OpenBSD (vn* devices) and Linux (crypto-loop) have this for years. NetBSD also has it. Windows XP also has it.
No, cryptoloop in linux can not do the same. Cryptoloop can encrypt, but you can not change password. Luckily there are other ways to do that, PPDD
which appears to be using the same princip of storing the real key on the disk, though encrypted with the password. The same princip a friend and me is using in our development of a device-mapper target, deadline is 1. october.
Not having any more knowledge of GEOM, than what i read in the.pdf's of the presentationslides, then i would state that GEOM appears to be very much what device-mapper is in Linux.
This is great, but what about interoperability?
Right now, all operating systems I can use encrypted partitions, but the way they do it is different on every system.
If I encrypt my USB memory key on FreeBSD, I won't be able to use it on Linux. Even if the actual file system is the same, even if the encryption algorithm is the same.
Very valid point. I hope someone addresses this. I supose it would be rather easy to write a device-mapper target that behaves like GBDE-GEOM
CIPE doesnt run over tcp, it runs only over UDP, and there are 2 "versions" one that uses a static key, and one that uses a static public-keysystem to exchange a dynamic key which is used encrypt the packets. Are UDP not stateless?
I run CIPE, but now i'm gonna read his article, and see if i change my choice of VPN.
one dual cpu test could be make -j bzImage on the linux kernel. -j spaws a new process when ever possible. It is possible to limit the number of processes, with a number right after the -j. This trick naturally works on other compilations than the kernel, so just find something big, and give it a test.
Actualy when i read Toms and others test of the Opteron back when it was released i kind of missed tests that used OS tools and programs to test the system, using real programs. Source Compilation: Maybe you dont recompile kernels all day, but if you are a developper you compile source code, so for you a compile test is worth while. Gimp: Apple usualy does alot of photoshop benchmarks, so why not use gimp, a known image, and a known script for gimp to benchmark the system with that? Some people use imagemanipulation for work, so lets test real work.
It might be an idea to test other programs, possibly some engineering tool, maybe blender, or some other tool that uses the floating point unit, rather than the integer part, and or possibly something that can use and test SMP, and/or tests that is cpu bound, memory bound, (or disk bound).
The benefit over OpenBSD could be stuff like: name recognition amoung the suits (they have heard about linux, but probably not OpenBSD (as opposed to nerds). prepackaged binaries? (not sure if OpenBSD has that).
I can see a market for commercial apps that is targeted for a "trusted OS". It would properly be easier to use Trusted Debian for this for a "desktop" rather than OpenBSD, even though both are possible.
True OpenBSD does have an impressive record, but that doesnt mean that cant be space for more "trusted OS's" out there. If you dont want to run, fine, dont run it.
Well, i can imagien that one benefit is that debian has ALOT of packages, that can both be installed binary, and source for compilation. I dont think that it will be that big a job just to take all the debian packages and recompile them into "Trusted debian".
The dude is in our local lug, http://www.sslug.dk/ and his name is Ole "perl" Tange.
You can get the program here http://www.linux-kurser.dk/secure_harddisk_e raser. html
Re:Does not work like that
on
Fun With Wine
·
· Score: 2
Does it ?? Really ?? I seem to remember that the latest Office, version 11 ? will only run at XP and win2000. And since office 11 contains a brand new fileformat, that office xp and older offices cant read, they have defacto forced you to upgrade by breaking backwards compability.
Yes i'm aware that default wine doesnt run office.
Have you tried powerpc ? G4's altivec unit might be able to give you a performance boost, i've considered them at work, but since we dont write our own code, we cant, since the program isnt avaible on ppc. A vector unit is good for some types of computations, maybe yours is one of them.
Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with. Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.
I'm using CIPE for linux at work. It can be found at http://sites.inka.de/sites/bigred/devel/cipe.html or for windows at http://cipe-win32.sourceforge.net/.
It's a better solution because it doesnt run TCP over TCP, which can give a problem, when retransmission occurs. With the right ammount of bad luck, you can have double retransmission where both layers of TCP retransmit. CIPE runs completely over UDP to avoid this problem.
> And Athlon-based systems should be *much* cheaper than their Intel counterparts...
> if not then your PC manufacturers are shafting you
I've resently bought an athlon MP system. Compared to P3 cpu prices, athlon MP are cheaper, but the motherboard is more expensive, atleast twice as much. Taking 2*cpu and a MB, the price is about the same. DDR memory is more expensive though, especialy because the dual athlon MB requires registered memory. (i've only seen tyan make dual athlon MB's). Here a dual P3 system can use regular sd-ram saving you money but for lower performance. I dont know about P4 systems, we havent tried those at work.
If one computer isnt fast enough to handle 893743340548793 spam emails a day, then distribute the spam detection to more computers.
Since the emails arent related to each other, or yes they are. Most likely the same people will over and over again email you, were spam email addresses are different, so
1) keep a list of "good email addresses"
possibly all your previous customers
2) set up a beowulf cluster to parse through
every incomming email and catogorize it as
spam or not. Give each node a fair number of
emails to parse, and your mailserver load
should fall.
Howto implement it ??
1? internal email server that does the final delivery, and also takes cares of internal email. Then have either a number of mailserver that recieves from the world, or one that does that and distributes it to the beowulf cluster, and then those machines delivers to the internal mailserver.
yes, and even if the licenses does clash head on, there is nothing wrong with the author of the code releasing it under 2 different licenses.
One for the university with the university license, and one which the student puts on the internet with the GPL license.
Why should they only be allowed to contribute if it helped the company ??
I would say as long as they dont directly hurt the company, any employer should be free to create any IP, art,... that he or she wishes to do. And keep ownership of that work, or transfer it as he or she wishes.
Naturaly, all work they create while getting paied, and/or is at work belongs to the employer.
Slashdot Mirror
No, cryptoloop in linux can not do the same. Cryptoloop can encrypt, but you can not change password. Luckily there are other ways to do that, PPDD which appears to be using the same princip of storing the real key on the disk, though encrypted with the password. The same princip a friend and me is using in our development of a device-mapper target, deadline is 1. october. .pdf's of the presentationslides, then i would state that GEOM appears to be very much what device-mapper is in Linux.
Not having any more knowledge of GEOM, than what i read in the
Very valid point. I hope someone addresses this. I supose it would be rather easy to write a device-mapper target that behaves like GBDE-GEOM
next time, just tell her to visit your website and ask her how impressed she is
but TCP ontop of TCP leads to bad throughput. I suppose bad throughput is better than bad security.
How does IPSEC handle UDP packets? and ICMP packets? Doesnt IPSEC transmit those as encrypted UDP and ICMP packets?
JonB
CIPE doesnt run over tcp, it runs only over UDP, and there are 2 "versions" one that uses a static key, and one that uses a static public-keysystem to exchange a dynamic key which is used encrypt the packets.
Are UDP not stateless?
I run CIPE, but now i'm gonna read his article, and see if i change my choice of VPN.
JonB
one dual cpu test could be
make -j bzImage
on the linux kernel. -j spaws a new process when ever possible. It is possible to limit the number of processes, with a number right after the -j. This trick naturally works on other compilations than the kernel, so just find something big, and give it a test.
Actualy when i read Toms and others test of the Opteron back when it was released i kind of missed tests that used OS tools and programs to test the system, using real programs.
Source Compilation:
Maybe you dont recompile kernels all day, but if you are a developper you compile source code, so for you a compile test is worth while.
Gimp:
Apple usualy does alot of photoshop benchmarks, so why not use gimp, a known image, and a known script for gimp to benchmark the system with that? Some people use imagemanipulation for work, so lets test real work.
It might be an idea to test other programs, possibly some engineering tool, maybe blender, or some other tool that uses the floating point unit, rather than the integer part, and or possibly something that can use and test SMP, and/or tests that is cpu bound, memory bound, (or disk bound).
What do you mean you have no copy and paste? My Treo180 has copy and paste.
i have a treo180, and the buttons are not too small. The work flawlessly. And i dont have small fingers.
By the way, the big movie is at
it's lunch time here. Anyway, i was just quoting the changelog from mplayer-0.90.tar.bz2 which says:
566: pre1:
567: * 100% GPL - yeah, so what?
Sheesh! mplayer has been 100% GPL since version 0.90-pre1.
vserver might solve your secure jail for linux.x t.hc
http://www.solucorp.qc.ca/miscprj/s_conte
The benefit over OpenBSD could be stuff like:
name recognition amoung the suits (they have heard about linux, but probably not OpenBSD (as opposed to nerds).
prepackaged binaries? (not sure if OpenBSD has that).
I can see a market for commercial apps that is targeted for a "trusted OS". It would properly be
easier to use Trusted Debian for this for a "desktop" rather than OpenBSD, even though both are possible.
True OpenBSD does have an impressive record, but that doesnt mean that cant be space for more "trusted OS's" out there. If you dont want to run, fine, dont run it.
Well, i can imagien that one benefit is that debian has ALOT of packages, that can both be installed binary, and source for compilation. I dont think that it will be that big a job just to take all the debian packages and recompile them into "Trusted debian".
I would expect that they had tested Duron vs. Athlon in advance, and bought the cpu type and number that gave them the most bang for the buck.
Suppose they only run stuff that can fit in the cache size of the Duron, then the extra price for the athlon is a bad idea.
someone already made that for you.
e raser. html
The dude is in our local lug, http://www.sslug.dk/ and his name is Ole "perl" Tange.
You can get the program here
http://www.linux-kurser.dk/secure_harddisk_
Does it ?? Really ??
I seem to remember that the latest Office, version 11 ? will only run at XP and win2000. And since office 11 contains a brand new fileformat, that office xp and older offices cant read, they have defacto forced you to upgrade by breaking backwards compability.
Yes i'm aware that default wine doesnt run office.
eBay...
mod parent up!
Have you tried powerpc ? G4's altivec unit might be able to give you a performance boost, i've considered them at work, but since we dont write our own code, we cant, since the program isnt avaible on ppc. A vector unit is good for some types of computations, maybe yours is one of them.
JonB
Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with.
Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.
JonB
I'm using CIPE for linux at work. It can be found at http://sites.inka.de/sites/bigred/devel/cipe.html or for windows at http://cipe-win32.sourceforge.net/.
It's a better solution because it doesnt run TCP over TCP, which can give a problem, when retransmission occurs. With the right ammount of bad luck, you can have double retransmission where both layers of TCP retransmit. CIPE runs completely over UDP to avoid this problem.
JonB
Bull Shit Allience ??
> And Athlon-based systems should be *much* cheaper than their Intel counterparts ...
> if not then your PC manufacturers are shafting you
I've resently bought an athlon MP system. Compared to P3 cpu prices, athlon MP are cheaper, but the motherboard is more expensive, atleast twice as much. Taking 2*cpu and a MB, the price is about the same. DDR memory is more expensive though, especialy because the dual athlon MB requires registered memory. (i've only seen tyan make dual athlon MB's). Here a dual P3 system can use regular sd-ram saving you money but for lower performance. I dont know about P4 systems, we havent tried those at work.
ion++
Doesnt matter, because that will take away the microsoft tax on new computers you buy.
ion++
If one computer isnt fast enough to handle 893743340548793 spam emails a day, then distribute the spam detection to more computers.
Since the emails arent related to each other, or yes they are. Most likely the same people will over and over again email you, were spam email addresses are different, so
1) keep a list of "good email addresses"
possibly all your previous customers
2) set up a beowulf cluster to parse through
every incomming email and catogorize it as
spam or not. Give each node a fair number of
emails to parse, and your mailserver load
should fall.
Howto implement it ??
1? internal email server that does the final delivery, and also takes cares of internal email. Then have either a number of mailserver that recieves from the world, or one that does that and distributes it to the beowulf cluster, and then those machines delivers to the internal mailserver.
ion++
yes, and even if the licenses does clash head on, there is nothing wrong with the author of the code releasing it under 2 different licenses.
One for the university with the university license, and one which the student puts on the internet with the GPL license.
Why should they only be allowed to contribute if it helped the company ??
I would say as long as they dont directly hurt the company, any employer should be free to create any IP, art,
Naturaly, all work they create while getting paied, and/or is at work belongs to the employer.
ion++