I find it particularly disturbing that their solution to too much traffic to their CRL server is to use non-routable addresses in DNS. As a result of this action, they have reduced the integrity of their certificates (yes, that means diluting TRUST, which is the foundation of PKI) by making the revocation lists unavailable. Without CRL checking, Verisign certificates have no inherit integrity advantage over self-signed certificates. This is what we pay for?
I'm a dropout from a fine-arts program with the repressed love/hate of the American South that so many Yanqui's seem to possess, so YMMV but:
National Galleries in Washington D.C. - Amadeo Modigliani's "Nude Reclining on a Divan" will make you ponder the true nature of beauty.
The Museum of the Art Institute of Chicago - Solid collection of Impressionist works featuring one of my favorites - Gustav Caillebotte's "Paris Street, Rainy Day", an excellent example of an aesthetic that had a profound effect on the development of the discipline of street photography.
The New Orleans Museum of Art - Their collection of Faberge items commissioned by Tsar Nicholas, et al. makes you truly understand why the Bolshevik revolution was inevitable.
In Washington D.C., eat, drink and be merry at the Bierskellar in the Dupont Circle/Embassy Row area. The Largest beer selection in the U.S. and buckets of tasty steamed mussels can make most things better.
While in New Orleans, stay at the Edgar Degas house. It's a Bed & Breakfast now and the proceeds go towards restoration. It's on Esplanade. When I was last there, the chef made the best grits I have ever had.
I also recommend eating at the Waffle House chain. The decor and menus are so chaotic as to cause seizures. In fact, I'm twitching now.
Thankfully, someone else is a fan of ARMOR as well. For years, I've been combing used bookstores in my area to find copies to give to others. My favorite line:
Cryptography is not all that OpenBSD is about. OpenBSD more importantly is about highly audited code at the operating system level. That's why most vulnerabilities have been proactively fixed. Cryptography will do nothing for you if the application that uses it is vulnerable due to coding mistakes. SSH+RSAREF come to mind.
I agree the 3c905B's are troublesome. I have two that drop packets. But the recommended NetGear NIC's don't use the Tulip chip anymore, the current ones use a LiteOn chip instead.
I've had the best luck with Intel eepro 100's under both Linux and OpenBSD, and in the sense of saving the DoD some $$, I think they are cheaper than the 3com's.
I guess thourough depends on the reader. Personally I didn't think it was thourough either, but someone who has never used OpenBSD before may have felt it was a great resource. There are not a lot of web resources available for OpenBSD, something I hope to change.
I try to keep an ongoing on-line diary of my experiences installing and using and experimenting with OpenBSD. It available here. Four years ago, you would have been hard pressed to find mention of Linux anywhere, much less a thorough review. Now OpenBSD is getting some attention.
Personally I think Matt should be credited with at least being curious enough about OpenBSD to give it a try , and willing to share it with the community. That's what it's all about right?
I just spent the last 2 weeks playing with OpenBSD on two 486's at home. I've posted a diary of sorts here. I really like OpenBSD. In fact I may switch my last linux box over to OpenBSD in the next week or two. Too bad, I was really enjoying being able to listen to WWOZ on RealPlayer. Does anyone know if the FreeBSD realplayer works with OpenBSD 2.5?
"The marijuana cigarette is called a roach because it resembles a cockroach." This guy is out-there. It's like watching "refer madness" or anti-drug films from the sixties, or for that matter, Microsoft testimony from the nineties. Sounds to me like the subjects have been screwing with the research(er). Oh well, professionalism from a cop is too much to ask.
Oh yeah, I'm taking their word for it. These are the same people who made the world safe for democracy by installing dictators and death squads. I wouldn't trust their predictions for a football game much less the Year 2000 problem. A monkey with a typewriter could produce more accurate predictions than that bunch of icompetent malicious spooks. Consider that the people they pay for information get paid on the basis of the alarmist information they spread. This is like asking Hitler to chair a human rights commission in Kosovo. What a bunch of wankers!
Exactly! If the FCC is going to be shortsighted enough to push Internet users into the hands of the cable industry then so be it, but they have to shut the hell up about it when they p*ss away their revenue stream.
Dude, your dogs barking. Up the dosage and grow a sense of humor. There were some posts a couple of days ago about M$ posting fake "isn't M$ great" articles in forums. I simply applied that to your defense of Apple. Lighten up.
I have to agree. I'm on a 233mhz Cyrix with lots of RAM and an ISDN line and that stupid website ground my computer to a halt. (And yes, I use a real OS) I'd be happy to do the shooting, but in order to save time, I recommend we have them dig their own graves first.
Hell, for $10 million dollars, I can bribe someone to give me the information I need. The point is there is no such thing as total security, only relative levels of such. If I throw enough money and processing power at a problem, it's a safe bet it can be solved eventually. But of what value is that encrypted information once it is cracked? If it's time sensitive, is that info still valid? Was it worth the resources consumed to get it? If they want my credit card information that bad, I'd be happy to sell it for the bargain price of a cool million.
Slashdot Mirror
I find it particularly disturbing that their solution to too much traffic to their CRL server is to use non-routable addresses in DNS. As a result of this action, they have reduced the integrity of their certificates (yes, that means diluting TRUST, which is the foundation of PKI) by making the revocation lists unavailable. Without CRL checking, Verisign certificates have no inherit integrity advantage over self-signed certificates. This is what we pay for?
Non-authoritative answer:
Name: crl.verisign.net
Addresses: 10.0.0.1, 10.0.0.2, 10.0.0.3, 64.94.110.11
198.49.161.200, 198.49.161.205, 198.49.161.206
Aliases: crl.verisign.com
- National Galleries in Washington D.C. - Amadeo Modigliani's "Nude Reclining on a Divan" will make you ponder the true nature of beauty.
- The Museum of the Art Institute of Chicago - Solid collection of Impressionist works featuring one of my favorites - Gustav Caillebotte's "Paris Street, Rainy Day", an excellent example of an aesthetic that had a profound effect on the development of the discipline of street photography.
- The New Orleans Museum of Art - Their collection of Faberge items commissioned by Tsar Nicholas, et al. makes you truly understand why the Bolshevik revolution was inevitable.
In Washington D.C., eat, drink and be merry at the Bierskellar in the Dupont Circle/Embassy Row area. The Largest beer selection in the U.S. and buckets of tasty steamed mussels can make most things better.While in New Orleans, stay at the Edgar Degas house. It's a Bed & Breakfast now and the proceeds go towards restoration. It's on Esplanade. When I was last there, the chef made the best grits I have ever had.
I also recommend eating at the Waffle House chain. The decor and menus are so chaotic as to cause seizures. In fact, I'm twitching now.
You are what you do when it counts - The Masao.
Cryptography is not all that OpenBSD is about. OpenBSD more importantly is about highly audited code at the operating system level. That's why most vulnerabilities have been proactively fixed. Cryptography will do nothing for you if the application that uses it is vulnerable due to coding mistakes. SSH+RSAREF come to mind.
Lynx is available with https support. OpenBSD 2.7 ships with this.
I agree the 3c905B's are troublesome. I have two that drop packets. But the recommended NetGear NIC's don't use the Tulip chip anymore, the current ones use a LiteOn chip instead.
I've had the best luck with Intel eepro 100's under both Linux and OpenBSD, and in the sense of saving the DoD some $$, I think they are cheaper than the 3com's.
I guess thourough depends on the reader. Personally I didn't think it was thourough either, but someone who has never used OpenBSD before may have felt it was a great resource. There are not a lot of web resources available for OpenBSD, something I hope to change.
.02
I try to keep an ongoing on-line diary of my experiences installing and using and experimenting with OpenBSD. It available here. Four years ago, you would have been hard pressed to find mention of Linux anywhere, much less a thorough review. Now OpenBSD is getting some attention.
Personally I think Matt should be credited with at least being curious enough about OpenBSD to give it a try , and willing to share it with the community. That's what it's all about right?
My
Of course we cant forget the one that started it all, the biggest, the baddest.
I just spent the last 2 weeks playing with OpenBSD on two 486's at home. I've posted a diary of sorts here. I really like OpenBSD. In fact I may switch my last linux box over to OpenBSD in the next week or two. Too bad, I was really enjoying being able to listen to WWOZ on RealPlayer. Does anyone know if the FreeBSD realplayer works with OpenBSD 2.5?
jim
It's Festus.
Can't remember the actors name though.
"The marijuana cigarette is called a roach because it resembles a cockroach." This guy is out-there. It's like watching "refer madness" or anti-drug films from the sixties, or for that matter, Microsoft testimony from the nineties. Sounds to me like the subjects have been screwing with the research(er). Oh well, professionalism from a cop is too much to ask.
Oh yeah, I'm taking their word for it. These are the same people who made the world safe for democracy by installing dictators and death squads. I wouldn't trust their predictions for a football game much less the Year 2000 problem. A monkey with a typewriter could produce more accurate predictions than that bunch of icompetent malicious spooks. Consider that the people they pay for information get paid on the basis of the alarmist information they spread. This is like asking Hitler to chair a human rights commission in Kosovo. What a bunch of wankers!
Exactly! If the FCC is going to be shortsighted enough to push Internet users into the hands of the cable industry then so be it, but they have to shut the hell up about it when they p*ss away their revenue stream.
What a bunch of wankers. If they blew Microsoft's horn any harder their lips would split.
Dude, your dogs barking. Up the dosage and grow a sense of humor. There were some posts a couple of days ago about M$ posting fake "isn't M$ great" articles in forums. I simply applied that to your defense of Apple. Lighten up.
I have to agree. I'm on a 233mhz Cyrix with lots of RAM and an ISDN line and that stupid website ground my computer to a halt. (And yes, I use a real OS) I'd be happy to do the shooting, but in order to save time, I recommend we have them dig their own graves first.
Hell, for $10 million dollars, I can bribe someone to give me the information I need. The point is there is no such thing as total security, only relative levels of such. If I throw enough money and processing power at a problem, it's a safe bet it can be solved eventually. But of what value is that encrypted information once it is cracked? If it's time sensitive, is that info still valid? Was it worth the resources consumed to get it? If they want my credit card information that bad, I'd be happy to sell it for the bargain price of a cool million.