Great pick!
So many quotes from Casablanca are part of our everyday culture… and AFAIK it is the first movie ever to feature a flashback in a flashback. Combined with the awesome cast of actors this is a masterpiece. :-)
Great pick!
So many quotes from Casablanca are part of our everyday culture… and AFAIK it is the first movie ever to feature a flashback in a flashback. Combined with the awesome cast of actors this is a masterpiece. :-)
One is not enough, and a lot of great movies where already named, still, some great movies are missing:
… from the top of my mind. :-P
Ah, the usual propaganda from the fucking content mafia and the lobbyists they bought:
“The takedown of Fmovies is a testament to the power of collaboration in protecting the intellectual property rights of creators around the world,” Knapp says.
“Strengthening intellectual property rights is an important element of the U.S.-Vietnam Comprehensive Partnership,” Knapper said
I’ll happily repeat again and again and again:
Seriously, fuck all the politicians and governments which act against the benefit of most of their population to conspire with the content mafia.
FreeCiv is a classic and still fun. rogue and nethack are good, too.
there is no android phone that I am passionate about,
Not what you asked for:
A phone is a tool which should enable you to do stuff. Be passionate about friends, hobbies, art, not a piece of plastic.
Being forced to use iOS (work phone) and Android (Samsung, also work), both suck IMHO but Android sucks less.
My next Android will be a Pixel, as others suggested custom roms are the way to go, but even vanilla Android is more functional/open/practical for my needs than iOS.
I would never buy Apples shit with my own money: Dumped down, locked down and in the end you are renting a device from Apple to pay fees for their Appstore and Cloud offerings and vendor lock in. No thanks.
Not arcade style, but Final Fantasy I-VI pixel remasters are IMHO great on phones.
Because we are men/gals of culture! :-P Hadouken! ;-)
Nice, I love Yakuza, really very special in the world of gaming! :-)
(No order, might be not exactly 10 :-P)
Nah, didn’t mind the meme!
I totally accept that Eclipse doesn’t work for and life is too short to waste it on tooling.
In that sense, good luck with your current & future setups and happy coding! :-)
Eclipse has its share of problems (and outdated UI and workflows), still I’ll happily use it over IntelliJ w/o hesitation.
Funnily enough, a lot of other (Java)Senior developers who tried both are fine with Eclipse, too.
Besides the astroturfing from IDEA which is really annoying, Eclipse integrates far better with standard build tools and is our last descend Open Source IDE (Netbeans effectively being a zombie at this time).
IDEA is already pushing/forcing their own solutions/build tools/etc. to up sell their shit, once Eclipse is gone, there will be no alternative and IDEA/IntelliJ will start the entshittifaction…
People really forgot what a shit show were the 90s, paying lots of money for commercial IDEs.
Golangs web server is production grade and used in production. (Of course everyone uses some high performance proxy like NGINX for serving static pages, that’s another story.)
Technically you are right that java has no production web server, which I don’t like, OTOH Java has standard APIs WebServers and Spring is the defacto standard for web applications. (I totally would not mind to move Spring into the OpenJDK.)
My point is simple: Instead of having Rust edtion 2020, 2021 etc. and tweaking the syntax ad infinitum, I’d rather have a community which invests in a good/broad standard library and good tooling.
The only platform widely used in production w/o a big standard library is Node.js/JavaScript, mostly for historical reasons and look at the problems that Node.js has for a decade now because of the missing standard library.
Easily, just look at the standard libraries of Java/Python and Golang! :-P
To get one thing out of the way: Each standard library has dark corners with bad APIs and outdated modules. IMHO it is a tradeoff, and from my experience even a bad standard library works better than everyone reinvents their small module. If you want to compare it to human languages: Having no standard library is like agreeing on the English grammar, but everyone mostly makes up their own words, which makes communication challenging.
My examples of missing items from the Rust standard library (correct me, if I am wrong, not a Rust user for many reasons):
Things I don’t know about if they are provided by a Rust standard library:
My point is, to provide good enough defaults in a standard library which everybody knows/are well documented and taught. If someone has special needs, they always can come up with a library. Further, if something in the standard library gets obsolete, it can easily be deprecated.
Digital, unless I really want the book and it is only analog.
The analog form factor of books is IMHO much nicer, and I understand everyone who doesn’t like digital books.
Stil, for me going digital beats analog:
I also have to say, Amazon really earned all the critic it gets, but their Kindle apps and physical devices are awesome. It is easy to buy DRM free books and read/sync them with Amazon kindle infrastructure (send to device etc.).
THIS.
I do not get why people don’t learn from Node/NPM: If your language has no exhaustive standard library the community ends up reinventing the wheel and each real world program has hundreds of dependencies (or thousands).
Instead of throwing new features at Rust the maintainers should focus on growing a trusted standard library and improve tooling, but that is less fun I assume.
Perhaps I don’t understand your point. If I understand your point in the sense that there are also issues with firewalls and that one always has attack vectors against usable systems, I fully agree with your remark. My point is simply, as a rule of thump a firewall usually mitigates a lot of attack vectors (see my remark about LIMIT for ssh ports elsewhere). Especially for client systems having a firewall which blocks all incoming traffic by default is IMHO high payoff for almost no effort.
I think I get you and the ‘theory vs. practice’ point you make is very valid. ;-) I mean, in theory my OS has software w/o bugs, is always up-to-date and 0-days do not exist. (Might even be true in practice for a default OpenBSD installation regarding remote vulnerabilities. :-P)
Who migitates for timing attacks? I don’t think this is included in the default setup of any of the commonly used firewalls.
fail2ban absolutely mitigates a subset of timing attacks in its default setup. ;-)
LIMIT is a high level concept which can easily applied for ufw, don’t know about default setups of commonly used firewalls.
If someone exposes something like SSH or anything else w/o fail2ban/LIMIT IMHO that is grossly incompetent.
You are totally right, of course firewalls have bugs/errors/miss configurations… BUT … if you are using a Linux firewall, good chances are, that the firewall has been reviewed/attacked/pen tested more often and thoroughly than almost all other services reachable from the internet. So, if I have to choose between a potential attacker first hitting a well tested and maintained firewall software or a MySQL server, which got no love from Orcacle and lives in my distribution as an outdated package, I’ll put my money on the firewall every single time. ;-)
You’re right. If you don’t open up ports on the machines, you don’t need a firewall to drop the packages to ports that are closed and will drop the packets anyways.
Sorry, hard disagree.
I assume you are assuming: 1.) You know about all open ports at all times, which is usually not the case 2.) There are no bugs/errors in the network stacks or services with open ports (e.g. you assume a port is only available to localhost) 3.) That there are no timing attacks which can easily be mitigated by a firewall 4.) That software one uses does not trigger/start other services transitively which then open ports you are not even aware of w/o constant port scanning
I agree with your point, that a server is a more controlled environment. Even then, as you pointed out, you want to rate limit bad login attempts via firewall/fail2ban etc. for the simple reason, that even a fully updated ssh server might use a weak key (because of errors/bugs in software/hardware during key generation) and to prevent timing attacks etc.
In summary: IMHO it is bad advice to tell people they don’t need a firewall, because it is demonstrably wrong and just confuses people like OP.
Seriously, unless you are extremely specialized and know exactly what you are doing, IMHO the answer is: Always (and even being extremely specialized, I would still enable a firewall. :-P)
Operating systems nowadays are extremely complex with a lot of moving parts. There are security relevant bugs in your network stack and in all applications that you are running. There might be open ports on your computer you did not even think about, and unless you are monitoring 24/7 your local open ports, you don’t know what is open.
First of all, you can never trust other devices on a network. There is no way to know, if they are compromised. You can also never trust the software running on your own computer - just look at CVEs, even without malicious intentions your software is not secure and never will be.
As soon as you are part of a network, your computer is exposed, doesn’t matter if desktop/laptop, and especially for attacking Linux there is a lot of drive by attacks happening 24/7.
Your needs for firewalls mostly depend on your threat model, but just disabling accepting incoming requests is trivial and increases your security by a great margin. Further, setting a rate limit for failed connection attempts for open ports like SSH if you use this services, is another big improvement for security. (… and of course disabling password authentication, YADA YADA)
That said, obviously security has to be seen in context, the only snake oil that I know of are virus scanners, but that’s another story.
People, which claim you don’t need a firewall make at least one of the following wrong assumptions:
Security is a game, and no usable system can be absolutely secure. With firewalls, you can (hopefully) increase the price for successful attacks, and that is important.
Who else can survive for years on eating their own foot-skin? :-P