My bank has quite a good solution. They provided me with a pin pad, which i use in combination with my (chip&pin) bank card. When I need to make a transaction online, I am presented with a code. I enter this into the pad along with my pin, and it produces another code, based upon the key held in the chip. This can also be used for identification by producing a time-based code similar to RSA keys.
Unfortunately on Liverjournal OpenID accounts are treated as second class. If you create an account using an OpenID you cannot keep your own journal or join communities. If you create a full livejournal account you cannot associate your existing openid with it, so it is pretty useless unless you want to use Livejournal as your primary OpenID. I certainly do not since they support only simple password authentication.
According to Paul Vixie, Level3 operators have said that they plan to restrict access to these servers in future to customers only, so make sure you have an alternative available!
This is yet another problem solved with IPv6, for which IPsec support is mandatory. RFC 4025 provides a method for opportunistic encryption between hosts using keys stored in DNS (type "IPSECKEY").
The implementation is simple:- when initiating a connection, look up the IPsec key of the destination using the IPSECKEY record of the destination address in the reverse dns zone (ip6.arpa).
I think Sweden's law is actually a good thing. The more governments and/or companies that are snooping on internet traffic, the more encouragement it provides for people to use encryption.
When I first began my last admin job, the management insisted on using the room name as part of the computer name. Eventually the technicians revolted after having to move rooms full of computers several dozen times per year.
I instituted a new system, made up of a short prefix based upon the device type, followed by the asset tag number. This had the added benefit of making sure that devices were asseted before they could be set up.
SV-100001 (Server) WS-100002 (Workstation) LT-100003 (Laptop) PR-100004 (Printer) Et cetera
Virtual machines are a bit special since they do not have a physical asset tag. We decided to simply allocate numbers to them sequentially, starting at VM-00001.
For servers, we would often create a friendly name, in the form of a DNS CNAME pointing to the actual name.
$TTL 3600 $ORIGIN internal.domain.com. tiger IN CNAME SV-12345
Had I took the time, I could have programatically added DNS HINFO records using data from the asset management system, and maybe even a TXT record containing the room, floor, building and site address.
Yahoo! is nice in that it provides the user with some control over where their personal data is stored. I first opened my Yahoo! account in Australia, and when I moved back to Europe, I was asked whether I wanted my data migrated to European servers to improve speed (or reduce their costs, a cynic would say). They also made it clear what the privacy implications would be.
Using self-signed certificates inside an enterprise is fine so long as all the clients have the certificate authority's public certificate installed. Key distribution mechanisms like group policy make it simple.
Sadly Firefox makes it less secure because it uses its own key store rather than the host operating system's, so users must manually import the certificate before attempting to visit an SSL-secured website.
links also has a graphical mode. It doesn't support much in the way of modern web features like advanced css and javascript, but it gives a rather nice old-fashioned browsing experience, and some sites such as freshmeat look just as good as in a modern browser.
Out of interest, why would a sovereign nation even consider hosting data outside its own borders? For large countries such as Canada and the U.S.A. I cannot think of a reason. The U.K. however has a government completely incapable of looking after the security of its data so I can understand they might prefer to put it in the hands of a country that is more capable of ensuring security.
The redeeming feature of being a member of the European Union is that you are free to move to another member country - which is exactly what I did! I moved from England to Denmark a few months ago when I had enough.
I conjectured a couple years ago that this could be done simply by matching up IP addresses to autonomous system numbers and picking peers that are in the same AS number in preference to other peers.
I fully agree with the sentiment. In the good old days, you had to be creative to get the most out of the hardware you had, and gameplay was at the centre (or center) of attention. These days it is all about how many frames per second you can push from your graphics card and cpu.
Unfortunately they are still only available to users in Canada and the U.S.A.. I asked recently and they have no plans to offer it to users in Europe. However, I would much prefer using a one-time code over sms. In theory, I register my cellphone number with my providers (banks, etc) so that I only have one hardware device to look after. If it ever it gets lost, I only have one call to make to report it stolen, instead of having to call up each provider.
Unfortunately you misunderstand DFS. You cannot pool multiple targets in the way you intend. DFS is to provide a unified namespace for disparate locations. DFS-R can be used to keep multiple targets in sync with the same data.
Unfortunately some sites treat OpenID users as second-class citizens, and sadly LiveJournal is a good example of this. A user who has an OpenID account on LiveJournal cannot:-
keep their own journal
join a community
comment on posts that have restricted comments to LiveJournal users
I hope that they will change this policy in future.
I am surprised that so far no-one has mentioned the Open Root Server Network. It serves exactly the same data as the ICANN root servers, and has supported IPv6 for some time now. The root hints is available from http://european.nl.orsn.net/tech-hint.php. I have been using it for a few years now without problems.
usenet.com is commonly confused with Usenet. One is a for-profit company; the other is a global, decentralized, distributed Internet discussion system.
The fact that he is the president would surely mean that his account is a bigger target for a hacker, and thus more susceptible to being locked out. Perhaps he would prefer it if his account never got locked and anyone could log in and do their thing with his data.
The author seems to think that the cheapest subscription available is $799. This is not the case. You can purchase a 1 year subscription for $349. While it is not quite $99, it is still a darn sight cheaper. There are also discounts available for certain organizations (charities and education, for example.)
Slashdot Mirror
My bank has quite a good solution. They provided me with a pin pad, which i use in combination with my (chip&pin) bank card. When I need to make a transaction online, I am presented with a code. I enter this into the pad along with my pin, and it produces another code, based upon the key held in the chip. This can also be used for identification by producing a time-based code similar to RSA keys.
Unfortunately on Liverjournal OpenID accounts are treated as second class. If you create an account using an OpenID you cannot keep your own journal or join communities. If you create a full livejournal account you cannot associate your existing openid with it, so it is pretty useless unless you want to use Livejournal as your primary OpenID. I certainly do not since they support only simple password authentication.
According to Paul Vixie, Level3 operators have said that they plan to restrict access to these servers in future to customers only, so make sure you have an alternative available!
Verizon's non-poisoned dns servers are vulnerable to the newly discovered dns vulnerability. Shout at them!
151.202.0.85 is POOR: 26 queries in 2.1 seconds from 22 ports with std dev 19.03
151.203.0.85 is POOR: 26 queries in 2.4 seconds from 22 ports with std dev 15.08
Check for your self using `dig porttest.dns-oarc.net. in txt`
This is yet another problem solved with IPv6, for which IPsec support is mandatory. RFC 4025 provides a method for opportunistic encryption between hosts using keys stored in DNS (type "IPSECKEY").
The implementation is simple:- when initiating a connection, look up the IPsec key of the destination using the IPSECKEY record of the destination address in the reverse dns zone (ip6.arpa).
I think Sweden's law is actually a good thing. The more governments and/or companies that are snooping on internet traffic, the more encouragement it provides for people to use encryption.
When I first began my last admin job, the management insisted on using the room name as part of the computer name. Eventually the technicians revolted after having to move rooms full of computers several dozen times per year.
I instituted a new system, made up of a short prefix based upon the device type, followed by the asset tag number. This had the added benefit of making sure that devices were asseted before they could be set up.
SV-100001 (Server)
WS-100002 (Workstation)
LT-100003 (Laptop)
PR-100004 (Printer)
Et cetera
Virtual machines are a bit special since they do not have a physical asset tag. We decided to simply allocate numbers to them sequentially, starting at VM-00001.
For servers, we would often create a friendly name, in the form of a DNS CNAME pointing to the actual name.
$TTL 3600
$ORIGIN internal.domain.com.
tiger IN CNAME SV-12345
Had I took the time, I could have programatically added DNS HINFO records using data from the asset management system, and maybe even a TXT record containing the room, floor, building and site address.
Yahoo! is nice in that it provides the user with some control over where their personal data is stored. I first opened my Yahoo! account in Australia, and when I moved back to Europe, I was asked whether I wanted my data migrated to European servers to improve speed (or reduce their costs, a cynic would say). They also made it clear what the privacy implications would be.
Alas not. See here for more information. It is listed under "Uncertain" so it may not ever get implemented.
Using self-signed certificates inside an enterprise is fine so long as all the clients have the certificate authority's public certificate installed. Key distribution mechanisms like group policy make it simple.
Sadly Firefox makes it less secure because it uses its own key store rather than the host operating system's, so users must manually import the certificate before attempting to visit an SSL-secured website.
links also has a graphical mode. It doesn't support much in the way of modern web features like advanced css and javascript, but it gives a rather nice old-fashioned browsing experience, and some sites such as freshmeat look just as good as in a modern browser.
The U.K. is the one I have most experience with, and one of the compelling reasons that I emigrated to Denmark.
Out of interest, why would a sovereign nation even consider hosting data outside its own borders? For large countries such as Canada and the U.S.A. I cannot think of a reason. The U.K. however has a government completely incapable of looking after the security of its data so I can understand they might prefer to put it in the hands of a country that is more capable of ensuring security.
The redeeming feature of being a member of the European Union is that you are free to move to another member country - which is exactly what I did! I moved from England to Denmark a few months ago when I had enough.
The Foundation for Information Policy Research has recently published an open letter in which it argues that the Phorm system that many British ISPs have signed up to is illegal. I am definitely having no regrets about having emigrated from the U.K. to Denmark.
I conjectured a couple years ago that this could be done simply by matching up IP addresses to autonomous system numbers and picking peers that are in the same AS number in preference to other peers.
I fully agree with the sentiment. In the good old days, you had to be creative to get the most out of the hardware you had, and gameplay was at the centre (or center) of attention. These days it is all about how many frames per second you can push from your graphics card and cpu.
Only some countries that are not party to the Schengen Agreement. Most E.U. countries are a party, but not the United Kingdom.
Unfortunately they are still only available to users in Canada and the U.S.A.. I asked recently and they have no plans to offer it to users in Europe. However, I would much prefer using a one-time code over sms. In theory, I register my cellphone number with my providers (banks, etc) so that I only have one hardware device to look after. If it ever it gets lost, I only have one call to make to report it stolen, instead of having to call up each provider.
Unfortunately you misunderstand DFS. You cannot pool multiple targets in the way you intend. DFS is to provide a unified namespace for disparate locations. DFS-R can be used to keep multiple targets in sync with the same data.
- keep their own journal
- join a community
- comment on posts that have restricted comments to LiveJournal users
I hope that they will change this policy in future.Unless you live in most of mainland Europe, where the decimal separator is a comma not a full stop.
Good think you didn't post AC, you have shown your ignorance.
I am surprised that so far no-one has mentioned the Open Root Server Network. It serves exactly the same data as the ICANN root servers, and has supported IPv6 for some time now. The root hints is available from http://european.nl.orsn.net/tech-hint.php. I have been using it for a few years now without problems.
usenet.com is commonly confused with Usenet. One is a for-profit company; the other is a global, decentralized, distributed Internet discussion system.
The fact that he is the president would surely mean that his account is a bigger target for a hacker, and thus more susceptible to being locked out. Perhaps he would prefer it if his account never got locked and anyone could log in and do their thing with his data.
The author seems to think that the cheapest subscription available is $799. This is not the case. You can purchase a 1 year subscription for $349. While it is not quite $99, it is still a darn sight cheaper. There are also discounts available for certain organizations (charities and education, for example.)