Perhaps the biggest difference in making telecommuting palatable on a large scale might be the proliferation of, ironically, bugs. That's the real critters as in swine flu etc..
Imagine the CDC not just recommending, but ordering, telecommuting for all employee's where it can be done. Just so they don't have to congregate in crowded public transport systems or at work amongst each other.
Well, atm I do both: single big file and individual files (all flac) as long as I don't run out of space. The single-file album FLAC mostly on reasons of having no artificial breaks between songs (such as live recordings or songs that blend into each other). Only do that until I can figure out how to:
1. Have a Flac 1:1 copy of an album, (incl. no breaks where there are none), with perfect 1:1 album burn-back ability 2. Still have the ability to pick out individual songs for further processing or making custom compilations
> I've got the storage to store my CDs uncompressed but I store them as FLAC.
Am doing the same as a direct result of cheap and abundant storage. Why bother with mp3's and other lossy codecs when you got plenty of space to do it all in FLAC's?
The only issue I have is this: via K3B I rip an album to a single file flac with cue sheet. However, extracting a single song out of that has been tricky. Any suggestions?
> But making smaller, more energy efficient disks also mean that > it's easier to fit bigger, higher capacity disks into the same packaging.
I have my (tower) desktop running on a setup like that:
my main OS drive and/home is on a 2.5" laptop drive. Music, movies and other big things are on regular 3.5" drives with lots of space. I geared this setup specifically towards energy-savings and noise-reduction. The 2.5" drive you can't hear at all through the case and it runs with ca. 4 Watts or so max. By comparison a 3.5 drive runs at ca. 10W give or take. Granted...not much of a saving but it adds up 24/7. The larger drives give me a much better GB/$ ratio and fit all the big things easily. Since I separated them from my regular home, I have them shut down automatically via hdparm after 10 minutes of non-use.
> > What use is not encrypting if you still don't know who's on the other end?
> No false sense of security created by seeing https and a lock icon, due to not > understanding the difference between encryption and authentication. Isn't that > the point of this article?
Actually I perceived the sense of the article to be, that no 'sense of security', false or otherwise/lock or not, exists with 55% - 100% users.
> If you don't have a CA-signed cert, the connection is not secure.
Total farking nonsense. First off, it's encrypted no matter what. And for authentication who's preventing me from publishing fingerprints via other channels, for example?
> Self-signed certificates are NOT OKAY for production/public use. > Encryption is more or less worthless without proof-of-identity.
So why no system of counter-signing aka GPG? mrmillercoffeebeans.com 's self-signed cert is by itself not worth much for authentication, I agree. But if donaldsgasolinestation.com and harveysbakery.com vouch, that mrmillercoffeebeans.com 's (cert) really belongs to Mr. Miller from the coffee shop on Main street, it'd be for me at least as valid if not more as some funky CA from Fiji Island saying such.
> You need to know that not only is the connection encrypted, > but that it is connected to the right server. Not just for banks, > but for anything you want to keep confidential, like connecting > to gmail, buying on amazon, any other financial transaction.
Ironically despite SSL's design to authenticate I could never trust it. I bet to a degree of 100% certainty, that all relevant 3-letter agencies have perfectly valid certificates, that could be chained into a connection for an undetectable MITM attack. Such is the problem with automatically 'trust'ing CA authorities, that you have no human reason to trust.
The warnings of SSL certs rely on something, that doesn't exist: a sense of distinguishing security on the users part.
As the cited study shows, that sense does not exist, in fact blatant decisions contrary to the initial design goal (of SSL errors etc.) get made consciously! Therefore we can reasonably assume the entire system to be broken in both design and application, because other than your geek crowd the vast majority of users don't know, and worse, don't care about SSL errors.
The dangers are invisible: The same resistance you get on other security issues ("You gotta encrypt your email." "Umm...why?) you also get here: If the benefit of applying your mental, time and other resources is not big enough to have a specific/perceptible gain in security and safety, it is mostly not worth bothering with. No amount of re-writing error messages (while in itself not a bad thing at all) will change that! What would make a difference is to sniff a few million unprotected login's and post them somewhere publicly. Ditto for e-mails (the bodies please), chats etc.pp.. Make the risk perceptible and you will make the negation of the risk perceptible and worthwhile.
It is not a computer nor a PEBKAC problem, it's PEBLEARE (Problem Exists between Left Ear and Right Ear). This is not a 'fault' or even stupidity...quite the opposite: We filter our bombardment of information to what's needed the most...actually a very smart and efficient prioritizing of our daily activities. So unless you make e-risks real enough until every mother tells her kids: "Make sure to encrypt your electronic communications!" as they now say "Make sure to look to left and right before crossing the street!" security measures as currently implemented with SSL are largely irrelevant.
So do I. But generally the issue is taken care of the moment I ask for their original installation CD (or backup thereof) or at least a valid License Key. Either they don't have one or they give me some recovery disk, a lot of times from a different computer so it won't work. When I tell them it's no good, they usually ask, if I don't have an installation disk (I do) and if I couldn't install that instead (I won't). My job is the actual task of installing the software and configuring it, not to provide the whole neighborhood with (my copy of) Windows. Give me stuff that works, and I will install it even if a PITA. Ditto for "Office" etc..
Interesting that IP blocking would be the first item on the list. That alone should make all proponents of such blacklists even in self-declared democratic countries think very hard about it. Personally I am strictly opposed to it and I don't care if it's "just for child pornographers" as recently implemented in Germany. My experience has shown, that the people calling for, legislating and implementing such censorship technologies don't know where to stop. Once they have grabbed a tiny slice of power over other's, that power will increasingly corrupt them and they will push for more and more control over other people. Notice, how the 'lawmakers' always apply special protections to themselves in these regards so they are not targeted for spying and/or censorship. Therefore any such moves for censorship need to be diligently fought against and "Congress shall make no law abridging the freedom of speech"!
So what if they use Linux? Linux is but a tool. It's purpose, benign or otherwise, is always defined by the human using it. A hammer can be a home-improvement helper device or a deadly weapon depending on who's swinging it and at what. The hammer's still just a hammer.
> go through all the trouble to abstract and obfuscate your computer operations > only to have the NSA suck up and decode all of your internet traffic through > their fiber splices at your ISP. Computer privacy and security no longer exist, > just get used to it.
You could 'just get used to' using encryption, dear friend, instead of depressing yourself with that defeatist attitude.
Speaking of the NSA...I very much missed any questions/answers pertaining to SELinux. Would have loved to hear her take on it.
> When you mean the "kicking" part, can you be more specific?
I meant adding it during provisioning to the monitoring solution. You answered that with the second part of your reply. Are you guys doing that....provisioning servers via Satellite/Spacewalk and adding it to Zabbix at the same time? If so, how do you go about it in rough terms?
>> Even governments likely would have little need for protecting secrets longer than that.
> There are numerous crimes for which there is no statute of limitations, > and in the court of public opinion, there is no such thing anyway
Of course any real democratic government shouldn't be using locks/crypto in the first place, to protect its dirty secrets from its own public that they represent and work for.
Slashdot Mirror
> Or else the great outdoors is in danger of turning into a lawless range of chaos,
> where you're allowed to bully, insult, and deceive limitlessly.
Please be patient, while we're working to implement this feature...
> they will just raise the price for everyone else.
Which would make such refunds even more worth it! ;-)
I have a large "Designed for Microsoft Windows" sticker on my toilet lid. Visitors are always quite amused. :-)
> He probably took the money and ran.
He's now creating his fork called BucksOS.
Perhaps the biggest difference in making telecommuting palatable on a large scale might be the proliferation of, ironically, bugs. That's the real critters as in swine flu etc..
Imagine the CDC not just recommending, but ordering, telecommuting for all employee's where it can be done. Just so they don't have to congregate in crowded public transport systems or at work amongst each other.
Well, atm I do both: single big file and individual files (all flac) as long as I don't run out of space. The single-file album FLAC mostly on reasons of having no artificial breaks between songs (such as live recordings or songs that blend into each other). Only do that until I can figure out how to:
1. Have a Flac 1:1 copy of an album, (incl. no breaks where there are none), with perfect 1:1 album burn-back ability
2. Still have the ability to pick out individual songs for further processing or making custom compilations
Any suggestions?
> I've got the storage to store my CDs uncompressed but I store them as FLAC.
Am doing the same as a direct result of cheap and abundant storage. Why bother with mp3's and other lossy codecs when you got plenty of space to do it all in FLAC's?
The only issue I have is this: via K3B I rip an album to a single file flac with cue sheet. However, extracting a single song out of that has been tricky. Any suggestions?
> But making smaller, more energy efficient disks also mean that
> it's easier to fit bigger, higher capacity disks into the same packaging.
I have my (tower) desktop running on a setup like that:
my main OS drive and /home is on a 2.5" laptop drive. Music, movies and other big things are on regular 3.5" drives with lots of space. I geared this setup specifically towards energy-savings and noise-reduction. The 2.5" drive you can't hear at all through the case and it runs with ca. 4 Watts or so max. By comparison a 3.5 drive runs at ca. 10W give or take. Granted...not much of a saving but it adds up 24/7. The larger drives give me a much better GB/$ ratio and fit all the big things easily. Since I separated them from my regular home, I have them shut down automatically via hdparm after 10 minutes of non-use.
> > What use is not encrypting if you still don't know who's on the other end?
> No false sense of security created by seeing https and a lock icon, due to not
> understanding the difference between encryption and authentication. Isn't that
> the point of this article?
Actually I perceived the sense of the article to be, that no 'sense of security', false or otherwise/lock or not, exists with 55% - 100% users.
> If you don't have a CA-signed cert, the connection is not secure.
Total farking nonsense. First off, it's encrypted no matter what. And for authentication who's preventing me from publishing fingerprints via other channels, for example?
> Self-signed certificates are NOT OKAY for production/public use.
> Encryption is more or less worthless without proof-of-identity.
So why no system of counter-signing aka GPG? mrmillercoffeebeans.com 's self-signed cert is by itself not worth much for authentication, I agree. But if donaldsgasolinestation.com and harveysbakery.com vouch, that mrmillercoffeebeans.com 's (cert) really belongs to Mr. Miller from the coffee shop on Main street, it'd be for me at least as valid if not more as some funky CA from Fiji Island saying such.
> You need to know that not only is the connection encrypted,
> but that it is connected to the right server. Not just for banks,
> but for anything you want to keep confidential, like connecting
> to gmail, buying on amazon, any other financial transaction.
Ironically despite SSL's design to authenticate I could never trust it. I bet to a degree of 100% certainty, that all relevant 3-letter agencies have perfectly valid certificates, that could be chained into a connection for an undetectable MITM attack. Such is the problem with automatically 'trust'ing CA authorities, that you have no human reason to trust.
The warnings of SSL certs rely on something, that doesn't exist: a sense of distinguishing security on the users part.
As the cited study shows, that sense does not exist, in fact blatant decisions contrary to the initial design goal (of SSL errors etc.) get made consciously! Therefore we can reasonably assume the entire system to be broken in both design and application, because other than your geek crowd the vast majority of users don't know, and worse, don't care about SSL errors.
The dangers are invisible: The same resistance you get on other security issues ("You gotta encrypt your email." "Umm...why?) you also get here: If the benefit of applying your mental, time and other resources is not big enough to have a specific/perceptible gain in security and safety, it is mostly not worth bothering with. No amount of re-writing error messages (while in itself not a bad thing at all) will change that! What would make a difference is to sniff a few million unprotected login's and post them somewhere publicly. Ditto for e-mails (the bodies please), chats etc.pp.. Make the risk perceptible and you will make the negation of the risk perceptible and worthwhile.
It is not a computer nor a PEBKAC problem, it's PEBLEARE (Problem Exists between Left Ear and Right Ear). This is not a 'fault' or even stupidity...quite the opposite: We filter our bombardment of information to what's needed the most...actually a very smart and efficient prioritizing of our daily activities. So unless you make e-risks real enough until every mother tells her kids: "Make sure to encrypt your electronic communications!" as they now say "Make sure to look to left and right before crossing the street!" security measures as currently implemented with SSL are largely irrelevant.
> What use is encryption if you don't know who's on the other end?
What use is not encrypting if you still don't know who's on the other end?
> I _loath_ reinstalling windows.
So do I. But generally the issue is taken care of the moment I ask for their original installation CD (or backup thereof) or at least a valid License Key. Either they don't have one or they give me some recovery disk, a lot of times from a different computer so it won't work. When I tell them it's no good, they usually ask, if I don't have an installation disk (I do) and if I couldn't install that instead (I won't). My job is the actual task of installing the software and configuring it, not to provide the whole neighborhood with (my copy of) Windows. Give me stuff that works, and I will install it even if a PITA. Ditto for "Office" etc..
Missed the weekend $5 deal, but bought it today and it was still only $10 for the 3in1 Linux collection...
Would also like to mention FreeOTFE (http://www.freeotfe.org). Unlike Truecrypt it happens to be Linux/LUKS compatible.
Interesting that IP blocking would be the first item on the list. That alone should make all proponents of such blacklists even in self-declared democratic countries think very hard about it. Personally I am strictly opposed to it and I don't care if it's "just for child pornographers" as recently implemented in Germany. My experience has shown, that the people calling for, legislating and implementing such censorship technologies don't know where to stop. Once they have grabbed a tiny slice of power over other's, that power will increasingly corrupt them and they will push for more and more control over other people. Notice, how the 'lawmakers' always apply special protections to themselves in these regards so they are not targeted for spying and/or censorship. Therefore any such moves for censorship need to be diligently fought against and "Congress shall make no law abridging the freedom of speech"!
> And what if they're using *gasp* linux.
So what if they use Linux? Linux is but a tool. It's purpose, benign or otherwise, is always defined by the human using it. A hammer can be a home-improvement helper device or a deadly weapon depending on who's swinging it and at what. The hammer's still just a hammer.
> go through all the trouble to abstract and obfuscate your computer operations
> only to have the NSA suck up and decode all of your internet traffic through
> their fiber splices at your ISP. Computer privacy and security no longer exist,
> just get used to it.
You could 'just get used to' using encryption, dear friend, instead of depressing yourself with that defeatist attitude.
Speaking of the NSA...I very much missed any questions/answers pertaining to SELinux. Would have loved to hear her take on it.
Linux version here:
http://www.keepassx.org/
I also like the openssl VIM plugin for a text file 'password safe', since you don't even need a X GUI to access it:
http://www.vim.org/scripts/script.php?script_id=2012
> When you mean the "kicking" part, can you be more specific?
I meant adding it during provisioning to the monitoring solution. You answered that with the second part of your reply. Are you guys doing that....provisioning servers via Satellite/Spacewalk and adding it to Zabbix at the same time? If so, how do you go about it in rough terms?
> Have you thought about using Rocks or Redhat's Spacewalk to manage the server
> configs/kickstarts/etc and then kick that info over to Nagios?
Can you do the 'kicking' part scripted via API? Got any tips where to look for additional info on that?
Currently debating whether to use Nagios or Zabbix for monitoring...any idea if Servers in Spacewalk/RHNSS can be automatically added to Zabbix too?
>> Even governments likely would have little need for protecting secrets longer than that.
> There are numerous crimes for which there is no statute of limitations,
> and in the court of public opinion, there is no such thing anyway
Of course any real democratic government shouldn't be using locks/crypto in the first place, to protect its dirty secrets from its own public that they represent and work for.
I am a Serial Killer and I approve of this message! :-D