Would't a program running as a normal user be unable to access the raw swap partition?
Yea true, just like a normal user (or user program) can't grab a raw dump of kernel memory. Buy back in old Solaris or late SunOS, one of Sun's version shiped with incorrect premission on the kernel memory device, which allowed users (and user programs) to read any (or all) of the "primary" memory...
It is better to have a "backup" or "fail safe" plan when dealing with security. If my firewall is completly cracked, I still have tcpwrappers to defend off with. If I set the incorrect read permission on a senastive file, I still have it encrypted to defend off with. If some how anyone can start connecting to the telnet port, most of the users accounts have/bin/false as there shell....
The fact is, things do screw up, and when dealing with security it is a good idea to setup atleast 2 (if possiable) methods (if not more) incase the "main line" defense gets expoilted or breaks.
Also what if someone takes the swap drive out at night, dumps it, puts it back in without you noticing? OK that is super paranoid, but that it what I love about OpenBSD.
Really though double rot-13 is strong enough. Rotate all letters 13 letters forward, then rotate all lettera another 13 letters forward, pure encoding at it's best.
Ok, getting serious for a momement, what exact is the differance between an encoding and an encryption?
I would suggest Rot13. It is fast, real fast. Easy to implement, widly avaiable on all platforms. Free Public Domain License, don't have to pay RSCA (whatever there name is) mega bucks for licensing. It is importable and exportable to the United States (and probably to any other states).
It does have a few security flaws, but unless your are the NCSA you will have a difficult time cracking it. I heard there is a "seti@home"-like project, to distrub a brute force against Rot13, but I haven't heard anything else about it. They have probably give up since todays computer *could* takes years to firgure it out...
I got a nice picture of Jesus in my bible, I am surpised he has yet to become a Quake 3 skin, that and where is Satan and Budda, or the Columbian boys, why aren't there Quake3 skins of these.
Oh you mean that thing called "taste and manners" is stoping people from doing it? So is that a bug in the human brain?
Playing with legos. Voliently I might add. You think them leaving those sharp lego in the middle of the floor at night when you are in your bare feet was an accident....
I have noticed this *cough***cough*. Any programs we use in a "critical envoirment" (buzzword number 1021) I ussually try to test first on a older less productive machine to make sure that most of the "pitfalls" can be avoided...
Ok, if he is testing it (beta) he knows that there WILL be problems. All software has bugs, and even more in beta, so he should realize, "hey things might be fscked up when I am testing this" and just accpect that fact that it isn't going to be a "smooth ride".
Yea, it is BETA, things do break and sometimes breaking older programs is better than having a lot of cruft in the code. This is all part of "on the bleeding edge" and more generally life, just deal with it, that is part of testing it.
If he is complaining that it breaks on his productive workstation when upgrading, my advice to him was not to upgrade his produtive workstation till things "settled down" a bit.
I do test betas when I get a chance, but I don't go slapping beta grade software all the productive workstations here, I wait till it is "safe" to upgrade before I have to start tell people "Yea, I know that developers version really screwed up your workstatoin when I install it on there, I will get a snap shot tonight and see if that fixes it. Oh sorry about you not being able to work today because you desktop was on the jitters."
Welcome to the Bleeding Edge of Software Development! New Feartures in "Bleeding Edge App4 V2.20.0.1"
Breaks all existing programs. Breaks all existing configuration files. Get to spend quality time (ie: tech support) with users. Corrupts old data files. Need to compile 16 megs of *NEW* libaries to work..
Seriously though, this isn't meant as a flame, but why do you *HAVE* to upgrade *RIGHT NOW*? If KDE (whatever version you are using) works for you, why not stick with it? Wait till KDE 2.0 gets tested and debugged by more users, and wait till you almost have to upgrade. (this advice is only toward desktops, other software may differ)
Or just wait till you upgrade you distro in 2-12 months, it should have the lastest and greatest KDE version precompiled for ya. If you don't feel like compiling hunderards of megs of sources, don't, wait till you need or want a really cool fearture, then do it then.
Hey, I have a questions. Say you have 4 virutal desktops in KDE and run an xterm in each virutal terminal right? All xterms show up down on the task bar, is there a way to "isolate" what you see, depending on which virutal desktop you are in for the momemet?
Say you run Netscape in vd 2 and xterm in vd 3. The task bar will show both Netscape and xterm. Is there a way to say, when you switch to vd 2 it only shows Netscape in the task bar, and when you switch to vd 3 it only shows xterm in the task bar?
That is the only thing I can't stand about KDE, everything else though is the flavors.
KDE is sweet, they did (and are still doing) a hell of a job.
If you try to get a job at the CIA, they do an "complete and though" background check. Also they give you a polograph (lie detector) test...
On the up side they do have a LOT of posistions open for System Admins, Programmers, Enginners, Computer Sceinists, and other geek related professions. They are supose to pay really nice also. [they do support and maintain a alot of NT and Microsoft products there, so bewarned]
But they can and do deny people from working there if there background is "shady" (ie: felonies, stealing hard drives with NEST data from La Mos, member of the KGB)
Anyone work there? After I get some expeirnce and some education I want to apply there just for the fun of it. It could be a cool job, I want to get standard issuse CIA black sunglass, and ear peice and be able to say to people "Stand back, this is a job for the CIA" then call all my CIA co-workers to fit gang members like in the Michael Jackson video...
Come back to the orignal point I made "Background checks are fine by me"
I purpose that everyone here at slashdot throw in $2 bucks or so, and we go to lego and ask for a "SUPPR MEGA BULK ORDER" of 200 Billion lego peices.
I don't know what we could do with all those blocks though... besides built our own city, all blue print would have to be of course open sources and freely avaiable on the web...
Oh guys, get ready to flame me for this, but can I ask you a question? I am 22 years old and still thoughly enjoy lego's, is there something wrong with me?
Furnite would be cool, like tables, desktops, book selves.
The question is, would it say cost more to build a lego book case, or just go buy one at XYZ store with the fake wood. You know the plastic funritre, but they have "wood" stickers you put over it so you freinds don't think you a cheap bastard (which you of course are)
Those things (lego's) are really easy to build computer cases out of, I had an old 386 motherboard and started to build a case out of lego's, but I didn't finish it, I sobered up.
The coolest thing though, would big a 6 foot giant Tux! Get some black boxes, yellow and white, what else do you need?
You Sir have just unwittly ripped the portal to hell completly open, the trolls will be sure to rejoice. Save yourself, man kind and slashdot will no longer be the same after this day, the signs are clear....
I will just get a monkey to randomly mash and bash the keyboard with it's hairy paws, now that is security.
But, say you wanted to crack this, couldn'y you just get a realtime video cam and record the rate system admin mashes the keyboard with his fat hands? Get the rhytem from the tape and then make a robtic device to mimic system admin bob's keystroke rate.
Eye scanners would be cool, cause to crack though, you would have to cut out the users eye, remove your glass eye, insert their's into the empty socket and crack that puppy open like a nice cold beer.
On thing I seriously though about doing is a IR interface that is embedded into the body and can send the signal automatic when a correct password is typed into the machine.
Seriously though, the above is just bs. Let's thinkg about this, what if you are drunk or stoned and want to check email? do you think your type rate will be the same? What if you are intoxicated on large amounts of caffeine when you "insert" the password rythems, then when you wake up slow in the morning and try to see what is on slashdot, you type rate is differant. What if you finally get one of those big ass old sytle IBM "click" keyboards that slows down your type rated compared to your sleek space age "fluffy" keyboard?
but when you're dealing with $50k+ orders on the websites, you'd better believe it that these orders better not go "missing" due to *anything*.
You better believe that when dealing with First Posts and rude comments about Miss Portman, these things better not go "missing" due to *anything*
I think this is dealing with more of an Intro to Medium level DB programming, I see it more for the crowd "Hey I want to hack on slashcode and build a "favorite hot grits" survey form", not the 200 million dollar a day ecommencre site (though this book is a good place to start learning (provided you know Perl)). This is a really good book to learn the concepts and implenation on a low level. Most people just learning this stuff (like me) don't have the $$$ to chuck over to Orcale so that we can have a %100 uptime on our 28.8 dial up server...
But you have to agree on some level, encrypting all the data on a hard disk could provide "extra" security in case the drive came up missing. Sure there is only a 1 in 1000^80000 chance that someone is going to be able to breach security and take the drive, but couldn't the encryption on this drives used as a "safety neat" or "back up plan"??
One thing I was always told by the Senior admin here (or was here, he left about a year ago) was that when dealing with security, there should be more than one thing to "stop" someone looking to breach your security.
For example, we setup a firewall that block 2 computers from the Internet, then put tcpwrappers on both computers. I asked, "what is the point of tcpwrappers, everything will be stopped by the firewall", he told me to just install them and make sure they where secure.
One day when we had a hard drive crash on the firewall, we quickly rebuild the machine (our backups wheren't up to date (this was a mistake on our part)), and in our inpatiences it got seriously misconfigured. (this was also our screwup)
That night, we had a ton of log files from tcpwrappers from one IP that was trying to telnet, ftp and everything else into those 2 computers, guess what, the tcpwrappers stop them from even getting a log in prompt (even if they did get a login prompt, %90 of the accounts had/bin/false as a shell...)
Setting up a second (or even an eigth) security measure can be a pain, but once in a while it can really save your ass in a bad sisuation.
Slashdot Mirror
Would't a program running as a normal user be unable to access the raw swap partition?
Yea true, just like a normal user (or user program) can't grab a raw dump of kernel memory. Buy back in old Solaris or late SunOS, one of Sun's version shiped with incorrect premission on the kernel memory device, which allowed users (and user programs) to read any (or all) of the "primary" memory...
It is better to have a "backup" or "fail safe" plan when dealing with security. If my firewall is completly cracked, I still have tcpwrappers to defend off with. If I set the incorrect read permission on a senastive file, I still have it encrypted to defend off with. If some how anyone can start connecting to the telnet port, most of the users accounts have
The fact is, things do screw up, and when dealing with security it is a good idea to setup atleast 2 (if possiable) methods (if not more) incase the "main line" defense gets expoilted or breaks.
Also what if someone takes the swap drive out at night, dumps it, puts it back in without you noticing? OK that is super paranoid, but that it what I love about OpenBSD.
Is there anyway to do a encrypted file system on OpenBSD?
Really though double rot-13 is strong enough. Rotate all letters 13 letters forward, then rotate all lettera another 13 letters forward, pure encoding at it's best.
Ok, getting serious for a momement, what exact is the differance between an encoding and an encryption?
For instance, a photorealistic skin doesn't guarantee that the person you're playing with actually was the model for that skin
I wonder if there would be a way to do like a PGP thing (public and private keys) for skins, like imbed them directly into the skin or something?
the loser would have to do something for the winner, and I'm not talking about the dishes.
What are you talking about? I don't understand.
Please post in complete detail with pictures included to help not only me, but the rest of the entire slashdot forum get "insight" into this matter.
I would suggest Rot13. It is fast, real fast. Easy to implement, widly avaiable on all platforms. Free Public Domain License, don't have to pay RSCA (whatever there name is) mega bucks for licensing. It is importable and exportable to the United States (and probably to any other states).
It does have a few security flaws, but unless your are the NCSA you will have a difficult time cracking it. I heard there is a "seti@home"-like project, to distrub a brute force against Rot13, but I haven't heard anything else about it. They have probably give up since todays computer *could* takes years to firgure it out...
I got a nice picture of Jesus in my bible, I am surpised he has yet to become a Quake 3 skin, that and where is Satan and Budda, or the Columbian boys, why aren't there Quake3 skins of these.
Oh you mean that thing called "taste and manners" is stoping people from doing it? So is that a bug in the human brain?
Make a map of your office, then use co-workers faces and setup a game on the local lan...
Also what if you scan Bill Clintons face into Quake and then frag him with a rocket launcher....
Playing with legos. Voliently I might add. You think them leaving those sharp lego in the middle of the floor at night when you are in your bare feet was an accident....
I have noticed this *cough***cough*. Any programs we use in a "critical envoirment" (buzzword number 1021) I ussually try to test first on a older less productive machine to make sure that most of the "pitfalls" can be avoided...
Ok, if he is testing it (beta) he knows that there WILL be problems. All software has bugs, and even more in beta, so he should realize, "hey things might be fscked up when I am testing this" and just accpect that fact that it isn't going to be a "smooth ride".
Yea, it is BETA, things do break and sometimes breaking older programs is better than having a lot of cruft in the code. This is all part of "on the bleeding edge" and more generally life, just deal with it, that is part of testing it.
If he is complaining that it breaks on his productive workstation when upgrading, my advice to him was not to upgrade his produtive workstation till things "settled down" a bit.
I do test betas when I get a chance, but I don't go slapping beta grade software all the productive workstations here, I wait till it is "safe" to upgrade before I have to start tell people "Yea, I know that developers version really screwed up your workstatoin when I install it on there, I will get a snap shot tonight and see if that fixes it. Oh sorry about you not being able to work today because you desktop was on the jitters."
Welcome to the Bleeding Edge of Software Development! New Feartures in "Bleeding Edge App4 V2.20.0.1"
Breaks all existing programs.
Breaks all existing configuration files.
Get to spend quality time (ie: tech support) with users.
Corrupts old data files.
Need to compile 16 megs of *NEW* libaries to work..
Seriously though, this isn't meant as a flame, but why do you *HAVE* to upgrade *RIGHT NOW*? If KDE (whatever version you are using) works for you, why not stick with it? Wait till KDE 2.0 gets tested and debugged by more users, and wait till you almost have to upgrade. (this advice is only toward desktops, other software may differ)
Or just wait till you upgrade you distro in 2-12 months, it should have the lastest and greatest KDE version precompiled for ya. If you don't feel like compiling hunderards of megs of sources, don't, wait till you need or want a really cool fearture, then do it then.
Hey, I have a questions. Say you have 4 virutal desktops in KDE and run an xterm in each virutal terminal right? All xterms show up down on the task bar, is there a way to "isolate" what you see, depending on which virutal desktop you are in for the momemet?
Say you run Netscape in vd 2 and xterm in vd 3. The task bar will show both Netscape and xterm. Is there a way to say, when you switch to vd 2 it only shows Netscape in the task bar, and when you switch to vd 3 it only shows xterm in the task bar?
That is the only thing I can't stand about KDE, everything else though is the flavors.
KDE is sweet, they did (and are still doing) a hell of a job.
If you try to get a job at the CIA, they do an "complete and though" background check. Also they give you a polograph (lie detector) test...
On the up side they do have a LOT of posistions open for System Admins, Programmers, Enginners, Computer Sceinists, and other geek related professions. They are supose to pay really nice also. [they do support and maintain a alot of NT and Microsoft products there, so bewarned]
But they can and do deny people from working there if there background is "shady" (ie: felonies, stealing hard drives with NEST data from La Mos, member of the KGB)
Anyone work there? After I get some expeirnce and some education I want to apply there just for the fun of it. It could be a cool job, I want to get standard issuse CIA black sunglass, and ear peice and be able to say to people "Stand back, this is a job for the CIA" then call all my CIA co-workers to fit gang members like in the Michael Jackson video...
Come back to the orignal point I made "Background checks are fine by me"
I purpose that everyone here at slashdot throw in $2 bucks or so, and we go to lego and ask for a "SUPPR MEGA BULK ORDER" of 200 Billion lego peices.
I don't know what we could do with all those blocks though... besides built our own city, all blue print would have to be of course open sources and freely avaiable on the web...
where do you work? are they uh hiring. I got expeince in lego building, but don't have any formal education on the subject
What about those little Imoega Click things?
Oh guys, get ready to flame me for this, but can I ask you a question? I am 22 years old and still thoughly enjoy lego's, is there something wrong with me?
A full size, funtical lego toliet...
Furnite would be cool, like tables, desktops, book selves.
The question is, would it say cost more to build a lego book case, or just go buy one at XYZ store with the fake wood. You know the plastic funritre, but they have "wood" stickers you put over it so you freinds don't think you a cheap bastard (which you of course are)
Those things (lego's) are really easy to build computer cases out of, I had an old 386 motherboard and started to build a case out of lego's, but I didn't finish it, I sobered up.
The coolest thing though, would big a 6 foot giant Tux! Get some black boxes, yellow and white, what else do you need?
isn't this more of a bug then an easter egg?
up-up
down-down
left-right
left-right
select (optional for 2 players)
start
It work on a LOT of konami games.
OH MY GOD
"I feel a distrubatise in the force" -- Obi Wan
You Sir have just unwittly ripped the portal to hell completly open, the trolls will be sure to rejoice. Save yourself, man kind and slashdot will no longer be the same after this day, the signs are clear....
May God have mercy on all our souls.
http://www.harleyquinn.com/harleyporn.htm
http://www.harleyquinn.com/images/xnat4
The lost relic has now been found. The seventh sign has now came to pass.
I will just get a monkey to randomly mash and bash the keyboard with it's hairy paws, now that is security.
But, say you wanted to crack this, couldn'y you just get a realtime video cam and record the rate system admin mashes the keyboard with his fat hands? Get the rhytem from the tape and then make a robtic device to mimic system admin bob's keystroke rate.
Eye scanners would be cool, cause to crack though, you would have to cut out the users eye, remove your glass eye, insert their's into the empty socket and crack that puppy open like a nice cold beer.
On thing I seriously though about doing is a IR interface that is embedded into the body and can send the signal automatic when a correct password is typed into the machine.
Seriously though, the above is just bs. Let's thinkg about this, what if you are drunk or stoned and want to check email? do you think your type rate will be the same? What if you are intoxicated on large amounts of caffeine when you "insert" the password rythems, then when you wake up slow in the morning and try to see what is on slashdot, you type rate is differant. What if you finally get one of those big ass old sytle IBM "click" keyboards that slows down your type rated compared to your sleek space age "fluffy" keyboard?
And most of all, what if you a typing class?
but when you're dealing with $50k+ orders on the websites, you'd better believe it that these orders better not go "missing" due to *anything*.
You better believe that when dealing with First Posts and rude comments about Miss Portman, these things better not go "missing" due to *anything*
I think this is dealing with more of an Intro to Medium level DB programming, I see it more for the crowd "Hey I want to hack on slashcode and build a "favorite hot grits" survey form", not the 200 million dollar a day ecommencre site (though this book is a good place to start learning (provided you know Perl)). This is a really good book to learn the concepts and implenation on a low level. Most people just learning this stuff (like me) don't have the $$$ to chuck over to Orcale so that we can have a %100 uptime on our 28.8 dial up server...
But you have to agree on some level, encrypting all the data on a hard disk could provide "extra" security in case the drive came up missing. Sure there is only a 1 in 1000^80000 chance that someone is going to be able to breach security and take the drive, but couldn't the encryption on this drives used as a "safety neat" or "back up plan"??
One thing I was always told by the Senior admin here (or was here, he left about a year ago) was that when dealing with security, there should be more than one thing to "stop" someone looking to breach your security.
For example, we setup a firewall that block 2 computers from the Internet, then put tcpwrappers on both computers. I asked, "what is the point of tcpwrappers, everything will be stopped by the firewall", he told me to just install them and make sure they where secure.
One day when we had a hard drive crash on the firewall, we quickly rebuild the machine (our backups wheren't up to date (this was a mistake on our part)), and in our inpatiences it got seriously misconfigured. (this was also our screwup)
That night, we had a ton of log files from tcpwrappers from one IP that was trying to telnet, ftp and everything else into those 2 computers, guess what, the tcpwrappers stop them from even getting a log in prompt (even if they did get a login prompt, %90 of the accounts had
Setting up a second (or even an eigth) security measure can be a pain, but once in a while it can really save your ass in a bad sisuation.