Best worldwide outdoor map there is, with offline support. I use it very often to find trails not even locals know about (e.g. Japan). Don't forget to switch to Outdoor mode!
Google and Apple get all the glory - but some of you folks might find mapy.cz useful, esp when traveling abroad. Mobile app offers even offline tourist maps for the whole world, including contours -- https://en.mapy.cz/turisticka?x=-119.7422922&y=37.8326869&z=...
It all depends on what kind of company are you in, what kind of people are your superiors, etc. How much politics and backstage dealing is involved?
In an ideal situation I would say call be honest and tell the stakeholders your view.
On the other hand, from my corporate experience, it's not always the best course of action. See - as lwj1001 already said - some companies play sort of meta-game, where certain things are known but never said out loud. If you are in a position to change the environment - great! (But this is not likely the best opportunity to do so). Otherwise... I would still say your opinion to those who need to be informed, or even better - write them an email. The reason is - you might have to cover your ass in the near future. The worst that can happen is that everyone assume everyone know yet there is someone who doesn't.
It's quite probably because of compatibility with the older clients. Unfortunately you can't simply use only the safest algorithms out there because the clients wouldn't be able to connect :/
- if the server is public already then black hats can simply probe your networks (IPv4 is not that big) and find the servers by themselves. The odds are that hackers are probably not interested in your company anyway.
- there are people who don't care about security of their servers (or rather are lazy / naive) and might find this service useful. Even if we were black hats it would at last alarm them that something is wrong. If they ignore the warnings - well - god help them.
Hi andreaso, do you happen to have a list of encryption algs on your side? We don't support chacha20-poly1305 (yet) and afaik aes in gcm mode, but e.g. aes ctr are reliable so I find it strange these are not supported on your side.
Even if the IP address was guaranteed static then I wouldn't dare recommending admins to add an exception to firewall. That would certainly be a very bad practice. There are tools available (mentioned in the comments around) that do the same job and can be run in the DMZ (the question is, would anyone go through the source code and verify the tool does not contain any malicious code?).
I think it's more the other way round. You already have a public SSH server for whatever reason (e.g. hosting, tunelling, ...) and you might use this tool to check its capabilities.
The reputability of such service or even existence thereof does not have anything to do with how much your server is or is not secured.
Hi hannob, I'll re-check the classifications. Pretty sure you're right about the hmac-sha1 being still ok. Wrt oakley 14 and umac64 (and others) I'll try to add more detailed justifications. Thanks for your comment!