It's always best practice to disable root login over SSH, especially from the Internet; use su or sudo for root access. Another good practice is to disable password-based authentication; only use keys with a passphrase. The setup you're doing here is useful for allowing scripted/automated connections between machines (e.g. for backups, scheduled tasks, etc) but they should be accounts with limited access, not root. You should be creating layers that make it difficult for someone to gain access to your systems; root keys with no passphrase means you're solely relying on that one strong password (which is one keylogger away from being defeated.)

@Carnival-Boy said:

@scottalanmiller said:

The license restrictions, though, for content are by location of the viewer, not the nationality of the viewer.

And that's what's got to change. Ultimately, geographical restrictions are not compatible with the modern world and we need a new model.

That is completely true. They are draconian and senseless and that is why many people accept them as a tacit approval of piracy by the studios.

@Dashrender said:

@thanksaj said:

@Dashrender said:

I haven't tried letting all of that stuff connect on my Android device.

Does it allow the use of your real phone number, not a google voice number?

You can text from your phone with your real number via Hangouts but not from your PC. When you SMS from your PC with Hangouts, it always uses Google Voice. Your phone just uses the last number that sent a text to the number your text as the source. You can switch back and forth and Hangouts aggregates it all into one thread in Hangouts. It's nice.

The other side could be confused though if they don't have your google voice number in your contact, or worse, it can't aggregate sources.

Hangouts goes by contacts, so if you have someone who had 17 cellphone numbers and you had them all saved in your phone under one contact, all texts would be aggregated into one conversation. But yes, if someone doesn't have an SMS client that aggregates, it will make your texts via Google Voice and texts via your cell number as separate threads.

@thanksaj said:

It's on Netflix, and it was so stupid!

I just heard today that Netflix has it now. I'm sure that it is really stupid, all of their movies are. Pineapple Express was downright painful.

@Dashrender said:

Wow, only 1024 route able IPV4 addresses? That seems like a really small number.

That's more than I thought there would be. Only the elite of the elite are allowed to have internet access

@Rob-Dunn said:

Stupid Internet of "things" what the hell.

Now that we're at the point where my refrigerator gets hacked and ruins my pot pie...what a shitty time to be alive.

ROFL! True that.

Management.jpg

The unfortunate truth

@Kontazler said:

I had this as a kid! My password was "Zoey" and whenever I got in a car with someone, they had to know the password. It's a wonderful way of communicating to a child that this person has been in contact with your parents, and everything is ok.

That's awesome.

@JaredBusch said:

@scottalanmiller I set mine to auto update. May not have been the best idea, but meh.

I think mine is set to as well...

Not that I am aware of. It all functions. NobeBB runs theirs on https with an Nginx proxy also.

Thanks. Off to do some patching....

@scottalanmiller said:

@thanksaj said:

The fact is that the answer of totally blocking both is likely not the best answer.

I don't understand. If you are okay blocking the useful one of the two, why would it ever be allowed to not block the less useful and more risky? This just doesn't make sense. If you are willing to block cloud storage you should be blocking USB by default, no question. Blocking only one doesn't make any general sense. Blocking both or neither, does.

Scott, just drop it. This discussion has run its course.

If the self healing takes place outside the OS, for example at the virtual level, I'm not sure how the malware is as big a threat?

@nadnerB said:

I wonder how many times this has already been exploited?

We'll never know. Possibly a lot.

@JaredBusch said:

No. They will fall for it because they clicked on a get this app free link.

General end users have no clue that one system is more secure than another. That only comes in to play in the more technical circles.

Very true.

I could be wrong, the market consensus does not agree with me. Nearly everyone says that it is a booming field and will be huge. But I've seen that behaviour before and that is what people said about teaching, nursing and nearly every other field that rapidly becomes over saturated and all of the people working in that field see incomes plummet and people entering the field end up without a way to get a job because experienced people already have them all.

The problem here is that security is one of those jobs that sounds cool to teachers, parents and kids. Tell a kid that being a "system admin" is cool and they won't have a clue why. Tell them that they will be on a "security team" and it sounds neat to the layman. Anything that normal people know about in IT.... can only be so high up in the field.

@scottalanmiller said in Qubes OS - Using Xen to Secure Linux:

I think that you have the wrong tool for the job. Others are correct, you just want a normal KVM install. Qubes is the wrong tool here.

😞

Wow.. must be nice to work somewhere someone want's to spend money!