Please disregard my software comparisons. They only serve to start flame wars. I should instead have said merely that JFS is noteworthy and Eclipse is no small deal. Also, IBM's Java package is the one used by Red Hat.
IBM champions the GPL and Linux like no other. Their defense during the SCO incidents is the only reason Linux is still around.
Sun purposefully releases many of their products as non-GPL compatible (though still Free (Open Source) Software) specifically to frustrate the GNU/Linux community -- chiefly OpenSolaris and its ZFS. Eben Moglen of the FSF talks about how he almost gets OpenSolaris to be GPL'd every once in a while. Sun's resistance to this is extremely problematic; there are many tools in Solaris (even discounting ZFS) that would make Free Software operating systems far more stable and usable, but they just can't get included without GPL compatibility. (The FSF was also pushing for OpenSolaris to be GPLv3 and thus their flagship in place of GNU+Linux.)
As to software comparisons (since you were clever enough to avoid mentioning the non-GPL OSS projects), Eclipse is as important as Java. OpenOffice sucks (sorry). NFS is something we take for granted now (also sorry). There is also IBM's JFS, which trounces any of the other filesystems in the Linux kernel except the recent addition of ext4.
I have backpedaled on nothing. Over time, that fence you sit on moves as biased by the products they've convinced you to buy so far. After a large number of iterations of this, you would be buying products that were once never considered.
I never claimed Google was the only company potentially dangerous from their vast volume of data. They merely have a new kind of it. Google's stat-crunching comes from a different (and less regulated) direction as Experian's, and thus learns other things. The two of them likely share some common customers. I may be more worried about Google while you're more worried about Experian, but we should both be worried about those corporations utilizing both data sets.
As to fighting terrorism... Google is probably better equipped to track such activity and come up with something directly useful (like the content of a message) than Experian, who might figure out what is being purchased or where they are. Add this up and you have a powerful tool. However, were Google to reveal that they can do this, the community might not respond so favorably when considering that this can be done to everybody else, too (in the name of fighting terrorism or otherwise), without any regulation or oversight.
Experian is a regulated credit monitoring authority. They have done nothing to build up their brand as a trusted source (they are constantly cited for bad service, even). Certainly, are akin to Google in statistical prowess, but Google is the one with direct access to people's lives by quite a few methods that Experian simply does not have. If Experian can do so much with just credit data, think of where Google can go.
As to "brainwashing," that term is an overboard exaggeration of the bias advertising creates. Friends, colleagues, and family all contribute to your social environment, and when you get a recommendation from one of them, or from a media source you trust (reviews, etc), you are quite likely to investigate further. This biases your likes. So far, we're in accepted/peer-reviewed territory.
General advertising is so successful because the saturation of it all ends up having the same effect on some. The more targeted the ad, the bigger its impact. Now enter targeted ads from data miners like Google or Experian. Very large impact on your bias. We're still in charted waters here, though perhaps not peer-reviewed territory.
The next piece of this is more speculative, but easy enough to follow: large portions of what they advertise appeals to their targets, so the products/services are purchased. Owning something and building a relationship with its vendor generally leads to buying similar products; buy a product, like it, buy like products. Over time, purchasing the items promoted by these trusted corporations generally follows the trend of your liking what you are buying. Your mind has been biased a little bit. A far cry from brainwashing, and certainly more effective on the less informed. (Somebody once said that "Individuals are smart; it's people that are stupid.")
that does *not* equate to "buying things you would never otherwise have had interest in". *That* is brainwashing, and is a far, far cry from brand building.
"Brainwashing" was your term. I never claimed that degree. I claimed bias. Bias is a far cry from brainwashing, but it can most definitely get you to buy products you were on the fence over buying. Bias can also move that fence. I'm not saying they're going to convert Dems into Reps, Muslims to Catholics, or lead to gold. Well, maybe that last one;-).
So, I assume you also avoid purchasing things with your credit card? Or with any kind of club card? Or interacting with any company that sells any of their business records to third parties (like, for example, car dealerships)? Or generally interacting with the civilized world?
Yes, I avoid such things. My credit card is for emergencies and rare online purchases (though sometimes I use Simon Gift Cards for anonymity except for the whole delivery address thing). I opt out of information sharing when given the option (this is usually a legally required option). What's wrong with cash? When they ask you for address or zip information in the store, you can always say "no thanks."
Look, here's the deal: the privacy genie was out of the bottle long before Google was ever conceived of. Companies like Axciom and Experian already know, and have known for decades, what demo you're in, what products you buy, whether or not you have a lease on your car that's about to expire, and probably a million other things I haven't even thought of. In short: they already know you better than you know yourself. So who really cares about Google, honestly?
I disagree. Corporations have been collecting data, but at a snail's pace, and largely on far less sophisticated equipment. This limits the relational and learning algorithms that are economically feasible. Even today, few corporations have the penetration and computing power (and engineering prowess) to collect that volume of data and pull off massive statistical crunching like Google. Also, those other corporations don't read your email, monitor what you read on a word-for-word basis, or tap your television (youtube) and phone (gtalk). Google does. The internet is instantaneous and all-encompassing, whereas mail-order, phone order, and physical shopping doesn't give anywhere near the same level of detail, and the little detail it yields is very slow-flowing.
Oh, and as an aside, with things like social networking out there, even if you try to disengage from the rest of the world, your friends and family probably haven't, and right now, they're posting pictures about you, writing stories about you, and generally divulging things about you that you probably wish they wouldn't. So, if I were you, I'd find yourself a nice cabin in the woods and hide out there, because frankly, I don't see that you have any other option.
My friends and family have been respectfully asked not to post photos of me. So far, this has worked (for the most part). I don't have an account on centralized blog sites like livejournal, and while I do have accounts on slashdot and even facebook, they don't say too much about me personally. I understand that we're losing our privacy, but I want to control how that happens and limit its damage, specifically as it pertains to how I am targeted through advertising. Your friends must be jerks if you think like that.
You don't actually have an independently functioning brain. Instead, apparently your brain is a slave to the whims of whatever advertisement happens to be presented to you.
So, nevermind. In fact, ignore this post entirely. It probably just confused you.
Oh, good. Now we're throwing around insults. Recall how I said I know a thing or two about statistics. I also know about brand-building and marketing in general. I date a psychology PhD. Let's just say that nobody's brain functions independently; we are all biased by our environments. If you like, I can obtain a dozen peer-reviewed papers that present compelling evidence to that fact. Just consider: why do companies advertise? why do those advertisements often do nothing but say the company name? The answer is that they are building a brand, which equates to trust.
First, un-register it from all the search engines and deny all bots in your/robots.txt file. This will DRASTICALLY reduce your unwelcome traffic.
Second (if the first step isn't enough -- the first step really should be adequate), make it members-only. Only members can read the site content. Non-members get a "please log in or register for a new account" page. The registration should require some kind of quiz of local knowledge that you can't find on the web. You can also limit registration by IP as noted above.
This will let people visit the site from afar, so long as they registered locally with the right knowledge.
Maybe I can help you more than I had initially thought; you have the same goals and limits that I do. Most of my engineers (plus a few other tech-savvy users) use Linux on their own systems. Those that still need Windows have a VM. As we're a small company (this is where we differ), I don't police anything on their systems, though interns and co-ops don't get sudo or root. From another position I held elsewhere, CFengine and friends were the tools we considered for further locking down Linux systems and centralizing their maintenance.
If they attach the Windows VM to the domain, it automatically receives anti-virus, MS Office 2003, Skype, Acrobat Reader 8 (9 has AD problems and security issues), PDFcreator, 7-zip, ISOrecorder, and Firefox, plus the option of installing Thunderbird, TortoiseSVN, and a few other MSIs through the under-utilized Add/Remove Programs interface.
We decided since Windows is so picky about its LDAP and AD offerings, and Samba is not yet capable of implementing them without issues, we'd host LDAP and AD on Windows 2003 (with two peered w2k3 servers). We host NIS and the like for Unix logons within the AD User Profiles, so we have our centralized authentication (on Windows, sadly). Data is stored on a NetApp (which could as easily be a Linux or OpenSolaris box running Samba for a quarter the price) for full reliability and to ensure the ability to properly serve NFS.
Any time we review the Windows apps, I push hard for web-based options. I'm soooo close to moving us from GoldMine to SalesForce or SugarCRM, for example, which would (mostly) detach the sales team from its Windows dependency (we already moved from MS Project to Project.net). After that, all that would remain are QuoteWerks and QuickBooks. I'm also eagerly awaiting Thunderbird 3 for its improved calendar support so as to migrate users off of Outlook (yes, I know about Lightning, but I'm also tied down by the lack of a server-based calendaring solution, plus the GoldMine/Outlook integration).
This is one of the reasons I avoid Google; they know more about statistics than I do (and that's a lot!)... they have that motto don't be evil for exactly this reason; too much information coming from too many sources, including your personal information, means they can know you better than you know yourself, and thus they can manipulate you to their agenda and the agenda of their advertisers.
Think of it like the "gateway drug" concept; they advertise something you might have bought (but might not have bought) and that puts you over the edge and you buy it. Then they push something similar and you buy it for the same reason. After several iterations, you find yourself buying things you would never otherwise have had interest in. Your friends and family are supposed to have this power. Not a corporation whose first goal is appeasing their bottom line and therefore their customer corporations (whose first goal is selling merchandise to appease their own bottom lines).
To anybody outraged at things like the government accessing your library book list, this is the same thing. Except even if you opt out, Google just got that better at targeting you with ads.
If I were the CIO of a large-deployment corporate environment like that, I'd use something like CFengine and SELinux (the Wikipedia page on Open Source Configuration Management Software is a good starting point), with the users living over secured NFS hosted by a robust server like a NetApp. No user information would be stored on the system, so it can be completely wiped. Users would only be able to write to/tmp,/var/tmp, and/dev/shm, and no applications can be installed outside of your home directory. On top of that, every weekend, the system could be completely overwritten with the new week's image.
Don't spend all your time trying to mimic AD... there are merits more exclusive to X, for example. This includes things like running applications remotely to conserve on licenses. Unlike Windows, there isn't a long wait time the first time you log into a system for the first time (since all your data lives in NFS rather than in folders cached on the local system).
For network policies, lock down encrypted traffic (oh do I hate suggesting that) and use transparent proxies to control data. For unified login, AD is just a souped-up LDAP server... you could actually use OpenLDAP.
The biggest thing to note is that you should not ask "how do I implement what I had in Windows" but rather "what should I implement to secure/harden the environment?" Windows has some requirements all its own. So does Linux (et al).
And what do you do when the drive is stuck in the middle of a write when something crashes? Without the proper ~journal/cache and a battery to ensure it has time to complete, you risk losing your data. When it comes to encrypted data, some malformed data can mean EVERYTHING is lost. This is not acceptable.
Also, I fully expect them to skimp on the implementation. Fully driver-transparent encryption would require the device itself (or the controller, if that's where it is implemented) to handle the encrypting and decrypting, which means an extra chip in the equation. Take a look at how fully WinModems flew when the computation was pulled from modems into the main CPU via software drivers. Too much cost savings. Maybe it's a smaller difference these days?
Oh good, so now I need a special driver with which to decrypt my hard drive, so it won't work with the Linux or BSD kernels.
I would buy such a product (encrypted HDD or encrypted SATA/SAS [RAID] controller) if it were completely open (as in GPL-compatible) firmware, open specs, and solid assurances of fair play with respect to patents, etc. Especially if the encryption/decryption is performed on a dedicated chip so as to keep resource costs from growing.
... and battery back-up (like other hw RAID controllers), confirmed writes via journal for data integrity,... hmm, I have some high demands. Maybe I'll just stick with TrueCrypt.
There are also (more limited) shape-changing phones in development that don't require nanotech. The Nokia 888 (which I just discovered by spending too much time on YouTube after looking up the Morph) is merely a flexible LCD on a permissive backing with an elastic. Probably viable (though not economic) within a few years, unlike nanotech, which might be viable on an extra-large demo scale within 3-5 years (as according to the Intel developer in TFA).
As with my previous post, I'm including a youtube video demo. This one is live-action: YouTube - Nokia 888 Design.
Quick research shows that the 888 concept is 2+ years old, and NEC may have claimed it was stolen from them. I could not find an official Nokia-owned page talking about the 888. Maybe I can ask my friend who works there...
Nokia's Morph Concept was announced in February 2008, over a year ago.
The video on that site, which has illustrated use-case demos (unlike the Intel video) is also available through youtube for those of you who want direct access:
If you're going to start pushing a different filesystem for use on flash-based storage devices, you might as well look at the formats that optimize for such storage mechanism. JFFS2 (which is included even in 2.4 kernels) does this quite well, and there are others, too.
Bash is GPL, which is not compatible with the BSD license. The standard response is to use zsh, which is more powerful than bash, insanely featureful, and BSD-licensed. I'm not a BSD user, but zsh is now my shell of choice. These days, the differences are so minor that it doesn't matter. The only big-deal feature in zsh but not bash that I can think of is RPROMPT and maybe the better completion. (See the screenshot of my power-tweaked zsh shell.)
I was under the impression the BSDs used zsh as the default shell. Maybe that's NetBSD?
Why not implement it within TOR? We could use some more exit points, and this seems like a great method of accomplishing that.
I still insist that the TOR cloud should contain transparent caching proxies and the like so that it doesn't need to use those rare exit nodes as often...
And before somebody starts groaning about it, TOR isn't flawed or "insecure." It's not a security tool. It is an anonymizer. Its purpose is exactly what P2P users need.
One of my favorite bookmarks, Csh Programming is Considered Harmful, is very useful for shell scripting in Bourne, Csh, and Bash. Oh, and it's also a good reminder of why you should never write csh scripts.
In my experience, the only [t]csh users out there are those who used it back in the day before there were other options, or those who are so embedded in the C/C++ world that they thought it a good idea to use a C/C++ -styled shell. That's fine, use that shell. DON'T write scripts in it though. It's annoying. (More annoying: ln -s/bin/csh/bin/sh... this breaks TONS of things as/bin/sh must be posix-compliant. Csh doesn't even want (or try) to do that!)
Not sure about that... specifically, the fact that the area is not at all surrounded by deeper areas, which means it was not an island. If it were above water at any point in time, it would have been another part of the African continent, and not even near the shoreline with what remained of the Atlantic ocean to the distant west.
It's also deeper than the nearby shelf areas which would certainly have been above sea level during the ice age, so I'm still sticking with my intuitions. Feel free to actually cite something and prove me wrong, but it looks like you're merely contending my point with your own instincts.
A boat mapping the sea floor would presumably be mapping at even intervals rather than what we see in the image. At the end of the survey area, I'd expect to see more of a curve or ellipsis rather than hard right angles.
Also, the lines appear to go alongside the ridges the higher areas (and NEVER across them), which walls would do but boats floating overhead would probably not. In addition, there appears to be a main entryway to the center of the eastern wall, which makes the city idea more palatable.
Looking even farther to the east (beyond the image provided by The Sun), we see something that looks more like the telltale grid such boats could create... or, if you prefer, more potential city.
We can probably learn a lot more without going to the site and re-scanning; just ask the people who did the initial scans and get clarification; if it was made recently by scanning boats, the narrower areas would have been created by higher interest in those regions, either because they were looking at/for something, or because there was some other factor that limited the scanning area.
Another tact would be to figure out what the depth is currently, and then look at our current tectonic models to see if it could ever have been close to the surface. My (completely untrained) instinct says it's far too deep.
My biggest gripe about these black hat papers is that they aren't as useful to non-black hats; there are no proposed solutions or workarounds.
I think the most important trick in the paper is that first one you mentioned, of MITM translating server-side SSL to client-side plain-text and assuming the reader won't notice (or care). The easiest workaround is to get Firefox to return the yellow background. You still have to train users to mentally require it, but it's a step in the right direction.
On to the second hack you noted. The article specifically mentions that.com and several other top level domains (TLDs) are purposefully punycoded (see page 90). However, the logic is still sound and the actual TLD doesn't matter. The example Moxie used was *.ijjk.cn.
A solution proposal (from the top of my head): In the specific case of IDN-valid characters that approximate slash and question-mark, the simple solution is to propose a feature in firefox that recognizes them. Specifically, anything that appears to be forging a protected TLD, so punycoding IDN domains matching a regex like \w\W+(com|net|org)\W (and perhaps additionally a search for any of the proposed confusing characters), would cover a lot of ground. In the meanwhile, you could put the domain up in firefox's blue SSL box.
The final vulnerability discussed in the paper (the first one in the paper's ordering) was that of standard certificates acting as intermediate certificates in the chain. This has an obvious solution and the paper even implies (but doesn't verify... freaking black hats) that Firefox already has it implemented.
I have not seen an option for Windows XP Home since before Vista came out. They've eliminated that option because they can't justify charging more money for it. The extra $99 is supposed to bridge the gap from Home to Pro so that your license is transferable. Vista Home Basic licenses aren't transferable to XP Home specifically to force you to get Vista Business and pay the extra $99.
the cat here is just a tool for you to accept the agreement. If you set up a device to automatically agree to a license without you fully reading it, you've still manifested an intent to accept the terms, whatever they may be. I don't think a court would have anymore problem with holding you to the contract than if you used machine to automatically stamp a signature on a stack of paper contracts. It wouldn't matter if it worked on a timer, on a RNG, or on the fickle movements of a cat so long as you set it up to happen with certainty that it would eventually happen (because you can't proceed with the installation without it happening).
I agree. The best defense along these lines would be a system that randomly clicks your screen (in a random place, at a somewhat infrequent interval) all the time. When you have a license to bypass, leave it open and walk away (perhaps put another window over the "I disagree" button). It'll eventually get bypassed. Even this is stupid, and even this might not stand up in court.
More notably, the concept of EULA itself might not stand up in court. If you want a legal tact, I suggest that one. EULAs are unfair and should be attacked at the core (didn't an EU court recently rule that EULAs weren't binding?). You bought the thing, you're installing a copy of your own, and that's that. Done. There are already laws preventing you from redistributing it and the like. No EULA is needed. Does a movie or music album come with such a thing? No. Should software? No.
That's exactly the issue (as I understand it); you must pay more money to upgrade to Vista Ultimate or Vista Business so that you can then downgrade to XP Professional. With Dell, this upgrade is an extra $99 (unless you happen to catch them doing a free XP downgrade promo).
Isn't an up-sell on editions a profit generator for Microsoft in addition to Dell? Doesn't that mean both companies are making MORE money by requiring this?
The cons of course is that I'm comparing a $99 upgrade from Vista Home Basic to Vista Business Bonus (which has a license transferable to XP Professional), which is comparable to the $99 upgrade from XP Home to XP Pro back before Vista came out, so it's really the same thing, but I don't see how Microsoft can claim they're not profiting off of this. On top of this, nobody running Windows XP independent of an Active Directory server would care about getting Professional instead of Home... it's just that Dell (et al) aren't offering Windows XP Home downgrades, since there would be no profit. Hmm...
Microsoft can claim they're not making money on XP, but they can't claim that people downgrading to XP doesn't make more money through upgrading Vista for the transferable license.
Thank you, jeaton. You have taught me a little more about the specs. To think that I'm a network admin, running a mail server (with a policy requiring port 465 but accepting 587) for a decently large company, and I didn't know that.
The funny thing is that MS Outlook doesn't know about 465 (when you push to SSL + authentication on outgoing mail, the port doesn't change from 25) whereas Mozilla Thunderbird changes the port to 465 automatically. Also, running grep 465/etc/services in Debian returns "ssmtp" with alternate name "smtps" and description "SMTP over SSL" rather than your correctly cited official IANA "URL Rendesvous Directory for SSM," implying that at least Debian, FreeBSD, and others who maintain their own lists are also propagating this issue.
I had learned anecdotally (from the above sources and others) that 465 requires SSL (rather than STARTTLS, which makes it optional), and that it was therefore an easier way to require encryption in addition to authentication. Very interesting.
That said, I still find it unacceptable that most ISPs fail to offer SSL encryption for mail over HTTPS, POP3S/IMAPS, and Submission/SMTP/SMTPS.
What the fuck are they doing on 587? That's a secondary half-ass port used as a compromise and a low-end workaround for ISPs and network admins who blanket-block port 25. If you're to move away from port 25 (which can easily accept TLS for encrypted authentication or even just encrypted data without authentication), you might as well move to the one that requires both authentication and encryption.
NO responsible network or ISP should use plain-text authorization as the default method. I was astounded when I heard that RCN (et al!) fail to offer HTTPS webmail and POP3S email (if not the vastly superior IMAPS), and that TLS commands get dropped on the floor. This is completely unacceptable.
Verizon and co should not be commended for this trivial step, they should be scolded for not going full-on SSL.
Slashdot Mirror
Please disregard my software comparisons. They only serve to start flame wars. I should instead have said merely that JFS is noteworthy and Eclipse is no small deal. Also, IBM's Java package is the one used by Red Hat.
IBM champions the GPL and Linux like no other. Their defense during the SCO incidents is the only reason Linux is still around.
Sun purposefully releases many of their products as non-GPL compatible (though still Free (Open Source) Software) specifically to frustrate the GNU/Linux community -- chiefly OpenSolaris and its ZFS. Eben Moglen of the FSF talks about how he almost gets OpenSolaris to be GPL'd every once in a while. Sun's resistance to this is extremely problematic; there are many tools in Solaris (even discounting ZFS) that would make Free Software operating systems far more stable and usable, but they just can't get included without GPL compatibility. (The FSF was also pushing for OpenSolaris to be GPLv3 and thus their flagship in place of GNU+Linux.)
As to software comparisons (since you were clever enough to avoid mentioning the non-GPL OSS projects), Eclipse is as important as Java. OpenOffice sucks (sorry). NFS is something we take for granted now (also sorry). There is also IBM's JFS, which trounces any of the other filesystems in the Linux kernel except the recent addition of ext4.
I have backpedaled on nothing. Over time, that fence you sit on moves as biased by the products they've convinced you to buy so far. After a large number of iterations of this, you would be buying products that were once never considered.
I never claimed Google was the only company potentially dangerous from their vast volume of data. They merely have a new kind of it. Google's stat-crunching comes from a different (and less regulated) direction as Experian's, and thus learns other things. The two of them likely share some common customers. I may be more worried about Google while you're more worried about Experian, but we should both be worried about those corporations utilizing both data sets.
As to fighting terrorism ... Google is probably better equipped to track such activity and come up with something directly useful (like the content of a message) than Experian, who might figure out what is being purchased or where they are. Add this up and you have a powerful tool. However, were Google to reveal that they can do this, the community might not respond so favorably when considering that this can be done to everybody else, too (in the name of fighting terrorism or otherwise), without any regulation or oversight.
Experian is a regulated credit monitoring authority. They have done nothing to build up their brand as a trusted source (they are constantly cited for bad service, even). Certainly, are akin to Google in statistical prowess, but Google is the one with direct access to people's lives by quite a few methods that Experian simply does not have. If Experian can do so much with just credit data, think of where Google can go.
As to "brainwashing," that term is an overboard exaggeration of the bias advertising creates. Friends, colleagues, and family all contribute to your social environment, and when you get a recommendation from one of them, or from a media source you trust (reviews, etc), you are quite likely to investigate further. This biases your likes. So far, we're in accepted/peer-reviewed territory.
General advertising is so successful because the saturation of it all ends up having the same effect on some. The more targeted the ad, the bigger its impact. Now enter targeted ads from data miners like Google or Experian. Very large impact on your bias. We're still in charted waters here, though perhaps not peer-reviewed territory.
The next piece of this is more speculative, but easy enough to follow: large portions of what they advertise appeals to their targets, so the products/services are purchased. Owning something and building a relationship with its vendor generally leads to buying similar products; buy a product, like it, buy like products. Over time, purchasing the items promoted by these trusted corporations generally follows the trend of your liking what you are buying. Your mind has been biased a little bit. A far cry from brainwashing, and certainly more effective on the less informed. (Somebody once said that "Individuals are smart; it's people that are stupid.")
"Brainwashing" was your term. I never claimed that degree. I claimed bias. Bias is a far cry from brainwashing, but it can most definitely get you to buy products you were on the fence over buying. Bias can also move that fence. I'm not saying they're going to convert Dems into Reps, Muslims to Catholics, or lead to gold. Well, maybe that last one ;-).
Yes, I avoid such things. My credit card is for emergencies and rare online purchases (though sometimes I use Simon Gift Cards for anonymity except for the whole delivery address thing). I opt out of information sharing when given the option (this is usually a legally required option). What's wrong with cash? When they ask you for address or zip information in the store, you can always say "no thanks."
I disagree. Corporations have been collecting data, but at a snail's pace, and largely on far less sophisticated equipment. This limits the relational and learning algorithms that are economically feasible. Even today, few corporations have the penetration and computing power (and engineering prowess) to collect that volume of data and pull off massive statistical crunching like Google. Also, those other corporations don't read your email, monitor what you read on a word-for-word basis, or tap your television (youtube) and phone (gtalk). Google does. The internet is instantaneous and all-encompassing, whereas mail-order, phone order, and physical shopping doesn't give anywhere near the same level of detail, and the little detail it yields is very slow-flowing.
My friends and family have been respectfully asked not to post photos of me. So far, this has worked (for the most part). I don't have an account on centralized blog sites like livejournal, and while I do have accounts on slashdot and even facebook, they don't say too much about me personally. I understand that we're losing our privacy, but I want to control how that happens and limit its damage, specifically as it pertains to how I am targeted through advertising. Your friends must be jerks if you think like that.
Oh, good. Now we're throwing around insults. Recall how I said I know a thing or two about statistics. I also know about brand-building and marketing in general. I date a psychology PhD. Let's just say that nobody's brain functions independently; we are all biased by our environments. If you like, I can obtain a dozen peer-reviewed papers that present compelling evidence to that fact. Just consider: why do companies advertise? why do those advertisements often do nothing but say the company name? The answer is that they are building a brand, which equates to trust.
First, un-register it from all the search engines and deny all bots in your /robots.txt file. This will DRASTICALLY reduce your unwelcome traffic.
Second (if the first step isn't enough -- the first step really should be adequate), make it members-only. Only members can read the site content. Non-members get a "please log in or register for a new account" page. The registration should require some kind of quiz of local knowledge that you can't find on the web. You can also limit registration by IP as noted above.
This will let people visit the site from afar, so long as they registered locally with the right knowledge.
(cool, a response from the article submitter!)
Maybe I can help you more than I had initially thought; you have the same goals and limits that I do. Most of my engineers (plus a few other tech-savvy users) use Linux on their own systems. Those that still need Windows have a VM. As we're a small company (this is where we differ), I don't police anything on their systems, though interns and co-ops don't get sudo or root. From another position I held elsewhere, CFengine and friends were the tools we considered for further locking down Linux systems and centralizing their maintenance.
If they attach the Windows VM to the domain, it automatically receives anti-virus, MS Office 2003, Skype, Acrobat Reader 8 (9 has AD problems and security issues), PDFcreator, 7-zip, ISOrecorder, and Firefox, plus the option of installing Thunderbird, TortoiseSVN, and a few other MSIs through the under-utilized Add/Remove Programs interface.
We decided since Windows is so picky about its LDAP and AD offerings, and Samba is not yet capable of implementing them without issues, we'd host LDAP and AD on Windows 2003 (with two peered w2k3 servers). We host NIS and the like for Unix logons within the AD User Profiles, so we have our centralized authentication (on Windows, sadly). Data is stored on a NetApp (which could as easily be a Linux or OpenSolaris box running Samba for a quarter the price) for full reliability and to ensure the ability to properly serve NFS.
Any time we review the Windows apps, I push hard for web-based options. I'm soooo close to moving us from GoldMine to SalesForce or SugarCRM, for example, which would (mostly) detach the sales team from its Windows dependency (we already moved from MS Project to Project.net). After that, all that would remain are QuoteWerks and QuickBooks. I'm also eagerly awaiting Thunderbird 3 for its improved calendar support so as to migrate users off of Outlook (yes, I know about Lightning, but I'm also tied down by the lack of a server-based calendaring solution, plus the GoldMine/Outlook integration).
This is one of the reasons I avoid Google; they know more about statistics than I do (and that's a lot!) ... they have that motto don't be evil for exactly this reason; too much information coming from too many sources, including your personal information, means they can know you better than you know yourself, and thus they can manipulate you to their agenda and the agenda of their advertisers.
Think of it like the "gateway drug" concept; they advertise something you might have bought (but might not have bought) and that puts you over the edge and you buy it. Then they push something similar and you buy it for the same reason. After several iterations, you find yourself buying things you would never otherwise have had interest in. Your friends and family are supposed to have this power. Not a corporation whose first goal is appeasing their bottom line and therefore their customer corporations (whose first goal is selling merchandise to appease their own bottom lines).
To anybody outraged at things like the government accessing your library book list, this is the same thing. Except even if you opt out, Google just got that better at targeting you with ads.
If I were the CIO of a large-deployment corporate environment like that, I'd use something like CFengine and SELinux (the Wikipedia page on Open Source Configuration Management Software is a good starting point), with the users living over secured NFS hosted by a robust server like a NetApp. No user information would be stored on the system, so it can be completely wiped. Users would only be able to write to /tmp, /var/tmp, and /dev/shm, and no applications can be installed outside of your home directory. On top of that, every weekend, the system could be completely overwritten with the new week's image.
Don't spend all your time trying to mimic AD ... there are merits more exclusive to X, for example. This includes things like running applications remotely to conserve on licenses. Unlike Windows, there isn't a long wait time the first time you log into a system for the first time (since all your data lives in NFS rather than in folders cached on the local system).
For network policies, lock down encrypted traffic (oh do I hate suggesting that) and use transparent proxies to control data. For unified login, AD is just a souped-up LDAP server ... you could actually use OpenLDAP.
The biggest thing to note is that you should not ask "how do I implement what I had in Windows" but rather "what should I implement to secure/harden the environment?" Windows has some requirements all its own. So does Linux (et al).
And what do you do when the drive is stuck in the middle of a write when something crashes? Without the proper ~journal/cache and a battery to ensure it has time to complete, you risk losing your data. When it comes to encrypted data, some malformed data can mean EVERYTHING is lost. This is not acceptable.
Also, I fully expect them to skimp on the implementation. Fully driver-transparent encryption would require the device itself (or the controller, if that's where it is implemented) to handle the encrypting and decrypting, which means an extra chip in the equation. Take a look at how fully WinModems flew when the computation was pulled from modems into the main CPU via software drivers. Too much cost savings. Maybe it's a smaller difference these days?
Oh good, so now I need a special driver with which to decrypt my hard drive, so it won't work with the Linux or BSD kernels.
I would buy such a product (encrypted HDD or encrypted SATA/SAS [RAID] controller) if it were completely open (as in GPL-compatible) firmware, open specs, and solid assurances of fair play with respect to patents, etc. Especially if the encryption/decryption is performed on a dedicated chip so as to keep resource costs from growing.
... and battery back-up (like other hw RAID controllers), confirmed writes via journal for data integrity, ... hmm, I have some high demands. Maybe I'll just stick with TrueCrypt.
There are also (more limited) shape-changing phones in development that don't require nanotech. The Nokia 888 (which I just discovered by spending too much time on YouTube after looking up the Morph) is merely a flexible LCD on a permissive backing with an elastic. Probably viable (though not economic) within a few years, unlike nanotech, which might be viable on an extra-large demo scale within 3-5 years (as according to the Intel developer in TFA).
As with my previous post, I'm including a youtube video demo. This one is live-action: YouTube - Nokia 888 Design.
Quick research shows that the 888 concept is 2+ years old, and NEC may have claimed it was stolen from them. I could not find an official Nokia-owned page talking about the 888. Maybe I can ask my friend who works there...
Nokia's Morph Concept was announced in February 2008, over a year ago.
The video on that site, which has illustrated use-case demos (unlike the Intel video) is also available through youtube for those of you who want direct access:
YouTube - Nokia Morph Concept.
Amazing stuff.
If you're going to start pushing a different filesystem for use on flash-based storage devices, you might as well look at the formats that optimize for such storage mechanism. JFFS2 (which is included even in 2.4 kernels) does this quite well, and there are others, too.
Bash is GPL, which is not compatible with the BSD license. The standard response is to use zsh, which is more powerful than bash, insanely featureful, and BSD-licensed. I'm not a BSD user, but zsh is now my shell of choice. These days, the differences are so minor that it doesn't matter. The only big-deal feature in zsh but not bash that I can think of is RPROMPT and maybe the better completion. (See the screenshot of my power-tweaked zsh shell.)
I was under the impression the BSDs used zsh as the default shell. Maybe that's NetBSD?
Why not implement it within TOR? We could use some more exit points, and this seems like a great method of accomplishing that.
I still insist that the TOR cloud should contain transparent caching proxies and the like so that it doesn't need to use those rare exit nodes as often...
And before somebody starts groaning about it, TOR isn't flawed or "insecure." It's not a security tool. It is an anonymizer. Its purpose is exactly what P2P users need.
One of my favorite bookmarks, Csh Programming is Considered Harmful, is very useful for shell scripting in Bourne, Csh, and Bash. Oh, and it's also a good reminder of why you should never write csh scripts.
In my experience, the only [t]csh users out there are those who used it back in the day before there were other options, or those who are so embedded in the C/C++ world that they thought it a good idea to use a C/C++ -styled shell. That's fine, use that shell. DON'T write scripts in it though. It's annoying. (More annoying: ln -s /bin/csh /bin/sh ... this breaks TONS of things as /bin/sh must be posix-compliant. Csh doesn't even want (or try) to do that!)
Not sure about that ... specifically, the fact that the area is not at all surrounded by deeper areas, which means it was not an island. If it were above water at any point in time, it would have been another part of the African continent, and not even near the shoreline with what remained of the Atlantic ocean to the distant west.
It's also deeper than the nearby shelf areas which would certainly have been above sea level during the ice age, so I'm still sticking with my intuitions. Feel free to actually cite something and prove me wrong, but it looks like you're merely contending my point with your own instincts.
A boat mapping the sea floor would presumably be mapping at even intervals rather than what we see in the image. At the end of the survey area, I'd expect to see more of a curve or ellipsis rather than hard right angles.
Also, the lines appear to go alongside the ridges the higher areas (and NEVER across them), which walls would do but boats floating overhead would probably not. In addition, there appears to be a main entryway to the center of the eastern wall, which makes the city idea more palatable.
Looking even farther to the east (beyond the image provided by The Sun), we see something that looks more like the telltale grid such boats could create ... or, if you prefer, more potential city.
We can probably learn a lot more without going to the site and re-scanning; just ask the people who did the initial scans and get clarification; if it was made recently by scanning boats, the narrower areas would have been created by higher interest in those regions, either because they were looking at/for something, or because there was some other factor that limited the scanning area.
Another tact would be to figure out what the depth is currently, and then look at our current tectonic models to see if it could ever have been close to the surface. My (completely untrained) instinct says it's far too deep.
My biggest gripe about these black hat papers is that they aren't as useful to non-black hats; there are no proposed solutions or workarounds.
I think the most important trick in the paper is that first one you mentioned, of MITM translating server-side SSL to client-side plain-text and assuming the reader won't notice (or care). The easiest workaround is to get Firefox to return the yellow background. You still have to train users to mentally require it, but it's a step in the right direction.
On to the second hack you noted. The article specifically mentions that .com and several other top level domains (TLDs) are purposefully punycoded (see page 90). However, the logic is still sound and the actual TLD doesn't matter. The example Moxie used was *.ijjk.cn.
A solution proposal (from the top of my head): In the specific case of IDN-valid characters that approximate slash and question-mark, the simple solution is to propose a feature in firefox that recognizes them. Specifically, anything that appears to be forging a protected TLD, so punycoding IDN domains matching a regex like \w\W+(com|net|org)\W (and perhaps additionally a search for any of the proposed confusing characters), would cover a lot of ground. In the meanwhile, you could put the domain up in firefox's blue SSL box.
The final vulnerability discussed in the paper (the first one in the paper's ordering) was that of standard certificates acting as intermediate certificates in the chain. This has an obvious solution and the paper even implies (but doesn't verify ... freaking black hats) that Firefox already has it implemented.
I have not seen an option for Windows XP Home since before Vista came out. They've eliminated that option because they can't justify charging more money for it. The extra $99 is supposed to bridge the gap from Home to Pro so that your license is transferable. Vista Home Basic licenses aren't transferable to XP Home specifically to force you to get Vista Business and pay the extra $99.
the cat here is just a tool for you to accept the agreement. If you set up a device to automatically agree to a license without you fully reading it, you've still manifested an intent to accept the terms, whatever they may be. I don't think a court would have anymore problem with holding you to the contract than if you used machine to automatically stamp a signature on a stack of paper contracts. It wouldn't matter if it worked on a timer, on a RNG, or on the fickle movements of a cat so long as you set it up to happen with certainty that it would eventually happen (because you can't proceed with the installation without it happening).
I agree. The best defense along these lines would be a system that randomly clicks your screen (in a random place, at a somewhat infrequent interval) all the time. When you have a license to bypass, leave it open and walk away (perhaps put another window over the "I disagree" button). It'll eventually get bypassed. Even this is stupid, and even this might not stand up in court.
More notably, the concept of EULA itself might not stand up in court. If you want a legal tact, I suggest that one. EULAs are unfair and should be attacked at the core (didn't an EU court recently rule that EULAs weren't binding?). You bought the thing, you're installing a copy of your own, and that's that. Done. There are already laws preventing you from redistributing it and the like. No EULA is needed. Does a movie or music album come with such a thing? No. Should software? No.
That's exactly the issue (as I understand it); you must pay more money to upgrade to Vista Ultimate or Vista Business so that you can then downgrade to XP Professional. With Dell, this upgrade is an extra $99 (unless you happen to catch them doing a free XP downgrade promo).
Isn't an up-sell on editions a profit generator for Microsoft in addition to Dell? Doesn't that mean both companies are making MORE money by requiring this?
The cons of course is that I'm comparing a $99 upgrade from Vista Home Basic to Vista Business Bonus (which has a license transferable to XP Professional), which is comparable to the $99 upgrade from XP Home to XP Pro back before Vista came out, so it's really the same thing, but I don't see how Microsoft can claim they're not profiting off of this. On top of this, nobody running Windows XP independent of an Active Directory server would care about getting Professional instead of Home ... it's just that Dell (et al) aren't offering Windows XP Home downgrades, since there would be no profit. Hmm...
Microsoft can claim they're not making money on XP, but they can't claim that people downgrading to XP doesn't make more money through upgrading Vista for the transferable license.
Thank you, jeaton. You have taught me a little more about the specs. To think that I'm a network admin, running a mail server (with a policy requiring port 465 but accepting 587) for a decently large company, and I didn't know that.
The funny thing is that MS Outlook doesn't know about 465 (when you push to SSL + authentication on outgoing mail, the port doesn't change from 25) whereas Mozilla Thunderbird changes the port to 465 automatically. Also, running grep 465 /etc/services in Debian returns "ssmtp" with alternate name "smtps" and description "SMTP over SSL" rather than your correctly cited official IANA "URL Rendesvous Directory for SSM," implying that at least Debian, FreeBSD, and others who maintain their own lists are also propagating this issue.
I had learned anecdotally (from the above sources and others) that 465 requires SSL (rather than STARTTLS, which makes it optional), and that it was therefore an easier way to require encryption in addition to authentication. Very interesting.
That said, I still find it unacceptable that most ISPs fail to offer SSL encryption for mail over HTTPS, POP3S/IMAPS, and Submission/SMTP/SMTPS.
What the fuck are they doing on 587? That's a secondary half-ass port used as a compromise and a low-end workaround for ISPs and network admins who blanket-block port 25. If you're to move away from port 25 (which can easily accept TLS for encrypted authentication or even just encrypted data without authentication), you might as well move to the one that requires both authentication and encryption.
NO responsible network or ISP should use plain-text authorization as the default method. I was astounded when I heard that RCN (et al!) fail to offer HTTPS webmail and POP3S email (if not the vastly superior IMAPS), and that TLS commands get dropped on the floor. This is completely unacceptable.
Verizon and co should not be commended for this trivial step, they should be scolded for not going full-on SSL.