dfa0's comments

Why does a dog lick his balls?

Wow, this costs more than a Chromebook!

Xubuntu is the simpliest,light-weight choice that still has a lot of functionality available if you want to turn it on.

I am grateful for this choice.

I know upgrades are supposed to work, but they almost never go 100% percent right.

Use dpkg/synaptic to backup your installed packages and backup your /home...then commit to the time to going fresh install. If you use LTS releases, you'll only be doing it at most every other year.

IMHO, it is worth the time.

The reason to secure your network is a good reason to secure your car.

Your network and your car can/will be used by bad guys to do bad things.

You should care.

Ciphers to avoid DSS, MD5/RC4, SHA-1.

Ciphers to prefer ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256

A pretty good source/guide:

https://hynek.me/articles/hardening-your-web-servers-ssl-cip...

You'll need apache 2.4+[I think], or nginx. And possibly fresh certs to use DHE/EC.

A quick rundown of a fairly secure setup:

Cipher Priority list:

ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:!RSA+3DES:!aNULL:!MD5:!DSS:!SHA:AEAD

==========================================================

Generate the cert and private key:

openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:4096 -keyout serverkey.pem -out servercert.pem

==========================================================

Generate the DH parameters:

openssl dhparam -out dh2048.pem -outform PEM -2 2048

==========================================================

How to List Elliptic Curves:

openssl ecparam -list_curves

===========================================================

Note: Generating DH parameters is gonna take a while. If you are implementing this on a slowish machine like a Raspberry Pi, you might want to use a faster machine to do the DH step, then copy file the key over.

Another reminder to use strong, non-default credentials on something that is the edge of your network.

I'm still amazed by how many people drive around leaving their cars unlocked.

Yeah, but the American dreams is to have one good idea and milk it for the rest of your natural life, then pass on the rights to your offspring who can milk it...and so on.

That way you can exponentially create useless people.

We don't know how much oil exists,but we do know it is finite.

The sun's energy will out last us all, millions of times over. Plants have it figured out. We should ask them.

Plus what happens when we are ready to leave Earth? Surely we'll need a way to feed off of the stars then anyway, so why not start now.

Vote with your bits[and dollars] if you disagree.

Nerd rage alone is fruitless without tangible follow-thru.

Slashdot beta, a new redesign, is causing quite a stir these days amongst the vocal majority.

I had no idea about IIS using a different implementation.

The More You Know...

If it was your sole purpose in life to bust dams, and then suddenly you were given a cache of unlimited dynamite...what would you do?

To the point, when the nature of a thing is to foo and you remove all obstacles from that event, expect positive feedback...and lots of it.

He's running on a Windows box?[IIS]

/4chan mode off/

When companies stop focusing on innovation, they start focusing on the bottom line so anything without a easily visible revenue stream gets cut.

aka short-sighted thinking is the final stage of most business before sale to the chop shop.

I know/have-worked-with too many MDs to believe that they are also hackers.

I am contending that the hacker is the missing part here.

I use hacker here is a broader sense than someone who writes an app for $platform and names it $-er(terminated with r instead of er).

Just imagine if we had a few thousand hackers working on this stuff full-time, what could be accomplished.

Here's hoping it happens.

Much easier to just manipulate the brain...

It is how a large portion of this country works already.