Was Stallman Part Hitler's IT Staff?
We all know that Richard Stallman thinks Cloud Computing = Careless Computing. I tend to agree.
Here’s a funny-to-IT-people video that explains much:
Video Link
Avoid Microsoft Brain 100% 4
An article on Microsoft Trained Brain Syndrome that spells out some interesting points.
Still Need MS-Windows – Probably
Sadly, even if you do change to Linux for your daily use system, you’ll still probably need a Windows machine to run some software like TurboTax or the latest games. That’s just fine. If you don’t game, run Windows inside a virtual machine. If you do game, partition your drive with 60GB for Windows games – buy you’ll want to plan on 15 minutes and a reboot before playing so you can patch the system.
You’ll Prefer Linux
More and more you’ll find yourself in Linux and being happy about it. Trust me.
- You’ll be happy with the central OS and Application patching that Linux distros manage for you.
- You’ll like the added security because malware and spyware isn’t written for Linux.
- You’ll love all the free software that just works – 30K titles the last time I looked.
- You’ll love the really easy backup software that just works for either local or remote backups. Taking hourly snapshots is extremely easy.
What Everyone Should Know About Portable Disk Drives
Some days I feel like a broken record. For the last 5+ years, ever since USB v2.x has been available, people have been spending WAY TO MUCH to have an inferior portable hard disk. We won’t get into all the reasons that you’d want an external hard disk here – just know that they are fantastic. Also, we aren’t talking about the flash memory kind, rather the spinning HDD kind.
Here’s What You Should Know About Portable HDDs
Top 5 Clever Uses for the Cloud
Stolen from my comment over at LH …
- Launch a Distributed Denial Of Service attack, DDoS
- Setup your own botnet
- Spread spyware
- Release huge password databases
- Release hacks for PS3s
Most of the time, Cloud Computing = Careless Computing.
Just because something is free and easy, doesn’t mean you should actually use it.
OTOH, there are times where using the Cloud makes perfect sense. When you want the widest distribution of data/info possible. In that case, remote, carefree computing is perfect.
When in doubt, don’t put it into the cloud because you can never get it back regardless of what the ToS say. IT security professionals are split on whether anything can be secured in the cloud. Certainly there are ways to accomplish it, but those methods are probably out of reach for individuals. I would have zero expectation of any real security on shared hosts or shared storage, but many people consider me paranoid. If it were your corporate data in the cloud, wouldn’t you want someone who is paranoid validating the security architecture?
Login to Post Comments Suck
You visit a web site and like the article enough to want to post a comment … of some kind. Then the website has a block that prevents you from posting. Comment-blocking. They do this by:
- login required or
- 3rd party service for comments
- non-working captcha
- requiring javascript for commenting of any kind (usually for anti-privacy domains like google.com)
Boo. The internet should be anonymous, if you want it that way. Sometimes you just want to say something without the repercussions to other areas of your life.
If I were not afraid of the repercussions, I’d setup a database of logins to websites that you could use to post with. If I had friends in foreign countries with servers, we could setup a loose federation.
Wouldn’t it be nice if we didn’t have to choose against privacy?
BTW, you can post on-topic comments here without a login.
Cloud Computing is Careless Computing
I was listening to a Linux Outlaws podcast where I heard a quote from Mr. Richard Stallman that caught me as true. I looked up the real quote.
“I suppose many people will continue moving towards careless computing, because there’s a sucker born every minute. The US government may try to encourage people to place their data where the US government can seize it without showing them a search warrant, rather than in their own property. However, as long as enough of us continue keeping our data under our own control, we can still do so. And we had better do so, or the option may disappear.” Here’s the source link.
Careless Computing. Your data is stored someplace else and no longer under your control. A good, clear, and accurate term.
There are good uses of Cloud Computing, but not without lots of very careful thought.
Notice to SONY PS3 Devs
Notice to in-house SONY PS3 Developers
is not how real programmers create a random number to seed public/private key encryption.
If you haven’t heard, the PS3 private key has been cracked. . There may not be anything that SONY can do to solve this, but there may be. It is too early to tell and perhaps they thought ahead like the Blu-Ray guys did and have a way to invalidate the key stored on the device and replace it with something new. It is unknown what effect that will have on existing games, settings, and networking. This could be impossible to solve. OTOH, how many customers will really do this in the real world? Less than 1% I’d guess. What I’d be worried about are BluRay and Netflix perfect copies of content getting out.
BTW, I do not own a PS3. I’m still rockin’ a PS2 from about 10 yrs ago. ;)
Recheck WiFi Channels Every Year
In the USA, there are 11 channels for 802.11b and 802.11g wireless networks to use. However, only 3 of those channels do not overlap, 1, 6, and 11. That means choosing any channel besides one of those three is to be avoided. In my neighborhood of single family homes with USA average sized lawns, I see 9 WiFi networks from my home office, one of them is mine. Here is a table created by a wireless router Wireless Site Survey function:
End Open WiFi Access Points Now!
Open WiFi is convenient, but not secure. All of us need to help people and businesses providing Open WiFi understand the issues so they will stop providing it.
The real problem is that most people do not understand how insecure Open WiFi is. There’s a new Firefox extension that grabs social network connection credentials from people around on an open wifi network. That extension works on Windows, Mac OSX, and soon, Linux. It is named FireSheep and anyone can get the FireSheep extension here AND it is trivial to use. This extension lets the nearby cracker act as if they are you on the social websites. They can post to twitter as you, they can update photos on facebook. For all important uses, they ARE you with just a click of a button.
The Fix – Easy
What is the fix? It is simple, just enable a trivial WPA passphrase for the WiFi access point. That’s it. This method is useful for all those small businesses to prevent most of the hijacking computer attacks, while still not really causing issues for their clients. For a simple example passphrase, Starbucks could use … er … “starbucks.” That would be enough to foil the FireSheep extension.
Not Secure Enough for Home or Business WiFi Networks
Ok, so this fix is just for places that provide an open wifi hotspot for clients and definitely should not be used by any business for their private network or by any of us in our homes. For small businesses and homes, you really want to follow my WiFi Security Checklist.
The Best Fix
Another way to solve this issue – a better way – is for all websites with a login to use SSL encryption for everything, all data. No exceptions. 10 yrs ago, that would have been computationally unreasonable. These days, having everything SSL encrypted adds about 3% overhead to bandwidth and compute requirements. That isn’t a big deal for almost any website to handle. The newest CPUs from Intel include special instructions to make AES encryption/decryption even less computationally intensive – becoming a non-issue.
If you have a website with encryption, please force SSL connections. There are some very easy ways to do this without touching the website. Simply use a reverse proxy like pound to provide the SSL connection handling, then forward the request to the back end web servers. This web site, jdpfu, uses pound to proxy both SSL and to perform load balancing of traffic across 3 server instances. Connections with logins stay on the same server instance, so there’s no session confusion between the different server. All the web servers read and write to the same DB instance. SSL connections are all handled in pound and the application doesn’t know anything about it.
If you need help setting up pound, let me know below.
What You Need To Have A Web Site 2
To have a web site on the internet, you need just 4 things.
- Registrar – these guys sell you the .com, .net, .org, .co.country, etc …. They maintain the ‘whois’ record. That’s it. The Registrar needs a record that points to your … DNS provider – also called a name server and backup name server record.
- DNS – Domain Name Service. This connects the domain name that you bought to the IP address(es) of the computers where the web site runs.
- Public IP Address – Any public IP address that is not on a private network or filtered for the service you want to make available. The service is usually HTTP on port 80 and/or HTTPS on port 443. Those are the default ports. Most people/companies will pay a hosting provider for both an IP and a server.
- Web Server – this is the computer program that listens on either port 80 or 443 and responds with the content you specify. While any ports can be used, end users are use to ports 80 and 443, so it is unusual to see other ports used. I’ve used other ports and seen how that lowers traffic, but it also breaks many content spamming programs.
Optionally, you may also need an SSL Certificate for encrypted web connections. These days, many websites have decided that only allowing SSL-based connections is worthwhile.
That’s all you need. Do you see how each of these things fit together so my-neat-domain.com becomes an IP and then shows a web page from a web server? Simple and it works billions of times every hour.
