SSH security leaves a lot to be desired. Do your users all use ssh-agent? If not, they're probably using ssh keys with no passphrase, which can be stolen by anyone who gets read access to their local filesystem. At that point, the attacker can gain access to your system. If they do use ssh-agent, then the attacker needs to gain debug privilege on their local machine, but that's also not too hard. ssh-agent has no protection against a compromised host OS, for example, unless you set up PAM on your systems to require a second factor such as a U2F key (there's no SGX version of ssh-agent, for example).

If their private key is compromised, ssh doesn't have a global revocation mechanism, so you need to go and find all of the places where an authorized_keys file contains their public key. What is your revocation policy? Do you have a simple way for people to submit a compromised public key and automatically revoke it across your entire system?

By default (though, thankfully, now not the only option) the known_hosts file contains a good list of all systems that an attacker should look at next. Do you require that your users turn on the feature that stores hashes of the machines, or does any compromise of one of your users' systems lead immediately to the attacker knowing that they have compromised a key that gains access to your system.

Unless you back it up. A typical DVD is 6-7GB. You can fit a couple of hundred of them (using dvdbackup, just strip the CSS and store the VOBs, no reencoding) on a 1TB hard disk. 4TB NAS disks cost about £100, add a second one for mirroring and that's about 60p for the space to back up one DVD. As an added bonus, you can then watch it without ever getting it out of the box and so you can store the shiny disks somewhere safe and use them as the backups.

Exactly. Netflix never offered their DVD-by-mail service in the UK and Amazon bought and killed the largest company that did, but Cinema Paradiso still exists and has a wide library. I also subscribe to Netflix, but we use Cinema Paradiso to get recent films and TV shows that aren't on Netflix. This seems to be getting worse as content producers are worried about Amazon and Netflix's increasing domination of the distribution channel. Meanwhile, pretty much every film and every TV series that has a moderately large audience ends up on DVD.

If you're using php-fpm, why bother with Apache? Nginx configuration for that scenario is a lot simpler.

That's a terrible idea in a multi-user environment, because when the Apache process dies any other user can open that port (they may even open it accidentally) and now they get all of your web server traffic.

On modern UNIX systems; however, it is possible to grant the permission to open specific low ports. For example, on FreeBSD the portacl MAC framework policy can control this. On Linux SELinux can do the same thing.

Last time I looked, about 10 years ago, Psi had all of those features and many more. I tried Conversation a couple of years ago and found it somewhat lacking in comparison to the features that desktop X11 XMPP clients had had a decade earlier.

Your claim, precisely as stated, appears to be true but, per your link, that doesn't mean that the watermarking hasn't been broken in other ways. In fact, citation 16 regarding DVD-Ranger CinEx appears to do precisely that: detect the signal and then remove it.

The Amazon technique sounds like exactly the same crap that you get from a lot of machine-learning researchers doing security work: they don't think about an adaptive adversary. There's an entire field of adversarial machine learning that works by training a machine-learning system on the inputs and outputs of another: if you can train a neural network to insert and recognise these watermarks, can you train another one to recognise and remove them? If you haven't even tried that, it's likely that an attacker will be able to.

I realise you're trying to be sarcastic, but you're correct. In the per-capita GDP rankings, the UK is 25th at $43,620, China is 78th at $16,624 (2017 IMF numbers). The USA is 11th at $59,495.

It's similar in the UK. Wales and Scotland made the switch almost a decade ago, England followed a few years later. You can still buy a disposable plastic bag for 5p, but you don't get one for free. Plastic bag usage dropped 85% since that law was introduced. Here, most people take reuseable bags (not the low-quality ones that shops sell at the checkout, something a bit more sturdy). A lot of companies have realised that this is a good marketing opportunity and now hand out sturdy canvas bags at recruiting events and similar.

Since we're playing that game, I live in a country that banned free single-use bags. You can still buy them, but they're 5p each. I occasionally see someone buy one, but it's very rare and plastic bag usage has dropped 85% since this law was introduced, after decades of usage increasing year-on-year.

Oh, and while most shops do sell thicker plastic bags that you can trade in for a replacement when they wear out, most people here carry their shopping in something a bit more sturdy (fabric, canvas or higher-quality plastic bags).

The USA started phasing out incandescent lightbulbs about 10 years after I replaced all of the ones in my house with brighter (and significantly lower power) CFLs, which saved me about as much money in electricity during their first two months of operation as they cost to buy. If the ones you could buy were worse, then that says a lot more about your local supply chain and access to modern technology than it does about the regulation.

As those bulbs die, I'm replacing them with LEDs, which are a bit brighter for around a quarter to a third of the power (around 10% of an equivalent incandescent). It's much less of an electricity saving - going from 60W to 12W makes more of a difference than going from 12W to 4W - but it's still probably a cost saving over the course of 1-2 years and they're expected to last at least 5-10.

That sounds like it's only a problem if you're putting unwrapped food in them.

Off topic: I didn't get a message that you're replied to my post and can no longer find the Slashdot message settings. Have these gone away? Are the new owners intentionally trying to prevent meaningful conversation on this site? That would explain why the standard of comments has dropped a lot recently...

And, to make that worse, the stuff that's supposed to be there is quite big, but a lot of the plastic has broken down to be particles of a similar size to grains of sand. Designing a net that will catch small things but let large things pass is very hard!

It's worse than that. In a lot of jurisdictions, the payout rates are mandated by law and there can be serious legal consequences if the advertised payout rates are not the real ones.

You don't know the target in advance. You know where the target is going to start from and where it's going to end up, and you probably know when it's going to start. You don't know what the atmospheric conditions at the time are going to be and how they're going to affect speed and trajectory.

At the speeds that these things travel, there's no such thing as a near miss. If your interceptor explodes a couple of metres away, then by the time the explosion reaches the target's position at the time of the explosion, the target will be long gone. You'll sometimes hear this kind of interceptor (including air-to-air missiles) referred to as 'hitiles' (which is a horrible word and, thankfully, seems to be going out of fashion) for this reason.

Once you can actually hit a fast-moving target, you've solved one of the two difficult problems in ICBM interception. The second one, calculating the trajectory for the interceptor fast enough, boils down to available computational resources and those are relatively easy to improve.

Of course, this is assuming that the target isn't actively trying to evade the interceptor, and that's why they call it an arms race...