Our solution: We use a new symmetric key for each file. The symmetric key is stored in the encrypted file, encrypted using a public key. All you, as a backup client, have to do is to store that one private key in a safe place.
We went one step further. We use an encryption mechanism we developed to make sure the encryption works well with rsync.
Knowing the/. crowed, your next question is "do you expect me to trust an encryption method you developed?". Good question.
No, that's why we are still using AES, and have somewhat modified CBC. If you want to test what we've done, feel free to download the program. We've open sourced it. http://sourceforge.net/projects/rsyncrypto.
You hack one server. One copy of the data gets corrupted. Second copy, however, is on a server that can only initiate outgoing connections. You cannot hack that one from outside. By the time the data gets synced, the hash proves to be wrong, and we know we were hacked. Restore from good backup, and we're done.
Shachar
I might as well claim credit as well
on
Examining ICMP Flaws
·
· Score: 2, Interesting
When I worked at CheckPoint, back in 2002, I was project manager for SmartDefence. We integrated protection against the PMTU window size problem into SmartDefence, and we had protection against it ever since version 1 (that is - late 2002). You can set the minimal value a PMTU window can shrink to, with ~300 being the default minimum.
The reason we didn't take credit for discovering this at the time was that I picked it up myself from a side note in one of the security mailing lists. I couldn't find at the time the place this was first published, and I sure as hell won't be able to locate it now, but this is not a newly discovered problem, nor is it non-public. The attention is new, but the problem was known even before.
As I no longer work for CheckPoint, I don't know whether they'll make a media circus from this or not. I don't really care either.
It's really interesting how such myths spread. I think the most interesting things are just how much computer geeks are NOT foreign to sex.
Now, some of the new people I'm not sure about. If you take the intersection of the people from this year's photo and last year's photo, you'll have a hard time finding a wine hacker appearing in both that is not either married, or has had a GF for over half a year (You will find me in the bottom row in the new picture. Personally, I more or less belong in both categories, having been married + now having a GF for over half a year).
As for the general myth - I took an online "sex quize" a few months ago. One of the questions was, unsuprisingly, "are you a virgin?". Another question was "are you a trecky". At the end, they showed some statistics.
Over 40,000 people took the quiz at the time I took it.
The percentage of virgins among the treckies was lower than the percentage of virgins in the general population.
In other words, being a trecky makes you MORE likely to have sex, not less.
But that's just what the 0.9, and 1.0, releases are all about.
The idea is to focus Wine on the "just work" angle. We've had TONS of improvement already. Wine now autogenerates a basic configuration when first run. We got rid of the config file. We added a GUI configuration tool (readonly at this stage). We made drive mapping immediately clear to anyone who bothers to look.
We still have a little more to go. That's why Alexandre allowed himself to bring up a deadline for 0.9. We need the configuration tool to be able to change the settings. This, in turn, requires that the settings in the registry persist. Having said that - we're not that far off.
Sorry to ruin it for you - all the girls in the pictures are Wine (and Samba and ReactOS - it's been quite a diversified conference this year) wives and GFs. None of them attended the actual lectures.
I have a similar puzzle at home. I was missing one 1x2 piece to build the pattern shown in the web site. I complemented it using a piece of paper.
It took me about 15 minutes of manual sliding to find a 29 moves solution. This is, by far, not the hardest form possible. Unless the picture they show on the web site is not it, I'm afraid this whole effort was in vain.
Is that the same publishing in which the scrabble set read "What do you get when you multiply 6 by 7"? Yes, I see how that is a reliable source.
Then again, my English version also has a picture of the heart of gold as a running shoe. More specifically, it has 4 fourths of a picture of the Heart of Gold as a running shoe. You need all four books to see the bigger picture.
Sasser broke a new record in the time it took to find the worm, from the time the hole on which the worm was based was issued a public patch. Now that we, allegedly, have the worm's author, we can ask him whether it was rev-enged from the patch, or whether he had prior knowledge of the hole.
Shachar
P.S. I would wager the former, but still interesting to get an authorative answer.
I don't get it. This is a 192.168 RFC 1918 private internet address. noone is authorized for the reverse lookup of this IP, and it follows that you cannot register it.
I don't know about planes, but I do know a little about the salvage laws on water.
Basically, if you issue an SOS from a ship, any nearby vessel is bound by marine law to come and help you out. Mind, however, that they are bound to to help your soul, i.e. the people, out. There is no obligation whatso'ever torwards equipment.
If your rescuer decides to help your equipment out in any way, they are entitiled to compensation according the salvage law. Unlike what people usually think, this does not mean they get your ship (at least, not automatically), but it is a long and very generous process torwards the rescuer.
In fact, the process is so generous that there are lots of stories of people, when asked for help, that trick the askers into making it an SOS call (asking them to burn a red flare and such), so they can claim salvage.
My instructor recommended that we ask anyone who offers us help in non-emergency cases to sign an LOF, which stands for "Loyd's Open Form". It's an agreement that they do not ask for salvage, and instead agree to a compensation according to a known table.
Returning to the subject at hand - this man had an emergency. He landed his plane as an SOS. He is being treated better than the rules dictate. The rules say that they should have saved his soul (which they did - offering him shelter and food), and that they have no obligation torwards his equipment. The rules further say that if they ship his plane anywhere at all, they deserve compensation (above shipping costs), which are quite dear.
Globes is an Israeli financial newpaper. I'm not familiar with Dr. Sauer, but he is the one who pointed me here, so I guess he is reading at least this slashdot story.
This scenario has to do with misunderstanding the Arabs. This time, it's the europeans.
As you may know, the digits we use are called "Arab digits", because the Arabs invented the decimal system. Around the middle ages the european found out these numbers. However, they did not stop to fully gasp how to use them.
In Arabic, 123 would be read as "three and twenty and one hundred". This means that it is written from right to left, just like the rest of the language. Europeans, eager to read things from left to right, interpret that as "one hundred and twenty three", leaving the digits in the same order, but reversing the reading order.
Unlike what many would like to think, Hebrew is not an ancient language. Biblical Hebrew is, of course. However, while biblical Hebrew does use the decimal system more or less, it counts like the arabs (starting from the units, and advancing upwards). The writing notation resembles the roman one, and was not decimal.
The modern Hebrew was mostly drafted by Eliezer Ben-Yehuda, who's native language was..... Polish. As such, a lot of European influence made it into the modern Hebrew. One such influence are the numbers, that are now written left to right.
Oh yes, the typewriters simply let you write numbers units first. This was a small problem. Proper billingual text, however, is today very popular. This text requires a better engine for layout.
The specific office moving to OO do not maintain their own computers. They are on contract from IBM, and IBM preferred OO to Word.
The contract is global, and the ministry does not pay more (or less) because of it. MS received quite some scorn over that, as their initial press release was claiming this is going to cost 50$/station. When the correction came in that OO was used rather than star office, their corrected response was seeked. They declined to comment.
Another twist is that the Mac angle was not raised, not even once. I believe The Register put it in because they were the first to flag that.
... is significantly harder for the security team to support... "over the next week or so", technical solutions...
Also: If you can live without this for a while... you can install woody now.
A server I maintain had to be upgraded to woody because of administration error, and was since hacked. As I don't want to go through the reinstall process yet again, I'll wait for when woody is ready, thankyouverymuch.
At least reinstalling the server proved to be an effective way to return to potato.
It even had non-executable stack and everything:-(
If the program is in the public domain, open source licenses are inapplicable, because it's no longer anybody's to impose licensing restrictions on. Hence the question.
I disagree. If the program (and sources) are under public domain, you can make your own release under whatever license you want. That's what "public domain" means.
If you have not made significant changes to the sources, however, people are highly likely to prefer the original, with which THEY can do whatever THEY want.
Re:Transparent Aluminum is for *Rebar*
on
Transparent Concrete
·
· Score: 2, Insightful
It has been my understanding that all metals must be the color they are, because of the way electrons swim around in the metal meta-crystal, and the way they interact with hitting photons.
If this understanding of mine is correct, transparent aluminium (or any other metal reinforcement) is not likely to happen, but some sort of plastic may do the trick.
Actually, you can do it sometimes today, at work, to go around quota problems.
We have a NetApp here, and it has "snapshots" (the image of your directory every hour, and two nights back). If you are running out of room, you can delete files, and refer to them from the snapshots. This is PRECISELY the compression you describe.
I use a PIII 500 at home. It is fast enough for everything I need to do, even on those occasions I need to run Windows.
A few weeks ago I had to buy a "server" for a personal usage. I went for the lowest of the lowest, and bought a PIII 800 for considerably less then I thought I would have to pay for the server. Up to that point, a Pentium 100 did the same job, quite successfully.
2GHZ? Unless this gives me cheaper PIII 800 (which it won't, it'll only drive the low end to higher performances, not lower prices), who cares?
Ok, IANAL (always loved the sound of that acronym) (don't you just love it when someone uses an acronym to make things shorter, and then puts in some extra comments about the acronym which would have made not using the acronym at all so much shorter?).
The way I see it, the IBM license is, in spirit, very much like the GPL.
You have the right to:
remain silent
distribute binaries, but you must supply source for a reasonable cost.
distribute source, it must be under this license.
The only different I see is that you can somewhat change the license on binaries.
One more difference is that they made an heroic attempt to deal with liability, support and patent licensing issues.
Slashdot Mirror
Our solution:
/. crowed, your next question is "do you expect me to trust an encryption method you developed?". Good question.
We use a new symmetric key for each file. The symmetric key is stored in the encrypted file, encrypted using a public key. All you, as a backup client, have to do is to store that one private key in a safe place.
We went one step further. We use an encryption mechanism we developed to make sure the encryption works well with rsync.
Knowing the
No, that's why we are still using AES, and have somewhat modified CBC. If you want to test what we've done, feel free to download the program. We've open sourced it. http://sourceforge.net/projects/rsyncrypto.
Shachar
No, it does not.
http://www.lingnu.com/backup.html
You hack one server. One copy of the data gets corrupted. Second copy, however, is on a server that can only initiate outgoing connections. You cannot hack that one from outside. By the time the data gets synced, the hash proves to be wrong, and we know we were hacked. Restore from good backup, and we're done.
Shachar
When I worked at CheckPoint, back in 2002, I was project manager for SmartDefence. We integrated protection against the PMTU window size problem into SmartDefence, and we had protection against it ever since version 1 (that is - late 2002). You can set the minimal value a PMTU window can shrink to, with ~300 being the default minimum.
The reason we didn't take credit for discovering this at the time was that I picked it up myself from a side note in one of the security mailing lists. I couldn't find at the time the place this was first published, and I sure as hell won't be able to locate it now, but this is not a newly discovered problem, nor is it non-public. The attention is new, but the problem was known even before.
As I no longer work for CheckPoint, I don't know whether they'll make a media circus from this or not. I don't really care either.
Shachar
It's really interesting how such myths spread. I think the most interesting things are just how much computer geeks are NOT foreign to sex.
Now, some of the new people I'm not sure about. If you take the intersection of the people from this year's photo and last year's photo, you'll have a hard time finding a wine hacker appearing in both that is not either married, or has had a GF for over half a year (You will find me in the bottom row in the new picture. Personally, I more or less belong in both categories, having been married + now having a GF for over half a year).
As for the general myth - I took an online "sex quize" a few months ago. One of the questions was, unsuprisingly, "are you a virgin?". Another question was "are you a trecky". At the end, they showed some statistics.
In other words, being a trecky makes you MORE likely to have sex, not less.
Just some points to think about.
Shachar
But that's just what the 0.9, and 1.0, releases are all about.
The idea is to focus Wine on the "just work" angle. We've had TONS of improvement already. Wine now autogenerates a basic configuration when first run. We got rid of the config file. We added a GUI configuration tool (readonly at this stage). We made drive mapping immediately clear to anyone who bothers to look.
We still have a little more to go. That's why Alexandre allowed himself to bring up a deadline for 0.9. We need the configuration tool to be able to change the settings. This, in turn, requires that the settings in the registry persist. Having said that - we're not that far off.
Shachar
Sorry to ruin it for you - all the girls in the pictures are Wine (and Samba and ReactOS - it's been quite a diversified conference this year) wives and GFs. None of them attended the actual lectures.
My bad. I thought I was meant to move it to the *bottom* right corner. I take it back...
I have a similar puzzle at home. I was missing one 1x2 piece to build the pattern shown in the web site. I complemented it using a piece of paper.
It took me about 15 minutes of manual sliding to find a 29 moves solution. This is, by far, not the hardest form possible. Unless the picture they show on the web site is not it, I'm afraid this whole effort was in vain.
Shachar
Is that the same publishing in which the scrabble set read "What do you get when you multiply 6 by 7"? Yes, I see how that is a reliable source.
Then again, my English version also has a picture of the heart of gold as a running shoe. More specifically, it has 4 fourths of a picture of the Heart of Gold as a running shoe. You need all four books to see the bigger picture.
Shachar
Dear Mr. A. Coward,
My native language is Hebrew. How many languages can you convey a message in so that people can understand, with or without grammar mistakes?
Sincerely,
Shachar
P.s.
http://www.shemesh.biz/sun.html for what my name means, as well as some clue about how much different languages can differ.
not really an important one, but still.
Sasser broke a new record in the time it took to find the worm, from the time the hole on which the worm was based was issued a public patch. Now that we, allegedly, have the worm's author, we can ask him whether it was rev-enged from the patch, or whether he had prior knowledge of the hole.
Shachar
P.S.
I would wager the former, but still interesting to get an authorative answer.
I don't get it. This is a 192.168 RFC 1918 private internet address. noone is authorized for the reverse lookup of this IP, and it follows that you cannot register it.
I stand by my original comment.
Read some RFCs.
I have. In particular, I have read RFC 1918.
I'd like to see that happen...
I don't know about planes, but I do know a little about the salvage laws on water.
Basically, if you issue an SOS from a ship, any nearby vessel is bound by marine law to come and help you out. Mind, however, that they are bound to to help your soul, i.e. the people, out. There is no obligation whatso'ever torwards equipment.
If your rescuer decides to help your equipment out in any way, they are entitiled to compensation according the salvage law. Unlike what people usually think, this does not mean they get your ship (at least, not automatically), but it is a long and very generous process torwards the rescuer.
In fact, the process is so generous that there are lots of stories of people, when asked for help, that trick the askers into making it an SOS call (asking them to burn a red flare and such), so they can claim salvage.
My instructor recommended that we ask anyone who offers us help in non-emergency cases to sign an LOF, which stands for "Loyd's Open Form". It's an agreement that they do not ask for salvage, and instead agree to a compensation according to a known table.
Returning to the subject at hand - this man had an emergency. He landed his plane as an SOS. He is being treated better than the rules dictate. The rules say that they should have saved his soul (which they did - offering him shelter and food), and that they have no obligation torwards his equipment. The rules further say that if they ship his plane anywhere at all, they deserve compensation (above shipping costs), which are quite dear.
All in all, he has received a fair deal.
http://www.globes.co.il/serveen/globes/DocView.asp ?did=747399&fid=980
Globes is an Israeli financial newpaper. I'm not familiar with Dr. Sauer, but he is the one who pointed me here, so I guess he is reading at least this slashdot story.
Shachar
This scenario has to do with misunderstanding the Arabs. This time, it's the europeans.
..... Polish. As such, a lot of European influence made it into the modern Hebrew. One such influence are the numbers, that are now written left to right.
As you may know, the digits we use are called "Arab digits", because the Arabs invented the decimal system. Around the middle ages the european found out these numbers. However, they did not stop to fully gasp how to use them.
In Arabic, 123 would be read as "three and twenty and one hundred". This means that it is written from right to left, just like the rest of the language. Europeans, eager to read things from left to right, interpret that as "one hundred and twenty three", leaving the digits in the same order, but reversing the reading order.
Unlike what many would like to think, Hebrew is not an ancient language. Biblical Hebrew is, of course. However, while biblical Hebrew does use the decimal system more or less, it counts like the arabs (starting from the units, and advancing upwards). The writing notation resembles the roman one, and was not decimal.
The modern Hebrew was mostly drafted by Eliezer Ben-Yehuda, who's native language was
Oh yes, the typewriters simply let you write numbers units first. This was a small problem. Proper billingual text, however, is today very popular. This text requires a better engine for layout.
The specific office moving to OO do not maintain their own computers. They are on contract from IBM, and IBM preferred OO to Word.
The contract is global, and the ministry does not pay more (or less) because of it. MS received quite some scorn over that, as their initial press release was claiming this is going to cost 50$/station. When the correction came in that OO was used rather than star office, their corrected response was seeked. They declined to comment.
Another twist is that the Mac angle was not raised, not even once. I believe The Register put it in because they were the first to flag that.
Also: If you can live without this for a while ... you can install woody now.
A server I maintain had to be upgraded to woody because of administration error, and was since hacked. As I don't want to go through the reinstall process yet again, I'll wait for when woody is ready, thankyouverymuch.
At least reinstalling the server proved to be an effective way to return to potato.
It even had non-executable stack and everything :-(
I disagree. If the program (and sources) are under public domain, you can make your own release under whatever license you want. That's what "public domain" means.
If you have not made significant changes to the sources, however, people are highly likely to prefer the original, with which THEY can do whatever THEY want.
It has been my understanding that all metals must be the color they are, because of the way electrons swim around in the metal meta-crystal, and the way they interact with hitting photons.
If this understanding of mine is correct, transparent aluminium (or any other metal reinforcement) is not likely to happen, but some sort of plastic may do the trick.
Actually, you can do it sometimes today, at work, to go around quota problems.
We have a NetApp here, and it has "snapshots" (the image of your directory every hour, and two nights back). If you are running out of room, you can delete files, and refer to them from the snapshots. This is PRECISELY the compression you describe.
Will this new tool work with "alien", and be convertable to apt format?
I think it is unfair everyone can run this new wonderful tool but Debian users.
I use a PIII 500 at home. It is fast enough for everything I need to do, even on those occasions I need to run Windows.
A few weeks ago I had to buy a "server" for a personal usage. I went for the lowest of the lowest, and bought a PIII 800 for considerably less then I thought I would have to pay for the server. Up to that point, a Pentium 100 did the same job, quite successfully.
2GHZ? Unless this gives me cheaper PIII 800 (which it won't, it'll only drive the low end to higher performances, not lower prices), who cares?
Ok, IANAL (always loved the sound of that acronym) (don't you just love it when someone uses an acronym to make things shorter, and then puts in some extra comments about the acronym which would have made not using the acronym at all so much shorter?).
The way I see it, the IBM license is, in spirit, very much like the GPL.
You have the right to:
The only different I see is that you can somewhat change the license on binaries.
One more difference is that they made an heroic attempt to deal with liability, support and patent licensing issues.
Am I misunderstanding something centeral here?