you need actual evidence to back up your nonsense.
The concept of eternal oblivion requires as much evidence as the concept of an afterlife. Though we may be able to observe skips in time, or moments of feeling "in the dark," by definition we cannot experience obvlivion. All we have direct evidence of is the ability to travel forward in some timeframe with no subjective effect (no surprise there, if you are a photon), and the ability to experience a primal evasion instinct. As such, and since we do experience the state of consciousness, even a philosophical reason to believe in eternal oblivion is lacking. The very concept may be just a linguistic construct for all we know, and as such, just as much a meme as religions.
I don't see a safe logical path to the implication that consciouness (as opposed to a particular "awareness") is composed of information. While retention of an identity, e.g. memories, would require information transmittal, transfer of consciousness itself (when defined simply as sensation and observance) may not, until we can definitively unify consciousness with an information bearing construct.
Certainly that is correct for the forms of consciousness we as humans relate to. Future AIs may beg to differ, however, and given they will have been constructed by us, will probably be able to communicate with us despite this difference. They may have quite a new perspective.
This is kinda crazy annoying to have to do, and has always annoyed me. There should be a better default behavior, and a way to configure preferences for this, but of course linux users aren't the target audience for FF devels these days.
Personally I do a lot of toying around with SVG, and firefox has to be the worst browser other than IE for that purpose. Doesn't even support SVG fonts.
I wonder if the spedning on this campaign might go high enough to provide significant stimulus to the GDP and jobless numbers. In 2008 total political spending was several billions of dollars -- now we have Citizens United and PACs on steroids. It would be funny if the rommunists undercut themselves.
Hrm. I wonder if there is such a thing as a cash singularity. So much cash in one place that it just keeps drawing in cash from around it, past an event horizon, never to be seen again. Oh wait. That totally explains a whole lot of things. Scary.
I think they already have way too many names, judging from the fact that I keep getting his junk mail, and it should be pretty obvious from publicly available records that I'm voting and donating the other way.
What gets me is this: when all is said and done, Romney and his associated PACs will have spent more than ever has been spent by a campaign (they are on track to outspend Obama, yes.) And yet, unlike just about every other candidate from either party, they still expect their donors to pony up for a postage stamp when they mail in their checks. BTW that means I've won: all the time I spent sending Republicans back empty SASEs paid off in that a few donations will be lost in the mail due to someone forgetting the stamp.
I'm sorry, for some reason I misremembered that the Tews/Beck WPA-PSK cracking material had been integrated with Firesheep. I was thinking of the latter.
Those eduroam sites that use MSCHAPv2 use PEAP-MSCHAPv2. You have to crack the PEAP before you can crack the MSCHAPv2.
Also, EAP_TTLS is allowed on eduroam -- as long as the clients are configured to match their home servers, eduroam can support multiple authentication schemes. The security is end-to-end between you and your home institution (for the authentication, that is, there is no security other than the over-the-air encryption for your data, so still use https and SSL on clients wherever possible.) Do note, however, that in the case of eduroam you are expecting the SSID to show up just about anywhere, so it is doubly important for the security conscious to validate the home server's cert against only the CA you know it should be coming from, and to validate its subject. Which, of course, you cannot do on phones these days, even android.
For VPN use IPSEC, not PPTP, either with certificate-based outer tunnel, or with an outer tunnel using a PSK that you trust will not be compromised. The latter is near impossible in enterprise setups, so the certificate approach is superior, albeit harder to administer.
WPA2-PSK is insecure due to a separate issue entirely (see Firesheep).
For WPA2-Enterprise the MSCHAPv2 session is usually wrapped in a PEAP (SSL) session. This should be safe as long as your client is configured to validate the server-side certificate only against CAs that are not likely to be compromised (i.e. a rougue cert generated). Preferably, one should also validate the certificate's subject (usually the name of the RADIUS server). If this is not the case (and Apple makes this particularly hard, especially on the new Lion setup that requires an 802.1x profile generated by a Lion Server installation) then an MITM attack is possible, where someone pretends to be your AP+RADIUS, and since your client does not check the certificate they offer, it will happily start the MSCHAPv2 session with them, at which point the exchange becomes vulnerable to attempts to hijack it.
WPA2 using EAP-TLS with certificates is safe, but does not offer the ability to check user passwords, so it is usually only favored by institutions that do not worry too much about stolen equipment. (Given that everyone seems happy to let the OS remember their passwords, however, the added benefits of the password becomes dubious.) WPA2 with EAP-TTLS should be unaffected by any of this. The precautions about validating server certs remain relevant, however.
It is possible to configure WPA2-Enterprise with just a raw MSCHAPv2 exchange and no protective PEAP wrapper around it. That would be what the OP's tool is for. It would also be completely insane, and given many native clients do not support that, rather a lot of effort to invest in being insane.
Works with some models, doesn't with others. Some PCBs have parameters flashed into them that are tuned to that particular set of platters after some sort of tuning process at the factory.
Cue up the comments that have nothing to do with this story and use it to further their own political agendas.
OK, you asked for it: Isn't the invisible hand of the free market supposed to produce better products through competition? Oh how, oh how could these faulty safe designs have possibly happened then?
This works up until the point when they realize you really know how to use the equipment; then you end up stuck behind the desk to do all the heavy mental lifting while they hire temps or get college students to do the physical stuff.
Close but that's more IT than CS. A CS equivalent would be developing and testing kinematics or positioning systems, or linking said systems with spectrum survey software, like a WiFi survey tool for example.
Google currently has an interior building-mapping project; essentially streetview for inside buildings. Stuff like that requires a good amount of math and development, alongside a good amount of real-world data gathering.
You can't get blood from a turnip. People are already suffering under the tax burden they already have. Heck, half the workers in the country pay no income tax because they can't *afford* to. They need every penny they can get for basic needs like shelter and food.
And when grandpa's monthly retirement check is cut as an "entitlement" and their uncle bob who can only work 3 days a week due to disease gets kicked off disability and can't make rent on the 1-room basement "apartment" anymore, this makes them better off how?
I was similarly dissappointed. Not that I don't appreciate the value for what is there, just that it could be so much more.
Like for example, math is confusing enough to some, why make it more confusing by leaving errors in the videos, and then watching the prof go back and correct them. I realize this is all "pro bono" work, but take a few minutes and edit that crap out.
When considering WYSIWYG tools, CMS systems, and language framework suite, it really comes down to this:
Is the end-product something you want your name on, when it comes to security, and when it comes to someone else, or even yourself, coming back to maintain it later. Assessing the security of code spit out by a tool, especially a closed source tool, is very difficult and time consuming. Sometimes you can get by on the efforts of others who have gone before you and tested the waters, but then you have to assess the wisdom and professionality of the crowd that is giving that tool a thumbs up -- there are plenty of vibrant communities of people writing awful and insecure code because nobody in the community cares about security or maintainability.
So if an opensource tool, or a closed-source tool that has an open bug reporting process, looks useful, you have to spend time looking at the mailing lists and old bug reports to see what issues were fixed, how long they went unnoticed in the code, how casual the attitudes of the developers were towards serious problems, and how casually bad code might have been allowed to enter the codebase. Also you have to look at whether the APIs presented by the tool are constantly in flux, or whether newer APIs are properly chunked and rolled out with ample consideration towards creating a smooth upgrade path via backward compatibility.
Again, this is a lot of work -- as much as learning a programming language. The reason you would want to do it is if you really think that you'll be designing a whole lot of websites over your career and also will be free to choose your frameworks, rather than being forced into using the PHB's favorite. In that case, a person who has both coding competence and can benefit from a stable, effective, and mature toolset will run circles around a coder that invents everything from scratch on every project.
However if you will be working on PHB's terms, you are best off sharpening your raw coding claws, because about the only thing you can rely on to stay constant is the availability of a good text editor. PHB's change their minds a lot and like to hop around to the next greatest thing.
Division of labor is the very definition of civilization
Yep, and TFA is vaccuous. We have a whole buttload of people perfectly familiar with craftsmanship left over from the overheated house-flipping boom. Doesn't matter if their wallpaper was pre-pasted, they still have the same general set of skills. Those skills come from working on the corners of the project where there isn't a convenient pre-fab solution, not from repetatively cutting 2x4s to some length when you could have ordered them that way.
Division of labor really does need a PR campaign. So many of the people in this area are so determined to be their own car mechanic, home remodeler, cook, gardiner, and brewer, instead of hiring a neighbor to do it, that the economy really does suffer for it (it gets over on the fact that these folks are pretty pound-follish, so they will easily spend $150 on the tools needed to do a half-hour job which they will never need to do again and could have had a professional do for half of that, but a lot of that money leaves the local economy, so not really.)
IPv6 is on all yer systems already whether you have deployed IPv6 or not.makes no difference
Tell that to my router, as you try to get off your segment.
If most bother to RTFM they can cobble together a poor mans ra guard using existing filtering facilities in their switches
IPv6 traffic on the older models of most popular brands of switches cannot be filtered. There are no ipv6 PACLs and no nbar-like facilities on mid-level access switches, only protocol, MAC and IPv4. What features are available are closely tied to the CAM logic, and so depend greatly on the hardware.
The DHCPv6 comments are bullshit for the most part as it is bootstrapped from RA
If you are an idiot and allow self-configuration, it is.
If these features are so unnecessary, then why are they starting to appear in the newer model switches?
Slashdot Mirror
you need actual evidence to back up your nonsense.
The concept of eternal oblivion requires as much evidence as the concept of an afterlife. Though we may be able to observe skips in time, or moments of feeling "in the dark," by definition we cannot experience obvlivion. All we have direct evidence of is the ability to travel forward in some timeframe with no subjective effect (no surprise there, if you are a photon), and the ability to experience a primal evasion instinct. As such, and since we do experience the state of consciousness, even a philosophical reason to believe in eternal oblivion is lacking. The very concept may be just a linguistic construct for all we know, and as such, just as much a meme as religions.
I don't see a safe logical path to the implication that consciouness (as opposed to a particular "awareness") is composed of information. While retention of an identity, e.g. memories, would require information transmittal, transfer of consciousness itself (when defined simply as sensation and observance) may not, until we can definitively unify consciousness with an information bearing construct.
Certainly that is correct for the forms of consciousness we as humans relate to. Future AIs may beg to differ, however, and given they will have been constructed by us, will probably be able to communicate with us despite this difference. They may have quite a new perspective.
This is kinda crazy annoying to have to do, and has always annoyed me. There should be a better default behavior, and a way to configure preferences for this, but of course linux users aren't the target audience for FF devels these days.
Personally I do a lot of toying around with SVG, and firefox has to be the worst browser other than IE for that purpose. Doesn't even support SVG fonts.
I wonder if the spedning on this campaign might go high enough to provide significant stimulus to the GDP and jobless numbers. In 2008 total political spending was several billions of dollars -- now we have Citizens United and PACs on steroids. It would be funny if the rommunists undercut themselves.
You know I once tried to figure out what it might take to emulate a 80x24 VT100 on an unexpanded VIC-20. Couldn't be done.
Hrm. I wonder if there is such a thing as a cash singularity. So much cash in one place that it just keeps drawing in cash from around it, past an event horizon, never to be seen again. Oh wait. That totally explains a whole lot of things. Scary.
I think they already have way too many names, judging from the fact that I keep getting his junk mail, and it should be pretty obvious from publicly available records that I'm voting and donating the other way.
What gets me is this: when all is said and done, Romney and his associated PACs will have spent more than ever has been spent by a campaign (they are on track to outspend Obama, yes.) And yet, unlike just about every other candidate from either party, they still expect their donors to pony up for a postage stamp when they mail in their checks. BTW that means I've won: all the time I spent sending Republicans back empty SASEs paid off in that a few donations will be lost in the mail due to someone forgetting the stamp.
I'm sorry, for some reason I misremembered that the Tews/Beck WPA-PSK cracking material had been integrated with Firesheep. I was thinking of the latter.
Those eduroam sites that use MSCHAPv2 use PEAP-MSCHAPv2. You have to crack the PEAP before you can crack the MSCHAPv2.
Also, EAP_TTLS is allowed on eduroam -- as long as the clients are configured to match their home servers, eduroam can support multiple authentication schemes. The security is end-to-end between you and your home institution (for the authentication, that is, there is no security other than the over-the-air encryption for your data, so still use https and SSL on clients wherever possible.) Do note, however, that in the case of eduroam you are expecting the SSID to show up just about anywhere, so it is doubly important for the security conscious to validate the home server's cert against only the CA you know it should be coming from, and to validate its subject. Which, of course, you cannot do on phones these days, even android.
For VPN use IPSEC, not PPTP, either with certificate-based outer tunnel, or with an outer tunnel using a PSK that you trust will not be compromised. The latter is near impossible in enterprise setups, so the certificate approach is superior, albeit harder to administer.
WPA2-PSK is insecure due to a separate issue entirely (see Firesheep).
For WPA2-Enterprise the MSCHAPv2 session is usually wrapped in a PEAP (SSL) session. This should be safe as long as your client is configured to validate the server-side certificate only against CAs that are not likely to be compromised (i.e. a rougue cert generated). Preferably, one should also validate the certificate's subject (usually the name of the RADIUS server). If this is not the case (and Apple makes this particularly hard, especially on the new Lion setup that requires an 802.1x profile generated by a Lion Server installation) then an MITM attack is possible, where someone pretends to be your AP+RADIUS, and since your client does not check the certificate they offer, it will happily start the MSCHAPv2 session with them, at which point the exchange becomes vulnerable to attempts to hijack it.
WPA2 using EAP-TLS with certificates is safe, but does not offer the ability to check user passwords, so it is usually only favored by institutions that do not worry too much about stolen equipment. (Given that everyone seems happy to let the OS remember their passwords, however, the added benefits of the password becomes dubious.) WPA2 with EAP-TTLS should be unaffected by any of this. The precautions about validating server certs remain relevant, however.
It is possible to configure WPA2-Enterprise with just a raw MSCHAPv2 exchange and no protective PEAP wrapper around it. That would be what the OP's tool is for. It would also be completely insane, and given many native clients do not support that, rather a lot of effort to invest in being insane.
Works with some models, doesn't with others. Some PCBs have parameters flashed into them that are tuned to that particular set of platters after some sort of tuning process at the factory.
Cue up the comments that have nothing to do with this story and use it to further their own political agendas.
OK, you asked for it: Isn't the invisible hand of the free market supposed to produce better products through competition? Oh how, oh how could these faulty safe designs have possibly happened then?
Develop neuromuscular electrical stimulation products maybe? Or assist in R&D of whole body vibration training products?
This works up until the point when they realize you really know how to use the equipment; then you end up stuck behind the desk to do all the heavy mental lifting while they hire temps or get college students to do the physical stuff.
Close but that's more IT than CS. A CS equivalent would be developing and testing kinematics or positioning systems, or linking said systems with spectrum survey software, like a WiFi survey tool for example.
Google currently has an interior building-mapping project; essentially streetview for inside buildings. Stuff like that requires a good amount of math and development, alongside a good amount of real-world data gathering.
You can't get blood from a turnip. People are already suffering under the tax burden they already have. Heck, half the workers in the country pay no income tax because they can't *afford* to. They need every penny they can get for basic needs like shelter and food.
And when grandpa's monthly retirement check is cut as an "entitlement" and their uncle bob who can only work 3 days a week due to disease gets kicked off disability and can't make rent on the 1-room basement "apartment" anymore, this makes them better off how?
I was similarly dissappointed. Not that I don't appreciate the value for what is there, just that it could be so much more.
Like for example, math is confusing enough to some, why make it more confusing by leaving errors in the videos, and then watching the prof go back and correct them. I realize this is all "pro bono" work, but take a few minutes and edit that crap out.
When considering WYSIWYG tools, CMS systems, and language framework suite, it really comes down to this:
Is the end-product something you want your name on, when it comes to security, and when it comes to someone else, or even yourself, coming back to maintain it later. Assessing the security of code spit out by a tool, especially a closed source tool, is very difficult and time consuming. Sometimes you can get by on the efforts of others who have gone before you and tested the waters, but then you have to assess the wisdom and professionality of the crowd that is giving that tool a thumbs up -- there are plenty of vibrant communities of people writing awful and insecure code because nobody in the community cares about security or maintainability.
So if an opensource tool, or a closed-source tool that has an open bug reporting process, looks useful, you have to spend time looking at the mailing lists and old bug reports to see what issues were fixed, how long they went unnoticed in the code, how casual the attitudes of the developers were towards serious problems, and how casually bad code might have been allowed to enter the codebase. Also you have to look at whether the APIs presented by the tool are constantly in flux, or whether newer APIs are properly chunked and rolled out with ample consideration towards creating a smooth upgrade path via backward compatibility.
Again, this is a lot of work -- as much as learning a programming language. The reason you would want to do it is if you really think that you'll be designing a whole lot of websites over your career and also will be free to choose your frameworks, rather than being forced into using the PHB's favorite. In that case, a person who has both coding competence and can benefit from a stable, effective, and mature toolset will run circles around a coder that invents everything from scratch on every project.
However if you will be working on PHB's terms, you are best off sharpening your raw coding claws, because about the only thing you can rely on to stay constant is the availability of a good text editor. PHB's change their minds a lot and like to hop around to the next greatest thing.
Division of labor is the very definition of civilization
Yep, and TFA is vaccuous. We have a whole buttload of people perfectly familiar with craftsmanship left over from the overheated house-flipping boom. Doesn't matter if their wallpaper was pre-pasted, they still have the same general set of skills. Those skills come from working on the corners of the project where there isn't a convenient pre-fab solution, not from repetatively cutting 2x4s to some length when you could have ordered them that way.
Division of labor really does need a PR campaign. So many of the people in this area are so determined to be their own car mechanic, home remodeler, cook, gardiner, and brewer, instead of hiring a neighbor to do it, that the economy really does suffer for it (it gets over on the fact that these folks are pretty pound-follish, so they will easily spend $150 on the tools needed to do a half-hour job which they will never need to do again and could have had a professional do for half of that, but a lot of that money leaves the local economy, so not really.)
IPv6 is on all yer systems already whether you have deployed IPv6 or not.makes no difference
Tell that to my router, as you try to get off your segment.
If most bother to RTFM they can cobble together a poor mans ra guard using existing filtering facilities in their switches
IPv6 traffic on the older models of most popular brands of switches cannot be filtered. There are no ipv6 PACLs and no nbar-like facilities on mid-level access switches, only protocol, MAC and IPv4. What features are available are closely tied to the CAM logic, and so depend greatly on the hardware.
The DHCPv6 comments are bullshit for the most part as it is bootstrapped from RA
If you are an idiot and allow self-configuration, it is.
If these features are so unnecessary, then why are they starting to appear in the newer model switches?
they all wanted to own the entire pie, and none of them could.
That one phrase probably sums up 25 to 50 percent of human history.
RTFA. Plainly a political article.
Moreover, he doesn't seem to understand the difference between a plurality and a majority.
avoid Fox watcher
Now there's a freudian slip I can wholeheartedly agree with.