Domain: amug.org
Stories and comments across the archive that link to amug.org.
Comments · 31
-
Re:Aloha Snackbar
I'd guess the watch might be something like this.
As for the boots? Who knows?
-
Re:No danger...
I don't think there's really any security check that Apple could have performed on an over-the-air configuration profile that would not defeat the purpose of having such a profile. The idea is to make it as painless as possible for users to sign up for custom settings specific to a company where they work or whatever (e.g. adding corporate firewall keys, that sort of thing). As soon as you limit who can sign the profiles, they become useless, and if Apple required everyone to sign up for a signing cert through them, everyone would be jumping up and down screaming that Apple is being too controlling. It's truly a no-win.
Even if they added an extra check to make sure the signing cert doesn't have
/^\s*Apple\s*$/i or /^\s*Apple\s*Computer\s*$/i as the company name, that still doesn't fully solve the problem. Many users would just as quickly tap "OK" for an update that claimed to be from any company they trust---their bank, Google, Yahoo, PayPal, AT&T, etc. And making the warning sterner only helps if people read it and understand it. I'm just not convinced that this problem has a solution short of not trusting incompetent cert providers with a history of issuing certs in the name of other companies.The real security flaw here, IMHO, is that Verisign issued this company a signing certificate with the name Apple Computer. And this isn't the first time Verisign has done something stupid like that. They've repeatedly shown themselves completely incapable of doing even basic sanity checking before handing out signing certificates, SSL certificates, etc. Thus, IMHO, their code signing certs are inherently no more trustworthy than a self-signed cert or someone typing the name of a company into a field in a plist file. As far as I'm concerned, they should be dropped from the list of trusted roots. If Safari and Firefox both did this, they would eventually shrivel up and die like the inept hack of a company they are.
-
Re:None of it as implemented is about security
But the fix for SSL is not about fixing the CAs, it's getting the browsers to behave more like SSH (or better). Then at least the browser will give useful warnings for a change, that'll help people who really care about security. While it won't help the "click through" users, nothing much will help those against attackers anyway.
Then that's the way it should be - YOU decide who you want to trust, with the help of technology.
In contrast with DNSSEC, you're stuck with Verisign for
.com._Someone_else_ decides who you HAVE to trust for some TLD, whether you like it or not.
Verisign is the CA that signed Microsoft certificates for someone who was not Microsoft- http://www.amug.org/~glguerin/opinion/revocation.html
Network Solutions ( a subsidiary of Verisign that does DNS stuff) has also been known for doing dubious stuff like domain front running.So yes, things are different in DNSSEC- you get to be stuck with one crappy company for
.com and no choice other than pick some other TLD.Different yes, but sure doesn't sound better to me at all.
p.s. FWIW, Verisign owns Geotrust, who owns RapidSSL who kept using MD5 for certs till the exploit became public.
-
Re:Wut
I think you might be looking for something like this:
http://www.amug.org/amug-web/html/amug/reviews/articles/addonics/5x1/It takes a single eSATA connection and outputs several more. This lets you make your own enclosure or just attach naked drives.
-
Re:Always.
Can you cite any examples of a case where a certificate has been subverted in this way?
There are many, mostly not published, but probably the most important one which is publically know, because you could have done anything you wanted with it to most of the computers in the world, is this one. Note that the posting is actually about ongoing security problems related to the hole.
Second in importance to that are the many certificates created with debian for which the private key is insufficiently secure and can be derived from the public key.
You should note, that even though there have been such issues, I belive that no SSL warantee has payed out ever, which gives you some idea how much they are really worth.
-
Re:Yeah, well show me a PSK solution for browsers.Or by "single point of failure" are are implying that a CA will have its private key STOLEN by private crooks?? The latter would be a really stupid assumption to make, esp since they can revoke stolen keys.
Ha. Hahahahahahaha. Certificate revocation is completely useless in today's browsers. Here is one reference that's pretty old, but I'm sure you can find newer stuff if you actually research this.
-
Re:Looks more like a Calculator...
I take it this is your watch?
-
Re:the powers that be
I have test equipment with Nixie tube displays. There you're talking high voltage vacuum tubes.
Sweet. Have you seen this Nixie tube wristwatch?
-
What mysterious tommorow devices from today?
NPR radio said that it appeared in Greek literature that other complex devices were used by the wealthy to amuse guests.
Currently I have a Nixie clock for the same 'guest amusement' function. In several millennium when this creation is rediscovered it will seem oddly complex and mysterious. Bill Gates and Scott McNealy, what mysterious technical devices are in your living room?
So whats a Nixie? Forgot already have we? Jeff Thomas and Laurence Wilkins build good Nixie clocks.
http://www.amug.org/~jthomas/clockpage.html
Cheers,
Jim Burke -
I am into accurate time.
For my computer I am testing an old Heath Most Accurate Clock II* with its RS232 attachment that goes to the serial port on my HP Pavilion. The only problem is the brick sized power transformer gets very hot because its supplying two amp heavy circuits. Use ThinkGeek's KillAWatt to measure power consumption. AWK the transformer is hungry. I guess for real use eventually I will peek at time once a day or so.
*Heath Most Accurate Clock II, synchronizes with WWV at 10 meters.
I think that the network, with all its erratic latency, is not really the best source to use as a timing transport.
Some people have occasionally picked up old cesium clocks from ebay to set the PC's time. Most are from labs and after purchase, probably gather dust in the garage.
http://tycho.usno.navy.mil/cesium.html
For my wrist, myself and lots of us geeks, use a Casio G-Shock (GW-700a) that updates its time from WWV three times a night. Its more accurate than the clocks at our local public DART train station. They are always four seconds slow.
I also have a great little Nixie clock kit that gets its info, not from WWV via radio, but from satellite GPS time. Its the dinky one at the bottom of the page. Looks fantastic though.
http://www.amug.org/~jthomas/clockpage.html -
Re:ripping HD from DVI
An array of SATA disks can do it. Check out http://www.amug.org/amug-web/html/amug/reviews/ar
t icles/sonnet/e4p/ for a review of the latest Sonnet card. It can handle capturing uncompressed HD over SDI. Of course it will eat up your storage in a hurry..... -
No, not cooler
There's been a very impressive Nixie wristwatch at http://www.amug.org/~jthomas/watch.html for quite a while now - he made it in 2001
Actually, if you read the article (or actually the website), you'll see that the maker of the current watch was "inspired" by the watch you link to above. Now the above watch is chez cool, but the maker of the new watch wanted to basically shrink the original watch down to something that one could, somewhat, practically wear on your wrist. Other than the # of digits compromise, I think he did a very good job. To say that one is "cooler" than the other, I think is a mistake, as they both had different goals in mind, and both reached some very impressive goals. -
Much cooler version
There's been a very impressive Nixie wristwatch at http://www.amug.org/~jthomas/watch.html for quite a while now - he made it in 2001. The fact that it doesn't even use a microcontroller makes it that much cooler. Less flexible because you can't re-program it, but far more in keeping with the theme of the project.
-
Re:Not
This guy made one with 4 digits, and he's the fist thing to come up when you google "nixie watch". Oh, wait, it's the same guy. Don't know why he when from 4 to 2 digits.
-
Better site, and cool photo:
-
Better site, and cool photo:
-
Re:Why a watch?
-
SATA HOWTO for mini
BACKGROUND
I bought my mini for the software. Years ago I paid for a miniDV camcorder, because I knew that someday I would be able to afford a computer to edit the footage with. That day finally came! :-)
But the HDD stinks. External SATA is possible, and the best answer. Here's why...
OPTIONS
FW 400
While I *might* go for an external FW 400 solution, the mini only has one FW port... and copying DV material from a camcorder to a FW HDD on the same channel is a no-no.
USB 2.0
slower than FW 400 on the mini, according to what I've read. But more importantly, the mini won't boot from USB.
External 3.5" PATA
Ah, now we're talking! Check out these articles: 4 sweet solutions, all of which allow use of 3.5" HDDs on the mini's own ATA/100 controller:
mini in a PC box
http://www.appletalk.com.au/articles/miniserver/
mini with an external drive box housing an ATA HDD
http://www.amug.org/amug-web/html/amug/reviews/art icles/mini/
mini ensconsed in a Centris 660
(Check out the XBench scores table)
http://www.amug.org/amug-web/html/amug/reviews/art icles/mini/dock/
And best of all (IMHO), the purple mini
http://macmod.com/content/view/273/2/
External 3.5" SATA
The problem with the external PATA solutions is that the form factor sucks. Which got me thinking: If I could only use one of those fancy new SATA cables...
PARTS LIST
1. PATA to SATA bridgeboard:
http://www.google.com/search?q=PATA2SATA
2. IDE Hard Drive Cable Adapter - 2.5'' to 3.5''
http://www.google.com/search?q=StarTech+IDE4044
3. 44 Pin Male to Male IDC 2.5" IDE Laptop Gender Changer
http://www.google.com/search?q=+44+Pin+Male+to+Mal e+IDC+2.5%22+IDE+Laptop+Gender+Changer
DETAILS
I don't yet have the money to do this project, or you would have already heard the results. :-( But here is the plan:
Assemble the three components together (and trim off the unneeded power connection from the 2.5" to 3.5" cable adapter). You now have an assembly that fits within the space normally occupied by the mini's 2.5" HDD.
WARNING: the real unknown is whether or not you can actually then snake an SATA cable from the bridge board and out the back (or side) of the mini. But I think it will work. Assuming it does...
RESULTS
There are more and more SATA drive enclosures hitting the market. This year the trend is multiplexing backplanes, so that you can RAID multiple SATA drives in the enclosure and connect them via one channe back to the computer.
Pick an attractive SATA drive enclosure, plug it in, connect it to the mini, and off you go!
Phil Lawrence
--
feel free to email me if you'd like details about the success or failure of the project, once I get the parts together -
SATA HOWTO for mini
BACKGROUND
I bought my mini for the software. Years ago I paid for a miniDV camcorder, because I knew that someday I would be able to afford a computer to edit the footage with. That day finally came! :-)
But the HDD stinks. External SATA is possible, and the best answer. Here's why...
OPTIONS
FW 400
While I *might* go for an external FW 400 solution, the mini only has one FW port... and copying DV material from a camcorder to a FW HDD on the same channel is a no-no.
USB 2.0
slower than FW 400 on the mini, according to what I've read. But more importantly, the mini won't boot from USB.
External 3.5" PATA
Ah, now we're talking! Check out these articles: 4 sweet solutions, all of which allow use of 3.5" HDDs on the mini's own ATA/100 controller:
mini in a PC box
http://www.appletalk.com.au/articles/miniserver/
mini with an external drive box housing an ATA HDD
http://www.amug.org/amug-web/html/amug/reviews/art icles/mini/
mini ensconsed in a Centris 660
(Check out the XBench scores table)
http://www.amug.org/amug-web/html/amug/reviews/art icles/mini/dock/
And best of all (IMHO), the purple mini
http://macmod.com/content/view/273/2/
External 3.5" SATA
The problem with the external PATA solutions is that the form factor sucks. Which got me thinking: If I could only use one of those fancy new SATA cables...
PARTS LIST
1. PATA to SATA bridgeboard:
http://www.google.com/search?q=PATA2SATA
2. IDE Hard Drive Cable Adapter - 2.5'' to 3.5''
http://www.google.com/search?q=StarTech+IDE4044
3. 44 Pin Male to Male IDC 2.5" IDE Laptop Gender Changer
http://www.google.com/search?q=+44+Pin+Male+to+Mal e+IDC+2.5%22+IDE+Laptop+Gender+Changer
DETAILS
I don't yet have the money to do this project, or you would have already heard the results. :-( But here is the plan:
Assemble the three components together (and trim off the unneeded power connection from the 2.5" to 3.5" cable adapter). You now have an assembly that fits within the space normally occupied by the mini's 2.5" HDD.
WARNING: the real unknown is whether or not you can actually then snake an SATA cable from the bridge board and out the back (or side) of the mini. But I think it will work. Assuming it does...
RESULTS
There are more and more SATA drive enclosures hitting the market. This year the trend is multiplexing backplanes, so that you can RAID multiple SATA drives in the enclosure and connect them via one channe back to the computer.
Pick an attractive SATA drive enclosure, plug it in, connect it to the mini, and off you go!
Phil Lawrence
--
feel free to email me if you'd like details about the success or failure of the project, once I get the parts together -
Re:crappy cable options ...
This is a little prettier. Still not the Mac mini style you want, but at least its kitschy.
-
Re:Shameless Flamebaiting Story
Because according to the chart on this page, the improvement to be had by using a 3.5" IDE drive is double the improvement of a similar drive mounted via FW400.
-
Shameless Flamebaiting StoryThe Slashdot editors are flamebaiting us. Not to mention it's a Dupe.
This calls for a completely off topic but intelligent thread to be started. How about this one:
Casemodded mac mini doubles it's disk performance
This guy case modded his mac mini putting into an old centris pizza-box. The faster disks and CD boosted performance 20% to 70% on AV things like DVD-copy and CD-to-AIFF and file copying. Overall Xbench-disk gives the set up a 2x performance enhancement.
so the new Official discussion topics are:
1) wow cool retro case mod for $10
2) Did apple cripple the mini just to make it cool?
And is that bad really. After all it is quiet and welcome in the living room something many people would pay a LOT for. Performance is not all.
-
Re:Why Sad?
This one is pretty good.
-
Re:For gods sake...
Microsoft can be forced to include a backdoor in Windows, and no-one will know/be able do anything about it, as the need of "getting those Evil Freedom-Hating Wife-Beating (etc) terrorists" is > *. Open source software is a bit harder to control, therefore it must die.
Oh, and didn't Georgieboy W. B. explain the tax cuts for the rich with "What is good for American corporations is good for the American economy"? If open source is a competitior to American corporations, open source is bad for the American economy. What further proof of commu^H^H^H^H terrorism do you need?
-
Re:thr1d ps0t
>Is that really a big stinking deal in this case?
Yes. This is Microsoft we're talking about here (well, an M$ sponsored project). Wonder what it'll phone home with today?
But hey, it's all your own personal choice.
Now, if it were coming from a trusted company, not a problem. I never had major problems with VMWare being binary, for example. -
Re:Most Apple products have been silent.
Even some of the G4s (cube) keep the fan off unless critical.
A nitpick: G4 Cube has no fan, although you can add an 80mm fan to it very easily. Mount points for the fan are already there, and the fan will blow air out the cube's "chimmney."Most of the fan noise in the DP QS 2002 machine is in the power supply. This also appears to be true for the MDD PowerMac G4s, although their main fan is variable-speed and can get loud, like the PowerBook G4's CPU fan.
-
Re:Ticket $ales not a Fair Comparison
So, inflation has been zero for the last five years? $600 million = $0.6 BILLION. The page you used said Gone With the Wind's earnings were 1 BILLION more than any of the other pages that I found.
Here are the the top 181 movies adjusted for inflation as of September 2001. -
NewtonOK - first I'm not a Newton-nut. I never owned one, never used one, glanced at friend's and said "Sweet".
That out of the way it was a sweet bit o technology, if big and bulky and with handwriting recognition that took a few revs to get worked out.
However it also had NewtonScript which appears to have been a fab development environment and incorperated some really useful ideas about a common OS-service database; something which Palm & MS-Palm folks are now really hurting for.
So, and regardless of the move to ARM processors, I'm wondering if anyone is considering doing a gnuwtonscript and releasing that? I'm well aware that Apple holds that code tightly to it's breast, has no intentions of making it's own palm-device (and so averred in an SEC-regulated announcement last year) and that the Newton folks were soon scattered to the winds after their unit was shut down...
But a decade later it seems to be a thing that would be wildly popular and fit right into the emerging needs of the little beasts.
-- Michael
ps Please feel free to correct me on the details, like I said I was never a Newton-person other then admiring them from afar.
-
Re:Could Magic Lantern be buit into Windows XPVery good point. Does anyone else remember the flap about the NSA key built into every copy of Microsoft Windows?
The feds have been accused of this before, though it's unclear to me whether or not the accusations are valid. Still, this would be a great way to deliver the application, and, as another commenter astutely noted, it would get the justice department to look at the convicted monopolists a bit less negatively.
Certainly, it wouldn't the first time that the US government had aligned themselves with nasty people...
-
Re:hmmm...> refuses to boot non signed-DVDs
And not even Microsoft would be stupid enough to have two verification keys, one of which wasn't used normally, but was used if the first one failed, so it could be replaced by an attacker to get their code accepted without stopping code signed with the first key running. Well actually, Microsoft were that stupid, but I think even they won't be stupid enough to do it twice.
-
Re:I can understand it
And this is a prime example of a company thinking they are the only ones to ever think of an idea which has been discussed in other places in this thread.
Pen based interfaces were being thought about ~5 or more years ago ( Read chapter 6 and note this was written and on the web in 1995) admittedly the company developing the C-pen might not have wanted anyone to know its particular implementation of a pen based interface. However, their idea was hardly unique and they could have discussed that they were developing a pen based computing interface, and not discussed the specific implemetation they were designing.
OTOH maybe they didn't want anyone to know anything about what they were doing, but keeping that kind of secret is extrodinarily difficult even with NDA's, people want to talk to friends etc. about what they are doing. It might not end up in the hands of a competitor, but it probably will if the competitor is actively seeking information.