Well, there's a lot to choose from, Ursula K. Le Guin's Earthsea is a good place to start. But I'd like to mention:
"Burning Chrome" and "Virtual Light" by William Gibson. Or maybe "Islands in the Net" by Bruce Sterling. Be aware that you might have to buy a carbon-frame bicycle next.
A lot of people have mentioned "Diamond Age" by Stephenson -- but if the kids like computers "Snow Crash" might be a good suggestion. My 9 year old niece enjoed being read Pullmans "His Dark Materials Thrilogy".
But don't forget other classic books that inspiere the imagination, like "Treasure Island" by Stevenson.
While the fact that windows updates are enabled by default in the windows gui might appeal to a lot of people -- it turned out to be a very unpleasant experience for a lot of users when service pack 2 for xp was released.
This is why, even with the comprehensive configuration management in Debian, if you install cron-apt it will only download updates by default, not install them.
It *will* email you a notice that updates are ready to install, however. It *can* be configured to install updates, perhaps ignoring kernel-updates until you run upgrade manually.
Now, the fact that users have grown accustomed to inferior interfaces (ie html vs native gui) and inferior protocols (rss/http vs news/mail) shouldn't be blamed on GNU or Unix/BSD.
The only reason anyone would see a local console-only gui hint as superior to email notification must be because they're not used to getting email from their workstation. Because if the machine is networked it'll need those updates even if you don't happen to log in.
Oh, and finally, if I wasn't clear: "allowing Automatic Updates to do it all without any intervention at all" isn't very helpful if those updates are likely to break your remote console and every remote service you have installed -- the way SP2 did, until you could reconfigure the firewall. Or the way the GDI-tool forced an admin to log in during reboot, or the machine would hang.
And apt-get/yum is easier than using windows update, because it'll fix all your supported software; your chioce of sql server, your choice of web server, your office suite, your editor, your downloader, your browser, your chat client(s) etc -- this is ofcourse the major advantage to using a GNU/Linux or BSD-distribution -- the range of supported software is vast.
implies Windows, for which live CDs are not available.
While the suggestion is crazy (to use live cds to get around this problem), you're wrong about Windows and Live CDs. You'd still need a windows licence, and might or might not be allowed to do this, depending on your juridictions take on silly EULAs etc, but:
Now, lets see them marketed in the *developed* world for 2-300USD -- with all profits going into financing the project, or similar non-profit projects.
I can't be the only one that want one of these, and is willing to donate a few hundred to charity for the privilege of getting a standardized linux laptop/ebook reader I can use *anywhere* without need for batteries or power, that just happens to be a politically correct good looking tool ?
Add a few after-marked parts for adapting it to genereate power from a bicycle, say, and everyone owning an "e-bike" would want one too... In fact some standard way to adapt this to mechanical powersources, such as motors, bicycles, wind mills, mills, etc would probably be a great idea for use in devolpment countries also.
As for "biometrically locking the laptop to a child" -- it's even more silly than anti-piracy drm tech. It solves the wrong problem. I can't see a problem with a family *selling* one of these, but if theye're in short supply theft might be a problem.
The company I work for maintains among other things census data, the oldest of which is stored on punchcards. We have the cards, and a reader, but due to being stored in a too moist atmosphere, it's doubtful that the cards (a stack of about a 1000 cards or so) could be read by a punchcard reader.
Luckily, the data has long since been converted to something a little more modern, and stored in am SQL server, but I've always thought that if we needed that data, the most efficient way to get it, would be to use a scanner, with sheet-feeder, scan the cards, as images, and then write a script to process the images to numbers, and then convert that to something useful.
However, the bottom line is, convert data as you go. For some "trivial" data, eg letters and such, pdf/ps might be a good format. But for anything approaching an application, eg spreadsheets, documents with macros, your only bet would be to continiously convert and update the data, as you move from one platform to the next.
As for old text/wordprocessor documents, I've always had good success in getting the essential data with a simple "strings file > plain.txt". But it's not the same as having the actual formated file, ofcourse.
Going with openoffice might help -- not only is the format open, but the code is free, which allows you to archive the implementation as well as the data. I think you'll be able to run code for x86 linux for a long time, even if you might have to emulate the cpu in say 20 years time. It might be possible to do the same for windowscode, ofcourse.
On a personal note, I have some cad drawings made on the Amiga a few years ago, in a format I can't import anywhere; luckily I've exprorted most of that data as postscript so I can at least view it. But it's not good for editing.
Other posters have mentionend RTF as an alternative rich text format, and I think it could be a good choice. Spreadsheets, might be a tougher nut to crack. Although I expect MS Excel should be supported both by MS and varios competitors (open and closed source) for a long while still.
First, not php, not even php5. It's not a nice, general programming language, even if you can use it for cron scripts (ugh).
I'd recommend going with a language with a good interpreter, such as squak, python or ruby. The choice should be based on what kind of project you want to focus on; for web development, go with ruby on rails. For games go with squeak or python. For system programming go with python.
If you want to be hardcore, and teach about the (now almost-redundant, even-if-sun-kept-it-for-java) write-compile-test loop, I'd choose pasacal, with free pascal 2.0. Then you can even teach som assembly. For me pascal syntax is more intuitive than c, it's about as fast, and it doesn't teach you any *really* bad habits.
The only problem with Squak, is that the platform is so advanced, it's likely to instill a false trust in the human race, and programmers and system developers in general, that will be crushed the first time they try to write a cross-platform program in anything else.
Oh, and for some nice rad development, you could always go with objective-c and gnustep.
"as a college student myself it would not surprise me to know that in my agreement with my university they are allowed to block any non school related emails"
First; You din't read it before you signed ?!
Second; as a system admin at a small company, and as a college student -- at least in Norway your mail is considered private, and even if it's easy for the it staff to monitor, read, filter or even alter user mail -- neither is accepted or even legal without user consent.
It's even common courtesy to allow an opt-out option from autmatic spam filtering, most commonly done by flagging the mail (eg with spamassasin), and then letting the user do the actual filtering.
All that being said, just about everyone are happy to have their mail spamfiltered. But content filtered ?! How would you even go about blocking "non school related mails" or "non work related mail" ? Show me a filter that correctly handles research data in Urdu AND blocks love letters in Urdu, and I'll be very impressed. I'd still think it's a horrible idea to block mail based on actual content.
But maybe you meant that you assume the agreement allows the college to block spam in order to reduce the load on it's servers. It's hardly the same as blocking "non school related emails". Can hardly think of any field of study where email isn't considered a neccessary tool, both for socializing and studying.
You mean, economics, as you see it, and use the term here, isn't a philosophy at all. It's descriptive, not normative.
> it's a mathematical description of reality. If economics > tells you you are inefficient, then you should listen or risk going out of business... > or worse yet in managed economies like North Korea and the old Soviet Union risk people starving.
This is statement makes no sense without context; the ways to define "efficient" are way too many, and most of them to wage, for anyone to understand what you want to say.
And, if you look at the numbers, from the standpoint of a corporation, it usually makes the most sense to exploit the weak, and externalise all costs to (often poor) governments and other corporations. Problem arises when the people that make money from corporations (from stocks, or as sallaries) make the political decisions.
Their perspective skews what "efficient" is, and when you have the wrong paramaters, you get the wrong answer, even if the equations are right (which we don't even know for certain that they are).
I generally find that what modern economists find "inefficent" translates to long-term, sustainable global development.
> If you want to have the highest possible standard of living for the most people, then you should > develop a plan with economic rigor... don't just rely on wishful thinking.
Yes, unfortunately it will most likely take an armed uprising to pry wealth and power from the miniscule elite, not just beautiful words. It's sad, but true.
And I hope you're not so deluded as to think that most political and economical decisions in goverments and corporations today defines their goal as "the highest possible standard of living for the most people". That would contradict the charter of both goverments and CEOs.
1. Changing passwords is ofcourse to reduce impact when a password is stolen/cracked. 90 days sounds a bit long -- is this policy based on evaluating what's *needed* or just based on vague assumptions ?
If it is expected that keyloggers, bruteforcing or some other form of password-theft is likely, 30 days might be more apropriate.
2. According to various textbooks on computer security, forming a password from 1st (or some'th) letter in a sentence forms passwords which in general terms are as hard to brute-force as "truly" random passwords:
madly typing at keyboard: 32nfia.-!
I once saw four naked girls dancing in the moonlight: I1s4ngditm!
The latter form *may* be slightly more open to guessing the frequency of letters -- but bruteforcing a password with 12 alpha-numeric characters takes a *lot* of effort.
The main point is that passwords "generated" like that is *much* easier to remember. They may also be more "random" than just typing at the keyboard...
Some punctation and variations in capitalization should be encouraged/enforced.
3. If you are authenticating against Active Directory -- just use pass phrases. Harder to bruteforce -- and prevents the ntlm-hash (16 chars, one case) being accepted by some braindead system.
4. I personally think single-sign on is an important part of a good security strategy because it allows for more frequently changing of passwords -- admins would typically still need 2-3 accounts (normal user, admin role, testing role), but more managble than 10+
5. Just because a password is written down does *not* mean it's compromised! If security really is so important that everyone needs 5 or more 8 letter "random" and uniqe passwords, I would *strongly* recommend that arangements be made for all passwords to be kept in escrow in a safe.
That way employees won't have an excuse to keep the password somewhere insecure. Everyone should be able to get their password during work-hours easily (for instance the receptionist that either knows everyone, or is instructed to _demand_ id, could have access to the safe).
The downside with any kind of escrow, is ofcourse, that one is forced to trust the few people with access to all passwords completly. This is a tradeoff -- but so are all security decisions.
6. You mention bios boot passwords. Is that truly neccessary ? Bios configuration password sounds more reasonable to me. But either one is of rather limited use, unless you are using some form of fortified pc case.
If you do mean configuration passwords, that is a primary candidate for writing down, and locking in a safe IMHO. Normally all admins would have access to this, so that seems reasonable.
consider that with an e-bike this guy can "roll" to work, and exercise on his way home ? All that's left is the battery-problem -- but if he resues the one from his car, then he really doesn't hurt the environment, does he ?
(Oh, ok, so he probably can't do that easily, and either the car would have to be left to rust, or he'd have to get a new battery for it -- but what got me was everyone doing the: Exerecise=Smell=fatburning!=drive=lazy=nosmell-thi ng.)
You sign all your messages, you sign the keys of those you trust -- and if someone sends you a signed e-mail, you can check if someone you already trust has signed their key.
It's not quite the same, but it offers a lot more than "ho-hum, someone I know, knows this email". And while keys can be stolen, it is far easier to forge sender addresseses, and most spammers/"phishers" do that autmatically -- AND with a high probability of using a from-address you already know (Same domain (work), compromised computer (friends address book) or simple harversting (friends/employers/club web page).
As it seems every other post neglegts to mention this: Sun thinclients are absolutely quiet. No harddrive, no fan.
I think it is almost as much of a selling point as price and managability.
I've experienced some issues with sessions hanging on the server, but since you probably won't _need_ 24/7 uptime (you won't be open 24/7, will you ?), a simple restart of the apropriate daemons should be enough to take care of that.
I would check out the price of linux/*bsd-based thin-clients, running on a VIA-board (no fan, integrated video/sound), network booting via pxe, and a server for shared disk storage, printing etc.
You'll have to decide wether you want people to log in (for billing internet use, logging activity) -- and set up login accordingly.
I think you could get hardware costs down, and maybe spend a little more on adminstration (spend a month reading up on unix sysadm, and securing your setup) -- or you could get more expensive networking hardware for improved user experience (gigabit instead of 100Mbs ?).
According to the licence agreement that comes with every x-box (and to which you "agree" by breaking the seal of the x-box package -- a "seal-through" agreement ?), microsoft does _not_ sell you the x-box. It sells you a licence to use it.
So, it's microsft's hardware, not yours, and they're supposedly within their rights to update it.
The question remains, wether a) the licence is legal (I don't believe it's legal in Norway, where I live, because of rather strictly defined consumer rights, and legal definitions of sale of a product), and b) If it _is_ legal, does it still apply after a forced update -- ie after the product licenced has been altered by microsoft ?
this processor will probably embbed some Sony(TM) internal DRM technology preventing you from putting the device to any good and proper use (OGG baby!).
Err. A DRM that checks the currently loaded instructions to detect... multimedialike logic sequences ?
While they may cripple the OS, and make it hard to install a new one -- I can't see how they can prevent you from using just ogg, while allowing you to run a different non-sony multimedia app ?
But it will be interesting to see wether Sony's computer/software devision or Sony Music/Media wins in the end. Apparently they have quite a row going on stuff like mp3.
Beta tapes, while technically superior in quality (and only marginally so)
Hm. I rather recently did some semi-professional videorecording/editing for broadcast tv-use, and the stations wanted a Beta master tape. Are the "recent" broadcast-quality Beta-player/recorders significantly different from the original players ? They certainly have a much better timersignal than VHS.
I'm not so sure I agree with that. Part of the point with smuggeling data in the head of a courier was to have a "tamper-proof" container. Depending on the type of data, 100 megs would be more than enough. That's quite a few plaintext words.
Why do miltary couriers walk around with stuff chained to their arms ? Not because missle codes take up so much storagespace, for sure. More like, to get those codes, you have to overpower the courier first. And if you need the head, and alive at that -- well it makes it just that much harder.
While NSA is one of (if not the) worlds biggest employer of mathematicans, one should not forget MI5 completly. After all they discovered RSA long before R, S and A did, and they kept it secret until AFTER most of the people discovering it was dead -- even though the algorithm becomae publicly know with (or soon following) the anouncement of RSA.
Hardly. The US didn't bomb Iraq over "moral" issues, no matter how many times they told you that -- They bombed Iraq (and Jugoslavia) to make a point:"We ARE badasses, and we WILL fuck you over if you look at us sideways".
As a good friend recently pointet out to me, world events don't make sense when you try to understand them from a some-are-good/some-are-bad perspective. Only when you look at who wins, and gains control over means of production and flow of profit can you glean who are behind what, and why.
To relate this a little more to your actual post:
The west didn't finance crusades because we didn't like moslems, but because we could steal shit from moslems. Galilei did threaten religious power - but in that he was threathening the social order. And to say that the reason indians where/are oppressed is because of christianity is redicolus. I'm quite sure most people, whether jew, protestant, moslem or atheist would agree that indians are, and have been treated unfairly. They just happened to be in the way of a major migration. In the case of current Palestine/"Israel" there are a few more fanatics than average - the many jews that think it's right and proper to steal a country for their own -- because they consider it to BE theirs. But I think that the more you look on who's supporting who (notably US/western powers in general pro-Israel), you'll find an economical/miltary/political motive that is more able to conjure actual armed support(real power) than religious conviction.
Now this all doesn't mean "give up, it's no use", just open your eyes. If you can't see the road and more notably the dangers, the chance of getting where you want to go is so much smaller.
There was after all mother Teresa, Gandhi, Jesus(possibly at least), Muhammed... a bunch of saints and people I've never heard of -- that did good out of moral and religious convition. How do we figure out who's right if we want to ban religious discussion and influence from the public ?
I don't think religion belongs in school in the form of one religion, but more in the form of a historical/sociological and philosophical form -- The golden rule is quite universial, but can be phrased significantly different; Humans can do terrible things out of ungrounded hatred; Love will kill you every time etc.
"Have a seperate machine which only accepts one incoming connection, that which dumps logs onto it. Then the log holding machine has *no* idea of the way the log was encrypted, nor, if the logs are removed (via console) to another machine, preferably laptop, for examination, would it know how to decrypt the logs."
But why should the logs be encrypted on the log-server ? And if you *know* that the log server is secure, and the logs it recieves are real, do you really need to encrypt your logs?
Your setup would make more sense if the log-machine verfied the logs by cheking sigs on the logs, but is there a point in encrypting them ? (Allowing for VPNs is a different issue)
My point is just that while encryption can mean a "bump-in-the-road" for a (cr|h)acker, it all depends on your assumtions. Here the point of encryption was to ensure that the logs couldn't be modified, right ? Hardcopy the logs, and/or md5 sums of the logs, and that is pretty much taken care of. For authentication of the logs, you could use encryption, but in the form of ssl/ssh for verifying the source of the logs. It would as best I can tell serve the same purpose -- after all if someone gains access to the server in question, we must assume that she has acces to all data -- including random-seeds, and secret/public keys available on the server. Depending on your os and setup, it could be difficult to be sure that no session-keys remain on swap etc.
The concept of a log-server isn't a new one, neither is the use of checksums to verify your data - but if we assume that machine A is compromised -- can we then trust A's encrypted output -- or rather can we trust it more than A's clear-text output ?
And with the magic log-holder -- if access is gained the logs can still be trashed (and if they where encrypted would be damn near impossible to retrive even with the keys, I would assume).
Slashdot Mirror
Well, there's a lot to choose from, Ursula K. Le Guin's Earthsea is a good place to start. But I'd like to mention:
"Burning Chrome" and "Virtual Light" by William Gibson. Or maybe "Islands in the Net" by Bruce Sterling. Be aware that you might have to buy a carbon-frame bicycle next.
A lot of people have mentioned "Diamond Age" by Stephenson -- but if the kids like computers "Snow Crash" might be a good suggestion. My 9 year old niece enjoed being read Pullmans "His Dark Materials Thrilogy".
But don't forget other classic books that inspiere the imagination, like "Treasure Island" by Stevenson.
While the fact that windows updates are enabled by default in the windows gui might appeal to a lot of people -- it turned out to be a very unpleasant experience for a lot of users when service pack 2 for xp was released.
This is why, even with the comprehensive configuration management in Debian, if you install cron-apt it will only download updates by default, not install them.
It *will* email you a notice that updates are ready to install, however. It *can* be configured to install updates, perhaps ignoring kernel-updates until you run upgrade manually.
Now, the fact that users have grown accustomed to inferior interfaces (ie html vs native gui) and inferior protocols (rss/http vs news/mail) shouldn't be blamed on GNU or Unix/BSD.
The only reason anyone would see a local console-only gui hint as superior to email notification must be because they're not used to getting email from their workstation. Because if the machine is networked it'll need those updates even if you don't happen to log in.
Oh, and finally, if I wasn't clear: "allowing Automatic Updates to do it all without any intervention at all" isn't very helpful if those updates are likely to break your remote console and every remote service you have installed -- the way SP2 did, until you could reconfigure the firewall. Or the way the GDI-tool forced an admin to log in during reboot, or the machine would hang.
And apt-get/yum is easier than using windows update, because it'll fix all your supported software; your chioce of sql server, your choice of web server, your office suite, your editor, your downloader, your browser, your chat client(s) etc -- this is ofcourse the major advantage to using a GNU/Linux or BSD-distribution -- the range of supported software is vast.
While the suggestion is crazy (to use live cds to get around this problem), you're wrong about Windows and Live CDs. You'd still need a windows licence, and might or might not be allowed to do this, depending on your juridictions take on silly EULAs etc, but:
Now, lets see them marketed in the *developed* world for 2-300USD -- with all profits going into financing the project, or similar non-profit projects.
I can't be the only one that want one of these, and is willing to donate a few hundred to charity for the privilege of getting a standardized linux laptop/ebook reader I can use *anywhere* without need for batteries or power, that just happens to be a politically correct good looking tool ?
Add a few after-marked parts for adapting it to genereate power from a bicycle, say, and everyone owning an "e-bike" would want one too... In fact some standard way to adapt this to mechanical powersources, such as motors, bicycles, wind mills, mills, etc would probably be a great idea for use in devolpment countries also.
As for "biometrically locking the laptop to a child" -- it's even more silly than anti-piracy drm tech. It solves the wrong problem. I can't see a problem with a family *selling* one of these, but if theye're in short supply theft might be a problem.
The company I work for maintains among other things census data, the oldest of which is stored on punchcards. We have the cards, and a reader, but due to being stored in a too moist atmosphere, it's doubtful that the cards (a stack of about a 1000 cards or so) could be read by a punchcard reader.
Luckily, the data has long since been converted to something a little more modern, and stored in am SQL server, but I've always thought that if we needed that data, the most efficient way to get it, would be to use a scanner, with sheet-feeder, scan the cards, as images, and then write a script to process the images to numbers, and then convert that to something useful.
However, the bottom line is, convert data as you go. For some "trivial" data, eg letters and such, pdf/ps might be a good format. But for anything approaching an application, eg spreadsheets, documents with macros, your only bet would be to continiously convert and update the data, as you move from one platform to the next.
As for old text/wordprocessor documents, I've always had good success in getting the essential data with a simple "strings file > plain.txt". But it's not the same as having the actual formated file, ofcourse.
Going with openoffice might help -- not only is the format open, but the code is free, which allows you to archive the implementation as well as the data. I think you'll be able to run code for x86 linux for a long time, even if you might have to emulate the cpu in say 20 years time. It might be possible to do the same for windowscode, ofcourse.
On a personal note, I have some cad drawings made on the Amiga a few years ago, in a format I can't import anywhere; luckily I've exprorted most of that data as postscript so I can at least view it. But it's not good for editing.
Other posters have mentionend RTF as an alternative rich text format, and I think it could be a good choice. Spreadsheets, might be a tougher nut to crack. Although I expect MS Excel should be supported both by MS and varios competitors (open and closed source) for a long while still.
First, not php, not even php5. It's not a nice, general programming language, even if you can use it for cron scripts (ugh).
I'd recommend going with a language with a good interpreter, such as squak, python or ruby. The choice should be based on what kind of project you want to focus on; for web development, go with ruby on rails. For games go with squeak or python. For system programming go with python.
If you want to be hardcore, and teach about the (now almost-redundant, even-if-sun-kept-it-for-java) write-compile-test loop, I'd choose pasacal, with free pascal 2.0. Then you can even teach som assembly. For me pascal syntax is more intuitive than c, it's about as fast, and it doesn't teach you any *really* bad habits.
The only problem with Squak, is that the platform is so advanced, it's likely to instill a false trust in the human race, and programmers and system developers in general, that will be crushed the first time they try to write a cross-platform program in anything else.
Oh, and for some nice rad development, you could always go with objective-c and gnustep.
First; You din't read it before you signed ?!
Second; as a system admin at a small company, and as a college student -- at least in Norway your mail is considered private, and even if it's easy for the it staff to monitor, read, filter or even alter user mail -- neither is accepted or even legal without user consent.
It's even common courtesy to allow an opt-out option from autmatic spam filtering, most commonly done by flagging the mail (eg with spamassasin), and then letting the user do the actual filtering.
All that being said, just about everyone are happy to have their mail spamfiltered. But content filtered ?! How would you even go about blocking "non school related mails" or "non work related mail" ? Show me a filter that correctly handles research data in Urdu AND blocks love letters in Urdu, and I'll be very impressed. I'd still think it's a horrible idea to block mail based on actual content.But maybe you meant that you assume the agreement allows the college to block spam in order to reduce the load on it's servers. It's hardly the same as blocking "non school related emails". Can hardly think of any field of study where email isn't considered a neccessary tool, both for socializing and studying.
> Economics isn't just a philosophy...
You mean, economics, as you see it, and use the term here, isn't a philosophy at all. It's descriptive, not normative.
> it's a mathematical description of reality. If economics
> tells you you are inefficient, then you should listen or risk going out of business...
> or worse yet in managed economies like North Korea and the old Soviet Union risk people starving.
This is statement makes no sense without context; the ways to define "efficient" are way too many, and most of them to wage, for anyone to understand what you want to say.
And, if you look at the numbers, from the standpoint of a corporation, it usually makes the most sense to exploit the weak, and externalise all costs to (often poor) governments and other corporations. Problem arises when the people that make money from corporations (from stocks, or as sallaries) make the political decisions.
Their perspective skews what "efficient" is, and when you have the wrong paramaters, you get the wrong answer, even if the equations are right (which we don't even know for certain that they are).
I generally find that what modern economists find "inefficent" translates to long-term, sustainable global development.
> If you want to have the highest possible standard of living for the most people, then you should
> develop a plan with economic rigor... don't just rely on wishful thinking.
Yes, unfortunately it will most likely take an armed uprising to pry wealth and power from the miniscule elite, not just beautiful words. It's sad, but true.
And I hope you're not so deluded as to think that most political and economical decisions in goverments and corporations today defines their goal as "the highest possible standard of living for the most people". That would contradict the charter of both goverments and CEOs.
Even for small values of 19, and large values of 2 and 15, 15+2 19.
Go see "Spaced": http://www.tvtome.com/Spaced/
then complain about poor British humor.
"Jar-Jar makes the Ewoks look like fucking Shaft."
-Tim in "Spaced"
1.
Changing passwords is ofcourse to reduce impact when a password is stolen/cracked. 90 days sounds a bit long -- is this policy based on evaluating what's *needed* or just based on vague assumptions ?
If it is expected that keyloggers, bruteforcing or some other form of password-theft is likely, 30 days might be more apropriate.
2.
According to various textbooks on computer security, forming a password from 1st (or some'th) letter in a sentence forms passwords which in general terms are as hard to brute-force as "truly" random passwords:
madly typing at keyboard: 32nfia.-!
I once saw four naked girls dancing in the moonlight: I1s4ngditm!
The latter form *may* be slightly more open to guessing the frequency of letters -- but bruteforcing a password with 12 alpha-numeric characters takes a *lot* of effort.
The main point is that passwords "generated" like that is *much* easier to remember. They may also be more "random" than just typing at the keyboard...
Some punctation and variations in capitalization should be encouraged/enforced.
3.
If you are authenticating against Active Directory -- just use pass phrases. Harder to bruteforce -- and prevents the ntlm-hash (16 chars, one case) being accepted by some braindead system.
4.
I personally think single-sign on is an important part of a good security strategy because it allows for more frequently changing of passwords -- admins would typically still need 2-3 accounts (normal user, admin role, testing role), but more managble than 10+
5.
Just because a password is written down does *not* mean it's compromised! If security really is so important that everyone needs 5 or more 8 letter "random" and uniqe passwords, I would *strongly* recommend that arangements be made for all passwords to be kept in escrow in a safe.
That way employees won't have an excuse to keep the password somewhere insecure. Everyone should be able to get their password during work-hours easily (for instance the receptionist that either knows everyone, or is instructed to _demand_ id, could have access to the safe).
The downside with any kind of escrow, is ofcourse, that one is forced to trust the few people with access to all passwords completly. This is a tradeoff -- but so are all security decisions.
6.
You mention bios boot passwords. Is that truly neccessary ? Bios configuration password sounds more reasonable to me. But either one is of rather limited use, unless you are using some form of fortified pc case.
If you do mean configuration passwords, that is a primary candidate for writing down, and locking in a safe IMHO. Normally all admins would have access to this, so that seems reasonable.
consider that with an e-bike this guy can "roll" to work, and exercise on his way home ? All that's left is the battery-problem -- but if he resues the one from his car, then he really doesn't hurt the environment, does he ?
i ng.)
(Oh, ok, so he probably can't do that easily, and either the car would have to be left to rust, or he'd have to get a new battery for it -- but what got me was everyone doing the: Exerecise=Smell=fatburning!=drive=lazy=nosmell-th
You sign all your messages, you sign the keys of those you trust -- and if someone sends you a signed e-mail, you can check if someone you already trust has signed their key.
It's not quite the same, but it offers a lot more than "ho-hum, someone I know, knows this email". And while keys can be stolen, it is far easier to forge sender addresseses, and most spammers/"phishers" do that autmatically -- AND with a high probability of using a from-address you already know (Same domain (work), compromised computer (friends address book) or simple harversting (friends/employers/club web page).
As it seems every other post neglegts to mention this: Sun thinclients are absolutely quiet. No harddrive, no fan.
I think it is almost as much of a selling point as price and managability.
I've experienced some issues with sessions hanging on the server, but since you probably won't _need_ 24/7 uptime (you won't be open 24/7, will you ?), a simple restart of the apropriate daemons should be enough to take care of that.
I would check out the price of linux/*bsd-based thin-clients, running on a VIA-board (no fan, integrated video/sound), network booting via pxe, and a server for shared disk storage, printing etc.
You'll have to decide wether you want people to log in (for billing internet use, logging activity) -- and set up login accordingly.
I think you could get hardware costs down, and maybe spend a little more on adminstration (spend a month reading up on unix sysadm, and securing your setup) -- or you could get more expensive networking hardware for improved user experience (gigabit instead of 100Mbs ?).
According to the licence agreement that comes with every x-box (and to which you "agree" by breaking the seal of the x-box package -- a "seal-through" agreement ?), microsoft does _not_ sell you the x-box. It sells you a licence to use it.
So, it's microsft's hardware, not yours, and they're supposedly within their rights to update it.
The question remains, wether a) the licence is legal (I don't believe it's legal in Norway, where I live, because of rather strictly defined consumer rights, and legal definitions of sale of a product), and b) If it _is_ legal, does it still apply after a forced update -- ie after the product licenced has been altered by microsoft ?
Err. A DRM that checks the currently loaded instructions to detect ... multimedialike logic sequences ?
While they may cripple the OS, and make it hard to install a new one -- I can't see how they can prevent you from using just ogg, while allowing you to run a different non-sony multimedia app ?
But it will be interesting to see wether Sony's computer/software devision or Sony Music/Media wins in the end. Apparently they have quite a row going on stuff like mp3.
Hm. I rather recently did some semi-professional videorecording/editing for broadcast tv-use, and the stations wanted a Beta master tape. Are the "recent" broadcast-quality Beta-player/recorders significantly different from the original players ? They certainly have a much better timersignal than VHS.
And MUCH higher quality.
Are there more than one "Beta" format ?
It just shows that Gibson can write very varied sf. Personally I'm a big Gibson fan, both of the Neuromancer-books, and of the Virtual Light-series.
For more info on Gibson, check out the Gibson Aleph.
I'm not so sure I agree with that. Part of the point with smuggeling data in the head of a courier was to have a "tamper-proof" container. Depending on the type of data, 100 megs would be more than enough. That's quite a few plaintext words.
Why do miltary couriers walk around with stuff chained to their arms ? Not because missle codes take up so much storagespace, for sure. More like, to get those codes, you have to overpower the courier first. And if you need the head, and alive at that -- well it makes it just that much harder.
>Ah, kamisama! Ore no atama ni ono ga arimasu yo!.
Funny grammar. Wouldn't you use a more polite pronomen when complaining to the gods ? And I'd think oni would be funnier than ono.
I can't wait to have one and point all my apps' temp folders at it, like Cool Edit and such
Sure. And the next time power fails after a long coding-session, all your data will be gone.
I think this is silly. I would rather have a mainboard that supports a lot of memory, and applications/os' that take advantage of that.
Then again, if it was bootable, it might be nice for a soundless system. But I'd still install a regular hd for "backups" of my data.
Just try to replace a videocard - what will Debian with default xdm do?
Flash x five times, and then start up a text-mode dialog telling you that X seems to be crashing, and politly ask you if you want to reconfigure.
If you select no, it will kindly disable xdm for you, and ask you to enable it, once you've worked out what the problem is.
Maybe redhat copes with this now, but it certainly didn't use to.
While NSA is one of (if not the) worlds biggest employer of mathematicans, one should not forget MI5 completly. After all they discovered RSA long before R, S and A did, and they kept it secret until AFTER most of the people discovering it was dead -- even though the algorithm becomae publicly know with (or soon following) the anouncement of RSA.
Hardly. The US didn't bomb Iraq over "moral" issues, no matter how many times they told you that -- They bombed Iraq (and Jugoslavia) to make a point:"We ARE badasses, and we WILL fuck you over if you look at us sideways".
As a good friend recently pointet out to me, world events don't make sense when you try to understand them from a some-are-good/some-are-bad perspective. Only when you look at who wins, and gains control over means of production and flow of profit can you glean who are behind what, and why.
To relate this a little more to your actual post:
The west didn't finance crusades because we didn't like moslems, but because we could steal shit from moslems. Galilei did threaten religious power - but in that he was threathening the social order. And to say that the reason indians where/are oppressed is because of christianity is redicolus. I'm quite sure most people, whether jew, protestant, moslem or atheist would agree that indians are, and have been treated unfairly. They just happened to be in the way of a major migration. In the case of current Palestine/"Israel" there are a few more fanatics than average - the many jews that think it's right and proper to steal a country for their own -- because they consider it to BE theirs. But I think that the more you look on who's supporting who (notably US/western powers in general pro-Israel), you'll find an economical/miltary/political motive that is more able to conjure actual armed support(real power) than religious conviction.
Now this all doesn't mean "give up, it's no use", just open your eyes. If you can't see the road and more notably the dangers, the chance of getting where you want to go is so much smaller.
There was after all mother Teresa, Gandhi, Jesus(possibly at least), Muhammed ... a bunch of saints and people I've never heard of -- that did good out of moral and religious convition. How do we figure out who's right if we want to ban religious discussion and influence from the public ?
I don't think religion belongs in school in the form of one religion, but more in the form of a historical/sociological and philosophical form -- The golden rule is quite universial, but can be phrased significantly different; Humans can do terrible things out of ungrounded hatred; Love will kill you every time etc.
Viva Sapata! (Anyone have any news on that, btw?)
But why should the logs be encrypted on the log-server ? And if you *know* that the log server is secure, and the logs it recieves are real, do you really need to encrypt your logs?
Your setup would make more sense if the log-machine verfied the logs by cheking sigs on the logs, but is there a point in encrypting them ? (Allowing for VPNs is a different issue)
My point is just that while encryption can mean a "bump-in-the-road" for a (cr|h)acker, it all depends on your assumtions. Here the point of encryption was to ensure that the logs couldn't be modified, right ? Hardcopy the logs, and/or md5 sums of the logs, and that is pretty much taken care of. For authentication of the logs, you could use encryption, but in the form of ssl/ssh for verifying the source of the logs. It would as best I can tell serve the same purpose -- after all if someone gains access to the server in question, we must assume that she has acces to all data -- including random-seeds, and secret/public keys available on the server. Depending on your os and setup, it could be difficult to be sure that no session-keys remain on swap etc.
The concept of a log-server isn't a new one, neither is the use of checksums to verify your data - but if we assume that machine A is compromised -- can we then trust A's encrypted output -- or rather can we trust it more than A's clear-text output ?
And with the magic log-holder -- if access is gained the logs can still be trashed (and if they where encrypted would be damn near impossible to retrive even with the keys, I would assume).