A friend of mine wrote his master thesis about optimizing the usage of asyncrone internet connections (often ADSL connections). He used our dorm as a living experiement, we have 307 people living here, and share one 8196 kbit down / 768 kbit up ADSL connection. All our ports are open and everyone has a puplic ip address (well almost, because we only have a/24).
The results are very very good. The link is actually useable now. SSH connections are quick. people can and does use p2p without trouble. VoIP works most time of the day, but during "rush" hour it is not possible, most likely because we are just too many users for such a small connection. Games might also work at some time during the day, but i dont game so i wouldnt know. I do hear that some people complain that they can not game. The rest is good, SSH, HTML, news, irc/IM and other chats works as well. Try it, and you dont even have to limit your bandwidth.
Receiving phone calls and sms is free of charge in Denmark. Sending sms and calling people costs money, but one can control that by not calling or sending messages. It is a problem if others can run up your phone bill just by calling/sms'ing you.
Aka, you post it anonymously to usenet, a number of people connect, and then you move the tracker such that people has to be fast to get access. The idea was to avoid censorship from evil goverments that does not want you to share videos of their opression of the people;-)
Why not just use usenet to distribute the Torrent trackers? On usenet one can post anonymously, and they are automatically distributed to other usenet servers.
GNU is "just" the tools that was, and still is used to develop and build the linux kernel, as well as all? other open source programs. Does other Free (as in speech and beer) C/C++ compilers than GCC exist?
Further more, GNU made GPL which is the license that Linux and alot of other open source programs use.
GNU was probably also the first to formalize a movement, a vision, the tools and the license. Atleast i have not heard of anyone before GNU. Sure software was shared before that, but did they have a common vision? Did they make a license for everyone to use?
RMS is a visionary man, that apparently sees the big picture long before the rest of us. (see the right to read). He made GNU, and Linux build ontop of the work that GNU did.
It is true that Linux got all the press lately, but GNU still deserves recognition. Besides Linux really is a better name than GNU - people dont like 3LA's.
If the courts has to calculate this everytime they have to use time, alot of time on the calculation, and the spammer will reject the damage numbers from the ISP, and the court has to spend more time. Having a fixed number is much easier.
Actualy i just saw a Discovery show about the Spanish Armada, and the conclussion was that it was not the British that defeated the Spanish Armada, it was the weather.
Upon arriving south of England, the Spanish did not attack the British fleet, but waited. The British waited too, not because Drake wanted to play bowls? but because the tide was wrong.
When the tide turned, the British attacked, but the Spanish made their halfcircle, which is good for defence. Even though the British had superior guns, that shot faster and longer, they shot about one shot pr. hour pr. gun. (could be those days standard). Further more the British didnt hit anything, but only used their supplies of gunpower and bullets.
The ships traveled from south of the far west south england, into the channel, infront of Holland, where the Spanish Armada was close to run on ground, so they moved north into the North sea.
There they choose to return home to Spain, but the wind direction made it impossible to turn south, so they had to turn west, far far west, so they could avoid the Irish and Scotish coastline.
Unfortunately because of the gulfstream, they were not as far west as they thought, so when they turned southwest towards Spain, they hit the Irish and Scotish coastline...
Half of the ships that left Spain did not return, and most went down on the Irish coast.
then you use any other nonblocked port. It's just for your users, the port doesnt matter. i think that smtp over SSL uses 587 by default. You could use ssh, or any VPN technology as well.
Let's say you are on the road and you're dialing in from one of the many ISPs to check your e-mail. You realize you don't have your DNS records updated to indicate this new ISP, and suddenly you can't send mail.
then just set up your home smtp server to allow relaying for you domain from any ip address if the user has authorized him-/herself using username+password/certificate/...
OpenVPN by default uses udp port 5000, but if you want to, you can configure it to use any other port, and tcp rather than udp. But as you wrote, tcp over tcp can bring trouble
Eye tracking equipment is cheap and it is easy to do. I remember someone doing it with 2 webcams.
Sure CIA can bruteforce their way in, but 100000 failed login attempts should NOT go unnoticed. The point with faking an iris recognition is that you dont get a hole lot of failed logins.
If the gain is high enough someone will use iris copying, and if it is cheap enough and easy enough, you will see it much more widespread. If you use iris recognition alot of places, people will try to fool the recognition. And thus the number of people getting their eyes copied will increase.
In gattaca they fooled the DNA recognition by using a fake skin on the tip of the finger which contained real blood from the one they tried to be. So, it was just plain old deception. When they toke a bloodsample from the arm, it was fooled as well. So maybe it wasnt fooling the recognition it self, but the sample. Faking an eye is the same.
there is a difference between eye tracking and iris scanning and recognition. Scanning is quite easy, but recognition is harder, so it isnt just as simple as you say it is, and it is not any particularly more secure. You seem to forget the 3. possible forgery, namely creating a fake eye. To create this fake eye, you just need a pretty detailed picture of the persons eye, and then you create the fake eye. Possibly using a normal technology as contactlinses. Thinking about it, i can not imagien that CIA and alike doesnt already have this technology.
Suppose that someone does manage to copy your iris and create a fake "eye". Suppose you know that someone has a copy of your iris. What then? how do you change your "password"? Rip out your eye?
There is a saying that strong security requires these 3 things: Something you know, a password or passphrase Something you have, a key, a usb drive Something you are, fingerprint or iris scan
Personaly i dont believe in biometrical identification, i mean even the DNA testing in Gattaca was fooled.
The information in the safety deposit is a note saying:
1. Write worm 2. Find someone in severe financial trouble 3. Have that person release the worm from home computer 4. Turn that person in and collect the reward 5. Place 75% in a high interest foreign account and keep the rest 6. After the guy gets out of jail, send him a key to a safety deposit with all the information he needs to start a new life 7. Profit
i think there is more than 4, but besides that, thats still 4 more choices than you get from the software industries. Further more, the cars might have the same chassis, but to people, they look different.
People, humans, consumers really do want a choice.
Ever painted? How many colors of white is there? white, off white, cream,... I'm a guy, so i wouldnt know, but ask a girl how many colors of white there is.
What about cars? There is alot of brands, with alot of models. And they come in different colors too;-P truck, coupe, sedan, station vagon, SUV,...
Even look at the computer marked, how many different cases can you get? and addons with various lights inside, windows, fans with lights, again, choice for people.
I dont think software is any different, other than... People are not being given ANY CHOICE!
Not true. People can most certainly "see" the difference between fact and fiction. Just look at 911, people didnt think it was a movie, not even a bad movie, people knew it was real.
Maybe because every TV and radio station arround the world transmitted those pictures, and told the audience about it.
Sure, the phone system broke down, but the internet was still running, so people was able to get verification that it really did happen.
The time when an invasion could happen without knowledge being spread are unlikely. However, the time when you could fake an inversion are also gone. There will not be another "war of the worlds" radioshow.
The problem is that the time it takes to boot precludes most users from shutting their machines off when not in use. The one exception to that is Mac iBooks. They are amazingly fast at sleeping and waking up. If the computer locked itself during a sleep, this would take care of the problem for iBooks. However, this still leaves issues with other portables.
In X-Windows, the best thing I can think of is to follow the steps of Unix terminals and lock the computer after X minutes of non-use. You may be able to accomplish this with Windows machines as well. The problem there is that users are much less likely to play with the mouse while reading (due to having a touchpad instead of a mouse) and will quickly get annoyed at the machine locking all the time.
Yes, that would be nice, but just because this encryption can not provide the described scenario (on it's own) does not mean that it isnt usefull.
Excellent point. How do you go about storing the keys tho? Are they handled by a domain server of some sort, or are they actually stored on the disks? If the keystores are on the same disks, wouldn't you have a potential security issue anyway? (Although not as bad as unencrypted data, I'll grant you.)
The "keys" are stored on the disk, however, they are stored in an encrypted version, which is encrypted with the pass-sentense you supply. This means that you can change the pass-sentense if it gets compromised. This is a good thing. I think the key is stored using 384 bits, and the data 256, but go look in the.pdf's about this encryption.
Encrypted file systems are really a good idea. However, The largest area of research is to find a way to keep the data secure without annoying the user to the point of disabling safeguards.
This is NOT an encrypted filesystem, this is an encrypted block-device. And just like all other block-devices, you can put a filesystem ontop of it. But the filesystem has no knowledge that the underlying block-device is encrypted.
In theory the thief could forceably extract the password or key by direct access to a program's memory.
You'll have to use other ways to protect against this, like never leave your laptop, and only access secure networks, if network at all
Yet we still haven't solved the keystore problem. If the keystore is on disk (or even in TCPA hardware), it could be forceably cracked. Perhaps the keystore should be worn like a pocket watch? The drive or card would be hooked to the user's clothing thus preventing them from leaving the portable until they remove the keystore from its drive. Not a particularily elegant solution, but perhaps a viable one.
Yes we have solved the keystore problem. The actualy key for decrypting the data is stored in an encrypted version. If you try to decrypt the key, how would you know you got the right key? Well you would if you could decrypt the data. However, you can use ALOT more bits to encrypt the key, because it's so much smaller than the data. If you need 2^512 brute force attacks to decrypt the key, but only 2^256 to decrypt the data... why bother with decrypting the key?
Further more, in order to prevent an attacker from using "knownplaintext" (like the EXT2 superblock?) this driver rearranges the ordering of the blocks. SMART!
I guess what I'm trying to say, is that CryptoFSes only seem to help in the situation where someone steals your machine in a powered off state and fails to obtain your crypto keys. Unfortunately, many thefts occur while people look away for a moment, thus making such security useless.
Any thoughts?
Yes, some thoughts. You are right, this does NOT protect against stealing a "hot" disk, this only protects "cold" disks. The.pdf's from Poul-Henning also states this. So one would have to find another way to protect a running machine, like:
never leave it [running] when you arent looking
dont access secret stuff in places where you can be distracted
These problems are all user related errors. Just because this encryption does NOT protect against stupid users, doesnt mean that using this encryption isnt a good idea. One of the places where i have used, and is using encryption, is on my works servers to avoid people being able to read data if we replace the harddisks, sell the harddisks, or the machine is stolen. How many sensitive data lies on harddisks sold on EBay? Using encryption means that these data will be impossible to read.
Slashdot Mirror
A friend of mine wrote his master thesis about optimizing the usage of asyncrone internet connections (often ADSL connections). He used our dorm as a living experiement, we have 307 people living here, and share one 8196 kbit down / 768 kbit up ADSL connection. All our ports are open and everyone has a puplic ip address (well almost, because we only have a /24).
The results are very very good. The link is actually useable now. SSH connections are quick. people can and does use p2p without trouble. VoIP works most time of the day, but during "rush" hour it is not possible, most likely because we are just too many users for such a small connection. Games might also work at some time during the day, but i dont game so i wouldnt know. I do hear that some people complain that they can not game. The rest is good, SSH, HTML, news, irc/IM and other chats works as well. Try it, and you dont even have to limit your bandwidth.
http://www.adsl-optimizer.dk/ contains his master thesis.Receiving phone calls and sms is free of charge in Denmark. Sending sms and calling people costs money, but one can control that by not calling or sending messages. It is a problem if others can run up your phone bill just by calling/sms'ing you.
Can a tracker move once it is in progress?
;-)
Aka, you post it anonymously to usenet, a number of people connect, and then you move the tracker such that people has to be fast to get access. The idea was to avoid censorship from evil goverments that does not want you to share videos of their opression of the people
Why not just use usenet to distribute the Torrent trackers? On usenet one can post anonymously, and they are automatically distributed to other usenet servers.
GNU is "just" the tools that was, and still is used to develop and build the linux kernel, as well as all? other open source programs. Does other Free (as in speech and beer) C/C++ compilers than GCC exist?
Further more, GNU made GPL which is the license that Linux and alot of other open source programs use.
GNU was probably also the first to formalize a movement, a vision, the tools and the license. Atleast i have not heard of anyone before GNU. Sure software was shared before that, but did they have a common vision? Did they make a license for everyone to use?
RMS is a visionary man, that apparently sees the big picture long before the rest of us. (see the right to read). He made GNU, and Linux build ontop of the work that GNU did.
It is true that Linux got all the press lately, but GNU still deserves recognition. Besides Linux really is a better name than GNU - people dont like 3LA's.
If the courts has to calculate this everytime they have to use time, alot of time on the calculation, and the spammer will reject the damage numbers from the ISP, and the court has to spend more time.
Having a fixed number is much easier.
Of course it was a long day. A day is 86400 seconds, and a short can only hold 65536. Duh.
no it would not work. The spammers would just link to themselves.
wont work, because you would never see the spam and would thus never complain.
If the SPF check does not validate, you just reject the mail.
You want the screensaver on, else everyone stealing your laptop can get to your files.
What happens when i close the lid on my PB? Does it sleep as fast as OSX does? Does the sleep led work? how fast does it wake up?
Actualy i just saw a Discovery show about the Spanish Armada, and the conclussion was that it was not the British that defeated the Spanish Armada, it was the weather.
Upon arriving south of England, the Spanish did not attack the British fleet, but waited. The British waited too, not because Drake wanted to play bowls? but because the tide was wrong.
When the tide turned, the British attacked, but the Spanish made their halfcircle, which is good for defence. Even though the British had superior guns, that shot faster and longer, they shot about one shot pr. hour pr. gun. (could be those days standard). Further more the British didnt hit anything, but only used their supplies of gunpower and bullets.
The ships traveled from south of the far west south england, into the channel, infront of Holland, where the Spanish Armada was close to run on ground, so they moved north into the North sea.
There they choose to return home to Spain, but the wind direction made it impossible to turn south, so they had to turn west, far far west, so they could avoid the Irish and Scotish coastline.
Unfortunately because of the gulfstream, they were not as far west as they thought, so when they turned southwest towards Spain, they hit the Irish and Scotish coastline...
Half of the ships that left Spain did not return, and most went down on the Irish coast.
then you use any other nonblocked port. It's just for your users, the port doesnt matter. i think that smtp over SSL uses 587 by default. You could use ssh, or any VPN technology as well.
then just set up your home smtp server to allow relaying for you domain from any ip address if the user has authorized him-/herself using username+password/certificate/...
And keep that server in the SPF record.
is webdav writeable in OSX?
OpenVPN by default uses udp port 5000, but if you want to, you can configure it to use any other port, and tcp rather than udp. But as you wrote, tcp over tcp can bring trouble
Eye tracking equipment is cheap and it is easy to do. I remember someone doing it with 2 webcams.
Sure CIA can bruteforce their way in, but 100000 failed login attempts should NOT go unnoticed. The point with faking an iris recognition is that you dont get a hole lot of failed logins.
If the gain is high enough someone will use iris copying, and if it is cheap enough and easy enough, you will see it much more widespread. If you use iris recognition alot of places, people will try to fool the recognition. And thus the number of people getting their eyes copied will increase.
In gattaca they fooled the DNA recognition by using a fake skin on the tip of the finger which contained real blood from the one they tried to be. So, it was just plain old deception. When they toke a bloodsample from the arm, it was fooled as well. So maybe it wasnt fooling the recognition it self, but the sample. Faking an eye is the same.
there is a difference between eye tracking and iris scanning and recognition.
Scanning is quite easy, but recognition is harder, so it isnt just as simple as you say it is, and it is not any particularly more secure.
You seem to forget the 3. possible forgery, namely creating a fake eye. To create this fake eye, you just need a pretty detailed picture of the persons eye, and then you create the fake eye. Possibly using a normal technology as contactlinses. Thinking about it, i can not imagien that CIA and alike doesnt already have this technology.
Suppose that someone does manage to copy your iris and create a fake "eye". Suppose you know that someone has a copy of your iris. What then? how do you change your "password"? Rip out your eye?
There is a saying that strong security requires these 3 things:
Something you know, a password or passphrase
Something you have, a key, a usb drive
Something you are, fingerprint or iris scan
Personaly i dont believe in biometrical identification, i mean even the DNA testing in Gattaca was fooled.
The information in the safety deposit is a note saying:
1. Write worm
2. Find someone in severe financial trouble
3. Have that person release the worm from home computer
4. Turn that person in and collect the reward
5. Place 75% in a high interest foreign account and keep the rest
6. After the guy gets out of jail, send him a key to a safety deposit with all the information he needs to start a new life
7. Profit
i think there is more than 4, but besides that, thats still 4 more choices than you get from the software industries. Further more, the cars might have the same chassis, but to people, they look different.
People, humans, consumers really do want a choice.
...
;-P ...
... People are not being given ANY CHOICE!
Ever painted? How many colors of white is there? white, off white, cream,
I'm a guy, so i wouldnt know, but ask a girl how many colors of white there is.
What about cars? There is alot of brands, with alot of models. And they come in different colors too
truck, coupe, sedan, station vagon, SUV,
Even look at the computer marked, how many different cases can you get? and addons with various lights inside, windows, fans with lights, again, choice for people.
I dont think software is any different, other than
Not true. People can most certainly "see" the difference between fact and fiction. Just look at 911, people didnt think it was a movie, not even a bad movie, people knew it was real.
Maybe because every TV and radio station arround the world transmitted those pictures, and told the audience about it.
Sure, the phone system broke down, but the internet was still running, so people was able to get verification that it really did happen.
The time when an invasion could happen without knowledge being spread are unlikely. However, the time when you could fake an inversion are also gone. There will not be another "war of the worlds" radioshow.
Just tell your sysadmin about checkinstall, that allows him to make a deb from the source.
Yes, that would be nice, but just because this encryption can not provide the described scenario (on it's own) does not mean that it isnt usefull.
The "keys" are stored on the disk, however, they are stored in an encrypted version, which is encrypted with the pass-sentense you supply. This means that you can change the pass-sentense if it gets compromised. This is a good thing. I think the key is stored using 384 bits, and the data 256, but go look in the .pdf's about this encryption.
This is NOT an encrypted filesystem, this is an encrypted block-device. And just like all other block-devices, you can put a filesystem ontop of it. But the filesystem has no knowledge that the underlying block-device is encrypted.
You'll have to use other ways to protect against this, like never leave your laptop, and only access secure networks, if network at all
Yes we have solved the keystore problem. The actualy key for decrypting the data is stored in an encrypted version. If you try to decrypt the key, how would you know you got the right key? Well you would if you could decrypt the data. However, you can use ALOT more bits to encrypt the key, because it's so much smaller than the data. If you need 2^512 brute force attacks to decrypt the key, but only 2^256 to decrypt the data... why bother with decrypting the key?
Further more, in order to prevent an attacker from using "knownplaintext" (like the EXT2 superblock?) this driver rearranges the ordering of the blocks. SMART!
Yes, some thoughts. You are right, this does NOT protect against stealing a "hot" disk, this only protects "cold" disks. The .pdf's from Poul-Henning also states this. So one would have to find another way to protect a running machine, like:
never leave it [running] when you arent looking
dont access secret stuff in places where you can be distracted
These problems are all user related errors. Just because this encryption does NOT protect against stupid users, doesnt mean that using this encryption isnt a good idea. One of the places where i have used, and is using encryption, is on my works servers to avoid people being able to read data if we replace the harddisks, sell the harddisks, or the machine is stolen. How many sensitive data lies on harddisks sold on EBay? Using encryption means that these data will be impossible to read.