Pretty sure that was an intentional, somewhat jestful dig at bologne research and the public reaction to it. But wtf? someone modded that insightful? That's the person you should really be worried about
The really obvious solution is either: Simply don't support domain logons with your fingerprint SW because it's a bad idea anyway with how easy it is to obtain someone's print in the first place, or if you must have it, work with Microsoft to develop a secure means of authenticating on the domain by fingerprint without requiring storage of the user password. Storing the user's password is not a solution. It's a feet-dragging, responsibility-shirking copout.
I think you're reading the Active Directory / Domain Logon article not the SMB article. But at any rate, this just goes to highlight how stupid it is to be storing the poorly obfuscated user password if talking about Domain Logons *anyway*
Read up on SMB at wikipedia. It uses Kerberos authentication. It does not exchange passwords.
In fact, nothing in windows land exchanges actual passwords any more. And anything that does is considered legacy and needs to be updated (eg lanman auth vs kerberos auth). There really is no reason to store a password in windows land. None.
Read up on bitlocker @ wikipedia, the key derived from the user provided password isn't the only means of decryption. I'm SURE they could find a better way than storing the password. And if not, they can at least make it harder to get at. If anyone wants to throw enough resources at it, they'll decrypt your drive anyway. That doesn't mean you should make it easy for them.
Not the physical fingerprint, the mathematical relationship between primary features in the image kind of 'fingerprint'. You know.. the mechanism they use to match your fingerprint *in the first place* to authenticate you?
Ah right. Does windows allow you to change the encryption key on the home directory after the fact? I guess it must since people change their passwords. UPEK could re-encrypt it using a key derived from the fingerprint(s) or such
What I don't get is why it needs to store the windows account password at all. If they wrote a proper authentication plugin for the windows security model, they would just need to know the user's SID and have permission to go 'Yep, the person at the console is in fact this SID' without needed to provide the password at all. I've done this before, it's really not all that hard either, day or 2 of digging through docs and actual coding. *confused*
The thing about figures-of-speech is that they're not meant to be taken literally. In case you're not trolling and actually don't know what a boys club is in this context: It's a cooperative group of wealthy/powerful people that maintain exclusivity in order to keep the division of power maintainable. As you stated, the AG was hand-picked by another powerful person without any input from the public. Ergo, boys club. Even though they're both women (debatable).
You forget that the Australian AG is in the pockets of the MPAA/RIAA who absolutely want this information by any means possible. You forget that the AG office completely own and controls the ratings review board here and makes copyright laws without court oversight.
Unfortunately, no one votes for the Attorney General position. It's a complete boys' club. It's also above the law in a few key ways. I don't know why we allow this office to exist still.
Frankly, I object to the entire notion of letting 1 single person have so much control and sway on our lives. It's completely batshit insane. I have no idea why people even/tolerate/ the office of Attorney General still. SO much awesome would come from this position not existing any more. For example, Australia would have an R18+ rating for video games already, causing mediocre titles like Syndicate to not be considered illegal contraband (yes thats right, video games that are common place and considered 'no big deal' in the rest of the world are actually, to this day, fucking illegal here because they have a bit more blood than some old fuddy-duddy likes. Yet somehow the God of War series, the most violent and graphics games I've ever seen, are ma15+ ??? Guess who's on the ratings review board - thats right, the AG. The AG's office controls the entire classification review board). Policies like this internet snooping would actually be forced to go through an analysis and vetting process, held up for scrutiny by both parties, debated and rationalized before being pushed into binding law. The AU ACTA and SOPA talk minutes would be public knowledge instead of being censored by the AG, who apparently doesn't even need court approval to do such things despite it having an immense impact on our laws.
Seriously, why the fuck do we still even have an Attorney General position.
Each to their own. I think I would be less interested if I played betas of it every few months. I tried this with Endless Space and although I liked 'having a say' and getting in early, now that it's released it's also old to me and not exciting any more. Still fun for a few hours of a rainy day but it doesn't offer anything new any more. The same would be true of this project had I been in on the dev - by now I'd be tired of it but instead I'm eager for it to be released and see it fresh as a finished product
FYI BeOS didn't 'die' due to lack of customer interest, it died because it's competitor (Microsoft) bought it out and decided to discontinue it. Irix is still used in some places.. yes, scary I know but it's true. And we only wish Solaris was dying.
Thanks for the suggestion, but I don't particularly care for eclipse. I mean it's ok, it does it's job and I have no particular gripe with (although I find that when I go to install some domain specific SDK with eclipse integration it's a nightmare to find the right versions of the right plugins it expects..) I'm just not a fan of IDEs in general really. When I do C# work however I find VS2010's object browser, intellisense documentation, and winforms designer pays off (mainly because I'm not as familiar with it as other langs/APIs). VS2012 on the other hand.. ugh. I'd rather use acme on rio and plan9. Looks about the same as that anyway! http://upload.wikimedia.org/wikipedia/commons/9/98/Acme.png
I actually thought this was the case when I looked at the Windows 8 controls and window elements - that they were designed by devs drawing them programmatically, and Microsoft had fired the entire design group to shave costs. Then I installed Visual Studio 2012 to check it out and realized it was designed by/for anything but devs and suspected they just swapped teams in some abhorrent experiment gone wrong.
I like how, according to that page, they're all busy playing video games instead of giving a crap. (And a few are even playing multiple games at once!)
The bit people seem to be overlooking, though, is that the ammo box is already useless now as well. Do you really think even a large *maybe* semi-organised militia of current-generation mind-mush fatties who have mostly never fired a gun, let alone at a moving target, let alone at a moving human target, are going to be any match for even a small detachment of the US military? I've spoken to a couple marine types after they've seen real action.. scary shit. They have little-to-no qualms attacking civilians if they are ordered to; for some the distinction between our civilians/or/ others' civilians doesn't even exist. And as soon as you pick up a gun you are no longer a non-combatant which makes it even easier. They do what they are told and they do it fucking well. It's what they're supposed to do after all. If you had a gun, and their superior told them to kill you, they'd do it without any hesitation at all and never giving it another second of thought.
I think a better move would be to skip the 4th box and invent a 5th
In fact, these days GNOME describes itself as a “community that makes great software”, which is as nondescript as you can get for software development. The biggest problem with having no goals is that you can’t measure yourself. Nobody can say if GNOME 3 is better or worse than GNOME 2
Prrrrrrrrretty sure your users are telling you everything you need to know. They're saying 'Gnome 3 SUCKS, we want things back the way they used to be in Gnome 2'. Mayyyyyyybe you should try listening to them for direction and goals, hmmm? Just a thought.
Slashdot Mirror
Pretty sure that was an intentional, somewhat jestful dig at bologne research and the public reaction to it. But wtf? someone modded that insightful? That's the person you should really be worried about
The really obvious solution is either: Simply don't support domain logons with your fingerprint SW because it's a bad idea anyway with how easy it is to obtain someone's print in the first place, or if you must have it, work with Microsoft to develop a secure means of authenticating on the domain by fingerprint without requiring storage of the user password. Storing the user's password is not a solution. It's a feet-dragging, responsibility-shirking copout.
I think you're reading the Active Directory / Domain Logon article not the SMB article. But at any rate, this just goes to highlight how stupid it is to be storing the poorly obfuscated user password if talking about Domain Logons *anyway*
Further info if you want it:
/dev/sd[abcde] | egrep "(Native|Model)"
~$ sudo hdparm -I
Model Number: ST2000DM001-9YN164
* Native Command Queueing (NCQ)
Model Number: ST2000DL003-9VT166
Model Number: ST2000DL003-9VT166
Model Number: ST2000DL003-9VT166
Model Number: ST2000DL003-9VT166
Btw, these are new drives, less than a year old. Manufactured November 2011
Green drives from Seagate do not appear to have NCQ. As per below, I have 1 normal and 4 greens in this box:
/sys/block/sd?/device/queue_depth
/sys/block/sd?/device/queue_type
~$ cat
31
1
1
1
1
~$ cat
simple
none
none
none
none
Read up on SMB at wikipedia. It uses Kerberos authentication. It does not exchange passwords. In fact, nothing in windows land exchanges actual passwords any more. And anything that does is considered legacy and needs to be updated (eg lanman auth vs kerberos auth). There really is no reason to store a password in windows land. None.
Read up on bitlocker @ wikipedia, the key derived from the user provided password isn't the only means of decryption. I'm SURE they could find a better way than storing the password. And if not, they can at least make it harder to get at. If anyone wants to throw enough resources at it, they'll decrypt your drive anyway. That doesn't mean you should make it easy for them.
Not the physical fingerprint, the mathematical relationship between primary features in the image kind of 'fingerprint'. You know.. the mechanism they use to match your fingerprint *in the first place* to authenticate you?
Ah right. Does windows allow you to change the encryption key on the home directory after the fact? I guess it must since people change their passwords. UPEK could re-encrypt it using a key derived from the fingerprint(s) or such
What I don't get is why it needs to store the windows account password at all. If they wrote a proper authentication plugin for the windows security model, they would just need to know the user's SID and have permission to go 'Yep, the person at the console is in fact this SID' without needed to provide the password at all. I've done this before, it's really not all that hard either, day or 2 of digging through docs and actual coding. *confused*
The thing about figures-of-speech is that they're not meant to be taken literally. In case you're not trolling and actually don't know what a boys club is in this context: It's a cooperative group of wealthy/powerful people that maintain exclusivity in order to keep the division of power maintainable. As you stated, the AG was hand-picked by another powerful person without any input from the public. Ergo, boys club. Even though they're both women (debatable).
You forget that the Australian AG is in the pockets of the MPAA/RIAA who absolutely want this information by any means possible. You forget that the AG office completely own and controls the ratings review board here and makes copyright laws without court oversight.
Unfortunately, no one votes for the Attorney General position. It's a complete boys' club. It's also above the law in a few key ways. I don't know why we allow this office to exist still.
Frankly, I object to the entire notion of letting 1 single person have so much control and sway on our lives. It's completely batshit insane. I have no idea why people even /tolerate/ the office of Attorney General still. SO much awesome would come from this position not existing any more. For example, Australia would have an R18+ rating for video games already, causing mediocre titles like Syndicate to not be considered illegal contraband (yes thats right, video games that are common place and considered 'no big deal' in the rest of the world are actually, to this day, fucking illegal here because they have a bit more blood than some old fuddy-duddy likes. Yet somehow the God of War series, the most violent and graphics games I've ever seen, are ma15+ ??? Guess who's on the ratings review board - thats right, the AG. The AG's office controls the entire classification review board). Policies like this internet snooping would actually be forced to go through an analysis and vetting process, held up for scrutiny by both parties, debated and rationalized before being pushed into binding law. The AU ACTA and SOPA talk minutes would be public knowledge instead of being censored by the AG, who apparently doesn't even need court approval to do such things despite it having an immense impact on our laws.
Seriously, why the fuck do we still even have an Attorney General position.
Each to their own. I think I would be less interested if I played betas of it every few months. I tried this with Endless Space and although I liked 'having a say' and getting in early, now that it's released it's also old to me and not exciting any more. Still fun for a few hours of a rainy day but it doesn't offer anything new any more. The same would be true of this project had I been in on the dev - by now I'd be tired of it but instead I'm eager for it to be released and see it fresh as a finished product
FYI BeOS didn't 'die' due to lack of customer interest, it died because it's competitor (Microsoft) bought it out and decided to discontinue it. Irix is still used in some places.. yes, scary I know but it's true. And we only wish Solaris was dying.
Thanks for the suggestion, but I don't particularly care for eclipse. I mean it's ok, it does it's job and I have no particular gripe with (although I find that when I go to install some domain specific SDK with eclipse integration it's a nightmare to find the right versions of the right plugins it expects..) I'm just not a fan of IDEs in general really. When I do C# work however I find VS2010's object browser, intellisense documentation, and winforms designer pays off (mainly because I'm not as familiar with it as other langs/APIs). VS2012 on the other hand.. ugh. I'd rather use acme on rio and plan9. Looks about the same as that anyway! http://upload.wikimedia.org/wikipedia/commons/9/98/Acme.png
I actually thought this was the case when I looked at the Windows 8 controls and window elements - that they were designed by devs drawing them programmatically, and Microsoft had fired the entire design group to shave costs. Then I installed Visual Studio 2012 to check it out and realized it was designed by/for anything but devs and suspected they just swapped teams in some abhorrent experiment gone wrong.
It's interesting how good the 'powers that be' are getting at openly crowd sourcing information and strategy.
So like, if they fired all the management and kept the devs and writers.. 10 out of 7,645 staff would remain?
I like how, according to that page, they're all busy playing video games instead of giving a crap. (And a few are even playing multiple games at once!)
lol, thats not quite what I meant
The bit people seem to be overlooking, though, is that the ammo box is already useless now as well. Do you really think even a large *maybe* semi-organised militia of current-generation mind-mush fatties who have mostly never fired a gun, let alone at a moving target, let alone at a moving human target, are going to be any match for even a small detachment of the US military? I've spoken to a couple marine types after they've seen real action.. scary shit. They have little-to-no qualms attacking civilians if they are ordered to; for some the distinction between our civilians /or/ others' civilians doesn't even exist. And as soon as you pick up a gun you are no longer a non-combatant which makes it even easier. They do what they are told and they do it fucking well. It's what they're supposed to do after all. If you had a gun, and their superior told them to kill you, they'd do it without any hesitation at all and never giving it another second of thought.
I think a better move would be to skip the 4th box and invent a 5th
In fact, these days GNOME describes itself as a “community that makes great software”, which is as nondescript as you can get for software development. The biggest problem with having no goals is that you can’t measure yourself. Nobody can say if GNOME 3 is better or worse than GNOME 2
Prrrrrrrrretty sure your users are telling you everything you need to know. They're saying 'Gnome 3 SUCKS, we want things back the way they used to be in Gnome 2'.
Mayyyyyyybe you should try listening to them for direction and goals, hmmm? Just a thought.