Domain: ottawa.on.ca
Stories and comments across the archive that link to ottawa.on.ca.
Comments · 26
-
Re:Easy...
Be good to quote your sources: here's one for example: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/billsatan.html
-
Re:Simple solution.
They are simply asking to give the police the power to force you to submit keys on request.
Like the UK government, you apparently don't understand what perfect forward security is. Or the UK government knows, and plans to ban data communications systems that use perfect forward security (PFS).Well let's say I've got a long running IPsec session going. The first session key, derived from my secret key, was established 3 days ago. By now I'm on my N'th secret key. Today the UK police give my ISP or employer a supoena for my desktops IPsec key. The boss says "sure, here it is." The police packet sniff my IP traffic and find that they can't do anything with it because they don't know my session key, and don't have the full 3 days of traffic to derive all N session keys (perfect forward security and all that). If the UK government could hack into my desktop or hack into the destination of of my IP traffic, they could decrypt current and future traffic, but if I'm smart enough I'll be able to detect that. So if PFS is not banned, the UK government will require every system to have an undetectable back door.
Except that the criminals will use open or free source, and remove the back doors. When safe cryto is made unlawful, only the unlawful will have access to safe crypto.
-
Don't forget striker!Some domains get a LOT more spam than others. One example is striker. Back in 2001, Alan DeKok was getting 300,000 spams per day. I suspect that if he tried to measure it now, he would easily get several million, or maybe even tens of millions of spams per day.
And, no, having the domain disabled for a long period of time doesn't help. There are several domains that are being used as spam traps now a days after having been disabled for years.
-
Re:Just like the samba benchmark
In the past I have seen people post blatantly false things which get accepted as true just because the mods are too lazy to check. So I thought I'd chime in here with links to some evidence to back up parent.
1) The algorithms used in SSL are listed on page 33 of the pdf linked to. Both linux setups use 3DES+SHA1 and windows uses RC4+MD5 (as parent said).
2) This page (found via google) has a table comparing ciphers about 2/3 of the way down. RC4 appears to be about 2-3 times faster than 3DES.
3) This email contains a comparison between MD5 and SHA1. MD5 appears to be 2.5 - 5 times faster than SHA1. -
Re:Orleans
For those of you who have no idea where Orleans is in Ontario, its very close to Ottawa
Orleans is part of Ottawa actually - one of the east end suburbs.
Also, the guy alledgedly was planning something in the UK, not the US, so the proximity to the US border isn't really an issue. Besides, something like 90% or our population is within a few hours of the US border.
-
Re:Lobbying
Don't forget the great Heinlein quote on innovation/protectionism as well.
-
Re:Let me get this straight
That little devil is up to more than meets the eye...
-
MD5 Cannot stand up in court.
The md5 hashing algorithm has been proven to contain flaws allowing two files to produce identical md5 sums.
-
Re:Cash for updates?
I don't believe it's fair to blame Microsoft if they chose to charge customers for certain updates. After reading the article I can't find any intention to charge for critical security updates, only for small bugfix and minor improvement type updates.
Howevar this is not so bad, certainly better than Red Hat who's up2date tool requires subscription for all updates, even security ones. Red Hat are celebrated as hero's of open sores, because they have found the magic business model, yet there are worse than Microsoft!
Debian zealots will say that apt-get is the solution, but it does not offer signed packages, which is vary important to enterprise customers who do not have time to check every MD5sum. Even for the home user, md5 is not secure! -
I Agree
Ron has worked closely with Adi Shamir and Leonard Adleman, Twirlip refuses to comment on Israel due to personal issues.
Ron has been known to use the nickname "Twirlip of the Mists"
Twirlip has implied ties with White House officials, Ron worked closely with the government in cryptography.
Twirlip has stated on numerous occasions that he uses an Apple computer, Ron uses a Mac.
Not damning, but interesting evidence nonetheless. -
Re:Personally...
Maybe you're in a rural environment?
Yes I am. You have probably not even heard of it. -
Re:Fibre optics
Sexing penguins? You mean like this?
-
Its slashdotted
-
Re:Cool
-
Alta Vista
-
Not The City Of Ottawa Web Site
That isn't the city of Ottawa web site, thats a local news web site. If you want the City Of Ottawa's web site, check out http://www.city.ottawa.on.ca/
-
Re:The G8 Summit.
Er, which capital city are you thinking of?
There isn't even a city where the G8 is officially being held (Kananaskis) and Calgary is neither a federal nor a provincial capital.
Toronto, is not Canada's capital either.
Ottawa holds that dubious honour. Toronto just thinks it's the captial of Canada and, of course, many people around the world get fooled.
For good time, you can always check what our southern neighbours think about us. -
Re:PPPoE
i was very unhappy with PPPoE. but maybe I was just very unhappy with bell atlantic DSL.
first, the do not advertize that they use PPPoE, so I had to figure that out myself, and obviously they are clueless about everything.
there were 3 different solutions for PPPoE in Linux. The one i used required a kernel patch and running pppd (PPPoE seems like useless overhead).
i had to use a dynamic IP which forced me to use dynodns.net, and it was quite a pain with the firewall scripts. bell atlantic claimed there was no way to get a fixed IP with PPPoE.
finally, the worst thing was that i would get disconnected all the time and had to log back in. a simple keepalive script helped with that.
i canceled my DSL service with them.
maybe someone else had a better experience with PPPoE? -
Re:PPPoE
There is a quite good patch for kernel support at
http://www.davin.ottawa.on.ca/pppoe/.
the creator Jamal Hadi Salim is actively working on it (last update March 30)
He has made a proposal on netdev (archive) about it, and Michal Ostrowski who wrote another implementation in kernel space has shared the discussion. Read the long thread in the archive.
Jamal writes somewhere in the readmes they'll plan to merge at pppoed 0.5 and it seems they're actively pushing for getting it into the kernel.
Unfortunately I wasn't able to find some information lately, but the fact that the pppoed is being updated gives me hope.
Suse has incorporated Jamals pppoed in their 6.3 kernel and Suse's Andi Kleen had his hands on that code (modularization).
The final goal seems to be to create a generic pppox (x=ethernet/atm/whatnot) device in kernel space and to incorporate pppoed (the userspace part, doing the discovery) in pppd.
I have to say that pppoed on linux is far superior to every implentation on other os's I have seen (winpoet and friends suck ass). There is one driver for win2000 made by a volunteer which seems very good, but only linux already has the pppoe-server.
And they have a fix for the mtu-problem on the clients when connecting a network to the internet with pppoed. -
Re:PPPoE
I just perused the 2.3.99-pre3 source, and I didn't see any sign of a pppox.c driver (not that I necessarily know where to look, I checked in drivers/net...). Anyway, I had heard that 2.4 would include pppox support, but maybe it will show up in the later releases (hopefully before 2.6...).
I have Bell Atlantic DSL (which has recently switched to PPPoE and dynamic ip's), and I use
pppoed and the pppoe kernel patch by Jamal Hadi Salim (2.2.14 patch and pppoed source available from: http://www.davin.ottawa.on.ca/pppoe). It works great for me. I have heard others have success with the Roaring Penguin pppoe userspace client. -
PPPoE (was:Danger! Don't root for DSL just yet...)
Don't panic, it's pppoe, there's a cool
open source solution for linux at
http://www.davin.ottawa.on.ca/pppoe/.
For other solutions go to freshmeat. -
This is one thread I hope picks up soonThis is a question I, personally, would love to have answered. We use Checkpoint FW/1 on Solaris where I work. It's a bit of a pain to get into the office network from outside (say, via my dialup account from Mindspring) when using Linux. The SecuRemote clients exist only for Windows. If Free S/WAN will let me use my home dialup router/firewall (Linux) machine as a VPN client, yay.
I hunted through the mail-list archive and found the following:- The Question. More or less content-free.
- Some info, some questions.
- Some answers to the above questions. Like, FreeSwan no longer supports plain DES; you have to use 3DES. And, "Manual-key setup has to be done on *both* ends"
- This guy is willing to pay for help.
- Assload of debugging data, from Interop setup.
- Here is a list of Checkpoint partners and things that work with a Checkpoint firewall. Not comprehensive.
- OPSEC ("Open Platform for Security")site. Stuff that works with Firewall-1 and other OPSEC-compliant firewalls. I don't know if there are any besides FW-1.
- IPSec for FreeBSD
- Some IPSec software from MIT
- The people who make SSH also have IPSec/IKE products.
... anyone know of anything else? -
This is one thread I hope picks up soonThis is a question I, personally, would love to have answered. We use Checkpoint FW/1 on Solaris where I work. It's a bit of a pain to get into the office network from outside (say, via my dialup account from Mindspring) when using Linux. The SecuRemote clients exist only for Windows. If Free S/WAN will let me use my home dialup router/firewall (Linux) machine as a VPN client, yay.
I hunted through the mail-list archive and found the following:- The Question. More or less content-free.
- Some info, some questions.
- Some answers to the above questions. Like, FreeSwan no longer supports plain DES; you have to use 3DES. And, "Manual-key setup has to be done on *both* ends"
- This guy is willing to pay for help.
- Assload of debugging data, from Interop setup.
- Here is a list of Checkpoint partners and things that work with a Checkpoint firewall. Not comprehensive.
- OPSEC ("Open Platform for Security")site. Stuff that works with Firewall-1 and other OPSEC-compliant firewalls. I don't know if there are any besides FW-1.
- IPSec for FreeBSD
- Some IPSec software from MIT
- The people who make SSH also have IPSec/IKE products.
... anyone know of anything else? -
This is one thread I hope picks up soonThis is a question I, personally, would love to have answered. We use Checkpoint FW/1 on Solaris where I work. It's a bit of a pain to get into the office network from outside (say, via my dialup account from Mindspring) when using Linux. The SecuRemote clients exist only for Windows. If Free S/WAN will let me use my home dialup router/firewall (Linux) machine as a VPN client, yay.
I hunted through the mail-list archive and found the following:- The Question. More or less content-free.
- Some info, some questions.
- Some answers to the above questions. Like, FreeSwan no longer supports plain DES; you have to use 3DES. And, "Manual-key setup has to be done on *both* ends"
- This guy is willing to pay for help.
- Assload of debugging data, from Interop setup.
- Here is a list of Checkpoint partners and things that work with a Checkpoint firewall. Not comprehensive.
- OPSEC ("Open Platform for Security")site. Stuff that works with Firewall-1 and other OPSEC-compliant firewalls. I don't know if there are any besides FW-1.
- IPSec for FreeBSD
- Some IPSec software from MIT
- The people who make SSH also have IPSec/IKE products.
... anyone know of anything else? -
This is one thread I hope picks up soonThis is a question I, personally, would love to have answered. We use Checkpoint FW/1 on Solaris where I work. It's a bit of a pain to get into the office network from outside (say, via my dialup account from Mindspring) when using Linux. The SecuRemote clients exist only for Windows. If Free S/WAN will let me use my home dialup router/firewall (Linux) machine as a VPN client, yay.
I hunted through the mail-list archive and found the following:- The Question. More or less content-free.
- Some info, some questions.
- Some answers to the above questions. Like, FreeSwan no longer supports plain DES; you have to use 3DES. And, "Manual-key setup has to be done on *both* ends"
- This guy is willing to pay for help.
- Assload of debugging data, from Interop setup.
- Here is a list of Checkpoint partners and things that work with a Checkpoint firewall. Not comprehensive.
- OPSEC ("Open Platform for Security")site. Stuff that works with Firewall-1 and other OPSEC-compliant firewalls. I don't know if there are any besides FW-1.
- IPSec for FreeBSD
- Some IPSec software from MIT
- The people who make SSH also have IPSec/IKE products.
... anyone know of anything else? -
This is one thread I hope picks up soonThis is a question I, personally, would love to have answered. We use Checkpoint FW/1 on Solaris where I work. It's a bit of a pain to get into the office network from outside (say, via my dialup account from Mindspring) when using Linux. The SecuRemote clients exist only for Windows. If Free S/WAN will let me use my home dialup router/firewall (Linux) machine as a VPN client, yay.
I hunted through the mail-list archive and found the following:- The Question. More or less content-free.
- Some info, some questions.
- Some answers to the above questions. Like, FreeSwan no longer supports plain DES; you have to use 3DES. And, "Manual-key setup has to be done on *both* ends"
- This guy is willing to pay for help.
- Assload of debugging data, from Interop setup.
- Here is a list of Checkpoint partners and things that work with a Checkpoint firewall. Not comprehensive.
- OPSEC ("Open Platform for Security")site. Stuff that works with Firewall-1 and other OPSEC-compliant firewalls. I don't know if there are any besides FW-1.
- IPSec for FreeBSD
- Some IPSec software from MIT
- The people who make SSH also have IPSec/IKE products.
... anyone know of anything else?