Hacker Newsnew | past | comments | ask | show | jobs | submit | summadat's commentslogin

Create a backup and wipe the SSD before leaving with Apple.


https://systemd-by-example.com


Ok, can I see your credit card statements for the last 5 years? Can I listen to all of your phone conversations? Can I watch you shower and use the bathroom? I mean, you sound like an average person with nothing to hide...../s


> Can I watch you shower and use the bathroom?

This approaches one thing I always wonder when this comes up: Are people with that argument really okay with their co-workers finding out what porn they watch and when they watch it?

It's perhaps a little extreme, but I can totally see it becoming a possibility due to large leaks like this.


You are ignoring the possibility that people saying that don't watch porn. I don't.

Regardless, I disagree with the argument, as things you don't need to hide now can become things you wish you had hidden later (think of Jewish people in Germany in the 1920s whose religion and ethnicity were obvious).


Sure. The only condition is that you don't share the information in public, on pain of massive fines and imprisonment - you can only use it to improve your internal business processes.


What if a trade-off was that your Echo was actively recording and indexing every single word you've said within its range?


And while we’re talking about ridiculous what-ifs with no basis in reality, 5G could be giving you cancer!


What you’re looking for is the CloudKey. It is the local Controller and can be accessed via “the Cloud” if needed, but not mandatory. I tried running the Java controller on my Mac, it worked but sucked. Having an independent dedicated piece of hardware is worth every penny IMO.

https://www.ubnt.com/unifi/unifi-cloud-key/


Yeah, but that's another device to pay for unfortunately.


To each, their own. In my case, the ease of use was worth every penny. If I take my hourly rate and apply that to how long I spent trying to setup a controller on a raspberry pi, then I could’ve bought 2 or 3 CloudKeys.


"If you keep doing what you have been doing, you're going to keep getting what you've got"


Recently, I got a different take on this from a book called ‘Mad Genius’. The author says in today’s fast moving world if you keep doing what you have been doing, you will perish very quickly. Like Nokia.


I like. Smells like the Red Queen hypothesis to me:

"Now, here, you see, it takes all the running you can do, to keep in the same place..."


Algo all day every day, good stuff, use it.


Yep, this.


2nd'ing fail2ban, it's simple and awesome.

Beyond that, tripwire or it's modern equivalent. Traffic monitoring, "deep packet" inspection on the network side. Run all outbound through a proxy.


Not a lot of people seem to know what tripwire is nowadays.

There is this Linux thing called IMA which in some ways reminds me of tripwire (Integrity Measurement Architecture).


Nah, I’ve waned to use fail2ban multiple times and failed.

Unless something has recently changed it is some of the most poorly documented software on the planet.

I’ve never been able to configure the thing or figure out what it’s doing or... really anything besides find the homepage.

It’s also just not worth the trouble. Globally open SSH port? That’s like 1992 level Linux box in your parent’s basement stuff.


While it monitors SSH by default out of the box, people here are talking about creating custom filters which will monitor their Apache or Nginx logs. (Although, that said, we also have it monitor our non-standard SSH port with v. aggressive blocking rules, even though it's also behind a firewall. Defence in depth, and all that.)

The documentation isn't the greatest, but this page explains the concepts well enough and was easy to find using Google.

https://www.fail2ban.org/wiki/index.php/MANUAL_0_8


I understand the concepts but... how do you actually use it?


A filter matches lines in the nginx log using regular expressions. If the line matches, it uses another regexp to extract the IP address, and then calls out to scripts to block that IP address.

I'm not going to post the exact configuration files I use, but the GitHub repo for fail2ban contains examples.

https://github.com/fail2ban/fail2ban/blob/0.11/config/filter...

That's a filter that protects Apache against the 'shellshock' (https://en.wikipedia.org/wiki/Shellshock_(software_bug)) vulnerability, for example.


I like Fail2Ban, but as I remember it, my learning process looked a lot like this:

1.) Read through the documentation.

2.) Pour myself a scotch.

3.) Read through more documentation.

4.) Start drinking right out of the bottle.

5.) Try something.

6.) Get an error or experience a spectacular failure.

7.) Use StackOverflow.

8.) GOTO 5.

-------------

In good news, it worked - the light went on and now I'm confident that I could adapt Fail2Ban to suit any use. But, in bad news, honestly, I feel your pain and understand where/why you are getting stuck. Fail2Ban is a very complicated, yet extremely useful piece of software.


cd /etc/fail2ban and explore, you have example configs for all popular software and plenty of explanations in their comments


This is nice, but..the iPad Pro starts at $636, pencil is $99 extra, not much more than this $600 device.


This is a completely different type of device. Do you question people spending $20k on a car when they can buy a pickup truck for the same price?


Yes, I do for Python. Side-by-side apps and drag-n-drop make programming and many other tasks possible on iPad.

Bonus: no fan noise, ever.

Apps: Pythonista Working Copy (git client, I use BitBucket) Blink (ssh and a few extras)


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: