Here's how you do it: first, sudo apt-get install libpam-google-authenticator; second, run google-authenticator as the user you will access remotely and follow the instructions; then, edit /etc/pam.d/sshd, and add "auth required pam_google_authenticator.so" in a new line; edit /etc/ssh/sshd_config and add (or change) the ChallengeResponseAuthentication line so it reads "ChallengeResponseAuthentication yes"; and finally, sudo service ssh restart to restart the ssh server.
More info is available from the packager of libpam-google-authenticator, and from the Google Authenticator PAM module's README.
Edits: Corrected typos; added more context.
While this one isn't quite as offensive as some, all these curl/sudo/bash combos really make me sad, particularly when used to "increase" security.
If you start pushing insecure technologies like this, people will just get really comfortable with them and eventually get taken advantage of.
Also, it occurs to me: With TFA, it finally makes sense to periodically change passwords.
I've been using them across a half dozen personal machines for quite a while now, looking to roll it out at work as well.
Missing. The. Point.
Have them do one thing and do it well, keep them unix like, small sharp tools. You can always copy paste a large conditional from one function into its own named function. This significantly improves readability and divides the code in to smaller units which makes testing more graceful.
Rivets does look promising in that there are some parts of my code in templates that are just a single number (say # of notifications). That's a pain to have to separate out into a separate view or render function for something so small.
but breaking apart your render method is only one way to achieve this. using a sane layout manager with subviews is my preferred approach (though i suppose you could argue this is just breaking up the render method across several views). this technique is also admittedly a pain at small scales.
the beauty of this technique, though, is that every view is responsible for it's own rendering. that is, parent views don't need to be aware of the re-rendering process of their subviews (how or when). another great benefit is you will find yourself referencing items by selector less often, and instead through the subview's element.
Is there an easy way to manage this? From what I've seen it's typical to have one template per view (and possibly sub-views with sub-templates).
It's not Open Source, for anyone who cares about that. It's interesting how strange it feels to me for infrastructure code to be anything other then Open Source.
I'm sort of shocked that the query language is still passing strings, when Hickey made a big deal of how the old database do it that way. I guess for me a query is a data structure that we build programmatically, so why force the developer to collapse it into a string? Maybe because they want to support languages that aren't expressive enough to do that concisely?
Not everything needs to be shipped every day. Or built. Or tweaked.
- Good design is iterative
- Vitsoe 606 Shelving system, designed in 1960 by Dieter Rams. They still make them today, and to the same spec.
And would users say that the constant UI rearrangements in modern apps are good design? Absolutely not. The UI paradigm of putting buttons in set places on screen doesn't jive with constantly changing their positions, because you memorize the UI by those positions. This is particularly annoying with rarely used features because every time you use them it's a totally different UI.
Depending on constant iteration is not good design. It is a crutch permitted you by software. You can still come up with long lasting solutions if you give them some thought.
I can't help but feel this when i look at architecture. Medeival stone masonry, for example. When it takes decades to build, you can tweak the design. In particular, this is evident to with respect to "human scale," 3-dimensionality, volumetric balance, and proportionality. Much early modern architecture, was just designed to look cool as a model; or to photgraph well in publication. Much of this architecture has a PRE_FAB feel to it (brutalist, etc). Ironically this emerged in the context of (a) more powerul modeling tools; and (b) more degrees of freedom in plastic materiel (ie, modern materials, RC etc).
Also, is AMD going to do anything in mobile or is that all ARM moving forward?
I think it's taken too much for granted that one should change passwords on a regular basis. If we assume that changing passwords more frequently means that we are more likely to use more rememberable - and, thus, more guessable - passwords, then perhaps this is not a fluke. Perhaps "pick a truly random, long sequence and keep it for a long time" is not actually bad policy.
In short, I find it odd that the author unquestionably says his neighbor should have had different password behavior, yet it was the only password he couldn't crack. That's an opportunity to revisit assumptions.
The article reminded me of that. If someone attacks my home wifi with network sniffing hardware, sophisticated password guessing tools, hours of planning and execution, etc then, well, the issue escalated beyond anything I could sensibly prepare for.
I realize these computing tools are easy to come by and not terribly hard to use. Ditto body armor, night vision, and combat training. And if someone is inclined to apply them against my pathetic existence, I'm screwed. Planning for such events is pretty pointless, I have other things to do.
Should I point out that 'password' is 8 characters :) Have there been studies done that attempt to test the hypothesis that when forced to pick passwords that meet some arbitrary complexity threshold most common users pick things like "password1"? I have a hard time believing most non-techies (heck, even a lot of techies) pick secure passwords.
> Remarkably, neither CloudCracker nor 12 hours of heavy-duty crunching by Hashcat were able to crack the passphrase. The secret: a lower-case letter, followed two numbers, followed by five more lower-case letters
So an all-number password was easily cracked with this method, but a shorter password with letters was untouchable?
Edit: I get that 10^10 is less than 36^8. I was more wondering how the cracker assumes, without knowing already if it's all-numeric or not, that it should try longer numerics before shorter alphanumerics and when it decides to give up on the numbers. I guess it's just known to be more likely for a good number of characters.
Does it work?
I did find the article linked within to be more interesting and informative.
We launched a product that protects you from these attacks - more discussion here - http://news.ycombinator.com/item?id=4444478
I think it's a really noob question, but how do you monitor a network if you are not connected to it?
1. Why is it possible to do the password tests remotely? Why would the key on the router be allowed to be transmitted? Even a 6 character password should be safe if you don't allow multiple tries.
2. Why isn't the handshake protocol encrypted?
(For those curious mac users, you can simply type "brew install aircrack-ng")
You're either patio11, a "nobody" building a "lifestyle business" or you're making the next Instagram.
Consequently we have a cargo cult mentality that has evolved. Lets compare these two:
"Obviously you need to be in Silicon Valley. This is where all the wannabe startup hipsters move to!"
I mean, you can't go to a coffeeshop without hearing a harvard MBA who think's he's a programmer because he made an excel macro work once, talking about how he's going to disrupt multiple paradigms with his massive SoLoMo app they're building. "This is where it's all happening, man!"
"Japan? There's no startup scene in Japan. Hell, that's a 12 hour flight. You think VCs are going to fly 12 hours for a board meeting?"
"Dude, if you charge money, like %90 of the people aren't going to use your product! But if you're free, and you've gamified your appointment calendar, people will share it! If you can get your virality factor to 2, you'll have a billion customers in 5 months!"
"Oh, there will be a way to make money later, somehow, just look at google, twitter and Facebook!" 
"If you're going to be scalable, you need bank, man! The VCS are in silicon valley, the VCs are critical to having a business. They'll give you great advice, connect you up with the other movers and shakers so you can have Cock-Tails Man!" (Yeah, I can't make myself sound like a startup hipster, I know.)
"Without money, how are you going to build anything? How could you ever scale it? You have to start with money!"
"IF you see the CEO writing code, you've failed. You gotta delegate. I mean, never invest in a company run by a programmer, they'll spend all their time delighting in some technical solution that's super elegant but nobody at any cocktail party is going to give a damn about! I mean, what do customers care about how good you did something? They company has to be run by a people person-- so at the cocktail parties he can network with other people! People's what drives business, and this is what gets business done!"
Do they even have cocktail parties in Japan? Isn't liqueur outlawed or something there?
"You see with VCs, its not the money that's valuable, its the advice! They're going to be able to tell you the right moves and you'll be able to grow so much faster!"
I can't contrast this with patio, because I don't know where he gets advice. But in my experience, VCs [can be] beyond clueless. I've seen them force companies to shut down profitable businesses and focus on long shots (which had the nice side effect of making the company more desperate for the investment, and by drawing it all out the VC was able to get much better terms and take the whole thing when the company later sold, shutting out the founders and employees who got nothing.) I've seen VCs force product direction based on fads, and force the use of inappropriate technologies (provided by a company they had a relationship with, naturally) which caused product delay and ultimately a significant reduction in the value of the company on exit.
Much of the investment process seems to be spending time getting investors up to speed so that they even understand what it is you're doing-- which maybe is one of the reasons they'd rather fund instagram than patio11. I mean, they don't know anything about the hair salon industry (his only clients as far as they can tell) but everyone likes to take instamatic pictures!
And if you don't have a business model, you don't have to worry about the business model!
 All respect to patio11. I think he's on the right track here, and he seemed to be the best example to use. Nothing derogatory said here about him or his business is meant that way, merely to characterize the people who would see him in a derogatory light. Here's a bonus: Why is google's monetezation strategy significantly better than twitter an facebooks? It might turn out not to be if the latter two find a way to make it work, but right now, it works much better. Always. No such thing as a She CEO, I mean, women just don't have the ruthlessness needed, amirite? I don't think people are this naive about Japan in particular, but I hear them say the strangest stuff. Somehow startup hipsters in the bay area speak with a style that's a cross between "Brah" and San Fran hippy from the 1970s. In my head. This is why YC has had so much success, in part, as PG is not clueless and his vetting and blessing lets VCs outsource dealflow. I think angels are probably a lot less clueless, though I have less experience with them. Looking at Gabriel Weinbergs recent summary of his angel experience you see a very different approach than the mentality I'm laying out here.
I believe the overuse of the word startup comes from a certain kind of pretentiousness, a want to associate one's own small-business, small-market, technically trivial, mom-and-pop online business with world leaders like Facebook and Google. Making the linguistic link is good for the founder's ego, and even better for convincing na√Įve investors to fund barely viable visions.
If you're one of the many non-technical teams who cannot build products yourselves and have an idea with dubious money-making prospects then you can have a great adventure on half a million euro of dumb money, and believe me many founders in Berlin are.
I've lived in Berlin since January and during that time I witnessed a rising hipster startup culture. Unskilled and unexperienced college graduates with big egos raise dumb money, hire programmers to build code they don't understand, then spend their days 'networking' at trendy hotels in down-town, throwing minimal techno parties and going on trips across Europe for 'business and pleasure'. It's a great lifestyle, and I've nothing against people enjoying themselves - it's certainly my priority now. But I find this sort of carry on repugnant when an investor's money is at stake.
Viaweb was founded by PHD students at MIT, one who invented the worm and the other who wrote timeless Common Lisp textbooks. The modern waterfall of self-professed 'startups' are run by guys and girls who watched 'How to Build a Blog in 15 minutes using Rails' then decided they were the next Steve Jobs. Let's get realistic here - building a web app or an Iphone app these days is no more high-tech than a mechanic fixing your broken car.
Drop the ego, drop the pretense - the majority of business now labelled as startups are small online businesses and there's nothing wrong with that.
We are making it hard on ourselves to be successful because of the ideas and types of businesses we are drawn to create.
We jump into crazy ideas with no provable business model or customer when we could experiment and apply customer validation to our potential product. Jumping in like a crazy person is glorified in our community because we love watching others do wild things and hope it will help us be more wild.
I want this to change. More people should be running successful businesses, though they might not be instagrams. I want to see your unique touch on so many tired products and ideas.
Only time I ever felt like giving up on my latest venture was when I started trying to view it as a "startup" and thereby compared it to other "startups". I got really depressed for a week or so trying to be a "startup guy", which thankfully I didn't become. It was like the goals of the business (provide a killer service in order to fund my continuing education and frugal lifestyle) got replaced by the "be the coolest thing ever" startup vibe, which sucked.
This article reminds me again that it's not a startup... it's a site that makes a little money by solving a common problem for developers like me, better than other people, and will hopefully make a little more money, once I've done some good marketing and solved that problem even better!
Now I skip past them like I skip tabloid and gossip "articles".
cheap to scale > scale per se > scale potential
Question 12 is even worse, as the processing order is implementation defined. On my compiler, it prints out 60..40..60.
C questions should be designed to show whether or not the candidate can write robust, professional quality code, not to test esoteric knowledge that even the interviewer can't get right.
I was asked questions like these in an interview once. It was such a massive red flag to me that I went with another company (the final straw was arguing over the size of int, which he insisted was always 32 bits).
Well this is always true, so I guess that means there's no such thing as memory leaks in C. Checkmate garbage collectors.
Clearly HBO is walking a fine line here: The cable companies that partially subsidize them in order to lure subscribers don't want you walking over to your (non-subscriber) friend's house and throwing "Game of Thrones" up on the big screen via Apple TV.
The whole "let me pay for it!" debate has been well-covered elsewhere: In short, HBO probably couldn't make a living charging individual subscribers for content, especially on a per-show basis. How could they produce new material without the guarantee of N-million monthly subscribers? And cable/fiber/satellite companies who help promote their service?
A friend and I found this out the hard way one afternoon when we decided to rent Ridley Scott's Alien, in anticipation of seeing Prometheus. He pulled up the store on his iPhone, found the movie, selected Rent: HD, and signed on to my wi-fi network, my Apple TV appearing on his iPhone without a hiccup. So far, pure Apple seamlessness ‚Ä" until he selected the AirPlay output. The audio played back over my speakers, but the video remained on the 3.5" screen.
Thinking resourcefully, I suggested he try AirPlay mirroring. This, at last, gave us the "fuck you, consumer" from the studio in explicit form: a message appeared on his phone saying the AirPlay display couldn't be trusted.
We both resolved never to use the iTunes store for movies again.
You can get a 10' UI using XBMC if you want, and you can access the full versions of YouTube, Netflix, Hulu, (and HBO Go, I presume) etc. - no restrictions. No transcoding, no syncing - if it works on your PC, it works on an HTPC.
Until this article I assumed the developer sucked. Now I'm not so sure the crashing is a bug.
Subscribers log in to HBO Go with their username and password from their cable subscription, not something they get from HBO.
Time Warner Cable blocks using the Roku with HBO Go. When you try to authenticate the device, they slap you on the wrist and say no.
You can however, airplay from the HBO website in Mountain Lion, but I find things get a little out of sync.
You can't cache/download shows to use on the go, meaning that your streaming ability requires a connection and a good one at that: http://interchangeproject.org/2012/05/14/game-of-thrones-loo...
Why is HBO Go not a to-go service? http://interchangeproject.org/2012/05/10/why-is-hbo-go-not-a...
Here is a podcast discussing the issues with HBO Go: http://interchangeproject.org/2012/05/22/episode-38-to-go-or...
Essentially, what I'm trying to say is that HBO Go is a needless usability mess.
HBO's business model isn't terribly friendly to watching their programming on a TV unless it comes via cable or one of their heavily licensed, and generally stationary, partner products. You are a lot less likely to take a Roku or Xbox to a friends' house to watch Game of Thrones, but you always have your iPhone. Of course you could have them over and this falls apart, but you could do that with their cable feed as well. They're trying to slow the bleeding since they can't stop it.
No snark intended, I've just not ever had a good experience dealing with a single proprietary playback mechanism.
It does feel like I lost my soul signing packs with so many devils, but at long last, I have an HD HBO Go app running the way it ought to.
* Not all cable companies have a deal with HBO for HBO Go
I hope the big media companies get their acts together. They only get to screw up a finite number of times before someone comes and blows them out of the water
The conspiracy theorist in me wanted to believe they left audio in there just to advertise AirPlay support.
So it's possible to still get the content to your TV, in a much less user-friendly (i.e. tethered) way. I know not everyone has these connectors, but since the ability is there, you'd hope they would just be gracious and allow for the better experience.
This is still a good read for a short flight. Definitely better than the 2-star rating Amazon has for it.
1)Download and install Kindle for PC (Or Mac, if you have a Mac)
2)Download and install freeware Calibre (Open Source)(http://calibre-ebook.com/download)
3)Download and install DRM removal plug-ins for Calibre(if you use Kindle for PC app, you will just need to add the Kindle plug-in to Calibre)
4)Download your .AZW (Amazon's proprietary format) ebook onto Kindle For PC
6)Find the folder with Kindle for PC ebooks (My documents/My Kindle Content)
7)Select DRM-protected AZW files and drag-n-drop them onto Calibre
8)Calibre will remove DRM protection from AZW ebook(s)
9)Convert your DRM-free MOBI ebooks to any other format (like ePub/fb2/LRF/Mobi/PDF/PDB/TXT/RTF/LIT) using Calibre if needed.
10)Enjoy reading the book in your new format. This is another way to say 'fuck you' to walled gardens like the Kindle.
"The price to content ratio of this publication is enormous and much of the information can be gleaned from a web search. "
for a free book it seems harsh but probably fair
If there's a riper one, it would be K-12 education. That's the really big prize, measured both by how much room there is for improvement and the forces arrayed against you. But if you're feeling heroic here's the place to go: http://imaginek12.com.
It's not the technology that's the barrier to entry. UoP primarily uses NNTP for it's classes. Pull technology allows for 24 hour delivery and flexible schedules for adjunct its largely faculty.
In my opinion, the big competition in online higher education could come from institutions able to outsource faculty positions to the same parts of the world to which call centers are often outsourced.
In the 3 years since I graduated, I've watched my university move 2 buildings, demolish and replace 5 dorm buildings (half of the university's dorm capacity), and massively expand their stadium.
I watched as the school's president approved all of these expenditures, then watched him leave to head the NCAA as students rallied about the cost of tuition, which has doubled in the past 3 years.
I'm a huge fan of this approach. A clear advantage of university education is the network of awesome people you meet while attending. I've learned way more from working and conversing with smart people than I ever did in classes.
Excited to see how their experiment turns out.
I really hope my beloved mailgun remains competitive and independently available and doesn't get assimilated like slicehost -- mailgun is a not-so-well kept secret that needs to stay as is.
I had a play with Mailgun a while back (and others, Mailgun felt nicest to me) but there was a feature that seemed to be missing from them all.
How do you handle rules between outgoing emails?
For example, say there's an email that gets sent out on a user action, but you only want to send it out once a day. It feels to me like I should be able to set rules within Mailgun to say, only send out this email every x minutes, or, don't allow it to go out if another type of email has gone out before etc.
Is there a way of dealing with that? At the moment we have to put all those rules into our app, and it seems like something the app shouldn't have to deal with.
This is not such a great news for customers. Sorry.
Congrats to Ev, Taylor, and the rest of the team!
Edit: The link appears to be fixed now.
Not to be rude or anything, congrats! But from the website itself it sounds like "woohoo, we can send email". Atleast the features page lists 99% standard-mail features like "can send mail, can do SPF, can do DKIM, can filter mails"..
I guess that's not why they were aquired, so what is the real value of the company?
Hey there, lady trying to make a car payment! Hey, guy checking his balance before he buys groceries! Your bank's a dick, so we ruined your week. Hope that's okay.
I would love to find someone who has actual street cred and had their account information released by these chuckleheads, and put them in a room together.
This isn't about politics. I doubt these losers even know anything about the companies they attacked. Fucking douchebags.
However, I should also blame the companies involved here. If they can afford $1000 for some kind of web app firewall they probably could have detected sqlmap raping their site with faulty queries.
The blog post states explicitly that "a lot of the stolen content did NOT include any sensitive information".
Client-side encryption, even in JS, would have prevented this, it seems.
This is false. If anything they can get lower prices than other investors due to their prestige.
(If you're wondering why a VC would say such a thing, it's the one thing a competitor could say that could raise doubts in the minds of LPs, the people who invest in VC funds. AH's successes are obvious, so the only way to spread FUD about them with LPs is to imply that they're paying too much to get into those successful deals, and that their returns will thus be proportionately lower.)
Then Ebay came along and opened up the market to a lot more people, and the people in that market actually had a sense of what some of this stuff was worth (primarily to folks keeping legacy systems alive) and prices shot up.
What was worse was that at the flea markets now vendors wanted 10x what they wanted before for their junk. And if you offered them a more typical amount they would say "Nah, I'll just go sell it on Ebay rather than take that offer." So you could get a discount (sort of a real world buy it now) but your leverage was greatly diminished.
In the world of investing, and Venture Capital specifically, I think Andreessen Horowitz brought a better understanding of value to the table. That meant that VCs that used to be able to get away with underpaying were forced to stump up closer to market value and that makes them grumpy. Just like I was paying $50 for a DEC VAX that I knew I could have had for $5 before Ebay ruined things.
Another example is home theatre. It's true that you can just put a big tv and surround sound in your living room, but that more often than not screws up the decor and larger purpose of the living room as a family gathering spot. When you have a dedicated room, you can go nuts with the stadium seating and all of that.
That said, I've downsized in the past two years from a two story four bedroom house with a yard to a one bedroom apartment. I'm now preparing to spend the next several months in an RV. I'm actually much, much happier with this arrangement.
For some, space is a true necessity (large families that wish to keep their sanity). For others, space is a luxury that they can afford and that truly makes them happy. For people like myself, though, I've found that I only wanted what I thought space could get me... "breathing room". Turns out I needed psychological and intellectual breathing room more than I need more physical space. Perhaps that will change as I get older, but right now I'm glad I learned that I can be happier in far less space. The freedom, flexibility, and lower financial burdens this affords are well worth the cost of having to move a table every now and then.
If you look at the whole trend, houses are bigger, lots are smaller. One of the more interesting things I found in England when my sister was living there was that many folks had a small house but a large garden, because they spent most of their 'home' time in the garden rather than indoors. Whereas in the US there are a lot of people for who the 'garden' (or the yard as we yanks refer to it) is just a maintenance nightmare. Going so far as to install artificial turf to reduce the time burden of keeping it looking nicely.
I think it is sad if people don't get out much, but recognize that more and more of folks leisure time requires more electricity than is available out there.
(That's a joke.)
I suspect that the size of each kind of average apartment has not changed much over the last few decades. One bedrooms are still about 650 sq ft, two bedrooms about 780. Big buildings are designed for efficiency over the long term, and don't partake in fads so much.
When you go out and buy a house, there's an inclination to buy as much house as you think you can afford. More space is more flexibility, after all, and after years living in not-quite-enough space, you want all that you can get.
When it comes to governments and houses, the British public are idiots who accept whatever is waved in front of them
Hope that is what you were going for.
What's still missing is the geographic overview that PadMapper offered. If you want that experience, and access to CL listings, your best bet appears to be the "CLMapper" Chrome extension, which pops up a two-panel brwoser window with listings on the left, map on the right, and coordination between the two (hovering over a listing URL highlights the map pin, hovering over a map pin scrolls to and highlights the listing entry).
The observation that GoogleMaps commercial terms-of-use is increasingly driving third-party sites to free and open alternatives is noted. With irony.
1. Would it be possible to build this fully on top of git (perhaps using libgit2)? I ask, because the "holy" grail for me is finding some magic way for my designers to use git without knowing it. Right now my designers (and I think most non-programmer people), love to use Dropbox. Dropbox has a number of issues as a shared project tool in my perspective (not the least of which being that you are only allowed ONE dropbox account per computer, so you start having a shared folder mess and your dropbox begins to balloon in size on every computer with that account). It appears that something like this could look like Dropbox to everyone disinterested in vcs and act like Git to everyone else who cares.
2. The other reason for libgit2 is to ideally also git-push after every edit/save, to something like github.
3. Max OS X support please :)
If only half the stuff done by the likes of IBM and HP were to make it into common usage the world would be a very different place.
Any advantage of using a full-scale FS over something like git-annex (http://git-annex.branchable.com/)?
There seems to be nothing inherently limiting in Git's repository design. Interested parties can look into bup, for example, which stores large binary files in git's packfile format. https://github.com/apenwarr/bup
Missed malloc check.
system calls like mkdir can fail. Better to check return values of such calls.
Also: I'm old enough to have used VMS's filesystem. :(
Any plans for MacOS (or other *nix) support?
Having played it, I must report back to say: this is stunning. It's wicked fast. Wow. Just wow.
Was playable in low-ress mode, though sometimes laggy, on my 2010 MacBook Air with Chrome.
Maybe next time ;)