Can’t wait for the details to come out. My money is on half the systems running operating systems which are old enough to drink, along with an understaffed, underpaid security team who spends all their time chasing people opening phishing emails. And that will be coupled with management which “cares about security”. And by “care” they mean “don’t have a clue and don’t actually give a fuck”.
Growing up (I was a kid during Reagan’s Presidency), I heard more than one conservative pundit saying “better dead than Red!” I guess Russia is technically not the USSR; but, it strikes me as funny to see conservative pundits now seemingly open to becoming Russian.
How do you mandate lower grocery prices in that?
You don’t. Price controls don’t work and usually backfire in the long run.
Instead, you modify the incentives which exist around prices via taxation. As a simplified example, if you want to prioritize lower prices on staples such as milk, vegetables or beef, then businesses which can show that their margins on those products are within a defined range pay 1% less on corporate taxes. The numbers and ranges would need to be discovered via both study and experimentation. But, by tying a savings for those business to their behavior, said behavior can be influenced. The prices can then be further manipulated lower in the logistical chain, either by direct subsidy or via similar manipulation of incentives to growers and distributors.
We live in capitalism.
Yes, but functional capitalism requires regulation to prevent monopolies, collusion and other activities which distort markets. And there are plenty of areas where capitalism fails and government (read:socialism) needs to step in to provide something which society needs, but for which the incentives do not exist to provide it in an efficient manner. Or for which the efficient providing of that thing creates moral hazards. There is a reason we don’t privatize the military.
Have you considered just beige boxing a server yourself? My home server is a mini-ITX board from Asus running a Core i5, 32GB of RAM and a stack of SATA HDDs all stuffed in a smaller case. Nothing fancy, just hardware picked to fulfill my needs.
Limiting yourself to bespoke systems means limiting yourself to what someone else wanted to build. The main downside to building it yourself is ensuring hardware comparability with the OS/software you want to run. If you are willing to take that on, you can tailor your server to just what you want.
Switched to full time Arch because I didn’t want to run Windows Privacy Invasion Goes to 11. And it’s been pretty good. Valve gets a big “thank you” for their contributions to WINE and making gaming on Linux nearly as seamless as Windows.
It’s probably still true that “Next year” will be the year of Linux on the desktop, and it will be for several more years to come. But, it’s starting to feel like cracks are forming in the Microsoft wall.
Unless and until we get regulation which makes holders of PII accountable for it’s protection, with massive fines (e.g. GDPR style, X% of worldwide revenue) , companies are going to keep failing at cybersecurity and we’re going to keep reading about these large breaches. Companies will only prioritize security when the cost of being breached far outweighs the cost of securing the data.
Democrats really need to get control of the House in this election and get Articles of Impeachment going on Thomas.
It’s getting Fark’d
I do agree with what you are saying, but for a complete beginner, and a very general overview, I didn’t want to complicate things too much. I personally run my own stuff in containers and am behind CG-NAT (it’s why I gave it a mention).
That said, if you really wanted to give the new user that advice, go for it. Rather than just nit pick and do the “but actshuly” bit, start adding that info and point out how the person should do it and what to consider. Build, instead of just tearing down.
No, but you are the target of bots scanning for known exploits. The time between an exploit being announced and threat actors adding it to commodity bot kits is incredibly short these days. I work in Incident Response and seeing wp-content in the URL of an attack is nearly a daily occurrence. Sure, for whatever random software you have running on your normal PC, it’s probably less of an issue. Once you open a system up to the internet and constant scanning and attack by commodity malware, falling out of date quickly opens your system to exploit.
Short answer: yes, you can self-host on any computer connected to your network.
Longer answer:
You can, but this is probably not the best way to go about things. The first thing to consider is what you are actually hosting. If you are talking about a website, this means that you are running some sort of web server software 24x7 on your main PC. This will be eating up resources (CPU cycles, RAM) which you may want to dedicated to other processes (e.g. gaming). Also, anything you do on that PC may have a negative impact on the server software you are hosting. Reboot and your server software is now offline. Install something new and you might have a conflict bringing your server software down. Lastly, if your website ever gets hacked, then your main PC also just got hacked, and your life may really suck. This is why you often see things like Raspberry Pis being used for self-hosting. It moves the server software on to separate hardware which can be updated/maintained outside a PC which is used for other purposes. And it gives any attacker on that box one more step to cross before owning your main PC. Granted, it’s a small step, but the goal there is to slow them down as much as possible.
That said, the process is generally straight forward. Though, there will be some variations depending on what you are hosting (e.g. webserver, nextcloud, plex, etc.) And, your ISP can throw a massive monkey wrench in the whole thing, if they use CG-NAT. I would also warn you that, once you have a presence on the internet, you will need to consider the security implications to whatever it is you are hosting. With the most important security recommendation being “install your updates”. And not just OS updates, but keeping all software up to date. And, if you host WordPress, you need to stay on top of plugin and theme updates as well. In short, if it’s running on your system, it needs to stay up to date.
The process generally looks something like:
Optionally, you may want to consider using a Dynamic DNS service (DDNS) (e.g. noip.com) to make reaching your server easier. But, this is technically optional, if you’re willing to just use an IP address and manually update things on the fly.
Good luck, and in case I didn’t mention it, install your updates.
No, because your vote won’t encourage investment in flipping the State. I agree that the current duopoly sucks. I was an ardent Bernie supporter and would very much like viable third parties. But, the DNC isn’t going to be looking at those third party votes. They need to believe that the Democrats have a chance of winning before they will invest in a State. If all they see are protest votes, then they won’t see a viable path to them winning and they will continue to ignore the State.
Ya, it sucks, but we really do need to just keep holding our nose and pulling the lever for the Democrat in the general election.
What’s Next?
Nothing, the answer is nothing.
This is “proposal” has about the same chance of passing Congress as I do of farting diamonds. It’s just empty rhetoric to pander to voters. Can’t say I blame Biden for putting it out there, elections are all about empty promises. But ya, he may as well be promising unicorns and rainbows for everyone, for all the chances this has of becoming law.
If you are in a deep red state, it will seem that your vote won’t matter. Because it mostly won’t. However, the way States vote changes over time. The closer the vote totals in a State, the more likely the National Democratic Party is to invest resources into building up and promoting candidates in those States. That sort of thing can shift the needle, if slowly. Keep in mind that California voted Republican from '68 to '88 (source) but shifted over time.
It sucks to vote and feel like you’re just pissing in the wind. But, each vote moves the needle just a bit more and maybe, eventually, things will swing.
Not sure this will make a difference for the election. At this point, I suspect that support for gun control/rights is petty well understood and priced into support for the candidates. No one expects Biden to veto gun control legislation and no one expects Trump to sign it. Granted, Trump can be a bit of a wild card sometimes (see: bump stocks reclassification).
That said, this is likely a very hollow promise. Such legislation is almost certainly a dead bill in Congress. And even if it somehow passed, it’s likely not going to make it past the current Supreme Court.
At best, this is just empty rhetoric.
While folks like Schiff have some pull in the DNC, it’s the delegates at the convention which choose the nominee. Party leaders have spent years ensuring that pledged delegates stay pledged delegates on the first round of voting. And it’s Biden’s team who chose those delegates. So, as long as Biden says he’s staying, he’s got this locked up.
If Biden refuses to step down, there isn’t a lot for the DNC to do. Biden has the nomination locked up with pledged delegates. And I seriously doubt we are going to see a mass defection at the convention. So, short of him waking up dead one of these mornings (always a possibility for an 81 year old man), we’re riding the Biden ship all the way down.
Who knows, maybe Trump will do us all a favor and have a massive coronary in the next few months. Goodness knows his eating habits aren’t the best. But, my money is on the Biden-Trump rematch no one wanted.
Holy Misleading Headline, Batman…
The actual first sentence of the article:
Since 2019, the U.S. Department of Defense has been asking for a waiver from legislation barring it from doing business with companies reliant on telecommunications equipment manufactured by Huawei.
Emphasis added. This isn’t the DoD saying “we need to use Huawei hardware”, it’s the DoD saying “a fuck-ton of companies we do business with use Huawei hardware.” And that’s because Huawei hardware is cheap and businesses like cheap. While I do think the DoD has some leverage in contracts to say, “welcome to the Defense Industrial Base (DIB), you cannot use anything manufactured by Huawei in infrastructure which is within scope”. If the text of the law says that the DoD can’t do business with companies who use Huawei hardware at all, then that’s going to be very limiting.
If you are located in the US and aren’t currently a complete fuck-up, the Federal Government can be a way into the GRC side of cybersecurity. Between civilian and DoD sites, they have analysts and auditors all over the place and always seemed in need of folks willing to pour over checklists and OQE artifacts. This first place to look for positions in that vein would be on usajobs.gov. Though unfortunately, the FedGov made the decision to classify both GRC and sysadmin positions under the 2210 category; so, you’ll probably have to dig through a lot of sysadmin listings.
Another path into similar positions is to look for FedGov/DoD facilities in your area. Once you find one, take a drive around the area and look for the names of businesses in the area and start researching those businesses and their open positions. There will almost certainly be the big ones, like Booze-Allen Hamilton, BAE, Boeing (yes, that Boeing. They do a lot outside of crashing aircraft), etc. But there will be a plethora of smaller companies with seemingly random names and little public facing who supply the local site with hordes of contractors. And, while these are contractor positions, they are a lot more stable than contract positions in the private sector. I spent 6 years as such a contractor and only stopped being one when I took a job elsewhere.
I will say that “entry level” is going to be harder. No one wants to hire an train someone without experience, which puts you in a catch-22. For all the suck involved, you may want to consider putting in some time working a help desk. At minimum, it keeps you in proximity to the field, teaches you something about systems and provides related, if not direct, cybersecurity experience.
Best of luck.