Windows Integrated Authentication is not synonymous with Kerb/SPNEGO. WIA in NTLM mode will do a NTLMv1 handshake that breaks the HTTP spec in order to log you in. NTLMv1 is proven to be insecure.
Kerb/SPNEGO can be enabled under the WIA umbrella but the NTLM stuff is under there too and cannot be disabled on the client side.
Netegrity support may be "sucky" but they are a 600+ person company and can put a support person on a plane.
Oblix is 120 people and generally relies on third party integrators (E&Y, PwC) to do onsite support. For some places that is just fine. It sure as hell didn't work for us.
You realize of course that here on earth, where security people are not dictators, the scorched earth approach only leads to a beatdown and loss of credibility...
Human nature being what it is, your last statement is exactly right: "that's something no security system will be able to fix"---I'd challenge you to show me a security problem that DOESN'T have a human element.
Pinker goes to great lengths to point out that "The Language Instinct" is an attempt to make Chomsky's work accessible, and that Pinker himself is not claiming authorship over most of the ideas. Rather his book is more of a "popular science" work that takes abstract domain-specific concepts and sumarizes them into terms like "mentalese" (i.e. the "language" used by your brain in abstract thought).
The interesting part of this story is not the product---snake oil at best---it's the wild-eyed enthusiasm of Slashdot posters who know nothing about the product and yet start blathering about how great it's gonna be to run Windows app X on Linux. Always helps when the post misuses some technical term like "instruction set" or "assembly language."
Fool me once, shame on you; fool me twice, shame on me; fool me a zillion times, I'm on slashdot!
Guys, think about it---if apps can run on any platform, that means that all the OS components that the app is dependent on must be emulated or must travel with it. Sound like a possible licensing problem for commercial OS's? And if the app interacts with hardware AT ALL then they have to create an intermediate layer to allow for access to all device drivers. But wait---the OS components have to talk to that layer too! Uh-oh. Across "any" platform, with full functionality. Suuuure.
Now I know that CS professors are smart---I understand some of them were even required to write a bit of code to get their doctorate---but let's come back down to earth shall we?
Prepare yourself for a world of adventure! From the filmmakers bedroom to the rental rack, with a thrilling nose-dive ride through the world of the multiplex! They said it couldn't be done---he couldn't remake the same movie three times---and they were right!
Slap "them" down---care to define "them"? If you can't do so with any precision, and nobody seems to be able to, welcome to perpetual war.
Anyone ever stop to think that terrorism is a (abhorrent) military tactic? We're fighting a tactic. We're not fighting an army, an ideology, an ethnic group...we're fighting anyone who uses a certain tactic.
I find it hilarious that conservatives treat poverty and inequality as a Darwinian fact of life, and mock liberals for presuming to do anything about it. And yet conservatives have decided to take aim at "terrorism", with the result being the biggest whack-a-mole game in history.
The more interesting piece to me is that Sun and Novell are right at the top of the LDAP heap. Sun's metadirectory and integration components have never been too exciting, whereas DirXML kicks ass; both companies have great LDAP directories that scale massively. So what would happen...? Another IBM, with two inhouse directory servers that keep separate groups of customers...?
I call bullshit. Any negative behavior can be chalked up to "a symptom of greater problems" and we all get to walk away because, after all, who can solve all these huge problems?
I've always had a theory that an effective voluntary vaccination against drug and alcohol addiction would do more for the quality of life of street people than any "house the homeless" program---now THERE'S an example of treating the symptom.
Combine that with an effective set of treatments for mental health problems and we could start treating homelessness and street people as a purely social problem.
Why anyone should vaccinate children, rather than confirmed addicts/abusers, is beyond me. There's a reason the authors of 1984 and Brave New World were British...
It's a rare book that really does contain more than one or two core ideas. Even technical books have themes and approaches that bind the content together, and usually there's something simple or concise that sticks with you.
I say this having gone thru a graduate program in the humanities---reading 10-12 books per week per class really trains you to find the point quick.
"Common sense" and "OJT" are inherently intinctive and don't require reflection or self-evaluation in any kind of structured way.
If you can suppress the gag reflex enough to get thru books like this there is often a kernel of an idea (that you may not even agree with) that makes you reconsider why you do what you do at work. And that can be helpful, especially to someone who isn't formally trained.
Inner classes break the Java security model...go ahead, check out the.class files that get created and then load them at runtime. You'll get full access.
This was true at one point anyway, I haven't tried it recently.
It's simple economics--- for $400 you can have $375 worth of guts and a $25 UI based on three buttons and a one-line LCD plus a remote, or you can have $250 worth of guts and $150 worth of buttons and knobs.
Anybody who has worked on these systems knows that usually the components that fail most often are either not on the main PCB board (knobs, connectors, etc) or are directly connected to a component not on the board. Warranty work is of course built into the cost of the unit...
The parent post's point was that for the *death* penalty the stakes should be almost impossibly high, because a mistake is not correctible in any way. I can't speak for the poster but I think it is only rational that non-death penalty cases would be held to a lower standard.
I skipped breakfast every day since high school. I definitely had sleepiness (or "postprandial torpor" as I like to call it) after lunch. Finally about a year ago I started eating a small breakfast---just half a small sandwich. No more torpor, and no weight gain from the extra food; I can only assume I eat a little bit less the rest of the day.
You didn't supply the specifics, but a lot of the old school mechanical repair guys have/had a very subtle and intuitive grasp of problem solving and creative solutions. Boilers might not be F16s, but you can bet that F16 had manuals for every part.
Repairing a 40-year old Russian boiler successfully has got to be tougher than following the pretty flowchart in the manual for swapping out bad-for-good using a warehouse full of milspec parts.
I've had fun watching some military types (AF, usually) get completely boggled by the lack of structure in some corporate IT shops. As if it is anyone's fault but their's that they can't figure out how to get anywhere.
Re:Very true, if don't nkow what you are doing
on
Java Faster Than C++?
·
· Score: 1
"After a while the ugliness ceases to be a problem"...only cos you get used to it!
Every hour you are working beyond Paul Parenthood is *your* choice. If your boss allows his/her expectations to be colored by knowledge of personal commitments (not requiring flexibility, but total contribution of effort), they are a bad boss.
If you allow your time be sucked away because you don't have a hard commitment that pulls you away...don't blame those who can't make the same choice.
I have 3 year old twins, a father first and a coder second, and I don't work ridiculous hours. But you know what? I actually work when I am there. It's amazing how productive a regular day is when you don't spend your time at the watercooler or bitching about their workload (like many around me). I'm happy to look hyperproductive when fellow team members put in more hours with less visible results.
So in the case you describe one of your biggest threats IS reading the binary image from disk. So yes, I'd agree it is appropriate.
But once you go down that path you have to consider escrowing the encryption password/key, etc. If a company doesn't safeguard their backup media in transit to offsite storage, then how diligent are they going to be about the stuff they need to get right for encryption to help them?
Having your db engine do encryption is great...if your biggest threat is an attacker reading the binary db image from disk. Much more likely threats to data are associated with compromised accounts, and this won't help you then.
If your web app needs to read credit cards out of the database, the account it runs under sees them in the clear, even if your db did super fancy encryption. If you don't want other users to see that data...GIVE THEM SEPARATE ACCOUNTS AND USE ACLS!!!!! Db encryption sounds good but is pointless in most scenarios.
In other news, the underdog Candian competitor is the audience favorite to win the race. The crowd is tired of seeing the perpetual American winner coast through the finish line and onlookers never miss an opportunity to find fault.
Jeez folks, this may or may not be true, but let's all recognize the storyline it is patterned off of. USA=big bad bullies who don't play fair, Canada=nice people who do the right thing. What, do Canadian companies not have a profit motive?
Pig rectum?...it's times like this that I'm glad I'm a vegetarian. Course the scary thing is how many bizarre animal byproducts go into seemingly vegetarian food and other products you would never suspect....
Slashdot Mirror
Windows Integrated Authentication is not synonymous with Kerb/SPNEGO. WIA in NTLM mode will do a NTLMv1 handshake that breaks the HTTP spec in order to log you in. NTLMv1 is proven to be insecure.
Kerb/SPNEGO can be enabled under the WIA umbrella but the NTLM stuff is under there too and cannot be disabled on the client side.
I cannot get GAIM or Trillian to support connecting to Yahoo over port 80. Anyone have any luck with that?
Netegrity support may be "sucky" but they are a 600+ person company and can put a support person on a plane.
Oblix is 120 people and generally relies on third party integrators (E&Y, PwC) to do onsite support. For some places that is just fine. It sure as hell didn't work for us.
You realize of course that here on earth, where security people are not dictators, the scorched earth approach only leads to a beatdown and loss of credibility...
Human nature being what it is, your last statement is exactly right: "that's something no security system will be able to fix"---I'd challenge you to show me a security problem that DOESN'T have a human element.
Pinker goes to great lengths to point out that "The Language Instinct" is an attempt to make Chomsky's work accessible, and that Pinker himself is not claiming authorship over most of the ideas. Rather his book is more of a "popular science" work that takes abstract domain-specific concepts and sumarizes them into terms like "mentalese" (i.e. the "language" used by your brain in abstract thought).
The interesting part of this story is not the product---snake oil at best---it's the wild-eyed enthusiasm of Slashdot posters who know nothing about the product and yet start blathering about how great it's gonna be to run Windows app X on Linux. Always helps when the post misuses some technical term like "instruction set" or "assembly language."
Fool me once, shame on you; fool me twice, shame on me; fool me a zillion times, I'm on slashdot!
Guys, think about it---if apps can run on any platform, that means that all the OS components that the app is dependent on must be emulated or must travel with it. Sound like a possible licensing problem for commercial OS's? And if the app interacts with hardware AT ALL then they have to create an intermediate layer to allow for access to all device drivers. But wait---the OS components have to talk to that layer too! Uh-oh. Across "any" platform, with full functionality. Suuuure.
Now I know that CS professors are smart---I understand some of them were even required to write a bit of code to get their doctorate---but let's come back down to earth shall we?
Prepare yourself for a world of adventure! From the filmmakers bedroom to the rental rack, with a thrilling nose-dive ride through the world of the multiplex! They said it couldn't be done---he couldn't remake the same movie three times---and they were right!
Slap "them" down---care to define "them"? If you can't do so with any precision, and nobody seems to be able to, welcome to perpetual war.
Anyone ever stop to think that terrorism is a (abhorrent) military tactic? We're fighting a tactic. We're not fighting an army, an ideology, an ethnic group...we're fighting anyone who uses a certain tactic.
I find it hilarious that conservatives treat poverty and inequality as a Darwinian fact of life, and mock liberals for presuming to do anything about it. And yet conservatives have decided to take aim at "terrorism", with the result being the biggest whack-a-mole game in history.
Okay, I'm done now.
The more interesting piece to me is that Sun and Novell are right at the top of the LDAP heap. Sun's metadirectory and integration components have never been too exciting, whereas DirXML kicks ass; both companies have great LDAP directories that scale massively. So what would happen...? Another IBM, with two inhouse directory servers that keep separate groups of customers...?
I call bullshit. Any negative behavior can be chalked up to "a symptom of greater problems" and we all get to walk away because, after all, who can solve all these huge problems?
I've always had a theory that an effective voluntary vaccination against drug and alcohol addiction would do more for the quality of life of street people than any "house the homeless" program---now THERE'S an example of treating the symptom.
Combine that with an effective set of treatments for mental health problems and we could start treating homelessness and street people as a purely social problem.
Why anyone should vaccinate children, rather than confirmed addicts/abusers, is beyond me. There's a reason the authors of 1984 and Brave New World were British...
It's a rare book that really does contain more than one or two core ideas. Even technical books have themes and approaches that bind the content together, and usually there's something simple or concise that sticks with you.
I say this having gone thru a graduate program in the humanities---reading 10-12 books per week per class really trains you to find the point quick.
"Common sense" and "OJT" are inherently intinctive and don't require reflection or self-evaluation in any kind of structured way.
If you can suppress the gag reflex enough to get thru books like this there is often a kernel of an idea (that you may not even agree with) that makes you reconsider why you do what you do at work. And that can be helpful, especially to someone who isn't formally trained.
Inner classes break the Java security model...go ahead, check out the .class files that get created and then load them at runtime. You'll get full access.
This was true at one point anyway, I haven't tried it recently.
It's simple economics--- for $400 you can have $375 worth of guts and a $25 UI based on three buttons and a one-line LCD plus a remote, or you can have $250 worth of guts and $150 worth of buttons and knobs.
Anybody who has worked on these systems knows that usually the components that fail most often are either not on the main PCB board (knobs, connectors, etc) or are directly connected to a component not on the board. Warranty work is of course built into the cost of the unit...
The parent post's point was that for the *death* penalty the stakes should be almost impossibly high, because a mistake is not correctible in any way. I can't speak for the poster but I think it is only rational that non-death penalty cases would be held to a lower standard.
uh yes you do, at least between wireless carriers.
I skipped breakfast every day since high school. I definitely had sleepiness (or "postprandial torpor" as I like to call it) after lunch. Finally about a year ago I started eating a small breakfast---just half a small sandwich. No more torpor, and no weight gain from the extra food; I can only assume I eat a little bit less the rest of the day.
You didn't supply the specifics, but a lot of the old school mechanical repair guys have/had a very subtle and intuitive grasp of problem solving and creative solutions. Boilers might not be F16s, but you can bet that F16 had manuals for every part.
Repairing a 40-year old Russian boiler successfully has got to be tougher than following the pretty flowchart in the manual for swapping out bad-for-good using a warehouse full of milspec parts.
I've had fun watching some military types (AF, usually) get completely boggled by the lack of structure in some corporate IT shops. As if it is anyone's fault but their's that they can't figure out how to get anywhere.
"After a while the ugliness ceases to be a problem"...only cos you get used to it!
"who make the weapons"....that are used against us? Who's the smarty in this equation?
Every hour you are working beyond Paul Parenthood is *your* choice. If your boss allows his/her expectations to be colored by knowledge of personal commitments (not requiring flexibility, but total contribution of effort), they are a bad boss.
If you allow your time be sucked away because you don't have a hard commitment that pulls you away...don't blame those who can't make the same choice.
I have 3 year old twins, a father first and a coder second, and I don't work ridiculous hours. But you know what? I actually work when I am there. It's amazing how productive a regular day is when you don't spend your time at the watercooler or bitching about their workload (like many around me). I'm happy to look hyperproductive when fellow team members put in more hours with less visible results.
So in the case you describe one of your biggest threats IS reading the binary image from disk. So yes, I'd agree it is appropriate.
But once you go down that path you have to consider escrowing the encryption password/key, etc. If a company doesn't safeguard their backup media in transit to offsite storage, then how diligent are they going to be about the stuff they need to get right for encryption to help them?
Having your db engine do encryption is great...if your biggest threat is an attacker reading the binary db image from disk. Much more likely threats to data are associated with compromised accounts, and this won't help you then.
If your web app needs to read credit cards out of the database, the account it runs under sees them in the clear, even if your db did super fancy encryption. If you don't want other users to see that data...GIVE THEM SEPARATE ACCOUNTS AND USE ACLS!!!!! Db encryption sounds good but is pointless in most scenarios.
In other news, the underdog Candian competitor is the audience favorite to win the race. The crowd is tired of seeing the perpetual American winner coast through the finish line and onlookers never miss an opportunity to find fault.
Jeez folks, this may or may not be true, but let's all recognize the storyline it is patterned off of. USA=big bad bullies who don't play fair, Canada=nice people who do the right thing. What, do Canadian companies not have a profit motive?
Pig rectum? ...it's times like this that I'm glad I'm a vegetarian. Course the scary thing is how many bizarre animal byproducts go into seemingly vegetarian food and other products you would never suspect....