But it ultimately pretty much comes down to DNS. If I can receive email from a domain, I can generally get a cert for that domain. Pehaps not from your better certificate authorities, but have you looked at the number of CAs in your browsers CA cache? Have you tried getting certs from them? Some are much easier than others, but ALL are trusted equally and completely.
As you say it is a problem of key management, but the way CAs do key management (distribution) today depends on DNS not being compromised.
All the browser does is make sure the strong cryptographically signed and verified cert's DN matches the totally insecure DNS lookup result. Does that not seem like a major lopsided security check? Which is easier and more damaging way to attack, the cryptographic hash and encryption methods, or hijacking a DNS server and returning false results. I submit the latter could yield much easier and damaging results on a larger scale. However until it happens, nobody is really going to think much about it.
Everything people trust to be protected and identified by x509 server certs (https, pops, imaps, , etc) has a major weakness: DNS. You can have all the eliptical curve crypto, 4096bit RSA keys, and even someday quantum crypto you want, it all fails utterly if DNS is compromised or spoofed. It is really odd that so few people seem to care. It is kind of like putting a hundred dollar deadbolt on a screen door.
The only solution is either get secure DNS, or find a way to securly exchange keys out of band (rendering the point of x509 kind of moot)
It is quite obvious you are unfamiliar with the details of the war and of the major turning points that led to the defeat of the axis powers.
I however am quite familiar with them.
Technology did not win ww2 in europe and new technology was not produced on demand. A few nacent inventions were refined over the course of the war and put into use as time and resources permitted.
Cryptography won the war basically. More accurately cryptoanalysis. If you want to get really technical the Poles won the war. As more information is declassified about just what was being done with Ultra it becomes pretty clear that was deciding factor in not only most major engagements, but the overall war plan of the allies. Granted, we do not know what would have happened if the Allies were fighting blind, it is possible they would have made the same tactical decisions and the outcome would have been the same, but that does not seem likely. There is always disagreement as to the final impact of intelligence in WWII, I happen to believe it was of pretty significant importance.
The technologies used in that war were refinements that had been in development ever since the end of world war I.
Literally all advancement in just about anything can be described this way. Certainly the war did not magically cause miracle advancements, but it kicked into high gear a lot of promising work that bore fruit much faster than it otherwise would have. The Atomic Bomb (leading to tons of nuclear research), early computer technology, radar, jet aircraft, etc. were all basically products of WWII. Going back further than WWII, you see that war (or more accurately survival) has been a primary catalyst for advancement in many fields.
Germany ultimately failed after they ran out of fuel oil for their blitzkriegs when then they were stone walled by the russians with a great loss of personnel on both sides.
Germany's resource problems did not really emerge until well after they had lost on several fronts in Europe, including Africa, Italy, and much of France. They didn't really have a problem until late in 44, leading to their abandonment of the Russian front (effectively) and focus on capturing Allied resources in their ill fated final offensive (battle of the bulge)
I completely agree we COULD have these spikes in innovation, I'm just not sure we WOULD.
And anymore, I'm not positive anything can pull people's heads out of their asses. We seems perfectly content to let the world go nuts as long as they keep the reality tv shows coming:(
It is certainly not popular to point out, but war is generally what advances civilization in terms of discovery, invention, etc. Historically at least, killing others and keeping yourself from being killed has been the primary motivating factor in becoming better, smarter, and stronger.
Not that I am advocating war, and certainly not the current farce.
I need to look in the manual how much wattage the e450 takes up in various configurations (it actually has a ton of tables and data on that). I can say that it has not noticeably affected my power bill.
I don't agree with how Target is handling this. Either outright ban the item because you don't feel it's right to sell it, or put in allowances to prevent someone with moral opposition to this medicine from being forced to run the pharmacy desk. *wry grin* Then again, that latter case probably wouldn't work as pharmacists probably make more money and therefore we have discrimination in job duties due to religious beliefs.
Should an amish person be unfairly denied a job as a computer programmer just because they are not allowed to use computers?
How is this different. If you religious beliefs prevent you from doing a job, do not try to get hired to do that job.
I'm pro choice. I don't think people should be forced to assist in abortion if they consider it immoral and I don't think that people should be forced to have children they don't want to have.
They are simply being forced to do the job they applied for and were hired for. If they were not interested in filling prescriptions, why on Earth did they choose a job where that is what they are supposed to do?
Nobody is talking about draging people off the street and forcing them at gunpoint to assist in abortions.
The ought to be fired for not doing their job, plain and simple. No different than me deciding I am amish and cannot touch evil computers anymore. I certainly would not be employed much longer as a programmer.
(ps. I'm pro life, but not the kind that cares what anyone else's beliefs are)
This is not for everyone, but I am very pleased with it.
I have a Sun E450 (these can be gotten cheap on eBay, but you really have to find the right deal). Upped it to 2GB ram and 4x400MHz Ultra2 CPUs. It holds 20 SCSI disks, so getting a bunch in there and RAIDing them is not a problem at all.
I personally prefer OpenAFS for my filesystem needs (I actually prefer DCE/DFS but that is not an option anymore and OpenAFS is slowly catching up with where DFS was), but NFS will run just fine as well. I intended to do this with Linux but found Solaris 10 to be a much better solution. I'm not religious about OSs. Linux, AIX, Solaris, and BSDs all have their valid strengths and weaknesses.
Add KerberosV and you have a nice, robust authentication/filesystem that will work on every PC in the house. I have OS X, Windows, and Linux desktops all sharing the same home directory and storage space.
Be sure to consider some kind of offsite backup as well. Either via tapes or over the Internet
You speak as though you believe record execs understand economic rules. They are record execs for crying out loud. They believe demand will be constant no matter what price is or quality of the product.
Hmmm, and sadly they seem to be right. Maybe I should have studied econ at RIAA U.
I wrote my own (in c no less, no cgic even, not recommended for anyone not doing it purely for fun).
It features database independence (through an abstraction layer), it is designed to let the webserver do the authenticatication rather than handling it internally (because I use kerberos and sometimes cosign or shibboleth), and it is completely theme-able (all html and css is read in via templates, kinda like slashcode but less ugly:P
It also features robust group based authorization controls for all functions, that combined with the "authentication system agnostic" design is something I have never found elsewhere (and thus why I felt the need to write my own)
I will someday release the source, once I get around to cleaning it up and making it presentable.
This kind of depreciation is simply not true in North America.
Not quite, this is still true in North America, it is just not true across the board with different cars. Hondas and Toyotas are in high demand on the used market, and thus do not lose their value nearly as fast as other cars.
You didn't learn something cool about North America, you learned something cool about Honda Civics:)
Unless your intent is to run the car until it is dead. I bought a new Honda Civic in 2001 and plan to drive it until it now longer runs without massive repair bills (which, being a Civic should be around quarter to half a million miles). Now if I were the typical American consumer and planning to trade in and upgrade my car every 5 or so years, then yes used is better. However given my situation it made more sense to (1) get the lower loan rate for it being new, (2) have a car that I KNOW has not been abused or wrecked, and (3) enjoy the new car smell, which I have learned is a somewhat toxic blend of chemicals and cut/burnt plastic. Ok, so 2 our of 3 points are still valid;)
The only people who should care about the depreciation value are those who are planning to sell it.
You bet. Keying someones vehicle often ends with a mouthful of broken teeth in the keyer's mouth - or a jail term.
What planet are you living on? I have had my car keyed (Ultra Low Emmisions Honda Civic, so I doubt it was environmental terrorists, probably just random keying like most), and many of the people I know have had a car keyed at some point in their lifetime. I have never met anyone who has caught or even heard of someone being caught keying a car. Sadly, it is probably the easiest and most inconspicuous act of vandalism you can commit.
Most? Do you really think that? Maybe "most of the people you know" but really now, I doubt most of the music buying public steal (or infringe copyright, to be accurate).
Assuming they need to crack it without you knowing (since a competent questioner would probably take all of 10 seconds to get your password and location of private key if they didn't already have it), they probably are not going to brute force it. They will either find where you stupidly left an electronic copy of your password (say.../proc/kcore or your unencrypted swapfile) or they will exploit a known (to them) vulnerability in whatever software you used to do the encryption.
But if they really want to charge you with something, all they really have to do is claim they decrypted it and show a jury what they "found". How do you intend to mout a defense against that? Consider that the jury will probably assume encryption == guilt to being with, they certainly are not going to believe you over the FBI.
When you think about it, using encryption gives them an easy, almost full proof way to plant evidence. All random data can become illegal, given the correct one time pad, which they just "happened" to stumble across.
The problem now is that we have two completely identical parties which differ pretty much on only two issues: abortion and gay marriage. The entire last election boiled down to those two issues, and everyone voted accordingly.
I cannot think of two issues that interest me less, or are less important, yet people fight, argue, and vote over these as though they trumped economics, liberty, safety, and all other aspects of government policy.
I mean, I have opinions on these two issues, everyone does. I also have opinions on coke vs pepsi, boxers vs briefs, and the designated hitter rule, but I am not about to make those asinine issues my political litmus test like the rest of this insane country.:(
Ok, he has some new low numbers, but those are not due to any change in his fundamental policies which have gotten him quite favorable numbers in the past. His newfound problems are pretty much just response to natural disasters (I guess if it is not terrorism, he cannot deal with it), some poor choices for Supreme Court nominations, and the fact that it has come to light that his White House is just a crooked and scheming as the previous ones.
Economic conservatives may not support him on economics, but I know more than a few who consider his position on gay marriage and abortion (two of the absolute LEAST important issues in America today) to trump any other issue. This is how he got elected, quite frankly.
Wow, you are like the mirror "ex-Democrat" version of me (ex-Republican).
In fact think about it, our last two presidents were both the most popular total failures ever. Clinton is remembered fondly by half the country despite the DMCA, Clipper Chip mess, etc. which show him to be a massive sellout to the Democrats ideals. Now look at the curiously popular Bush, who despite enjoying support from economic conservatives has shown himself to be the most incompetent reckless spender....well...ever. And don't get me started on the who personal liberty and freedom crowd who seem to miss that he has taken a dump on nearly every amendment except the second.
Will there ever again be a real Republican or Democrat? Does this country even want that anymore?
Yeah, so I got an IBM blade center, good stuff. HS20s are ok, JS20s are "da bomb" as the kids on the street say (when they are refering to Power based AIX boxes). And you know, I like Solaris 10, I run it at home, it makes a nice KDC and OpenAFS fileserver. I would like to run Solaris 10 on the bladecenter, so you would think this is good news right?
Well, suprisingly, what has been holding me back is not so much that I have been eagerly awaiting a press release telling me I can. What has been holding me back is that the solaris 10 installer DOES NOT FUCKING SUPPORT USB CDROMS DRIVES! It's been months, and it is a well known issue, that is all the blade center has, and every other damn OS on earth supports it.
So yes, I could set up a bootp and tftp server and install solaris that way, but you know what? That is just slightly more trouble that I want to go to when I can just throw an AIX or Debian cd in.
So in closing, IBM and Sun, in the future: Fewer press releases and more support for USB CDROMS would probably go further in getting people to put Solaris on a bladecenter.
I'm beginning to see sites using a Flash application to do streaming media, instead of an embedded player. Seems to work much better than the usual media players from Microsoft, Apple, and Real.
I'm not a fan of either. Using flash for video or audio is primarily to prevent people from saving the file. What is wrong with just putting the media file on the site and setting the correct mime type. My system knows how to play media files, I don't need an embedded player or flash player to do it.
Most folks will just click on the "Save" (doc format) button. Few will know how to obtain and install a third-party plug-in, or go through the hassle of doing a "Save As" assuming Microsoft make it even as easy as that. Chances are they won't, I guess.
If they want to deal with the Governments that are requiring OpenDocument, then yes they will learn how.
How? It is all well and good to say that but it is an open spec, you either support it or you don't. You cannot break it and still call it ODF.
What you CAN do is try to wrap it in DRM that only Office (I'm sorry, registered and activated Office) can open, but they don't need ODF for that, they can (and do) impliment that now with thier format.
However, doing so would violate Mass. requirements (and the entire point) anyway, and be rejected.
Slashdot Mirror
But it ultimately pretty much comes down to DNS. If I can receive email from a domain, I can generally get a cert for that domain. Pehaps not from your better certificate authorities, but have you looked at the number of CAs in your browsers CA cache? Have you tried getting certs from them? Some are much easier than others, but ALL are trusted equally and completely.
As you say it is a problem of key management, but the way CAs do key management (distribution) today depends on DNS not being compromised.
All the browser does is make sure the strong cryptographically signed and verified cert's DN matches the totally insecure DNS lookup result. Does that not seem like a major lopsided security check? Which is easier and more damaging way to attack, the cryptographic hash and encryption methods, or hijacking a DNS server and returning false results. I submit the latter could yield much easier and damaging results on a larger scale. However until it happens, nobody is really going to think much about it.
Finkployd
Everything people trust to be protected and identified by x509 server certs (https, pops, imaps, , etc) has a major weakness: DNS. You can have all the eliptical curve crypto, 4096bit RSA keys, and even someday quantum crypto you want, it all fails utterly if DNS is compromised or spoofed. It is really odd that so few people seem to care. It is kind of like putting a hundred dollar deadbolt on a screen door.
The only solution is either get secure DNS, or find a way to securly exchange keys out of band (rendering the point of x509 kind of moot)
Finkployd
It is quite obvious you are unfamiliar with the details of the war and of the major turning points that led to the defeat of the axis powers.
I however am quite familiar with them.
Technology did not win ww2 in europe and new technology was not produced on demand. A few nacent inventions were refined over the course of the war and put into use as time and resources permitted.
Cryptography won the war basically. More accurately cryptoanalysis. If you want to get really technical the Poles won the war. As more information is declassified about just what was being done with Ultra it becomes pretty clear that was deciding factor in not only most major engagements, but the overall war plan of the allies. Granted, we do not know what would have happened if the Allies were fighting blind, it is possible they would have made the same tactical decisions and the outcome would have been the same, but that does not seem likely. There is always disagreement as to the final impact of intelligence in WWII, I happen to believe it was of pretty significant importance.
The technologies used in that war were refinements that had been in development ever since the end of world war I.
Literally all advancement in just about anything can be described this way. Certainly the war did not magically cause miracle advancements, but it kicked into high gear a lot of promising work that bore fruit much faster than it otherwise would have. The Atomic Bomb (leading to tons of nuclear research), early computer technology, radar, jet aircraft, etc. were all basically products of WWII. Going back further than WWII, you see that war (or more accurately survival) has been a primary catalyst for advancement in many fields.
Germany ultimately failed after they ran out of fuel oil for their blitzkriegs when then they were stone walled by the russians with a great loss of personnel on both sides.
Germany's resource problems did not really emerge until well after they had lost on several fronts in Europe, including Africa, Italy, and much of France. They didn't really have a problem until late in 44, leading to their abandonment of the Russian front (effectively) and focus on capturing Allied resources in their ill fated final offensive (battle of the bulge)
Finkployd
I completely agree we COULD have these spikes in innovation, I'm just not sure we WOULD.
:(
And anymore, I'm not positive anything can pull people's heads out of their asses. We seems perfectly content to let the world go nuts as long as they keep the reality tv shows coming
Finkployd
It is certainly not popular to point out, but war is generally what advances civilization in terms of discovery, invention, etc. Historically at least, killing others and keeping yourself from being killed has been the primary motivating factor in becoming better, smarter, and stronger.
Not that I am advocating war, and certainly not the current farce.
Finkployd
I need to look in the manual how much wattage the e450 takes up in various configurations (it actually has a ton of tables and data on that). I can say that it has not noticeably affected my power bill.
Finkployd
I don't agree with how Target is handling this. Either outright ban the item because you don't feel it's right to sell it, or put in allowances to prevent someone with moral opposition to this medicine from being forced to run the pharmacy desk. *wry grin* Then again, that latter case probably wouldn't work as pharmacists probably make more money and therefore we have discrimination in job duties due to religious beliefs.
Should an amish person be unfairly denied a job as a computer programmer just because they are not allowed to use computers?
How is this different. If you religious beliefs prevent you from doing a job, do not try to get hired to do that job.
Seems pretty simple to me.
Finkployd
I'm pro choice. I don't think people should be forced to assist in abortion if they consider it immoral and I don't think that people should be forced to have children they don't want to have.
They are simply being forced to do the job they applied for and were hired for. If they were not interested in filling prescriptions, why on Earth did they choose a job where that is what they are supposed to do?
Nobody is talking about draging people off the street and forcing them at gunpoint to assist in abortions.
The ought to be fired for not doing their job, plain and simple. No different than me deciding I am amish and cannot touch evil computers anymore. I certainly would not be employed much longer as a programmer.
(ps. I'm pro life, but not the kind that cares what anyone else's beliefs are)
Finkployd
This is not for everyone, but I am very pleased with it.
I have a Sun E450 (these can be gotten cheap on eBay, but you really have to find the right deal). Upped it to 2GB ram and 4x400MHz Ultra2 CPUs. It holds 20 SCSI disks, so getting a bunch in there and RAIDing them is not a problem at all.
I personally prefer OpenAFS for my filesystem needs (I actually prefer DCE/DFS but that is not an option anymore and OpenAFS is slowly catching up with where DFS was), but NFS will run just fine as well. I intended to do this with Linux but found Solaris 10 to be a much better solution. I'm not religious about OSs. Linux, AIX, Solaris, and BSDs all have their valid strengths and weaknesses.
Add KerberosV and you have a nice, robust authentication/filesystem that will work on every PC in the house. I have OS X, Windows, and Linux desktops all sharing the same home directory and storage space.
Be sure to consider some kind of offsite backup as well. Either via tapes or over the Internet
Finkployd
You speak as though you believe record execs understand economic rules. They are record execs for crying out loud. They believe demand will be constant no matter what price is or quality of the product.
Hmmm, and sadly they seem to be right. Maybe I should have studied econ at RIAA U.
Finkployd
I wrote my own (in c no less, no cgic even, not recommended for anyone not doing it purely for fun).
:P
It features database independence (through an abstraction layer), it is designed to let the webserver do the authenticatication rather than handling it internally (because I use kerberos and sometimes cosign or shibboleth), and it is completely theme-able (all html and css is read in via templates, kinda like slashcode but less ugly
It also features robust group based authorization controls for all functions, that combined with the "authentication system agnostic" design is something I have never found elsewhere (and thus why I felt the need to write my own)
I will someday release the source, once I get around to cleaning it up and making it presentable.
My weblog
My Department's weblog (same software)
Finkployd
This kind of depreciation is simply not true in North America.
:)
Not quite, this is still true in North America, it is just not true across the board with different cars. Hondas and Toyotas are in high demand on the used market, and thus do not lose their value nearly as fast as other cars.
You didn't learn something cool about North America, you learned something cool about Honda Civics
Finkployd
Unless your intent is to run the car until it is dead. I bought a new Honda Civic in 2001 and plan to drive it until it now longer runs without massive repair bills (which, being a Civic should be around quarter to half a million miles). Now if I were the typical American consumer and planning to trade in and upgrade my car every 5 or so years, then yes used is better. However given my situation it made more sense to (1) get the lower loan rate for it being new, (2) have a car that I KNOW has not been abused or wrecked, and (3) enjoy the new car smell, which I have learned is a somewhat toxic blend of chemicals and cut/burnt plastic. Ok, so 2 our of 3 points are still valid ;)
The only people who should care about the depreciation value are those who are planning to sell it.
Finkployd
You bet. Keying someones vehicle often ends with a mouthful of broken teeth in the keyer's mouth - or a jail term.
What planet are you living on? I have had my car keyed (Ultra Low Emmisions Honda Civic, so I doubt it was environmental terrorists, probably just random keying like most), and many of the people I know have had a car keyed at some point in their lifetime. I have never met anyone who has caught or even heard of someone being caught keying a car. Sadly, it is probably the easiest and most inconspicuous act of vandalism you can commit.
Most? Do you really think that? Maybe "most of the people you know" but really now, I doubt most of the music buying public steal (or infringe copyright, to be accurate).
Finkployd
Assuming they need to crack it without you knowing (since a competent questioner would probably take all of 10 seconds to get your password and location of private key if they didn't already have it), they probably are not going to brute force it. They will either find where you stupidly left an electronic copy of your password (say.../proc/kcore or your unencrypted swapfile) or they will exploit a known (to them) vulnerability in whatever software you used to do the encryption.
But if they really want to charge you with something, all they really have to do is claim they decrypted it and show a jury what they "found". How do you intend to mout a defense against that? Consider that the jury will probably assume encryption == guilt to being with, they certainly are not going to believe you over the FBI.
When you think about it, using encryption gives them an easy, almost full proof way to plant evidence. All random data can become illegal, given the correct one time pad, which they just "happened" to stumble across.
Finkployd
Uhh, the whole freakin' point of a small business is that they don't do business in multiple states.
Possibly one of the dumbest things I have seen on slashdot in a while.
(and no I am not new here)
But more importantly, you're taking away the ability of individual states to customize the law to the needs of their citizens.
However, that was insightful enough to redeem yourself.
Finkployd
The problem now is that we have two completely identical parties which differ pretty much on only two issues: abortion and gay marriage. The entire last election boiled down to those two issues, and everyone voted accordingly.
:(
I cannot think of two issues that interest me less, or are less important, yet people fight, argue, and vote over these as though they trumped economics, liberty, safety, and all other aspects of government policy.
I mean, I have opinions on these two issues, everyone does. I also have opinions on coke vs pepsi, boxers vs briefs, and the designated hitter rule, but I am not about to make those asinine issues my political litmus test like the rest of this insane country.
Finkployd
Ok, he has some new low numbers, but those are not due to any change in his fundamental policies which have gotten him quite favorable numbers in the past. His newfound problems are pretty much just response to natural disasters (I guess if it is not terrorism, he cannot deal with it), some poor choices for Supreme Court nominations, and the fact that it has come to light that his White House is just a crooked and scheming as the previous ones.
Economic conservatives may not support him on economics, but I know more than a few who consider his position on gay marriage and abortion (two of the absolute LEAST important issues in America today) to trump any other issue. This is how he got elected, quite frankly.
Finkployd
Wow, you are like the mirror "ex-Democrat" version of me (ex-Republican).
In fact think about it, our last two presidents were both the most popular total failures ever. Clinton is remembered fondly by half the country despite the DMCA, Clipper Chip mess, etc. which show him to be a massive sellout to the Democrats ideals. Now look at the curiously popular Bush, who despite enjoying support from economic conservatives has shown himself to be the most incompetent reckless spender....well...ever. And don't get me started on the who personal liberty and freedom crowd who seem to miss that he has taken a dump on nearly every amendment except the second.
Will there ever again be a real Republican or Democrat? Does this country even want that anymore?
I'll join you in a vote for McCain.
Finkployd
Quite right (unfortunately), however I have both HS20 (x86) and JS20 (Power) blades in my bladecenter.
Finkployd
Yeah, so I got an IBM blade center, good stuff. HS20s are ok, JS20s are "da bomb" as the kids on the street say (when they are refering to Power based AIX boxes). And you know, I like Solaris 10, I run it at home, it makes a nice KDC and OpenAFS fileserver. I would like to run Solaris 10 on the bladecenter, so you would think this is good news right?
Well, suprisingly, what has been holding me back is not so much that I have been eagerly awaiting a press release telling me I can. What has been holding me back is that the solaris 10 installer DOES NOT FUCKING SUPPORT USB CDROMS DRIVES! It's been months, and it is a well known issue, that is all the blade center has, and every other damn OS on earth supports it.
So yes, I could set up a bootp and tftp server and install solaris that way, but you know what? That is just slightly more trouble that I want to go to when I can just throw an AIX or Debian cd in.
So in closing, IBM and Sun, in the future: Fewer press releases and more support for USB CDROMS would probably go further in getting people to put Solaris on a bladecenter.
Finkployd
I'm beginning to see sites using a Flash application to do streaming media, instead of an embedded player. Seems to work much better than the usual media players from Microsoft, Apple, and Real.
I'm not a fan of either. Using flash for video or audio is primarily to prevent people from saving the file. What is wrong with just putting the media file on the site and setting the correct mime type. My system knows how to play media files, I don't need an embedded player or flash player to do it.
Finkployd
Most folks will just click on the "Save" (doc format) button. Few will know how to obtain and install a third-party plug-in, or go through the hassle of doing a "Save As" assuming Microsoft make it even as easy as that. Chances are they won't, I guess.
If they want to deal with the Governments that are requiring OpenDocument, then yes they will learn how.
How? It is all well and good to say that but it is an open spec, you either support it or you don't. You cannot break it and still call it ODF.
What you CAN do is try to wrap it in DRM that only Office (I'm sorry, registered and activated Office) can open, but they don't need ODF for that, they can (and do) impliment that now with thier format.
However, doing so would violate Mass. requirements (and the entire point) anyway, and be rejected.
Finkployd