase per month for 12 months. I then followed that plan, thereby increasing my income by 15% per month.

On the other hand, if Intel planned to increase by 20% every 18 months, that would practically guarantee they wouldn't double in that time period. I'm guessing your plan for the next 18 months, to the extent that you have one, is to leave your income exactly the same as it is today. Is that more accurate?

"If am coerced into giving you evidence ..."
That's the legal distinction. You CAN be forced to hand over evidence. You can't be forced to testify. If the cops have evidence that something I have is evidence of a crime, they can get a court order and take possession of that evidence.

The current ruling is that the files are evidence, so he can be forced to hand them over. Before any drive was decrypted, it hadn't been proven that the he COULD decrypt the drives. Maybe he bought them used and the previous owner encrypted them. The judge's earlier ruling was that he couldn't be forced to SAY "I can decrypt those files (they are mine). Giving up the key would be equalivent to testifying that the files were his. That would have been testimony and therefore protected under the fifth amendment.

  Now that the judge is satisfied it's proven that the encrypted drives ARE his, the big question is "what is on the drive" and that's a question of evidence, not testimony. As evidence, it's not protected by the fifth amendment protection against TESTIFYING against useful.

> The whole industry is plagued by this idea that ... the people who do the bulk of the grunt work are mediocre

Which is true by definition:

me·di·o·cre [mee-dee-oh-ker]
adjective
1. of only ordinary or moderate quality; n

Indeed, the bulk of the grunts are "of only ordinary or moderate quality". "The bulk of" and "ordinary" mean pretty much the same thing, don't they?

The mediocre generally know enough to do the task, badly. They screw things up pretty badly by making it "work" just enough so that on the surface, it appears to work most of the time. If your car crashed once a week, that would be the worst car ever made. An operating system that crashed once a week became the market leader, and by a large margin.

The quality of "professional" software shows us that the ordinary, average (mediocre) developer is, unfortunately, not quite competent. There's a huge productivity difference between mediocre developers and competent developers, much greater than the difference in their salary cost. That's where "The whole industry is plagued by this idea that only the superstars are any good" comes from. What you call "superstars" are those fully competent people who make stuff that actually works, reliably and robustly. Because they cost only 20% more than the mediocre ones, only those people are a good hire. Hiring a mediocre person for 20% less is almost always a bad decision.

So where you work, bad code that appears to work isn't accepted? Where is that? Are you hiring?

I thought I worked at such a company once, where I was the one deciding what was accepted and what was not (as well as doing most of the software architecture).
Over time, I had to work on code I'd approved or even written 5-10 years before. I'd learned enough then to know that what I once thought was good was actually pretty awful.

That said, while all of the COMPANIES I know produce some pretty gnarly code, I've worked on a couple of open source projects which have fairly high standards.
The Linux kernel, of course (my names is in changelog exactly ONCE), the Apache web server, and parts of Moodle. It takes three rewrites to get accepted by one of the Moodle maintainers.

> Personally a big red flag for me is when a dev says "I have to completely rewrite this persons code."
> Not saying it doesn't happen, but a decent developer should be able to deal with other peoples work.

Indeed there is a big difference between "I have to" (because I don't understand the pattern or idioms) versus "It would be best to rewrite" (because the architecture or data structures are wrong).

Atzanteol mentioned another common case "if the original is confusing or buggy" and in that case a refactor is likely the best option.
I've done major refactoring of my predecessor's code of the type where I didn't attempt to understand the code confusing, buggy code until much of the refactoring was done. Just by mechanically breaking up the 200-line functions with variables like $bob and $fred into 15-line functions with variables named $radius and $scrollheight, the code was made much less confusing and the solutions to bugs were then obvious. That mechanical refactoring process ensured that it continued to work the same way, though, so I wasn't rewriting any logic, only reorganizing it to be more maintainable.

libvirt, as used by CentOS, also has virtual switches. The libvirt virtual switches can do IP masquerading NAT, routing mode, or complete isolation mode.
http://wiki.libvirt.org/page/VirtualNetworking

Some would say that if you spend 30-60 minutes per day actively learning, that's the equalivent useful knowledge of adding a new postdoc degree every few years. I could see such a person easily producing twice as much value per hour.

How many times have you had to completely rewrite someone else's code, or spent so much time on it that you might as have rewritten it? The "typical" developer creates enough future problems by poorly thought out systems that their net productivity approaches zero. It's not that hard to be twice as productive as the guy whose code only survives a year or two. Just learn to build systems that a) actually work b) for at least four years between major overhauls.

Thanks for going the extra mile with your students.

As AC said, a separate LAN or VLAN, or multiple separate LANs/VLANs handles most of what's posted below. For example, a rogue DHCP server would only be visible on that VLAN.

Red Hat has a Virtualization Security section in their manual:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/chap-Virtualization-Security_for_virtualization.html

CentOS/RHEL includes comprehensive support for KVM with virt-manager. While VirtualBox et al are fine for running one or two virtual machines on your desktop, for many VMs, with new ones created and removed each semester, the enterprise level support of KVM built into the distro is more appropriate. That support includes creating VLANs within the same management interface, for example, and integrates with the built in storage stack administration tools. Again, VirtualBox may be simpler to set up for one or to two machines, so I'm not saying it's not good - it's just not the best tool in this particular scenario. In this type of scenario, the KVM / virt-manager / virsh stack that RH baked in is probably a better match to the needs.