RACIAL profiling is based on skin color. Behavioral profiling is the way to go. It is actually effective, and politically correct to boot (imagine that). Profiling is a real word that has real meanings and wanting to tie to race for political reasons does not change that. Now if you exuse me, I have to run some profiling tests on some Java code (can't have those Arab classes in my program)
No, but neither were they called terrorists. The term wasn't much in use before 9/11. Before that such people were quite properly called "criminals".
What planet did you live on? Everyone called them terrorists, the term was use quite often before 9/11 (granted 9/11 rocketed the term into the "communist" of our time). And yes, they were criminals, but they committed acts of terror, making them terrorists. By definition, a terrorist is anyone who commits acts in order to scare or "terrorize" people. Their ultimate goal, religion, methods, etc. are all irrelevant.
Random selection is the absolute, rock bottom, worst you can do to make everyone safe. It is truly the mark of an organization that understands little to nothing about security, but exists entirely to make people feel they are safe. I speak of course of the TSA.
Profiling is the best way to go, but not race profiling, behavioral profiling. Check out the people who act suspicious, go with gut instincts, and if something "seems" wrong about someone, it probably is and they should be checked out. Unfortunately we don't do this, we "randomly" search old ladies, businessmen, mothers with 3 screaming kids, and everyone else because we CANNOT profile. Like the word "discrimination", profiling has come to mean "evil" in the minds of people who don't know any better. Here we see you equating "profiling" with skin color when it does not have to have anything to do with that. You are right about one thing though, having a rigid criteria (like skin color, number of carryon bags, hairstyle, etc) and then publishing that criteria is about the dumbest thing you can do short of making everyone dump their potentially dangerous liquids into a big vat in a public area. There is no perfect algorithm or profile to catch every potential bad guy, it just does not work that way. It is a human problem is deserves a human response. There is still something to be said about letting people act on their instincts and look for suspicious behavior. Not perfect, but it is the best we can do (and certainly better than random).
AD does nothing that DCE has not been doing on Unix for over a decade. However DCE is basically dead (not due to any shortcomings, it was just complicated as all get out to get running, only the largest sites did).
PSU's identify management solution (I'm most familiar with this having worked there for 7 years, most of the time with it) is Kerberos for authentication and LDAP for all attribute and group information. This allows for very nice (and secure) single sign on as well as robust authorization and workflow control. AD's KDC is a slave (one way trust) to the production MIT Kerberos KDC so Microsoft has no control of authentication. We have also developed/integrated solutions to obtain credentials in any other format necessary for special or external applications. Need an x.509 certificate for a government application? we have a short term cert generator that signs certificates when presented with the user's kerberos credentials (basically an authentication token converter). Need a SAML assertion for federated offsite application? We have that in the form of Shibboleth ( http://shibboleth.internet2.edu/ ), but it still all backends to our Kerberos authentication and LDAP user registry.
The best solutions let you add on functionality as needed, without compromising your core workflow and authentication setup. As you say, there are open solutions out there which do it a lot better than AD. The only valid reasons to use AD are (1) you are a complete MS shop and never intend to require functionality that MS doesn't provide, (2) you don't know what you are doing and need a wizard setup to set up your identity management infrastructure or (3) management dictated it, technical reasons be damned. In all cases, I feel a twinge of sorrow for for the admin;)
What on earth is wrong with using SASL/GSSAPI for authentication? I'd really like to know?:)
Straight Kerberos is a lot easier (if you do SASL right-you are doing a lot of PKI setup and management), and far more secure (password never leaves the client, encrypted or not).
LDAP is ideal as a user registry, just let the applications call it to get user attributes and groups after validating the kerberos credentials presented to them. Then you have the added benefit of not needing to so strongly secure LDAP (which is not trivial, and pretty much an afterthought hack anyway)
Huh? Surely Kerberos is more complex than plain LDAP authentication?
And a HELL of a lot less secure. You would be better off doing nothing than doing plain LDAP authentication.
And for large insitutions, Kerberos gives you a credential that can be used multiple places. NFS, AFS, websites (with SPEGNO goodness), may services such as SSH, IMAP, etc.
Unless this is for a 192.168 network in your basement, there is NEVER a good reason to do LDAP authenticaion. That is not what it was designed for, and certainly not something it is good at.
Microsoft was more or less copying Novell, not any of the UNIX vendors (who were mostly still using NIS and friends when active directory came out).
No, they copied DCE, which was in use by a lot of Unix people at really large sites. (PSU, National Labs, Merck, etc.)
Active directory is effectivly OSF/DCE only easier to set up and intentionally crippled to be non-interoperable. Oh, and it uses LDAP instead of CDS (both x.500 derived directories)
Active Directory, you mean recreate DCE (Distributed computing environment) using Kerberos for authentication and an x.500 derived directory for storing services and user groups and attributes?
Microsoft did nothing original with AD except to use LDAP instead of CDS (good move CDS sucks) and try to stuff service registration and discovery into DNS (yuck, LDAP would be much better for that). That said, DCE was way too complicated for most sites to set up, so it is good that MS brought it to the masses in the form of AD. But don't for a second think they invented any of it.
It is so refreshing to hear someone else say this, the number of admins who seem to think LDAP stands for Lightwight Directory Authentication Protocol is scary. LDAP absolutely sucks for authN. Authenticate with something real like Kerberos and then set up your services to use LDAP to get their group/attribute information to authorization purposes.
Or if you know what you are doing, Kerberos for authentication and LDAP for authorization (groups and user attributes). Using LDAP for authentication makes Baby Jesus cry.
And yet they are going forward with the same scum move that Verizon tried and failed. Namely, while the FCC drops that $3 fee, they coincidentally introduce a new $3 fee. Sorry, but speakeasy has been on a downward slide for a while, they are far from the hip, "do no evil" company they used to be. I would expect to see customer service drop off soon, that is another money loser for the "short term bottom line" folks.
What made this so amusing was how they denied afterwards that the new surcharge had anything to do with the FCC ending their fee. If they wanted to pretend that, would it not have made more sense to announce them in seperate emails at least?
so I can email all my friends an album so they can be "educated" about what it's like?
no.
No, but as you point out you can distribute a small subsection of copyrighted work under fair use, which iTMS does not allow. I'm not sure why you assumed I was talking about entire albums (or even entire songs)
or if I wanted to email these "educational" clips to everyone in my class then I'd have some trouble. but should I really be able to do those things anyway?
Ummm, yes. You seemingly fall into the "don't know about fair use" catagory.
Myspace uses a session cookie, which goes away when the browser is closed.
Well, I take that back, it goes away when the browser application terminates, so if they just close the window they are still logged in but if they actually quit safari then they are logged out.
Either way, by admitting I know this I just killed any/. cred I might have built up over the years:(
Maybe you don't know, but SSL is useless vs local sniffing because of things like ARP Poisonning ect. SSL is fundamentally broken. Consider every SSL connection you send wirelessly (short of using WPA) to be plaintext. Don't even dare connecting to your bank with it.
Maybe you don't know, but x.509 certificates are signed by a certificate authority. So the situation you describe requires an additional step: faking out a CA company into giving you a bogus cert. Not impossible, but certainly not trivial.
Now will joe idiot possibly not be daunted by a cert error and just click through? Maybe, but that is not my problem. I can still feel some degree of safety.
This conversation has gone on way too long. If you are still misunderstanding me, then too bad.
For the purposes of this argument that you started, it would help to have a basic understanding of firearms. Here is a quick guide:
Scope: The thing you look through to see stuff Barrel: The long part the bullet goes through when you pull the trigger
It is within the realm of possibility that both could have fired in such a way that each bullet ended up in the other's scope. Unlikely, but so is getting hit by lightening twice and that has happened to a few people.
Agreed, but as I said before, that gap is bridged by the notion that violent aggression is acceptable in the defense of the faith (which is an uncomfortable but acceptable notion to Christians under certain circumstances)
I'm pretty familiar with the teachings of Christ, and I have a really hard time ever reconciling the notion of violent aggression in defense of faith with his lessons.
and an obvious Truth to Muslims
And yet for some reason the same people who seem to consider Christians the most dangerous and evil force on the planet (many of them hang out on slashdot) side completely with the Muslims. I really don't get it.
I actually have a very easy time seeing that point of view. As a deeply religious person myself who is often appalled by the moral decay I see around me, particularly when I look at what my kids are exposed to on a regular basis, I can understand their fears. The difference is that I see the duty of the religious person to be to learn how to stay strong in spite of the temptations provided by the world, and to teach his children the same. The phrase that's often used is "to be in the world, not of the world".
There is a HUGE leap from your view to killing those who you see as morally decayed. That seems to be the major (and important) difference.
The "insane" Islamic "terrorists" you decry are defending their loves ones from spiritual and cultural attack from the West. The women and children are part of that cultural onslaught even though individually they are non-violent.
So in other words, "everyone who is not as we are is corrupting us and must be killed"?
If anything, the "terrorists" are more intellectually advanced than you are.
Clearly, which is why the middle east has advanced so much in the last few centuries.
How should I approach bettering myself in order to emulate those more intellectually advanced than myself? Would starting by killing anyone who tries to foist their cultural beliefs on me be a good idea? Wouldn't that include you technically? Please advise...
They can see attacks that are non-physical as threats to their lives.
Most people think of that as "delusional", rather than intellectually advanced. Does that make the Christian right more advanced on the same basis? They certainly see aspects of culture such as homosexuality as threatening. Or does this "enlightened" attitude only pertain to Muslims?
Can I assume you are either a Muslim (and in the correct Sect) or are actively preparing to be justifiably killed by this intelligent group to avoid infecting them with your culture?
You can only recognize physical attacks as being life threatening.
I'm not totally convinced that is a horrible thing. After the UN gave the land to Israel in the 1940s, it is not like they decided to just start randomly shooting everyone around them. Should they not be allowed to defend themselves?
Otherwise our conduct in the middle east is not great, I agree. I don't believe we have been the cutthroat great satan than you seem to think we have, but either way how is killing civilians going to change that for the middle east? Their actions seem to be increasing our presence there which seems to be the opposite of what they want.
Really, we need to get off oil. That will solve pretty much all the major problems. Well, the middle east will be poor and worth absolutely nothing, but at least nobody will be messing with them.
Slashdot Mirror
RACIAL profiling is based on skin color. Behavioral profiling is the way to go. It is actually effective, and politically correct to boot (imagine that). Profiling is a real word that has real meanings and wanting to tie to race for political reasons does not change that. Now if you exuse me, I have to run some profiling tests on some Java code (can't have those Arab classes in my program)
Finkployd
No, but neither were they called terrorists. The term wasn't much in use before 9/11. Before that such people were quite properly called "criminals".
What planet did you live on? Everyone called them terrorists, the term was use quite often before 9/11 (granted 9/11 rocketed the term into the "communist" of our time). And yes, they were criminals, but they committed acts of terror, making them terrorists. By definition, a terrorist is anyone who commits acts in order to scare or "terrorize" people. Their ultimate goal, religion, methods, etc. are all irrelevant.
Finkployd
Incorrect.
Random selection is the absolute, rock bottom, worst you can do to make everyone safe. It is truly the mark of an organization that understands little to nothing about security, but exists entirely to make people feel they are safe. I speak of course of the TSA.
Profiling is the best way to go, but not race profiling, behavioral profiling. Check out the people who act suspicious, go with gut instincts, and if something "seems" wrong about someone, it probably is and they should be checked out. Unfortunately we don't do this, we "randomly" search old ladies, businessmen, mothers with 3 screaming kids, and everyone else because we CANNOT profile. Like the word "discrimination", profiling has come to mean "evil" in the minds of people who don't know any better. Here we see you equating "profiling" with skin color when it does not have to have anything to do with that. You are right about one thing though, having a rigid criteria (like skin color, number of carryon bags, hairstyle, etc) and then publishing that criteria is about the dumbest thing you can do short of making everyone dump their potentially dangerous liquids into a big vat in a public area. There is no perfect algorithm or profile to catch every potential bad guy, it just does not work that way. It is a human problem is deserves a human response. There is still something to be said about letting people act on their instincts and look for suspicious behavior. Not perfect, but it is the best we can do (and certainly better than random).
Finkployd
AD does nothing that DCE has not been doing on Unix for over a decade. However DCE is basically dead (not due to any shortcomings, it was just complicated as all get out to get running, only the largest sites did).
;)
PSU's identify management solution (I'm most familiar with this having worked there for 7 years, most of the time with it) is Kerberos for authentication and LDAP for all attribute and group information. This allows for very nice (and secure) single sign on as well as robust authorization and workflow control. AD's KDC is a slave (one way trust) to the production MIT Kerberos KDC so Microsoft has no control of authentication. We have also developed/integrated solutions to obtain credentials in any other format necessary for special or external applications. Need an x.509 certificate for a government application? we have a short term cert generator that signs certificates when presented with the user's kerberos credentials (basically an authentication token converter). Need a SAML assertion for federated offsite application? We have that in the form of Shibboleth ( http://shibboleth.internet2.edu/ ), but it still all backends to our Kerberos authentication and LDAP user registry.
The best solutions let you add on functionality as needed, without compromising your core workflow and authentication setup. As you say, there are open solutions out there which do it a lot better than AD. The only valid reasons to use AD are (1) you are a complete MS shop and never intend to require functionality that MS doesn't provide, (2) you don't know what you are doing and need a wizard setup to set up your identity management infrastructure or (3) management dictated it, technical reasons be damned. In all cases, I feel a twinge of sorrow for for the admin
Finkployd
What on earth is wrong with using SASL/GSSAPI for authentication? I'd really like to know? :)
Straight Kerberos is a lot easier (if you do SASL right-you are doing a lot of PKI setup and management), and far more secure (password never leaves the client, encrypted or not).
LDAP is ideal as a user registry, just let the applications call it to get user attributes and groups after validating the kerberos credentials presented to them. Then you have the added benefit of not needing to so strongly secure LDAP (which is not trivial, and pretty much an afterthought hack anyway)
Finkployd
Huh? Surely Kerberos is more complex than plain LDAP authentication?
And a HELL of a lot less secure. You would be better off doing nothing than doing plain LDAP authentication.
And for large insitutions, Kerberos gives you a credential that can be used multiple places. NFS, AFS, websites (with SPEGNO goodness), may services such as SSH, IMAP, etc.
Unless this is for a 192.168 network in your basement, there is NEVER a good reason to do LDAP authenticaion. That is not what it was designed for, and certainly not something it is good at.
Finkployd
Microsoft was more or less copying Novell, not any of the UNIX vendors (who were mostly still using NIS and friends when active directory came out).
No, they copied DCE, which was in use by a lot of Unix people at really large sites. (PSU, National Labs, Merck, etc.)
Active directory is effectivly OSF/DCE only easier to set up and intentionally crippled to be non-interoperable. Oh, and it uses LDAP instead of CDS (both x.500 derived directories)
Finkployd
Haha
Active Directory, you mean recreate DCE (Distributed computing environment) using Kerberos for authentication and an x.500 derived directory for storing services and user groups and attributes?
Microsoft did nothing original with AD except to use LDAP instead of CDS (good move CDS sucks) and try to stuff service registration and discovery into DNS (yuck, LDAP would be much better for that). That said, DCE was way too complicated for most sites to set up, so it is good that MS brought it to the masses in the form of AD. But don't for a second think they invented any of it.
Finkployd
It is so refreshing to hear someone else say this, the number of admins who seem to think LDAP stands for Lightwight Directory Authentication Protocol is scary. LDAP absolutely sucks for authN. Authenticate with something real like Kerberos and then set up your services to use LDAP to get their group/attribute information to authorization purposes.
Finkployd
Or if you know what you are doing, Kerberos for authentication and LDAP for authorization (groups and user attributes). Using LDAP for authentication makes Baby Jesus cry.
Finkployd
And yet they are going forward with the same scum move that Verizon tried and failed. Namely, while the FCC drops that $3 fee, they coincidentally introduce a new $3 fee. Sorry, but speakeasy has been on a downward slide for a while, they are far from the hip, "do no evil" company they used to be. I would expect to see customer service drop off soon, that is another money loser for the "short term bottom line" folks.
Finkployd
What made this so amusing was how they denied afterwards that the new surcharge had anything to do with the FCC ending their fee. If they wanted to pretend that, would it not have made more sense to announce them in seperate emails at least?
Finkployd
5.5" Floppy - are you sure? I've only ever heard of 3.5" and 5.25" floppies
What! You never heard of 8" floppies? Kids these days.
Finkployd
no, YOU don't understand fair use.
so I can email all my friends an album so they can be "educated" about what it's like?
no.
No, but as you point out you can distribute a small subsection of copyrighted work under fair use, which iTMS does not allow. I'm not sure why you assumed I was talking about entire albums (or even entire songs)
Finkployd
or if I wanted to email these "educational" clips to everyone in my class then I'd have some trouble. but should I really be able to do those things anyway?
Ummm, yes. You seemingly fall into the "don't know about fair use" catagory.
Finkployd
Seems like it depends on the app, some do (iphoto for instance).
Finkployd
Myspace uses a session cookie, which goes away when the browser is closed.
/. cred I might have built up over the years :(
Well, I take that back, it goes away when the browser application terminates, so if they just close the window they are still logged in but if they actually quit safari then they are logged out.
Either way, by admitting I know this I just killed any
Finkployd
Maybe you don't know, but SSL is useless vs local sniffing because of things like ARP Poisonning ect. SSL is fundamentally broken. Consider every SSL connection you send wirelessly (short of using WPA) to be plaintext. Don't even dare connecting to your bank with it.
Maybe you don't know, but x.509 certificates are signed by a certificate authority. So the situation you describe requires an additional step: faking out a CA company into giving you a bogus cert. Not impossible, but certainly not trivial.
Now will joe idiot possibly not be daunted by a cert error and just click through? Maybe, but that is not my problem. I can still feel some degree of safety.
Finkployd
This conversation has gone on way too long. If you are still misunderstanding me, then too bad.
For the purposes of this argument that you started, it would help to have a basic understanding of firearms. Here is a quick guide:
Scope: The thing you look through to see stuff
Barrel: The long part the bullet goes through when you pull the trigger
It is within the realm of possibility that both could have fired in such a way that each bullet ended up in the other's scope. Unlikely, but so is getting hit by lightening twice and that has happened to a few people.
Finkployd
The ones trying to kill them are military and political leaders. Yet they seem to target unprotected (and uninvolved) civilians instead.
Finkployd
Agreed, but as I said before, that gap is bridged by the notion that violent aggression is acceptable in the defense of the faith (which is an uncomfortable but acceptable notion to Christians under certain circumstances)
I'm pretty familiar with the teachings of Christ, and I have a really hard time ever reconciling the notion of violent aggression in defense of faith with his lessons.
and an obvious Truth to Muslims
And yet for some reason the same people who seem to consider Christians the most dangerous and evil force on the planet (many of them hang out on slashdot) side completely with the Muslims. I really don't get it.
Finkployd
I actually have a very easy time seeing that point of view. As a deeply religious person myself who is often appalled by the moral decay I see around me, particularly when I look at what my kids are exposed to on a regular basis, I can understand their fears. The difference is that I see the duty of the religious person to be to learn how to stay strong in spite of the temptations provided by the world, and to teach his children the same. The phrase that's often used is "to be in the world, not of the world".
There is a HUGE leap from your view to killing those who you see as morally decayed. That seems to be the major (and important) difference.
Finkployd
You've been on quite a tear in this story's comments
:(
Being stuck in a hotel room on business will do that
Finkployd
The "insane" Islamic "terrorists" you decry are defending their loves ones from spiritual and cultural attack from the West. The women and children are part of that cultural onslaught even though individually they are non-violent.
So in other words, "everyone who is not as we are is corrupting us and must be killed"?
If anything, the "terrorists" are more intellectually advanced than you are.
Clearly, which is why the middle east has advanced so much in the last few centuries.
How should I approach bettering myself in order to emulate those more intellectually advanced than myself? Would starting by killing anyone who tries to foist their cultural beliefs on me be a good idea? Wouldn't that include you technically? Please advise...
They can see attacks that are non-physical as threats to their lives.
Most people think of that as "delusional", rather than intellectually advanced. Does that make the Christian right more advanced on the same basis? They certainly see aspects of culture such as homosexuality as threatening. Or does this "enlightened" attitude only pertain to Muslims?
Can I assume you are either a Muslim (and in the correct Sect) or are actively preparing to be justifiably killed by this intelligent group to avoid infecting them with your culture?
You can only recognize physical attacks as being life threatening.
What leads you to believe that?
Finkployd
We provide Israel with all its weapons
I'm not totally convinced that is a horrible thing. After the UN gave the land to Israel in the 1940s, it is not like they decided to just start randomly shooting everyone around them. Should they not be allowed to defend themselves?
Otherwise our conduct in the middle east is not great, I agree. I don't believe we have been the cutthroat great satan than you seem to think we have, but either way how is killing civilians going to change that for the middle east? Their actions seem to be increasing our presence there which seems to be the opposite of what they want.
Really, we need to get off oil. That will solve pretty much all the major problems. Well, the middle east will be poor and worth absolutely nothing, but at least nobody will be messing with them.
Finkployd