Drones are the new machine guns
notabot @ notabot @lemm.ee Posts 2Comments 654Joined 2 yr. ago
notabot @ notabot @lemm.ee
Posts
2
Comments
654
Joined
2 yr. ago
It's been years since I had to admin Windows servers, but I was quite impressed with the number of MS products where the install and configuration tools would output the Powershell commands to carry out the changes you'd asked for. It made it quite a lot easier to automate. I'd love to see that paradigm catch on more widely, with the GUI and CLI having the same functionality and the GUI giving you the commands to run.
What?!?? I just tap my finger on the glowy thinking rock and demons/faye/angels take my messages to other people's thinking rocks and bring me their responses. I don't believe in all that 'electricity' witchcraft!
Seriously, yes burial uses a fair bit of space, which is part of the reason cremation is increasing in popularity in many places. Even with burials though, many graveyards reuse plots after some number of years, once the previous body has decomposed to save space. For those wanting a more ecologically friendly method than cremation, there's the option of resomation too.
It's a safe and reliable way to dispose of a corpse that might be diseased, will smell bad as it decomposes, and would certainly attract scavengers if left lying around. The same goes for cremation, it really just depends on local custom.
I think that the point is it's entirely pointless building something like this into the email system. It should be a separate system that you can choose to use if you want it. Building it in just opens questions about exactly what they're doing with your data, despite their assurances.
The movie "Brewster's Millions" is based on that premis.
They may well be looking at how much the EU holds in Saudi assets, seeing those at potential risk of being seized and deciding tge write-down on dumping the bonds would be worth it. Long term, I don't think it would have an effect on prices, but short term it may well do, depending on how concentrated their holdings are.
From what I can see, normal trading volume in bonds is about 500% per year, or about 2% per day assuming 250 trading days per year. If the 130bn you mention is spread across all government bonds across the EU then it accounts for about 4% of the total, or about two days of normal trade. Dump all of that in one go and it'd definitely have a short term effect. If their holdings are more concentrated they could have an even bigger effect on the bonds they hold.
Bonds tend to be issued on a regular basis, so even a short term drop in price could be timed to affect an auction. That has the twin effect of reducing the amount the government in question raises, and also tying them into effectively higher interest rates, potentially for decades to come.
I'm no expert trader either, so I could be barking up the wrong tree, but I assume that they would have a clear expectation of the results before making that threat, and I can't really see any other effects it could be expected to have.
Absolutely. If they're killed during their crime they should be completely anonymous. No names, no 'manifestos', no reference to the sorts of communities they were part of online, no last words, just, 'they were a vile stain on humanity' and then forgotten. Obviously, if they live more will come out as they're prosecuted, but that should be minimized and once they're jailed they can be forgotten by all but those tasked with keeping them alive to serve their sentence.
The price moves with supply and demand on the secondary market. Normally, yes, that'll tend to vary to balance yield with the prevailing interest rates, however, the threat seems to be to dump bonds onto the secondary market, presumably without a minimum price. The glut would mean buyers could purchase them below that balance price, giving them a better yield. This would have (at least) two knock on effects, firstly it would make it harder for governments yo raise funds through bond issues as they'd effectively be competing with the cheaper 'dumped' bonds and so would need to offer an equivalently high yield, and secondly may allow 'undesirable' governments or groups to amass significant amounts of European debt, which potentially gives them more political leverage than European governments might like.
There's a fair chance he knew that and wanted to die while killing as many as possible.
As you said, good riddance.
Taxes don't work like that. It's only the portion above a level that's taxed at that level.
Bravo!
I like it, this is clearly very enterprisey and solution focused, but I would like to suggest a couple of amendments if I may?
- Namespaces
We should make full use of namespaces. Make the structural tags be in a language specific namespace (to be referenced in every function spec, obviously) but change the in an out params to use the parameter name as the tag, namespaced to the function they're for, with a
typeattribute. - In memory message queues Have all function invocations be marshaled as xml documents posted to an in memory message queue. Said documents should use a schema that validates the structure and a function specific schema to validate the types of arguments being passed. Namespace everything.
I reckon we could power a medium sided country if we could generate energy from the programmers despair.
If you're talking about being able to regain access with no local backups (even just a USB key sewn into your clothing) your going to need to think carefully about the implications if someone else gets hold of your phone, or hijacks your number. Anything you can do to recover from the scenario is a way an attacker can gain access. Attempting to secure this via SMS is going to ne woefully insecure.
That being said, there are a couple of approaches you could consider. One option is to put an encrypted backup on an sftp server or similar and remember the login and passwords, another would be to have a trusted party, say a family member or very close friend, hold the emergency codes for access to your authentication account or backup site.
Storing a backup somewhere is a reasonable approach if you are careful about how you secure it and consider if it meets your threat model. The backup doesn't need to contain all your credentials, just enough to regain access to your actual password vault, so it doesn't need to be updated often, unless that access changes.
I would suggest either an export from your authentication app, a copy of the emergency codes, or a text file with the relevant details. Encrypt this with gpg symmetric encryption so you don't have to worry about a key file, and use a long, complex, but reconstructable passphrase. By this I mean a passphrase you remember how to derive, rather than trying to remember a high entropy string directly, so something like the second letter of each word of a phrase that means something to you, a series of digits that are relevant to you, maybe the digits from your first friend's address or something similarly pseudo random, then another phrase. The result is long enough to have enough entropy to be secure, and you'll remember how to generate it more readily than remembering the phrase itself. It needs to be strong as once an adversary has a copy of the file they jave as long as they want to decrypt it. Once encrypted, upload it to a reliable storage location that you can access with just a username and password. Now you need to memorize the storage location, username, password and decryption passphrase generator, but you can recover even to a new phone.
The second option is to generate the emergency, or backup, codes to your authentication account, or the storage you sync it to, and have someone you trust keep them, only to be revealed if you contact them and they're sure it's you. To be more secure, split each code into two halves and have each held by a different person.
I've found HSBC to be ok using Firefox on Linux. I don't know if they have integrations with any accounting software, but the web access works well, and you can export your transactions for processing locally.
ETA: I've run small business accounting on Gnucash, I found the learning curve a bit steep, but once you 'get it' it's handy.
Sorry for the slow reply, life occurred.
I think I understand where you're coming from with the desired to be productive and not reinstall. I think I've been there too! One thing that I can suggest, if you do have the time, is to learn a system like Ansible and use it to setup and configure your machine. The discipline of keeping all of the config as source rather than making ad-hoc changes reduces the chance of thinking you'll make just one little change and breaking something, and, if something does go wrong, you can get back to your working configuration quickly.
Bearing in mind that there really isn't anything you can do to stop yourself if you're really determined to not lose the data, because if you can read it at any time you can back it up, the closest you are likely to come is something like creating new key with GPG then using the TPM to wrap your secret key and deleting the original. That way the key is only usable on that specific machine. Then use the key-pair to encrypt your 'guard' files. You can still decrypt them because you have the wrapped secret keys and you're on the same machine, but if you wipe the drive and lose those keys the data is gone. The TPM wrapping prevents you from taking the keys to a different machine to decrypt your data.
There's an article with some examples here,
Having said all of that, this still doesn't help if you just clone the disk as all of the data, including the wrapped key and the encrypted files will be cloned. The one difference there is that the serial number of the hard drive will be different. Maybe you could use that, combined with a passphrase as the passphrase for your GPG key, but we're getting into pretty esoteric territory here. So you could generate a secret key with a command like:
( lsblk -dno SERIAL /dev/sdb ; zenity --title "Enter decrypt password" --password) | sha1sum | cut -c1-40
Where /dev/sdb is the device your root partition is on. zenity is a handy utility for displaying dialogs, there are others available. In this use it just prompts for a passsword. We then concatenate the drive serial number from lsblk with the password you entered and hash the result. The hashing is really only a convenient way to mix the two without worrying about the newline lsblk spits out. Don't record the result of this command, but use it to set the passphrase on your new GPG key. Wrapping the secret key in the manner the article above suggests is a nice extra step to make it harder to move the drive to another machine or mess around in that sort of way, but not strictly necessary as that wasn't in the scope of your original question.
Now you can encrypt your file with: gpg -e -r <your key name> <your file>'. That will produce an encrypted version of
<your file>
called <your file>
.gpg. To decrypt the file you can get gpg` to use the hashing command from above to get the passphrase with something like:
gpg -d --pinentry-mode=loopback --batch --passphrase-fd 3 <your file>.gpg 3< <( ( lsblk -dno SERIAL /dev/sdb ; zenity --title "Enter decrypt password" --password) | sha1sum | cut -c1-40 )
Once you've tested that you can decrypt the file successfully you can remove the original, plaintext, file. Your data is now encrypted with a key that is secured with a passphrase made of a string you know and the serial number of your disk and optionally wrapped with a key from the TPM that is tied to your physical machine. If you change the disk or the machine the data is irretrievable (ignoring the caveats discussed above). I think that's about as close to your original goal as you can get. It's rough around the edges, and I'm not sure I'd trust my data to it, but I believe it'll work. If you do something like this, please test it thoroughly, I can't guarantee it!
'This post is a palaeontological disaster' is a marvelous turn of phrase, and I intend to steal it for use at the first opportunity.
Yes, yes, but now lets take that, make it dependent on the session management system and dns resolver for some reason, make the command longer and more convoluted and store the results in one or more of a dozen locations! It'll be great!
/s
Dconf is bad, just imagine how bad a systemd version would be.
Yeah, I know there was one a while back, and if you don't use ECC RAM, given enough time, it will eat your data as it tries to correct checksum errors due to memory corruption. That's why we keep backups, right. Right?
I tend to assume that every storage system will eventually lose data, so having multiple copies is vital.
H.A.R.M - High-speed Anti Radiation Missile.
Basically, rather than having it's own radar to track a target, or using IR sensors, it locks on to a target emitting lots of radio noise such as an enemy radar or jammer.