From: ibuprofin@painkiller.example.tld.invalid   
      
   On Mon, 10 Dec 2012, in the Usenet newsgroup alt.os.linux.mandriva, in article   
   , Adam wrote:   
      
   >Moe Trin wrote:   
      
   >> Are you sure it's not something you're passing back and forth with   
   >> others and it's morphing as it does so?   
      
   >I think if I avoid spending time around sick people, it should go   
   >away.   I think the last two downturns came from sitting near other   
   >people with colds and being too polite to move.   
      
   Screw the polite bit - MOVE!      And then wash your hands  ;-)   
      
   >>   The Mississippi Health Department closed the clinic in July 2011   
   >>   because of "unsafe infection control practices" after 11 patients   
   >>   were hospitalized with the same bacterial infection.   
      
   > From my perspective, that scares me a LOT more than fraud and what   
   >it's claimed DaVita did, as that's intentionally risking the patients'   
   >health.   
      
   Agree - while closing the clinic would have financial implications   
   that would "punish" them, I'm of the old school of giving _proper_   
   incentive - the severed heads on spears out at the front door type of   
   message that this kind of behavior is not considered to be correct.   
      
   >>> Another "problem" is that I can't control any other router's power   
   >>> switch.  I think my Wi-Fi is up more than anybody else's even   
   >>> though eris is usually off.   
      
   >> Do you turn off the router (or at least down the wireless part)   
   >> when it's not being used?   
      
   >The router, like stolid itself, is on ~95% of the time.   
      
   Mail from the firewall box this morning:   
      
      04:01:02 up 37 days, 14:11  0 users,  load average: 0.00, 0.00, 0.00   
      
   and the logs say that was a reboot for a new kernel.   
      
   >I hadn't thought of disabling its wireless as that would involve   
   >manually going through several router config screens, unless I can   
   >figure out a way to write a program to do it.  How important is that?   
      
   As you've got the link secured with WPA2, probably not very much.  I   
   advocate changing the "passwords" on a regular basis just as an extra   
   precaution, but I'm paid to be paranoid.   
      
   >> I honestly don't know which is worse, or more common.  I've seen   
   >> both problems.   
      
   >As long as humans are involved, computer security will be a problem,   
   >like that worm(?) that guessed something like 20% of all passwords   
   >just from a relatively short list.   
      
   I'm guessing you mean the W32/Deloder of 3/2003 that used a list of 83   
   ``passwords'' to the admin account on windoze boxes - but I hesitate   
   to use the word "password" - from CERT Advisory CA-2003-08, a sample   
   of the target words included   
      
       [NULL]  0  000000  00000000  007  1  110 111 111111 11111111 12   
       121212  123 123123 1234 12345 123456 1234567 12345678 123456789   
       1234qwer  123abc  123asd  123qwe  2002  2003  2600 54321 654321   
       88888888  Admin  Internet  Login Password a aaa abc abc123 abcd   
       admin  admin123  administrator  alpha  asdf  computer  database   
       enable  foobar  god  godblessyou  home  ihavenopass  login love   
      
   and those really aren't the best strings to use.  There's a similar   
   problem with "default" accounts/passwords that the average user is   
   totally unaware of, and never attempt to disable (even assuming it is   
   possible to do so - some can't be disabled).   
      
   >My theory, as I think I've said, is that computer security is   
   >relative.  If my computer is 90% secure (by whatever metric) while   
   >others nearby are 60% secure, most crackers would go for the other   
   >systems.   
      
   That's not _unreasonable_ but where it's easy to improve security,   
   why not?   One of the ISPs I use seems to have decided the reason   
   their customer's email accounts are being abused is guessable passwords   
   and they decided to improve things by requiring the 'email' password   
   to be at least 8 characters long, include at least one each of upper   
   and lower case character, a number, and "at least one special character   
   (ie. ! or #)" (quoting from their latest bulletin).    OK, I can do   
   that!   "head -2 /dev/random | base64" and then discover their crappy   
   software limits at 12 characters.   Sigh...    Of course it's not   
   memorizable, but there's a strange file in my home directory that has   
   a bunch of lines of garbage text and I know which ``word'' of which   
   line is the one to cut/paste into the mail tool.   
      
   >>> As I understand it, 'nmap' can check for every one of those, if   
   >>> told to.   
      
   >> I haven't tried the latest, but this was somewhat limited in   
   >> earlier versions.   
      
   >Still, it sounds like nmap, knowledgeably used from outside of the   
   >LAN, is the best way to check things.   
      
   I've been using a minimal Linux box as a masquerading firewall, which   
   is to say "iptables" and merely check that the outside interface is   
   only aware of TCP, UDP and ICMP under IPv4 (because none of the ISPs   
   I use provide IPv6), and everything else is ignored.  IPv4 TCP and   
   UDP is REJected unless expected.   I test that using the laptop to   
   simulate the router, and merely spot check things from the outside.   
      
   [laptop cases]   
      
   >>> What about briefcase-like carrying cases that also have room for   
   >>> books, papers, etc.?   
      
   >> That's essentially what I'm using now - this one has a metal side   
   >> that essentially holds the shape, and reduces the risk of crushing   
   >> the laptop with the books.   
      
   >I'll keep that in mind, should I get a laptop.   
      
   Mentioned in my reply to Bobbie Sellers last week - I initially tried   
   a 1960s Samsonite attache case, which is an aluminum body. With extra   
   foam padding inside, it worked great.   Main problem was that it was   
   heavier than I liked, and not able to carry textbooks.   
      
   >Probably when I find one that seems decent and won't cost me much   
   >over $100, I'll get one.   
      
   The lowest retail price for a "new" (which includes refurbs) systems   
   I've seen has been the Door Buster specials  Thanksgiving night,   
   with older and bottom-of-the-line laptops right around $160.   
      
   >Meanwhile my store credits at Staples are increasing and I can't   
   >think of anything I really want.  I already have several years of   
   >paper and ink on hand.   
      
   -)   If the credits are (more or less) same as cash, why not?   
      
   >> I tend not to keep that much data on the laptop drive   
      
   >Good point.  If the laptop is a secondary computer, it'll only need   
   >to have what I'm likely to use or work with in the next few days.   
      
   Company policy for "outside" computers that have a chance to be   
   stolen or misplaced.  Data on the company laptops is therefore ALWAYS   
   encrypted, and relatively speaking, only the "required" data is there.   
   I'm amazed at the number of laptops that get stolen/misplaced that   
   are loaded with sensitive data, including customer or employee data.   
   (Last month, NASA sent a message to all NASA employees informing them   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)