This feels like a very bizarre propaganda / pro-military opinion piece. Google isn't a defense contractor, its employees aren't any more or less patriotic if they don't want to build software that goes in killbots.
But Google wants to be a defense contractor and the employees are emotionally blackmailing it from not being one.
If those employees had a fucking conscience, they wouldn't slice and dice every online interaction of a user and serve ads. Stop pretending to be on a moral high-ground by refusing to serve the very entity tasked with securing YOU and the nation
You think it's irreconcilable for an individual to be okay with farming data, but not with indirectly killing people?
Everybody has a slightly different moral compass. Every "good" person does "bad" things.
I highly doubt, for instance, that everyone who commits check fraud would be okay with murder; I also doubt every murderer would be okay with committing check fraud.
I'm absolutely not OK killing (innocent) people, and clearly, the pentagon isn't too. The aim of the program is to increase accuracy to prevent and minimize collateral damage.
If you truly cared about protecting the lives of innocent, you'd support this program.
> refusing to serve the very entity tasked with securing YOU and the nation
Google is refusing to support the militias? Given so many companies are supporting the military, google not supporting the militias does seem pretty negligent in securing us and our rights.
Particle.io is hiring! We're a fast growing, close knit team building awesome things. Tons of opportunity to work on open source projects, learn new technologies, work with hardware and software, etc. Check us out!
Google and all the other mega-tech corps do a similar tech phone screen where they're reading off an answer sheet. (powers of 2, sort these functions, linux kernel calls, etc).
Sounds like you dodged a bullet, this sort of thing speaks volumes to how the company is run internally and how you'd be treated there.
Came here to say +1 to this, definitely employ a bastion host and make sure that's the only way to SSH to your servers. This can be a little tricky to do correctly if you don't have someone on your team, but it's a valuable way to reduce your surface area to monitor.
Installing fail2ban is also a very basic / smart way to discourage brute force SSH attacks on your boxes. Also you could try piping your SSH logs into something like papertrail / slack, so you have clear visibility into who's logging into your servers, etc.
On fail2ban, I have had more success in being able to stop attacks quickly by using SSHGuard. Quicker easier setup, easier to understand, etc. Is there a significant reason to use fail2ban over sshguard?
That's actually where I want to take this, I'm thinking a wind speed sensor to recognize if it's on/off and a temperature sensor to turn it on/off automatically.
Schneier's estimate assumes rented hardware time, but purchased hardware and multiple attempts would drive down the cost dramatically over time. This estimate also doesn't include optimizations by leveraging previous cycles or spends, or the impact of storing something like a rainbow table.
Given a government budget and time-scale, and ignoring sunk costs, I would think a collision attack could already be in a negligible cost range for any well funded sophisticated attacker that has setup shop.
You can actually do this with a usb cable, or flash your own firmware over the air, you'd only need a jtag programmer if you wanted to replace the open-source bootloader :)
