Re:Combat it or deny responsibility you mean...
on
Gone Phishing?
·
· Score: 2, Interesting
I was thinking recently that a new TLD might help. If there was.bank or such, and only allow authoritative DNS servers that are registered by a valid bank, possibly even using DNSsec, well maybe it would be easier to educate people to only use the proper URLs.
But of course that would also depend on a browser that doesn't make it easy to dupe people even then.
I do that with any website I setup as well. Actually, I deny any request that isn't to a valid domain (virtualhost) on the server.
It seems the order of Apache means that it still gets parsed though, so while the access_log isn't filled with worm requests, the error_log does show invalid URLs and such.
I think its beautiful that we no longer see ourselves as "people", "human beings" or "society" we are consumers, nicely fits our social values me thinks..
When I write a representative I make sure to use "citizen" and "voter" instead. Sadly, it is hard to write about these issues knowing the recipient probably has already presumed guilt for taking a stance against these protections.
As for fine-grained access controls, systrace does just that. There's even a gui that asks whether each system call a piece of software makes should be allowed or not, building up the rules as you go (sort of like the way browser's can ask if you want it to "remember" your decision for a given site). This works out well regarding the problem with the chroot's, where many pieces of software want to read ld.so or various stuff in/usr/share, there's no need to populate a directory structure for each application.
As for hash checks on executables, there's additional software that adds that to OpenBSD. It's called Stephanie and does a few other things as well.
A simpler approach to mitigate some risk can be used on a dedicated desktop. For each network app run it as a different user (KDE has an option to do just this when creating an icon/link for example). Make each of those user's home directories 770 with a group that you belong to. Then your browser, email client, irc client, etc cannot read each other's directories (and config files) nor your own, but you can drop files in to send as an attachment, or copy files out after downloading. Not useful on a multi-user system, nor will it help with a worm... but it's a lot simpler to setup, and can be done on every BSD or Linux I imagine.
Okay, this is about the third time I've looked at that. How is it not just SPF? I'm perfectly content to believe that MS just added a useless step in order to add license restrictions, but that doesn't explain why the IETF and such actually considered it separately from SPF.
What I really like about OpenBSD is that I don't have to google for a HOWTO on configuring pf and altq.
I'd also throw in that the file system layout is very consistant with OpenBSD. There's even a hier(7) man page describing the layout. When I'm working on another OS I find myself digging around, even for configuration files, way too often.
This is eloquent but wrong (a common end state to a lawyer's speech).
SCO cares far more about invalidating the GPL than it does about retaining its right to use GPL'd works. The income to be had from being The One That Defeated Linux far exceeds SCO's income from Linux et al itself.
That may be assuming much, but the post still seems underrated =)
For those interested in the gory details, A Future-Adaptable Password Scheme by Neils Provos and David Mazieres goes into great detail about the approach taken with OpenBSD. I don't know about the others out there today but one of the nice things with this approach is that the number of rounds can be increased as processors become faster. On each machine one can choose how much processing time should be taken at a login prompt essentially.
Good points on 1 and 2, but in (3) I'd suggest not adding the 'if tied to legitimate academic or corporate entities' - you'd still be limitting free speech in some cases unless everyone is allowed to discuss what they've found wrong with a product.
A few years ago I wouldn't have said this, but browsers today who refuse to use cookies are just cutting themselves off from a large part of the Internet. Let them cut themselves off. When they're ready to join the rest of us, they're welcome to.
Most the sites I've come across that really have the information I want, rather than a sales pitch, work with no or one (login) cookie. I typically block cookies from a domain until I find that I want to be known to the site and it proves useful to me personally. So if I get a splash page saying I need to allow a dozen cookies from a site, and have no evidence the content is worth going through my browser's settings to change policy on that domain, I would choose not to visit the site.
Does this mean I'm cutting myself off from the majority of the internet? *shrug* Does this mean your site gets less visitors? Yes.
If I really want to do some web browsing secure from local sniffers I could fire up netscape from my basement but with the display on my notebook. (X has some bebefits.) It would be slow, but it would work.
True, but I'd think it snappier to use the included SOCKS4 proxy that comes with newer OpenSSH software. (It's the -D option.)
After reading about a quarter of the spec for D at digitalmars.com D feels like a chance to write efficient, compiled C-like code but with some of the conveniences of Perl.
I like that the size is part of an array for example. It's also interesting that the compiler is supposed to error on ambiguous expressions that depend on the order of operation... this could be a pain, but these are examples of how D is intended to reduce programming errors.
Out of mild curiosity I followed the ROT-13 link and was confused by the last comment on Netscape's page. Are they serious that it will decode but not encode?:)
I'm not using Netscape so I can't test this myself... so as a public service to all those unfortunate people unable to properly encode ROT-13 without doing so manually, I offer this link.
Unless there is some _other_ way of breaking a key, it would take quite a bit more resources than this. Something along the lines of the age of the universe or something, I forget the exact analogies....
There's a good example of customizable notifications over at BeBits. IIRC there are options for having a weekly email of the most popular downloads, most recent submissions, and such.
There's also the option of being mailed anytime a specific piece of software gets updated. Each "product" lives in its own space on their site, and provides that option.
This is all true of course... I've been trying to think of where the neural net might be a correct solution, and can't come up with many. What does come to mind?
-Not needing my keys to unlock the door. A system that learns to do a good job of recognizing me at my own front door could be worthwhile.
That's about it actually. I mostly agree everything else could be handled, probably better, by programming a controller. Maybe a more interesting thread would be "What features of a smart-home would you like, what interface, etc." and then see if NN are appropriate to any of the goals.
I haven't researched linuxPPC for my 7200 yet, and I went and formatted a 9G drive HFS+ figuring the savings would be worthwhile. Do any of the unix flavors support it yet?
You may also want to consider setting up aliases, using free accounts and personalities for mailing lists. I use a different email address for each mailing list I'm on...
I've been doing this very thing for about 8 months now. I can say that I've gotten exactly 1 spam the whole time, and that was an eBay alias I setup that was visible on their website. None of the lists I've joined have shared my email address with anyone....
Now, I've tested news with alias accounts, and actually got spammed within an hour of posting to alt.test.test (for example)!
I would never give an email address to one of those _remove_ or _opt-out_ places. I'd rather spend that time checking for an open relay and informing the admins in any case.
remember you can't be serious when you see this movie. take it for what it is, a table top game with all of its over the top antics turned into a movie.
It seemed to me that the movie didn't take _any_ direction and run with it. It could have been done for a mainstream audience, or focused completely on the target audience, or any number of things. But it was basically the visualization of a gamers campaign - with all the thought and imagination and humor stripped away.
It was presented way to seriously at parts, yet the characters gave no reason to be taken seriously. It was more like a bunch of clips that didn't flow well than a movie. Ok, I wasn't intending to bash on the movie, but I wasn't surprised by the movie at all. It just wasn't something I could get into enough at any point and enjoy.
Seems to me they would be the most qualified people to operate the machines. Not so much that their role was replaced, just changed to be somewhat safer.
Slashdot Mirror
I was thinking recently that a new TLD might help. If there was .bank or such, and only allow authoritative DNS servers that are registered by a valid bank, possibly even using DNSsec, well maybe it would be easier to educate people to only use the proper URLs.
But of course that would also depend on a browser that doesn't make it easy to dupe people even then.
I do that with any website I setup as well. Actually, I deny any request that isn't to a valid domain (virtualhost) on the server.
It seems the order of Apache means that it still gets parsed though, so while the access_log isn't filled with worm requests, the error_log does show invalid URLs and such.
When I write a representative I make sure to use "citizen" and "voter" instead. Sadly, it is hard to write about these issues knowing the recipient probably has already presumed guilt for taking a stance against these protections.
Warning - OpenBSD-specific info =)
As for fine-grained access controls, systrace does just that. There's even a gui that asks whether each system call a piece of software makes should be allowed or not, building up the rules as you go (sort of like the way browser's can ask if you want it to "remember" your decision for a given site). This works out well regarding the problem with the chroot's, where many pieces of software want to read ld.so or various stuff in /usr/share, there's no need to populate a directory structure for each application.
As for hash checks on executables, there's additional software that adds that to OpenBSD. It's called Stephanie and does a few other things as well.
A simpler approach to mitigate some risk can be used on a dedicated desktop. For each network app run it as a different user (KDE has an option to do just this when creating an icon/link for example). Make each of those user's home directories 770 with a group that you belong to. Then your browser, email client, irc client, etc cannot read each other's directories (and config files) nor your own, but you can drop files in to send as an attachment, or copy files out after downloading. Not useful on a multi-user system, nor will it help with a worm... but it's a lot simpler to setup, and can be done on every BSD or Linux I imagine.
Okay, this is about the third time I've looked at that. How is it not just SPF? I'm perfectly content to believe that MS just added a useless step in order to add license restrictions, but that doesn't explain why the IETF and such actually considered it separately from SPF.
What am I missing here?
What I really like about OpenBSD is that I don't have to google for a HOWTO on configuring pf and altq.
I'd also throw in that the file system layout is very consistant with OpenBSD. There's even a hier(7) man page describing the layout. When I'm working on another OS I find myself digging around, even for configuration files, way too often.
This is eloquent but wrong (a common end state to a lawyer's speech).
SCO cares far more about invalidating the GPL than it does about retaining its right to use GPL'd works. The income to be had from being The One That Defeated Linux far exceeds SCO's income from Linux et al itself.
That may be assuming much, but the post still seems underrated =)
For those interested in the gory details, A Future-Adaptable Password Scheme by Neils Provos and David Mazieres goes into great detail about the approach taken with OpenBSD. I don't know about the others out there today but one of the nice things with this approach is that the number of rounds can be increased as processors become faster. On each machine one can choose how much processing time should be taken at a login prompt essentially.
Good points on 1 and 2, but in (3) I'd suggest not adding the 'if tied to legitimate academic or corporate entities' - you'd still be limitting free speech in some cases unless everyone is allowed to discuss what they've found wrong with a product.
A few years ago I wouldn't have said this, but browsers today who refuse to use cookies are just cutting themselves off from a large part of the Internet. Let them cut themselves off. When they're ready to join the rest of us, they're welcome to.
Most the sites I've come across that really have the information I want, rather than a sales pitch, work with no or one (login) cookie. I typically block cookies from a domain until I find that I want to be known to the site and it proves useful to me personally. So if I get a splash page saying I need to allow a dozen cookies from a site, and have no evidence the content is worth going through my browser's settings to change policy on that domain, I would choose not to visit the site.
Does this mean I'm cutting myself off from the majority of the internet? *shrug* Does this mean your site gets less visitors? Yes.
If I really want to do some web browsing secure from local sniffers I could fire up netscape from my basement but with the display on my notebook. (X has some bebefits.) It would be slow, but it would work.
True, but I'd think it snappier to use the included SOCKS4 proxy that comes with newer OpenSSH software. (It's the -D option.)
After reading about a quarter of the spec for D at digitalmars.com D feels like a chance to write efficient, compiled C-like code but with some of the conveniences of Perl.
I like that the size is part of an array for example. It's also interesting that the compiler is supposed to error on ambiguous expressions that depend on the order of operation... this could be a pain, but these are examples of how D is intended to reduce programming errors.
Sir Robin comes with the Killer Rabbit of Caer Bannog!
Out of mild curiosity I followed the ROT-13 link and was confused by the last comment on Netscape's page. Are they serious that it will decode but not encode? :)
I'm not using Netscape so I can't test this myself... so as a public service to all those unfortunate people unable to properly encode ROT-13 without doing so manually, I offer this link.
Unless there is some _other_ way of breaking a key, it would take quite a bit more resources than this. Something along the lines of the age of the universe or something, I forget the exact analogies....
See: the FAQ.
There's a good example of customizable notifications over at BeBits. IIRC there are options for having a weekly email of the most popular downloads, most recent submissions, and such.
There's also the option of being mailed anytime a specific piece of software gets updated. Each "product" lives in its own space on their site, and provides that option.
This is all true of course... I've been trying to think of where the neural net might be a correct solution, and can't come up with many. What does come to mind?
-Not needing my keys to unlock the door. A system that learns to do a good job of recognizing me at my own front door could be worthwhile.That's about it actually. I mostly agree everything else could be handled, probably better, by programming a controller. Maybe a more interesting thread would be "What features of a smart-home would you like, what interface, etc." and then see if NN are appropriate to any of the goals.
I haven't researched linuxPPC for my 7200 yet, and I went and formatted a 9G drive HFS+ figuring the savings would be worthwhile. Do any of the unix flavors support it yet?
Ask and you shall receive :)
I've been doing this very thing for about 8 months now. I can say that I've gotten exactly 1 spam the whole time, and that was an eBay alias I setup that was visible on their website. None of the lists I've joined have shared my email address with anyone....
Now, I've tested news with alias accounts, and actually got spammed within an hour of posting to alt.test.test (for example)!
I would never give an email address to one of those _remove_ or _opt-out_ places. I'd rather spend that time checking for an open relay and informing the admins in any case.
heh, very observant.
nonetheless, how does a typo apply to sticking one's foot in one's mouth?
It seemed to me that the movie didn't take _any_ direction and run with it. It could have been done for a mainstream audience, or focused completely on the target audience, or any number of things. But it was basically the visualization of a gamers campaign - with all the thought and imagination and humor stripped away.
It was presented way to seriously at parts, yet the characters gave no reason to be taken seriously. It was more like a bunch of clips that didn't flow well than a movie. Ok, I wasn't intending to bash on the movie, but I wasn't surprised by the movie at all. It just wasn't something I could get into enough at any point and enjoy.
Seems to me they would be the most qualified people to operate the machines. Not so much that their role was replaced, just changed to be somewhat safer.