I've kinda done that. I used to work for Motorola. They have a corporate firewall that blocks bad content, and possibly keeps notes on what bad content individuals ask for. I learned to avoid those sites.
For e-mail I always ssh into my basement server and use mutt. At Motorola we weren't allowed to ssh out, so I parked an ssh server on port 443 (the secure web port) and did my ssh on port 443. (Because Motorola has a user/password routine for getting out, that part was actually kinda complicated on the client end, but China probably isn't so nasty.)
Note, China might insist upon your going through their man-in-the-middle with all encrypted traffic.
I also don't keep e-mail on my notebook, it is all on my server.
For surfing forbidden web sites I would suggest something that wouldn't attract attention with a lot of encrypted traffic, such as the text-only browser lynx.
Mostly I would keep my nose clean and not do things they don't like.
Remember, doing fancy cryptography on your local hard disk can easily backfire. Say the secret police grab you, place you notebook in front of you, and ask you to type the encryption key. What are you going to do?
As a foreigner I would try to act like a foreigner, access the internet as a foreigner would, only be as crafty as a foreigner would be. I would also be a geeky foreigner, I would try to buy more with that. Were I doing anything vaguely political while visiting China I would try extra hard to stay clean in their eyes--no ssh software, no way.
If your passphrase is hashed with MD5, what are the odds that someone will find a duplicate sequence that will generate the same MD5 checksum?
Slim. md5 has its problems, but in no way is my scheme adds any additional risk.
All of the companies I've worked for place an upper limit on the number of characters you can have in a password and many have demanded special aspects of the password (Need at least one number, demand mixed case, can't reuse X characters from your old password, etc) which makes this sort of thing more difficult.
Silly rules on passwords certainly get in the way of my approach, but that doesn't mean my approach is in anyway weak. Putting a number or punctation mark makes it harder to guess a password because you need to try more combinations. But it is the number of combinations that counts.
By putting 32-bits of entropy in my password, I have 4 billion combinations for someone to defeat. It doesn't matter how you get to the total number of possible combinations, it is the total number of combinations a foe must try. Instead of a three word combination I could use something like 1101010110010011101101010100000, and the result would be just as strong, except there would be no way to remember it. Isn't the equivalent "sample-formal-milan" much easier to to remember?
Yes, if your foe knows your technique for generating your password it makes it easier to break it. But it doesn't matter if the technique is one like your employer's or like mine, it makes it a smidge easier. Much more important in the total number of combinations. Making a password harder for you to remember doesn't make it harder for a foe to guess. It is the number of combinations you pick from that matters.
To quote myself, when I need a password, I use a utility called mnencode this way:
$ head -c 4/dev/random | mnencode
And get three word long results like:
iris-farmer-benny or person-london-multi or jumbo-joker-basil
Reasonably easy to type and remember, yet a significant 32-bits of entropy--far better than most passwords. (Enough for circumstances where you don't have a motivated foe with the opportunity to brute force it--a non-readable/etc/shadow is your friend here.)
To find mnencode see . It is really a carefully crafted word list and two complementary programs, mnencode which turns binary data into words intended to be pronouncable, spellable, and unambiguous, and mndecode which turns those words back into that exact binary data.
To move offtopic, for really paranoid security, you can do:
$ head -c 16/dev/random | mnencode
And you get 128-bits worth of entropy as, for example:
Take out the new line, put in single dashes throughout, and you have a long passphrase that is really secure. But it turns out that a passphrase with 128-bits of entropy is pretty unwieldy. It gets hard to remember (was it jester or joker?, secure or secured?, etc), and it is suprisingly hard to type blind. I use exactly one such passphrase (that I don't type on open wires or keyboards I don't control), but I do use it to encode my other passwords.
-kb
P.S. A passphrase with 128-bits of entropy is enough that even a very powerful and motivated foe will not be able to bruteforce it any time soon--if ever--and will instead resort to bugging your keyboard, hiding a camera over your keyboard, sniffing RF-emissions, rubberhose cryptanalysis, etc. For example, suppose the NSA really wants your key and can try a trillion possibilities a second, it would still take, on average, over 3-months crack a 64-bit passphrase--which is well within their abilities if they are really interested. However, a 128-bit passphrase is 18,446,744,073,709,551,616 times as difficult as that, something even the NSA can't accomplish. Note that this is for a symmetric key, public keys work different and need to be much longer for equivalent strength. A 4K bit public key can be manipulated pretty easily by computers these days and is likely extremely strong--depending upon possible breakthroughs in factoring numbers or building quantum computers.
Depending on what you are doing, it can be really hard to make the numbers come out profitably selling wifi. Just because you see it all over the place doesn't mean these outfits are making money on it. If you already have internet access, offering it for free to customers is nearly free to you: the price of an inexpensive wifi box and some bandwidth. However, billing and supporting billing, and supporting those who have paid for the service and demand you make it work, will cost you much more than supplying the service it self. Will you make enough to cover your extra expenses?
If wifi is a feature that will attract more business, then going the easy route (free service) will get you a nice indirect payoff without the hassles and buy you extra good will because you offer it for free.
That said, there can be a very good reason for charging by the clock in, say, a coffee shop: to keep people from parking themselves all day and making you their office. Sure, they will buy coffee, but not as much as that seat will if you turn it over ten times as often.
There is a new coffee shop near where I live (Sherman Cafe in Union Square, Somerville, MA, USA) that has free wireless. And sometimes it seems there are people parked there for the long haul, sitting in front of their computers. Are they staying longer because of the wireless? I don't know. A lot seem to be students writing papers, so maybe not. If they charged by the hour--and priced it in such a way that longer than one hour was discouraged--maybe they would make more money.
On the other hand, at Starbucks (which always seems to have someone charging for the wifi) regulars who subscribe might feel entitled to stay forever. Maybe Sherman Cafe, but offering it for free, guilts a few people into leaving sooner.
Anyway, consider that charging for wifi might be stupid. At least one big outfit has gone under and I expect others to follow. Following them isn't necessarily a recipe for success.
There is hidden wisdom in the above comment: Eat dinner with your kids. Real food (not frozen fast food), real table, real manners, real conversation. It makes for a connection between you, it puts some schedule in them, civilizes the savages.
But you have already been doing that with them up to this point, right? (Teenage years might be a difficult time to start.)
-kb, the Kent without kids, but also the Kent who ate dinner with his
family when growing up.
> almost all tv's nowdays can display both > NTSC and PAL anyway.
Oh, so wrong. In Europe (a place aware of the rest of the world) this may be so. But in the US (an ignorant, parochial, and isolationalist place that unfortunately still insists on throwing its international weight around) multi-standard TV sets mostly don't exist.
Don't underestimate how backward this Red State-laden country is.
-kb, the Kent who is proud to live in a Blue State.
The best FAQs predate the "web" and originated on usenet. They were extremely useful documents probably because they were not designed to be useful, they were designed to prevent the asking of stupid (I mean frequently asked) questions.
This means the best FAQs are not made up of questions that someone thinks will be useful, they are made up of questions that are actually frequently asked. Also, the best answers are not the answers that some marketer or geek would like to give, they are the answers that will make the question go away.
Put another way, good FAQs are not just another way to organize informations, the honestly are Frequently Asked Questions...plus answers that frequently satisfy those questioners.
How to maintain them? They same way one compiles them--by surveying the questions that get asked.
Credit is tricky. The old fashioned virtue of paying your bills in full every month is not the way to get the best credit rating these days. Credit card companies hate that kind of customer, and when you want to get a mortgage it might matter.
Advice:
1. Do NOT get in over your head, do NOT use credit for current consumption beyond your means. (Most important rule.)
2. Make sure no creditor ever loses money because of you. (Second most important rule.)
3. Let them make a little money off of you now and then. (Third most important rule.) Miss a payment? OK, then pay it in full next month. They will get to charge you a little interest, a rather big penalty, and they will get all their original money back. They like that. Or, pay on time but carry a little balance now and then if otherwise convenient.
If you can't follow all of the rules, start at the top and do what you can. Do not follow rule 3 if you can't be sure to also follow rule 1 and 2.
Parting advice: Credit cards go well with income and cashflow. If you are living off of student loans and parents, don't get a credit card. Live as poor as you really are and scrimp and save.
Oh, and get a really light and small notebook so you can carry it with you and not be tempted to leave it unattended. (I am typing this on a Panasonic W2 "Toughbook" aka "Let's Note" in Japan where for some reason they don't need to be so macho. Small, light, good battery life AND a CD/DVD drive builtin.)
- long battery life
- CD/DVD drive builtin
- quiet (no fan)
- builtin wifi
- 2.8 pounds
- power supply is also small and light
- physically tough (in the US it is marketed
as a "Toughbook", "Let's Note" is too wimpy
for here I guess)
I am running Gentoo Linux on mine (a US model), and though I don't have everything working yet, I really like it.
I also have not run the battery all the way down yet, so I don't know how long my somewhat old model really lasts, but I think I am in the 4+ hour range. It is available in US models from dealers in the US, and more up to date Japanese editions are imported by dynamism.com (http://www.dynamism.com/w2/).
One downside I have noticed is that, though the mono speaker is pretty good (little grill for high frequencies with low frequencies somehow coming from behind the keyboard), the quality of the sound out the headphone is marred by picking up noise from other circuitry in the computer. In casual listening circumstances it isn't a problem, but during quiet parts (or silence) I notice it. If you a mostly normal person, you won't care in the least.
-kb, the Kent who is shocked at how heavy his old z505 Vaio suddenly is.
> I'm running a debian-based software raid-1 > mirroring setup [...] I must admit though, it > wasn't easy to set up. For convenience today > I'd probably go with hardware raid too
Debian? Hard to set up? I don't believe it...
Last time I set up software raid 1 I was installing Red Hat 9, and it was easy. Not as easy as a vanilla installation, but still not terribly hard.
> Second, Software raid will always suck for one > big reason: A drive fails, your system locks > up.
Wrong. Bootable sortware raid 1 on Linux works great. I have had a drive fail in the middle of burning a CD and neither I nor the CD knew the difference. I found out when I got an e-mail telling me of the failure. I was even running swap over software raid 1--which is key to keeping things happy.
It is also important to put the raided disks on different controller channels. But it works.
So you want to get away from the rat race of modern life when on vacation? Rent a vacation house without electricity. Without bug screens. Without running water. Hell, camp. Without any plastic or synthetic gear. Go back to the simple life. And don't forget to leave your watch at home.
What? You actually want some of those modern impositions? Which ones?.... NO, you are wrong, you don't want those items, you want the ones I say you want, because *I* know what is a correct vacation.
Oh, wait, I take it back, I am not the one saying how you should spend your vacation, you are the one saying how others should spend their vacations. Are you so insecure that you can't stand the thought of someone else using a computer on vacation? What kind of busy body are you?
-kb, the Kent who knows a particularly nice French jazz radio station that goes particularly well with a vacation, but, except when he is in the right part of France, an internet connection is the only way to get it.
Why do some people find it so upsetting to see someone using technology at an odd place or time that they feel the need to tell them they shouldn't? When you are away from your internet access do you so resent that others are not? Or, when you are near your internet access do you so resent that you are? It is as though you are threatened by technology, you want to hide from it now and then, and so you insist others should too? Is this a religious thing? Do you feel like you are trying to kick an addiction and so others must too?
It is like someone asking about cooking some kind of food and someone else saying "Don't cook that dish.", it is rude and off-topic. Except in the technology case there is an added layer of moral superiority, that the person asking the question is bad and the person saying "Don't do that." is good.
Why is it that an artist is admired for carting his/er paints up a mountain, but if I, a techie, carry any technology I invite condemnation?
"Why does that silly artist feel compelled to always be painting? Why not get away from it all and just enjoy nature? Why be a slave to the damn paint brushes?"
Jeeze, and these rants even get modded up on Slashdot. How insecure are we?
I have a Samsung i330, and I like it. The downside is that the bundling of phone with Palm means that either aspect having a problem likely brings down the other. That said, it *is* neat to be able to do real e-mail on my phone. Running Palm software is cool too.
Recently I even figured out how to use this phone as an internet connection for my Linux notebook. It has a lot of latency, which is nasty for terminal-type interaction, but for web browsing it is pretty good. (Note: Sprint officially frowns on this use of my current plan, but I haven't downloaded any CDs and they haven't shut me off.)
For more down side, this phone turns itself on every few minutes and makes a mysterious 10-second data call.
First, this is annoying because it means that any bumping of the screen can dial numbers, etc., so I keep my idle phone in Citytime, which can't do much with only random taps.
Second, it reminds me that I don't trust the Palm OS nor how it is installed in this phone. As a result I recently bought another Palm (Zire 31) that I keep in my bag instead of on my belt. I don't trust this OS any more than the i330, but I can control who this device talks to. I keep more sensitive data on this new Palm.
The i330 might be for you, but I don't think they make it anymore. I will say it is cool to be able to ssh from my notebook into my home machine with my i330 as a modem.
You are a bit vague about what you are doing, so we have to guess a little. Here is one approach:
1. Run your Linux server as you do, it seems to work.
2. Take your MS Windows offline. No network connection at all.
Do whatever you want on that computer. If it is incommunicado you are safe from long distance interlopers.
Ah, but now you are going to say you do need to get some data across between the two. Okay:
3. Get another computer, put Linux on it, set it next to your Windows box. Keep it secure*. When you need to transfer data, be careful about what you transfer, and use removable media (maybe a USB flash dongle). The Linux box can then transfer to and from the outside world.
Next I suppose you are going to say that you have to do e-mail on the MS Windows box. To that I ask: Why?
* How to secure a Linux box? Here is a short 5-step recipe:
1. Put Linux a respectable distribution on it, and don't stray from the default install without knowing what you are doing. Default installations are pretty secure these days.
2. Keep your distribution up to date.
3. Turn off services you are not using. If you run an e-mail server on that machine, switch from sendmail to postfix, it has a more secure design.
4. Use good passwords (passwords that have a significant amount of real randomness in them), and do NOT reuse those passwords elsewhere.
5. If you start using the Linux regular GUI-based work, be suspicious of fancy, automatic, Windows-like features. That is, worry about macros in Open Office documents, worry about e-mail programs doing anything for you automatically, worry about Javascript (it is different from Java and was not designed with security in mind).
-kb, the Kent who knows exactly one person with a very secure Windows machine: someone who never connects that computer to the internet.
Traditional air conditioning assumes cheap electricity, and plenty of peak capacity. (Ever try to start a compressor motor?)
You want to reduce you air conditioning need. Think awnings that reduce solar gain. Think reducing heat generation. Think insulation. Think how to be a bit more clever. There is a lot of work available on this aspect.
Once you do do some air conditioning, consider finding a cooler hot side for your heat pump. Something my wife wants us to look at for both heating and cooling is "geothermal", that is using the earth for the both hot side (in winter) and cold side (summer) of the heat pump. Also, if you are in a dry climate, consider if a little evaporative cooling might boost efficiency.
Yes, I think that is correct, but let me add something that might be confused here.
Just because this appears to be a phased array does not mean it is an electrically steered phased array (as other postings have suggested). Look at a picture of the rover [http://marsrovers.nasa.gov/mission/images/rover1_ detail_500.jpg]. The high gain antenna looks quite steerable. It is possible that it is also electrically steered to fine tune the aim, but it doesn't look like a high enough gain antenna to need that. Might as well make the mechanics a bit more precise and aim it with motors. Throw in some feedback on signal strength and even if the mechanics are knocked slightly out of alignment a precise aim should be possible.
-kb, the Kent who decided to reply to a single smart post instead of deciding which nonsense post to correct.
[And this being Slashdot, I can't tell whether that is sarcastic or serious...]
It depends on how careful you want to be.
I am prefectly happy to use any old wifi or ethernet or modem to ssh into my server--but only if I am typing my passwords on my own keyboard. I don't trust internet cafes. Two or three times in the last few months there has been news of passwords being sniffed (one at Kinkos and another at a college I think it was and I think the third was some airport kiosk chain).
I say bring a laptop (real keyboard, real screen) with only trusted software on it and find wireless, wired, dialup, or some other access--but don't type valuable passwords on random keyboards. Go ahead and also bring a trustworthy palmtop--but I also don't trust my Palm-based Samsung i330 phone: it makes mysterious data calls every few minutes, and the ssh client I found might be free, but it isn't open source, do I really trust it?
I recently got my mother-in-law set up on Britsys, and though she hasn't been up for long, they look quite good too--and less expensive than Covad.
In both cases I have a static IP, I know I don't have any blocked ports on Covad, I have to admit I haven't confirmed that for Britsys, but I don't think they block any.
Now if I could only find any decent non-dialup for my parents at 952-472-XXXX...
I don't think anyone sensible would doubt that--other things being mostly equal--SCSI is faster than IDE. But this result doesn't pass the smell test. The IDE seems just too slow to be plausably due just to IDE drive vs. SCSI drive.
Note above that I wrote "IDE drive vs. SCSI drive" not "IDE vs. SCSI". IDE and SCSI drives differ in more than their interface. It will never make sense to do an exact match of drives. A sensible comparison would be to put together a high-end box with high-end IDE drives in it (including medium-end technologies such as raid), and match it against a SCSI box with similar specs and a vaguely similar price point. The result will be an IDE box with significantly more storage capacity and a SCSI box which still costs a bit more than the IDE.
The SCSI and IDE markets are different, but they do overlap. To compare the two we should choose tuned configurations that are in the overlaping region. If we do that we will still find that SCSI is faster than IDE, but I would be interested in how big the performance (and price and capacity) difference is.
-kb, the Kent who, were he to put together the fastest possible box with price no object would certainly use SCSI (or fibre channel), but also the Kent who, considering the extra dollars, space, heat, noise, and complexity of a matched-capacity SCSI box would seriously doubt the benefit of SCSI.
No. Not in the sense in which you are using the number. The 525 lines of NTSC includes all of that groady analogue stuff from the start of one frame to the start of the next frame: vertical blanking, synch, et al. The number of lines of picture is more like the familiar 480 (or maybe 486, depends on which standard you ask).
(since it's analog, horizontal is indeterminate)
Not completely. There are bandwidth limits to color NTSC that are well defined (horizontal bandwidth has to be limited so there is a place to put the color information). To digitize an analogue signal at 720 pixels per line is sensible with good starting material. If you want easy to compute square squares and circular circles, 640 isn't that bad a figure. Strange values in between have been seen too.
And if you want to get all fancy and have the best possible picture, you want to design a camera with sensor that has significantly greater native resolution, shoots through a filter that blurrs enough to prevent sampling artifacts (jaggies), and then downsamples to wash out the softness of that earlier filter. (Annoying to be in a universe that apperently doesn't have negative light.)
Power fine at work in Burlington, MA. My basement server in Somerville, MA, is still alive--though it does have a reasonable chunk of an hour of UPS power. (I don't have a daemon watching it.)
-kb, the Kent whose wife is in NYC and doesn't answer her cellphone or respond to wireless Palm e-mail.
You misunderstand. WEP was poorly designed and should not be trusted, but just because WEP is broken doesn't mean that all encryption is broken, and it doesn't stop me from sending securely ecrypted traffic over a completely open access point, or over a WEP access point.
At the moment I am sitting in a coffee shop with free, unencrypted, 802.11b internet access. My reading of slashdot, and the posting of this message, are quite readable by anyone nearby with motivation, a computer, and some brains.
But in another window I have an ssh session logged into my basement Linux server. When I logged in my notebook checked that the signature was as expected and therefore there was no man-in-the-middle attack going on. I am typing this on a notebook I control, I have high confidence that that session is as secure as my house (the weak link, my server is there). I don't need to trust the guy sitting a few chairs down, I don't need to trust the coffee shop.
If I really want to do some web browsing secure from local sniffers I could fire up netscape from my basement but with the display on my notebook. (X has some bebefits.) It would be slow, but it would work.
Encryption is not a magic bullet, but it is a very valuable tool.
What can you do? Don't use MS Windows. Don't use telnet for text logins, don't use plain POP or IMAP for reading e-mail--there are encrypted versions of both. Be worried about banking on open wires; if you see a padlock in the corner of your browser window it means (probably means, there could be bugs) it is encrypted and you have a secure connection to the other end--but who is on the other end? Is it *really* your bank? (This is the man-in-the-middle attack.) Think twice before typing important passwords on a keyboard you don't control. Twice in recent months there has been news of rogue technicians putting sniffers on keyboards, I think one was airport kiosks and one at some college.
Don't use one (or even two) passwords for everything. It is far better to write your different passwords down on a list and keep it in your wallet than it is to reuse passwords in different circumstances. If someone mugs you they can get the list and they might not appreciate its significance, but if you reuse a password one crooked or incompetent web site can leak and now anyone in the world might have your "master key". I keep my list of passwords encrypted with one nasty-ass-long password, and that one I don't write down. Pick good passwords, single words, names, dates, etc., are bad ideas.
Now think about all this advice. Think it through. Understand why I said what I said and whether it makes sense. There are no easy rules to computer security, you have to stop to understand the problem a bit.
One of the tasks involved in becoming an adult is to acquire an ability for "common sense", something that children don't have and take years to develop. Well, computer security has hit us and turned us all into children who have to learn a new kind of common sense. Don't just follow rules, learn and think. And don't be too paranoid.
-kb, the Kent who keeps his ssh related software up to date, and you should too.
Slashdot Mirror
I've kinda done that. I used to work for Motorola. They have a
corporate firewall that blocks bad content, and possibly keeps notes
on what bad content individuals ask for. I learned to avoid those
sites.
For e-mail I always ssh into my basement server and use mutt. At
Motorola we weren't allowed to ssh out, so I parked an ssh server on
port 443 (the secure web port) and did my ssh on port 443. (Because
Motorola has a user/password routine for getting out, that part was
actually kinda complicated on the client end, but China probably isn't
so nasty.)
Note, China might insist upon your going through their
man-in-the-middle with all encrypted traffic.
I also don't keep e-mail on my notebook, it is all on my server.
For surfing forbidden web sites I would suggest something that
wouldn't attract attention with a lot of encrypted traffic, such as
the text-only browser lynx.
Mostly I would keep my nose clean and not do things they don't like.
Remember, doing fancy cryptography on your local hard disk can easily
backfire. Say the secret police grab you, place you notebook in front
of you, and ask you to type the encryption key. What are you going to
do?
As a foreigner I would try to act like a foreigner, access the
internet as a foreigner would, only be as crafty as a foreigner would
be. I would also be a geeky foreigner, I would try to buy more with
that. Were I doing anything vaguely political while visiting China I
would try extra hard to stay clean in their eyes--no ssh software, no
way.
-kb
If your passphrase is hashed with MD5, what
are the odds that someone will find a duplicate
sequence that will generate the same MD5
checksum?
Slim. md5 has its problems, but in no way is my scheme adds any additional risk.
All of the companies I've worked for place an upper limit on the number of characters you can have in a password and many have demanded special aspects of the password (Need at least one number, demand mixed case, can't reuse X characters from your old password, etc) which makes this sort of thing more difficult.
Silly rules on passwords certainly get in the way of my approach, but
that doesn't mean my approach is in anyway weak. Putting a number or
punctation mark makes it harder to guess a password because you need
to try more combinations. But it is the number of combinations that
counts.
By putting 32-bits of entropy in my password, I have 4 billion
combinations for someone to defeat. It doesn't matter how you get to
the total number of possible combinations, it is the total number of
combinations a foe must try. Instead of a three word combination I
could use something like 1101010110010011101101010100000, and the
result would be just as strong, except there would be no way to
remember it. Isn't the equivalent "sample-formal-milan" much easier
to to remember?
Yes, if your foe knows your technique for generating your password it
makes it easier to break it. But it doesn't matter if the technique
is one like your employer's or like mine, it makes it a smidge easier.
Much more important in the total number of combinations. Making a
password harder for you to remember doesn't make it harder for a foe
to guess. It is the number of combinations you pick from that
matters.
-kb
To quote myself, when I need a password, I use a utility called
/dev/random | mnencode
/etc/shadow is your friend here.)
/dev/random | mnencode
mnencode this way:
$ head -c 4
And get three word long results like:
iris-farmer-benny or person-london-multi or jumbo-joker-basil
Reasonably easy to type and remember, yet a significant 32-bits of
entropy--far better than most passwords. (Enough for circumstances
where you don't have a motivated foe with the opportunity to brute
force it--a non-readable
To find mnencode see . It is really
a carefully crafted word list and two complementary programs, mnencode
which turns binary data into words intended to be pronouncable,
spellable, and unambiguous, and mndecode which turns those words back
into that exact binary data.
To move offtopic, for really paranoid security, you can do:
$ head -c 16
And you get 128-bits worth of entropy as, for example:
algebra-mask-armor--jester-cupid-fossil
secure-detail-barcode--gray-judo-safari
Take out the new line, put in single dashes throughout, and you have a
long passphrase that is really secure. But it turns out that a
passphrase with 128-bits of entropy is pretty unwieldy. It gets hard
to remember (was it jester or joker?, secure or secured?, etc), and it
is suprisingly hard to type blind. I use exactly one such passphrase
(that I don't type on open wires or keyboards I don't control), but I
do use it to encode my other passwords.
-kb
P.S. A passphrase with 128-bits of entropy is enough that even a very
powerful and motivated foe will not be able to bruteforce it any time
soon--if ever--and will instead resort to bugging your keyboard,
hiding a camera over your keyboard, sniffing RF-emissions, rubberhose
cryptanalysis, etc. For example, suppose the NSA really wants your
key and can try a trillion possibilities a second, it would still
take, on average, over 3-months crack a 64-bit passphrase--which is
well within their abilities if they are really interested. However, a
128-bit passphrase is 18,446,744,073,709,551,616 times as difficult as
that, something even the NSA can't accomplish. Note that this is for
a symmetric key, public keys work different and need to be much longer
for equivalent strength. A 4K bit public key can be manipulated
pretty easily by computers these days and is likely extremely
strong--depending upon possible breakthroughs in factoring numbers or
building quantum computers.
Depending on what you are doing, it can be really hard to make the numbers come out profitably selling wifi. Just because you see it all over the place doesn't mean these outfits are making money on it. If you already have internet access, offering it for free to customers is nearly free to you: the price of an inexpensive wifi box and some bandwidth. However, billing and supporting billing, and supporting those who have paid for the service and demand you make it work, will cost you much more than supplying the service it self. Will you make enough to cover your extra expenses?
If wifi is a feature that will attract more business, then going the easy route (free service) will get you a nice indirect payoff without the hassles and buy you extra good will because you offer it for free.
That said, there can be a very good reason for charging by the clock in, say, a coffee shop: to keep people from parking themselves all day and making you their office. Sure, they will buy coffee, but not as much as that seat will if you turn it over ten times as often.
There is a new coffee shop near where I live (Sherman Cafe in Union Square, Somerville, MA, USA) that has free wireless. And sometimes it seems there are people parked there for the long haul, sitting in front of their computers. Are they staying longer because of the wireless? I don't know. A lot seem to be students writing papers, so maybe not. If they charged by the hour--and priced it in such a way that longer than one hour was discouraged--maybe they would make more money.
On the other hand, at Starbucks (which always seems to have someone charging for the wifi) regulars who subscribe might feel entitled to stay forever. Maybe Sherman Cafe, but offering it for free, guilts a few people into leaving sooner.
Anyway, consider that charging for wifi might be stupid. At least one big outfit has gone under and I expect others to follow. Following them isn't necessarily a recipe for success.
-kb
There is hidden wisdom in the above comment: Eat dinner with your
kids. Real food (not frozen fast food), real table, real manners,
real conversation. It makes for a connection between you, it puts
some schedule in them, civilizes the savages.
But you have already been doing that with them up to this point,
right? (Teenage years might be a difficult time to start.)
-kb, the Kent without kids, but also the Kent who ate dinner with his
family when growing up.
> almost all tv's nowdays can display both
> NTSC and PAL anyway.
Oh, so wrong. In Europe (a place aware of the rest of the world) this may be so. But in the US (an ignorant, parochial, and isolationalist place that unfortunately still insists on throwing its international weight around) multi-standard TV sets mostly don't exist.
Don't underestimate how backward this Red State-laden country is.
-kb, the Kent who is proud to live in a Blue State.
The best FAQs predate the "web" and originated on usenet. They were extremely useful documents probably because they were not designed to be useful, they were designed to prevent the asking of stupid (I mean frequently asked) questions.
This means the best FAQs are not made up of questions that someone thinks will be useful, they are made up of questions that are actually frequently asked. Also, the best answers are not the answers that some marketer or geek would like to give, they are the answers that will make the question go away.
Put another way, good FAQs are not just another way to organize informations, the honestly are Frequently Asked Questions...plus answers that frequently satisfy those questioners.
How to maintain them? They same way one compiles them--by surveying the questions that get asked.
Credit is tricky. The old fashioned virtue of paying your bills in full every month is not the way to get the best credit rating these days. Credit card companies hate that kind of customer, and when you want to get a mortgage it might matter.
Advice:
1. Do NOT get in over your head, do NOT use credit for current consumption beyond your means. (Most important rule.)
2. Make sure no creditor ever loses money because of you. (Second most important rule.)
3. Let them make a little money off of you now and then. (Third most important rule.) Miss a payment? OK, then pay it in full next month. They will get to charge you a little interest, a rather big penalty, and they will get all their original money back. They like that. Or, pay on time but carry a little balance now and then if otherwise convenient.
If you can't follow all of the rules, start at the top and do what you can. Do not follow rule 3 if you can't be sure to also follow rule 1 and 2.
Parting advice: Credit cards go well with income and cashflow. If you are living off of student loans and parents, don't get a credit card. Live as poor as you really are and scrimp and save.
Oh, and get a really light and small notebook so you can carry it with you and not be tempted to leave it unattended. (I am typing this on a Panasonic W2 "Toughbook" aka "Let's Note" in Japan where for some reason they don't need to be so macho. Small, light, good battery life AND a CD/DVD drive builtin.)
-kb
You left out that it weighs only 2.8 pounds.
Key features:
- long battery life
- CD/DVD drive builtin
- quiet (no fan)
- builtin wifi
- 2.8 pounds
- power supply is also small and light
- physically tough (in the US it is marketed
as a "Toughbook", "Let's Note" is too wimpy
for here I guess)
I am running Gentoo Linux on mine (a US model), and though I don't have everything working yet, I really like it.
I also have not run the battery all the way down yet, so I don't know how long my somewhat old model really lasts, but I think I am in the 4+ hour range. It is available in US models from dealers in the US, and more up to date Japanese editions are imported by dynamism.com (http://www.dynamism.com/w2/).
One downside I have noticed is that, though the mono speaker is pretty good (little grill for high frequencies with low frequencies somehow coming from behind the keyboard), the quality of the sound out the headphone is marred by picking up noise from other circuitry in the computer. In casual listening circumstances it isn't a problem, but during quiet parts (or silence) I notice it. If you a mostly normal person, you won't care in the least.
-kb, the Kent who is shocked at how heavy his old z505 Vaio suddenly is.
> I'm running a debian-based software raid-1
> mirroring setup [...] I must admit though, it
> wasn't easy to set up. For convenience today
> I'd probably go with hardware raid too
Debian? Hard to set up? I don't believe it...
Last time I set up software raid 1 I was installing Red Hat 9, and it was easy. Not as easy as a vanilla installation, but still not terribly hard.
> Second, Software raid will always suck for one
> big reason: A drive fails, your system locks
> up.
Wrong. Bootable sortware raid 1 on Linux works great. I have had a drive fail in the middle of burning a CD and neither I nor the CD knew the difference. I found out when I got an e-mail telling me of the failure. I was even running swap over software raid 1--which is key to keeping things happy.
It is also important to put the raided disks on different controller channels. But it works.
-kb
> If you really know of a good French jazz
> station, please post its frequency (and URL).
La Radio TSF: 89.9, Paris. http://tsfjazz.com
-kb
So you want to get away from the rat race of modern life when on vacation? Rent a vacation house without electricity. Without bug screens. Without running water. Hell, camp. Without any plastic or synthetic gear. Go back to the simple life. And don't forget to leave your watch at home.
.... NO, you are wrong, you don't want those items, you want the ones I say you want, because *I* know what is a correct vacation.
What? You actually want some of those modern impositions? Which ones?
Oh, wait, I take it back, I am not the one saying how you should spend your vacation, you are the one saying how others should spend their vacations. Are you so insecure that you can't stand the thought of someone else using a computer on vacation? What kind of busy body are you?
-kb, the Kent who knows a particularly nice French jazz radio station that goes particularly well with a vacation, but, except when he is in the right part of France, an internet connection is the only way to get it.
Why do some people find it so upsetting to see someone using technology at an odd place or time that they feel the need to tell them they shouldn't? When you are away from your internet access do you so resent that others are not? Or, when you are near your internet access do you so resent that you are? It is as though you are threatened by technology, you want to hide from it now and then, and so you insist others should too? Is this a religious thing? Do you feel like you are trying to kick an addiction and so others must too?
It is like someone asking about cooking some kind of food and someone else saying "Don't cook that dish.", it is rude and off-topic. Except in the technology case there is an added layer of moral superiority, that the person asking the question is bad and the person saying "Don't do that." is good.
Why is it that an artist is admired for carting his/er paints up a mountain, but if I, a techie, carry any technology I invite condemnation?
"Why does that silly artist feel compelled to always be painting? Why not get away from it all and just enjoy nature? Why be a slave to the damn paint brushes?"
Jeeze, and these rants even get modded up on Slashdot. How insecure are we?
I have a Samsung i330, and I like it. The downside is that the bundling of phone with Palm means that either aspect having a problem likely brings down the other. That said, it *is* neat to be able to do real e-mail on my phone. Running Palm software is cool too.
Recently I even figured out how to use this phone as an internet connection for my Linux notebook. It has a lot of latency, which is nasty for terminal-type interaction, but for web browsing it is pretty good. (Note: Sprint officially frowns on this use of my current plan, but I haven't downloaded any CDs and they haven't shut me off.)
For more down side, this phone turns itself on every few minutes and makes a mysterious 10-second data call.
First, this is annoying because it means that any bumping of the screen can dial numbers, etc., so I keep my idle phone in Citytime, which can't do much with only random taps.
Second, it reminds me that I don't trust the Palm OS nor how it is installed in this phone. As a result I recently bought another Palm (Zire 31) that I keep in my bag instead of on my belt. I don't trust this OS any more than the i330, but I can control who this device talks to. I keep more sensitive data on this new Palm.
The i330 might be for you, but I don't think they make it anymore. I will say it is cool to be able to ssh from my notebook into my home machine with my i330 as a modem.
-kb
You are a bit vague about what you are doing, so we have to guess a little. Here is one approach:
1. Run your Linux server as you do, it seems to work.
2. Take your MS Windows offline. No network connection at all.
Do whatever you want on that computer. If it is incommunicado you are safe from long distance interlopers.
Ah, but now you are going to say you do need to get some data across between the two. Okay:
3. Get another computer, put Linux on it, set it next to your Windows box. Keep it secure*. When you need to transfer data, be careful about what you transfer, and use removable media (maybe a USB flash dongle). The Linux box can then transfer to and from the outside world.
Next I suppose you are going to say that you have to do e-mail on the MS Windows box. To that I ask: Why?
* How to secure a Linux box? Here is a short 5-step recipe:
1. Put Linux a respectable distribution on it, and don't stray from the default install without knowing what you are doing. Default installations are pretty secure these days.
2. Keep your distribution up to date.
3. Turn off services you are not using. If you run an e-mail server on that machine, switch from sendmail to postfix, it has a more secure design.
4. Use good passwords (passwords that have a significant amount of real randomness in them), and do NOT reuse those passwords elsewhere.
5. If you start using the Linux regular GUI-based work, be suspicious of fancy, automatic, Windows-like features. That is, worry about macros in Open Office documents, worry about e-mail programs doing anything for you automatically, worry about Javascript (it is different from Java and was not designed with security in mind).
-kb, the Kent who knows exactly one person with a very secure Windows machine: someone who never connects that computer to the internet.
Traditional air conditioning assumes cheap electricity, and plenty of peak capacity. (Ever try to start a compressor motor?)
You want to reduce you air conditioning need. Think awnings that reduce solar gain. Think reducing heat generation. Think insulation. Think how to be a bit more clever. There is a lot of work available on this aspect.
Once you do do some air conditioning, consider finding a cooler hot side for your heat pump. Something my wife wants us to look at for both heating and cooling is "geothermal", that is using the earth for the both hot side (in winter) and cold side (summer) of the heat pump. Also, if you are in a dry climate, consider if a little evaporative cooling might boost efficiency.
-kb
Yes, I think that is correct, but let me add something that might be confused here.
_ detail_500.jpg]. The high gain antenna looks quite steerable. It is possible that it is also electrically steered to fine tune the aim, but it doesn't look like a high enough gain antenna to need that. Might as well make the mechanics a bit more precise and aim it with motors. Throw in some feedback on signal strength and even if the mechanics are knocked slightly out of alignment a precise aim should be possible.
Just because this appears to be a phased array does not mean it is an electrically steered phased array (as other postings have suggested). Look at a picture of the rover [http://marsrovers.nasa.gov/mission/images/rover1
-kb, the Kent who decided to reply to a single smart post instead of deciding which nonsense post to correct.
[And this being Slashdot, I can't tell whether that is sarcastic or serious...]
It depends on how careful you want to be.
I am prefectly happy to use any old wifi or ethernet or modem to ssh into my server--but only if I am typing my passwords on my own keyboard. I don't trust internet cafes. Two or three times in the last few months there has been news of passwords being sniffed (one at Kinkos and another at a college I think it was and I think the third was some airport kiosk chain).
I say bring a laptop (real keyboard, real screen) with only trusted software on it and find wireless, wired, dialup, or some other access--but don't type valuable passwords on random keyboards. Go ahead and also bring a trustworthy palmtop--but I also don't trust my Palm-based Samsung i330 phone: it makes mysterious data calls every few minutes, and the ssh client I found might be free, but it isn't open source, do I really trust it?
-kb
I use Covad at home and they have been reliable.
I recently got my mother-in-law set up on Britsys, and though she hasn't been up for long, they look quite good too--and less expensive than Covad.
In both cases I have a static IP, I know I don't have any blocked ports on Covad, I have to admit I haven't confirmed that for Britsys, but I don't think they block any.
Now if I could only find any decent non-dialup for my parents at 952-472-XXXX...
-kb
I don't think anyone sensible would doubt that--other things being mostly equal--SCSI is faster than IDE. But this result doesn't pass the smell test. The IDE seems just too slow to be plausably due just to IDE drive vs. SCSI drive.
Note above that I wrote "IDE drive vs. SCSI drive" not "IDE vs. SCSI". IDE and SCSI drives differ in more than their interface. It will never make sense to do an exact match of drives. A sensible comparison would be to put together a high-end box with high-end IDE drives in it (including medium-end technologies such as raid), and match it against a SCSI box with similar specs and a vaguely similar price point. The result will be an IDE box with significantly more storage capacity and a SCSI box which still costs a bit more than the IDE.
The SCSI and IDE markets are different, but they do overlap. To compare the two we should choose tuned configurations that are in the overlaping region. If we do that we will still find that SCSI is faster than IDE, but I would be interested in how big the performance (and price and capacity) difference is.
-kb, the Kent who, were he to put together the fastest possible box with price no object would certainly use SCSI (or fibre channel), but also the Kent who, considering the extra dollars, space, heat, noise, and complexity of a matched-capacity SCSI box would seriously doubt the benefit of SCSI.
And if you want to get all fancy and have the best possible picture, you want to design a camera with sensor that has significantly greater native resolution, shoots through a filter that blurrs enough to prevent sampling artifacts (jaggies), and then downsamples to wash out the softness of that earlier filter. (Annoying to be in a universe that apperently doesn't have negative light.)
-kb
Power fine at work in Burlington, MA. My basement server in Somerville, MA, is still alive--though it does have a reasonable chunk of an hour of UPS power. (I don't have a daemon watching it.)
-kb, the Kent whose wife is in NYC and doesn't answer her cellphone or respond to wireless Palm e-mail.
Looking at the package list I didn't see any ssh or sshd listed.
Is it there?
-kb
You misunderstand. WEP was poorly designed and should not be trusted, but just because WEP is broken doesn't mean that all encryption is broken, and it doesn't stop me from sending securely ecrypted traffic over a completely open access point, or over a WEP access point.
At the moment I am sitting in a coffee shop with free, unencrypted, 802.11b internet access. My reading of slashdot, and the posting of this message, are quite readable by anyone nearby with motivation, a computer, and some brains.
But in another window I have an ssh session logged into my basement Linux server. When I logged in my notebook checked that the signature was as expected and therefore there was no man-in-the-middle attack going on. I am typing this on a notebook I control, I have high confidence that that session is as secure as my house (the weak link, my server is there). I don't need to trust the guy sitting a few chairs down, I don't need to trust the coffee shop.
If I really want to do some web browsing secure from local sniffers I could fire up netscape from my basement but with the display on my notebook. (X has some bebefits.) It would be slow, but it would work.
Encryption is not a magic bullet, but it is a very valuable tool.
What can you do? Don't use MS Windows. Don't use telnet for text logins, don't use plain POP or IMAP for reading e-mail--there are encrypted versions of both. Be worried about banking on open wires; if you see a padlock in the corner of your browser window it means (probably means, there could be bugs) it is encrypted and you have a secure connection to the other end--but who is on the other end? Is it *really* your bank? (This is the man-in-the-middle attack.) Think twice before typing important passwords on a keyboard you don't control. Twice in recent months there has been news of rogue technicians putting sniffers on keyboards, I think one was airport kiosks and one at some college.
Don't use one (or even two) passwords for everything. It is far better to write your different passwords down on a list and keep it in your wallet than it is to reuse passwords in different circumstances. If someone mugs you they can get the list and they might not appreciate its significance, but if you reuse a password one crooked or incompetent web site can leak and now anyone in the world might have your "master key". I keep my list of passwords encrypted with one nasty-ass-long password, and that one I don't write down. Pick good passwords, single words, names, dates, etc., are bad ideas.
Now think about all this advice. Think it through. Understand why I said what I said and whether it makes sense. There are no easy rules to computer security, you have to stop to understand the problem a bit.
One of the tasks involved in becoming an adult is to acquire an ability for "common sense", something that children don't have and take years to develop. Well, computer security has hit us and turned us all into children who have to learn a new kind of common sense. Don't just follow rules, learn and think. And don't be too paranoid.
-kb, the Kent who keeps his ssh related software up to date, and you should too.