wow, nice assumptions there. For the record, I voted for bush in 2000 (or more accurately I voted against gore) and I "threw my vote away" on the liberaterian candidate last time around. I would love to see a real conservative like Gingrich or hell even Regan over this poser. Any credibility he had claiming "it was all to protect against the terrorists" was gone after the ports deal, his in ability to do anything about illegal aliens, etc.
So my concern about the perpetual, increasing power to one branch of government makes me closed minded, whiny, and stupid? Please explain, my mind might just be able to handle it. Tell me how we should be cool with chucking the concept of seperation of powers and checks and balances in favor of a system where one side can claim "it's for your own good" and do whatever, whenever and not be accountable to anyone?
What does anyone, EVER put important (especially sentitive) data on a laptop? Do you have a locked and secure server room? Perhaps it should go there....
But what if the judge is a wacko leftie who impedes the investigation? Or worse, what if he is a terrorist sympathiser himself? Quite simply, Bush does not trust ANYONE (congress, the courts, certainly not us) with the war on terror. Any information can be used by the terrorists so it must all be classified and kept secret at all costs. This is why warrants must be bypassed, lawsuits against the NSA, AT&T, et al must be stopped, and accused must not hear the evidence against them.
The rallying cry on the Right is that the president's most important job is to keep us safe, and he must be able to do anything necessary to do that job.
The question that no Bush supporter has been able to answer in regards to this?
"What happens when Hillary Clinton or someone more left gets into power and inherits all of these unlimited powers? What happens when they declare gun owners to be terrorists and bring to bear the full power of the electronic suveriliance and secrets court and warrants against them?" What happens when the President is no long someone you believe to be totally trustworthy and honerable, but corrupt and evil, and now armed with the unlimited power you gave not to Bush, but to the periodically changing position of the President?"
I've seen several people's eyes glaze over in a "oh my god I never thought of that" moment when asked this question.
I know you are being funny but there are a lot of people who honestly believe this. They believe strongly that GWB needs these powers (along with torture) to fight terrorism. They believe that he is doing a great job at it and these expanded powers just for him keep us all safe.
I'm not going to get into whether or not that is true, but it demonstrates some serious short-sightedness. What happens when Hillary Clinton gets into power, and inherits all of these orwellian powers? Do those same "Bill O'Reilly"-lovin people think she will be just as honerable, trustworthy, and uncorrupt as they believe Bush to be? Granting a president nearly unlimited power because you believe he himself will not abuse it is silly at best. The president is not a person, it is a position, and that position changes at least every 8 years.
I'm waiting to hear a different tune sung when all of these powers are turned against tracking down "gun-owners" as the next step in the war on terror (when fought by someone on the far left).
Wouldn't help, everything is classified as terrorism anyway. Dealing drugs is terrorism with chemical weapons, pirating music is financial terrorism directed at our corporations, etc.
I understand wanting laws to have scope and restriction, but making that restriction "terrorism" today would not really restrict it in any way.
Thanks. My biggest complaints about Solaris basically boil down to 'it's not BSD;' I never was much of a SysV fan... Actually, the big thing I don't like is that it doesn't seem to be very easy to do a minimal install of Solaris and then install the bits you actually use; I tried that and ended up with CDE but no compiler.
That's a good point, I have resigned myself to just always insalling "everything". Safest option but then there is a lot of "svcadm disable blah" you gotta to do make it secure.
Ugh. AIX. Thanks. Now I'm going to have nightmares tonight...
I will say this for AIX, there is absolutely no better volume management system out there than Logical Volume Manager for AIX. Volume manamgent on Linux and Solaris does not hold a candle to this. I got really spoiled being able to quickly, dynamically resize partitions at will on a running system.
I find it disappointing that I did not know the meaning of the word "epistemology" only to find out it means "theory of knowledge". Talk about a double smack in the face.
Employers can easily find an alumnus (thank you for using the correct plural btw), current student, or staff member, who for a fee (or just because they are friends) will print/save-to-pdf/cut-and-past/etc. job applicant's profiles. Do YOU trust every single person in your university with a university email address?
Not sure what you are requesting evidence about...
That employers have people checking facebook accounts?
A more relevent question is "what evidence can a random homestarrunner fan on the internet provide that a skeptic cannot easily dismiss?"
You can believe me or not, my happiness does not depend on it. You might want to ask yourself this though: "how could someone possibly believe this is NOT happening?"
Do I have evidence about Facebook's ToS? Yes: Facebook's ToS.
And anyone they let do it. Government orgs, companies, scientology, whoever. The content on it is theirs, they can distribute it or allow access to it as they see fit.
People, if you have no caught on to this yet, a lot of employers have people at a lot of schools pulling facebook profiles for their HR dept. Some undergrad they pay, nephew of the CEO attending classes, a staff member, whatever. Your facebook profile WILL be seen outside of the fantasy restrictions you think facebook puts on it. They are under no obligation to honor those restrictions anyway, they could open up the whole thing tomorrow to the world and there is nothing you can do about it. The content you put on it is theirs, not yours, and they can license it to whomever they want or distribute it as they see fit. Read the ToS agreement.
The rest of the userland, however, is a disaster. The filesystem hierarchy is GNU, BSD, or SysV depending on how you look at it, and many of the core utilities are missing useful options.
Blastwave.org - not always the most up to date releases, but certainly the best replacement for those utilities you don't like.
The default shell doesn't do things like tab completion (or even have a history buffer), and the man pages seem to be formatted for printing not on-screen display.
It is trivial to change your shell to bash (distributed with Solaris 10). Give that these are your complaints I have to advise you to NEVER touch AIX. You think Solaris is bad in userland...
Next summer, the first standards-compliant firmware will arrive. A year later, that firmware will have been debugged and protected.
Nope, hate to break it to you but very little in existing 802.11n devices is software defined. Existing devices will mostly liklely not be firmware upgradable to the final standard, so you will be stuck with a device that is incompatable, underperforming, and will completely fuck up surrounding 802.11g/b networks. No thanks.
By then, WPA-PSK will have been handily cracked.
Already is, you want WPA2-PSK. Actually you don't, you want WPA2 enterprise. It is not that hard to set up.
The distinction between micro and macro evolution is faulty, there is no such distinction. Evolution occures, we have seen it, that's it. You can make the arguement that perhaps there is some unseen hand guiding it, but it is happening. We humans have not been studying this (or really been around) long enough to see the full on, ape into human evolution that is described as macro. But it is nothing more than a long series of "micro" evolutions occuring over a long span of time. Why is it hard to believe that? If you believe in "micro" evolution, is it not plausable that it happens over and over again over a long span of time and would end up looking like "macro"?
Evolution is just evolution, tiny mutations and adaptations over millions of years. We only see the little jumps because we are not millions of years old.
Yes it is, but frankly this world could use more "if you are incapable of doing your job, you should not be doing it" simplistic logic.
If you don't have a person in your organization to whom it does not seem complicated, and you don't have funds to hire one, should you forego wireless networking altogether?
Nope, but whomever is responsible for the wireless network should perhaps learn about wireless networks. Truck drivers should also know how to drive trucks.
What's wrong with making wireless security easier?
Nothing at all, it should be easier, a lot easier in fact. I'm all for making it easier.
Not every organization is Fort Knox. I work at a computer magazine. Is my "enterprise data" really under severe threat if my network admins choose to use fingerprint-based access control lists instead of WPA Enterprise?
I suppose not, but also remember that your comapany will likely be liable for anything done from your IP address, no matter how they got on your wireless network.
Obviously though, the security has to match the need, and if there is not a strong need for security, then there is not reason to go there. If everyone at your computer magazine is comfortable knowing that it is trival for someone to snoop all of their wireless traffic, and join their wireless network then more power to ya. I am a little wierded out that a computer magazine would opt for the lazy solution though;)
I mostly have an idea of what Radius is. But not entirely. I didn't even know there was something called FreeRadius. So what solution is Radius for and where does it fit into the universe of LDAP / Kerberos / Active Directory / etc?
now THAT's a deep question, but one I am happy to answer because I love this stuff:)
Basically, enterprise WPA (802.1x) needs a source to authenticate from. The protocol most used (only used?) is Radius - older protocol, not all that perfect but until Diameter comes out (yes, the follow-on to radius is called diameter) it is about all we got.
The central authentication system where I work is MIT Kerberos V (Active Directory also uses Kerberos V for authentication). This is ultimately where all userid's and passwords are stored. The beauty of Kerberos is that once can authenticate to and obtain a portable credential without ever sending the password over the wire (encrypted or not).
LDAP is where we store user profiles. Groups, attributes, etc. We do not authenticate to LDAP (although most places do it seems) simply because Kerberos is much better, more secure, and unlike LDAP, actually designed to do authentication, not a hacked on afterthought. You CAN authenticate to LDAP, but it involves passing your userID and password (hopefully over SSL) to the LDAP server. Some argue this is better and easier but I maintain that anything relying on PKI is more complicated than necessary (and you are not really doing PKI unless you have a robust certificate revocation system, which nobody does).
Not to mention that Kerberos allows for a signle sign on environment, and many network services accept kerberos credentials to log on (SSH, IMAP, NFS, AFS, etc).
Sure I do, why wouldn't I? It is not that hard. At work we have WPA enterprise implemented with freeradius (backended by Kerberos), at home I do with freeradius right on the router with openWRT.
If it seems too complicated to someone, that person should not be responsible for running wireless access points at their organization.
I agree, and it is amazing to me (well not really but it should be) that we as a country would rather spend money on the illusion of security than the real thing. I thought homeland security was paramount, so why wouldn't we pay for the best?
Absolutely, I suppose I should have put a disclaimer that the rent-a-cops we have running security checkpoints now are not really qualified to do this (which is probably why they have strict, detailed, and ultimately unhelpful instructions to follow to the letter)
Slashdot Mirror
wow, nice assumptions there. For the record, I voted for bush in 2000 (or more accurately I voted against gore) and I "threw my vote away" on the liberaterian candidate last time around. I would love to see a real conservative like Gingrich or hell even Regan over this poser. Any credibility he had claiming "it was all to protect against the terrorists" was gone after the ports deal, his in ability to do anything about illegal aliens, etc.
So my concern about the perpetual, increasing power to one branch of government makes me closed minded, whiny, and stupid? Please explain, my mind might just be able to handle it. Tell me how we should be cool with chucking the concept of seperation of powers and checks and balances in favor of a system where one side can claim "it's for your own good" and do whatever, whenever and not be accountable to anyone?
Finkployd
"Finkployd" works, my no-so-secret identity on the internet since 1994 (and fidonet before that)
For the record, I release this comment into the public domain.
Finkployd
What does anyone, EVER put important (especially sentitive) data on a laptop? Do you have a locked and secure server room? Perhaps it should go there....
Sheesh.
Finkployd
But what if the judge is a wacko leftie who impedes the investigation? Or worse, what if he is a terrorist sympathiser himself? Quite simply, Bush does not trust ANYONE (congress, the courts, certainly not us) with the war on terror. Any information can be used by the terrorists so it must all be classified and kept secret at all costs. This is why warrants must be bypassed, lawsuits against the NSA, AT&T, et al must be stopped, and accused must not hear the evidence against them.
The rallying cry on the Right is that the president's most important job is to keep us safe, and he must be able to do anything necessary to do that job.
The question that no Bush supporter has been able to answer in regards to this?
"What happens when Hillary Clinton or someone more left gets into power and inherits all of these unlimited powers? What happens when they declare gun owners to be terrorists and bring to bear the full power of the electronic suveriliance and secrets court and warrants against them?" What happens when the President is no long someone you believe to be totally trustworthy and honerable, but corrupt and evil, and now armed with the unlimited power you gave not to Bush, but to the periodically changing position of the President?"
I've seen several people's eyes glaze over in a "oh my god I never thought of that" moment when asked this question.
Finkployd
I know you are being funny but there are a lot of people who honestly believe this. They believe strongly that GWB needs these powers (along with torture) to fight terrorism. They believe that he is doing a great job at it and these expanded powers just for him keep us all safe.
I'm not going to get into whether or not that is true, but it demonstrates some serious short-sightedness. What happens when Hillary Clinton gets into power, and inherits all of these orwellian powers? Do those same "Bill O'Reilly"-lovin people think she will be just as honerable, trustworthy, and uncorrupt as they believe Bush to be? Granting a president nearly unlimited power because you believe he himself will not abuse it is silly at best. The president is not a person, it is a position, and that position changes at least every 8 years.
I'm waiting to hear a different tune sung when all of these powers are turned against tracking down "gun-owners" as the next step in the war on terror (when fought by someone on the far left).
Finkployd
Wouldn't help, everything is classified as terrorism anyway. Dealing drugs is terrorism with chemical weapons, pirating music is financial terrorism directed at our corporations, etc.
I understand wanting laws to have scope and restriction, but making that restriction "terrorism" today would not really restrict it in any way.
Finkployd
Thanks. My biggest complaints about Solaris basically boil down to 'it's not BSD;' I never was much of a SysV fan... Actually, the big thing I don't like is that it doesn't seem to be very easy to do a minimal install of Solaris and then install the bits you actually use; I tried that and ended up with CDE but no compiler.
That's a good point, I have resigned myself to just always insalling "everything". Safest option but then there is a lot of "svcadm disable blah" you gotta to do make it secure.
Ugh. AIX. Thanks. Now I'm going to have nightmares tonight...
I will say this for AIX, there is absolutely no better volume management system out there than Logical Volume Manager for AIX. Volume manamgent on Linux and Solaris does not hold a candle to this. I got really spoiled being able to quickly, dynamically resize partitions at will on a running system.
Finkployd
I find it disappointing that I did not know the meaning of the word "epistemology" only to find out it means "theory of knowledge". Talk about a double smack in the face.
Oh well, thanks wikipedia.
Finkployd
So you're going to tell your employer about your alias finkployd?
:)
Everyone up to the CIO knows this alias is me
Finkployd
Riiiight. So please re-read my post.
Employers can easily find an alumnus (thank you for using the correct plural btw), current student, or staff member, who for a fee (or just because they are friends) will print/save-to-pdf/cut-and-past/etc. job applicant's profiles. Do YOU trust every single person in your university with a university email address?
Finkployd
Do you have evidence?
Not sure what you are requesting evidence about...
That employers have people checking facebook accounts?
A more relevent question is "what evidence can a random homestarrunner fan on the internet provide that a skeptic cannot easily dismiss?"
You can believe me or not, my happiness does not depend on it. You might want to ask yourself this though: "how could someone possibly believe this is NOT happening?"
Do I have evidence about Facebook's ToS? Yes: Facebook's ToS.
Finkployd
No one, except the owning company.
And anyone they let do it. Government orgs, companies, scientology, whoever. The content on it is theirs, they can distribute it or allow access to it as they see fit.
Finkployd
People, if you have no caught on to this yet, a lot of employers have people at a lot of schools pulling facebook profiles for their HR dept. Some undergrad they pay, nephew of the CEO attending classes, a staff member, whatever. Your facebook profile WILL be seen outside of the fantasy restrictions you think facebook puts on it. They are under no obligation to honor those restrictions anyway, they could open up the whole thing tomorrow to the world and there is nothing you can do about it. The content you put on it is theirs, not yours, and they can license it to whomever they want or distribute it as they see fit. Read the ToS agreement.
Finkployd
The rest of the userland, however, is a disaster. The filesystem hierarchy is GNU, BSD, or SysV depending on how you look at it, and many of the core utilities are missing useful options.
Blastwave.org - not always the most up to date releases, but certainly the best replacement for those utilities you don't like.
The default shell doesn't do things like tab completion (or even have a history buffer), and the man pages seem to be formatted for printing not on-screen display.
It is trivial to change your shell to bash (distributed with Solaris 10). Give that these are your complaints I have to advise you to NEVER touch AIX. You think Solaris is bad in userland...
Finkployd
I never expected to live in a world where librarians and encyclopedists are the guardians of civil liberties.
Um, did you just arrive on this world? I for one welcome you.
Finkployd
I am sure they are happy also. Your crappy, pre-standard N card likely screws up their g network. Good neighbor :(
http://www.anandtech.com/showdoc.aspx?i=2824&p=9
Finkployd
Next summer, the first standards-compliant firmware will arrive. A year later, that firmware will have been debugged and protected.
Nope, hate to break it to you but very little in existing 802.11n devices is software defined. Existing devices will mostly liklely not be firmware upgradable to the final standard, so you will be stuck with a device that is incompatable, underperforming, and will completely fuck up surrounding 802.11g/b networks. No thanks.
By then, WPA-PSK will have been handily cracked.
Already is, you want WPA2-PSK. Actually you don't, you want WPA2 enterprise. It is not that hard to set up.
Finkployd
The distinction between micro and macro evolution is faulty, there is no such distinction. Evolution occures, we have seen it, that's it. You can make the arguement that perhaps there is some unseen hand guiding it, but it is happening. We humans have not been studying this (or really been around) long enough to see the full on, ape into human evolution that is described as macro. But it is nothing more than a long series of "micro" evolutions occuring over a long span of time. Why is it hard to believe that? If you believe in "micro" evolution, is it not plausable that it happens over and over again over a long span of time and would end up looking like "macro"?
Evolution is just evolution, tiny mutations and adaptations over millions of years. We only see the little jumps because we are not millions of years old.
Finkployd
Ehhh, that's simplistic logic.
;)
Yes it is, but frankly this world could use more "if you are incapable of doing your job, you should not be doing it" simplistic logic.
If you don't have a person in your organization to whom it does not seem complicated, and you don't have funds to hire one, should you forego wireless networking altogether?
Nope, but whomever is responsible for the wireless network should perhaps learn about wireless networks. Truck drivers should also know how to drive trucks.
What's wrong with making wireless security easier?
Nothing at all, it should be easier, a lot easier in fact. I'm all for making it easier.
Not every organization is Fort Knox. I work at a computer magazine. Is my "enterprise data" really under severe threat if my network admins choose to use fingerprint-based access control lists instead of WPA Enterprise?
I suppose not, but also remember that your comapany will likely be liable for anything done from your IP address, no matter how they got on your wireless network.
Obviously though, the security has to match the need, and if there is not a strong need for security, then there is not reason to go there. If everyone at your computer magazine is comfortable knowing that it is trival for someone to snoop all of their wireless traffic, and join their wireless network then more power to ya. I am a little wierded out that a computer magazine would opt for the lazy solution though
Finkployd
I mostly have an idea of what Radius is. But not entirely. I didn't even know there was something called FreeRadius. So what solution is Radius for and where does it fit into the universe of LDAP / Kerberos / Active Directory / etc?
:)
now THAT's a deep question, but one I am happy to answer because I love this stuff
Basically, enterprise WPA (802.1x) needs a source to authenticate from. The protocol most used (only used?) is Radius - older protocol, not all that perfect but until Diameter comes out (yes, the follow-on to radius is called diameter) it is about all we got.
The central authentication system where I work is MIT Kerberos V (Active Directory also uses Kerberos V for authentication). This is ultimately where all userid's and passwords are stored. The beauty of Kerberos is that once can authenticate to and obtain a portable credential without ever sending the password over the wire (encrypted or not).
LDAP is where we store user profiles. Groups, attributes, etc. We do not authenticate to LDAP (although most places do it seems) simply because Kerberos is much better, more secure, and unlike LDAP, actually designed to do authentication, not a hacked on afterthought. You CAN authenticate to LDAP, but it involves passing your userID and password (hopefully over SSL) to the LDAP server. Some argue this is better and easier but I maintain that anything relying on PKI is more complicated than necessary (and you are not really doing PKI unless you have a robust certificate revocation system, which nobody does).
Not to mention that Kerberos allows for a signle sign on environment, and many network services accept kerberos credentials to log on (SSH, IMAP, NFS, AFS, etc).
Finkployd
THAT I cannot help you with unfortunately. I only use OS X and Windows wirelessly
Finkployd
Sure I do, why wouldn't I? It is not that hard. At work we have WPA enterprise implemented with freeradius (backended by Kerberos), at home I do with freeradius right on the router with openWRT.
If it seems too complicated to someone, that person should not be responsible for running wireless access points at their organization.
Finkployd
This is why you use WPA enterprise and not PSK.
Finkployd
I agree, and it is amazing to me (well not really but it should be) that we as a country would rather spend money on the illusion of security than the real thing. I thought homeland security was paramount, so why wouldn't we pay for the best?
Finkployd
Absolutely, I suppose I should have put a disclaimer that the rent-a-cops we have running security checkpoints now are not really qualified to do this (which is probably why they have strict, detailed, and ultimately unhelpful instructions to follow to the letter)
Finkployd