I've got two profiles for Firefox: one for everyday stuff, and one
for banking. Originally I'd done this because the banks all seemed to
require Javascript, and I simply don't leave that on (I hate
dancing baloney on websites, and a lot of the time it's just used to
serve ads anyhow). Nowadays I use NoScript to turn on JavaScript when I
want to, but I still do all the banking stuff in a separate
profile.
I did read an interview with a security researcher recently (sorry,
can't dig up the link) who said that he used a separate browser in a
separate VM for his banking. I suppose you could be even more safe by
using a Knoppix CD and avoiding your usual OS altogether.
...and replaced it with Postfix. Sendmail's still available from pkgsrc, but it's no longer the default. Man, never thought I'd see the day when one of the BSDs finally did this...
If this story leaves you confused, join the club. I don't understand why the NSA was so insistent about including Dual_EC_DRBG in the standard. It makes no sense as a trap door: It's public, and rather obvious. It makes no sense from an engineering perspective: It's too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy.
My recommendation, if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances. If you have to use something in SP 800-90, use CTR_DRBG or Hash_DRBG.
In the meantime, both NIST and the NSA have some explaining to do.
Over the weekend I encountered a dusty old RFC written in
1982 that might solve this persnickety interoperability problem. Jon
Posten's Social Messaging Transport Protocol describes a system that
relies on the combination of your unique identifier (username) on a
social networking site with a unique identifier (domain name) for such
site to produce an Internet-wide addressible identifier uniquely
identifying, well, you. Given this unique identifier, any conformant
messaging system can use this Messaging protocol to send you, well, a
message.
Honestly, I can't understand why Google et al. would ignore this work. If only there were some way of contacting them...
Bingo. I don't like what Bush has done -- but I would not trust
anyone, including myself, with that kind of power. I've got my
political heroes, but I'd be just as nervous about giving them this
ability.
I'm stealing this from training I went to at LISA last year: you tell the
LEO (law enforcement officer) politely, but firmly, that as company
policy you're happy to help, but all such requests must be
directed to the legal department.
The legal dep't will look at it and decide what to do, and then you
do it. They know their job, you know yours; they don't make decisions
about storage capacity or OS support, and you and I don't make
decisions about constitutionality or legality. And if/when you've got
the information they're looking for, you pass it back to the lawyers
and they hand it over to the LEO.
This covers your ass, your company's ass, and the LEO's ass (assuming
you or your friends aren't being socially engineered). Any LEO
should be happy to talk to the lawyers.
Now, all that said...I realize that this leaves out questions of
conscience. If Mark
Klein hadn't had spilled the beans, we'd have been a lot longer
finding out about this problem. But as a rule, I think those
situations are rare; most law enforcement stuff is
<handwave>your garden variety stuff -- robbery, fraud, yadda
yadda</handwave> (sorry, no citation to back that up) -- and the odds of being involved in something
truly offensive is pretty slim. I hope it stays that way.
ST. PETERSBURG - WarezOv Industries announced today a new initiative
in partnership with Microsoft that promises to put shared web hosting
on every desktop.
"With Microsoft's help, we have brought web hosting services to nearly
one billion PCS across the Internet," announced WarezOv CEO dRO0m@t.
"Windows allows us the opportunity to bring value-add to
the customer."
WarezOv's suite of administration tools allows easy management of all
aspects of web hosting, including DNS, mail services and -- most
important -- failover. "By tapping into Window's remote API calls,
WarezOv's tools can scale web hosting to nearly any degree, and make
it easy for the hoster as well," said Microsoft CEO Steve Ballmer.
"This -- and their tool's ease of install -- is what Windows is all about."
Free Software Foundation president and founder Richard M. Stallman
was unavailable for comment. "He's talking to Google about building
something similar for GNU/Linux," said a source close to Stallman.
AEBC? Good god, there's a name to make me shudder...the whole
sordid story is here,
but in a nutshell:
Dowco sold DSL
which we didn't tell our customers was resold from Lightspeed
which they didn't bother telling us was resold/run by
AEBC
which explained why Lightspeed couldn't fix squat when it went
wrong
which we had to hide from our customers when things when
wrong.
Good god, what a fucking mess that was. You didn't work for
Lightspeed, did you? Maybe I talked to you, trying to figure out why
one of our customers was borked...:-)
As for hijacking DNS queries -- that's just nasty. I haven't heard of that before.
One of the things I'm going to do while I've got both Shaw and Uniserve is compare pages fetched over different connections and see if there's any difference. Maybe this could be a service over a network: submit a page + url, the remote server fetches the url and sends you the diff between your page and what it got. Ditto for DNS maybe. Hm...
I know that, and I know that I was taking advantage of their non-enforcement. I've got no bones against them starting enforcement now. But I'm not going to pay for their business account (again), which is about double what I'm paying now, when for the same amount I can get the same service (broadband + allowed to run servers) plus a static IP.
When I worked at the helpdesk of a small ISP, we were approached by this company to see if we were
interested in letting them test their ad-inserting proxy server on our
customers. I protested that it was scummy and might lead to legal
trouble (I was guessing) over changing pages in-flight, but my bosses
didn't listen. That was back in 2002 or 2003, and I left shortly after to take another job. No idea what's going on there now.
I'm moving to a new ISP since
my current one has started blocking
port 25 in and out. I run my own mail server, so I appreciate that Uniserve's TOS
explicitly allow servers (clause #19). However, they also
explicitly say that they insert ads:
65. UNISERVE shall have the right, without notice, to insert
advertising data into the Internet browser used by a UNSERVE customer,
and transferred to a UNISERVE customer over UNISERVE's network, so
long as this does not involve UNISERVE establishing the identity of
the customer to whom such data is sent.
Needless to say I'm not happy about that, but in Vancouver my
choices are limited: Telus (who'll censor web
pages if they belong to a union striking against them), Shaw, or a
handful of small ADSL ISPs that all seem to be much the same.
Uniserve seems the best of a bad bunch.
Re:09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
on
Censoring a Number
·
· Score: 1
Arghhh...I'd post this on my blog -- hosted in Canada -- but (long story) I'm going to be moving it to a Linode account shortly for about three months, right before I go on vacation. Last thing I want is to come back to a takedown notice, esp. since there are a bunch of other websites on the machine as well.
This is exactly why I wanted to avoid hosting in the US. Canada isn't perfect (see: hate crime legislation), and I've no doubt there are lots of ISPs that would buckle automatically to a foreign takedown notice, but these kinds of laws are just ridiculous.
One more "me, too". I hate dancing baloney on a web page, and doubly so when it's for useless, distracting, intrusive advertising. Not to mention all the stupid security problems that come up when you just blindly trust any code to run in your web browser.
For a handful of sites, JavaScript is worth turning on; for everything else, there's NoScript.
In August I took a month long vacation to Central America, backpacking from one Mayan ruin to the next, and I never officially took time off. I submitted my columns, provided reports and other input, participated in conference calls and interacted via e-mail. I used hotel Wi-Fi connections and local cybercafes to communicate and Skype to make business calls. Nobody knew I was sunburned, drinking from a coconut and listening to howler monkeys as I replied to their e-mails.
I'm sorry, is some strange new use of the word "vacation" I'm not familiar with? Why in the name of the eight-hour day would you go some place neat and exciting and use your time there to work? What is wrong with you? Why would you pay good money to work from exotic locations?
Put down the laptop, turn off the cel phone and leave your work behind you!That is what a vacation is for!
Another vote for early stuff. IMHO you can divvy up RAH pretty well by pre- or post-SIASL (with "Moon Is A Harsh Mistress" clearly leading up to SIASL). My fave by far is "The Puppet Masters"; if you (grandparent) haven't tried it I'd recommend making time for it.
I agree that the post-SIASL stuff is pretty wretched. And I'm not really a fan of SIASL/Moon. But man, I am entertained beyond all reason by just about everything before that.
Check out the SAGE sysadmin toolbox page, and scooch down to "What's the scoop on hearing protectors and noise-cancelling headsets?". (The whole damn page is useful, too...)
Can you give some examples? I'm not trying to be snotty; I'm genuinely curious. I love pf's syntax waaaay better than iptables, esp. for firewalls w/more than two NICs, but I'd be interested to know how the underlying code compares. (Not a prograammer, though I can read C w/effort, so other opinions are valuable to me.)
to no longer use ReiserFS as its default FS (orig. reported on OSNews.com...don't think I've seen it here yet). I think this came out before the whole Hans Reiser affair, BTW.
SuSE contrasted the ease of upgrading ReiserFS and ExtFS versions:
ReiserFS v3 is a dead end. Hans has been pushing reiser4 for years now
and declared Reiser3 in maintenance mode. Any changes that arent bug
fixes are met with violent resistance. Reiser4 is not an incremental
update and requires a reformat, which is unreasonable for most people....
Ext3 has a clear upgrade path. There is quite a bit of interest in the
community in improving ext3, and ext4 is already under development. Like
the upgrade path from ext2 to ext3, the path to ext4 is clearly defined.
Existing file systems can be updated easily, and new files will be able
to take advantage of the new features.
Slashdot Mirror
I've got two profiles for Firefox: one for everyday stuff, and one for banking. Originally I'd done this because the banks all seemed to require Javascript, and I simply don't leave that on (I hate dancing baloney on websites, and a lot of the time it's just used to serve ads anyhow). Nowadays I use NoScript to turn on JavaScript when I want to, but I still do all the banking stuff in a separate profile.
I did read an interview with a security researcher recently (sorry, can't dig up the link) who said that he used a separate browser in a separate VM for his banking. I suppose you could be even more safe by using a Knoppix CD and avoiding your usual OS altogether.
...and replaced it with Postfix. Sendmail's still available from pkgsrc, but it's no longer the default. Man, never thought I'd see the day when one of the BSDs finally did this...
Chromatic points out that the whole problem addressed by Ope\ nSocial's API has already been solved:
Honestly, I can't understand why Google et al. would ignore this work. If only there were some way of contacting them...
Thank you for that...I haven't laughed that hard all week.
That is the funniest thing I expect to read all month. Thank you.
Bingo. I don't like what Bush has done -- but I would not trust anyone, including myself, with that kind of power. I've got my political heroes, but I'd be just as nervous about giving them this ability.
I'm stealing this from training I went to at LISA last year: you tell the LEO (law enforcement officer) politely, but firmly, that as company policy you're happy to help, but all such requests must be directed to the legal department.
The legal dep't will look at it and decide what to do, and then you do it. They know their job, you know yours; they don't make decisions about storage capacity or OS support, and you and I don't make decisions about constitutionality or legality. And if/when you've got the information they're looking for, you pass it back to the lawyers and they hand it over to the LEO.
This covers your ass, your company's ass, and the LEO's ass (assuming you or your friends aren't being socially engineered). Any LEO should be happy to talk to the lawyers.
Now, all that said...I realize that this leaves out questions of conscience. If Mark Klein hadn't had spilled the beans, we'd have been a lot longer finding out about this problem. But as a rule, I think those situations are rare; most law enforcement stuff is <handwave>your garden variety stuff -- robbery, fraud, yadda yadda</handwave> (sorry, no citation to back that up) -- and the odds of being involved in something truly offensive is pretty slim. I hope it stays that way.
ST. PETERSBURG - WarezOv Industries announced today a new initiative in partnership with Microsoft that promises to put shared web hosting on every desktop.
"With Microsoft's help, we have brought web hosting services to nearly one billion PCS across the Internet," announced WarezOv CEO dRO0m@t. "Windows allows us the opportunity to bring value-add to the customer."
WarezOv's suite of administration tools allows easy management of all aspects of web hosting, including DNS, mail services and -- most important -- failover. "By tapping into Window's remote API calls, WarezOv's tools can scale web hosting to nearly any degree, and make it easy for the hoster as well," said Microsoft CEO Steve Ballmer. "This -- and their tool's ease of install -- is what Windows is all about."
Free Software Foundation president and founder Richard M. Stallman was unavailable for comment. "He's talking to Google about building something similar for GNU/Linux," said a source close to Stallman.
AEBC? Good god, there's a name to make me shudder...the whole sordid story is here, but in a nutshell:
Good god, what a fucking mess that was. You didn't work for Lightspeed, did you? Maybe I talked to you, trying to figure out why one of our customers was borked... :-)
As for hijacking DNS queries -- that's just nasty. I haven't heard of that before.
One of the things I'm going to do while I've got both Shaw and Uniserve is compare pages fetched over different connections and see if there's any difference. Maybe this could be a service over a network: submit a page + url, the remote server fetches the url and sends you the diff between your page and what it got. Ditto for DNS maybe. Hm...
I know that, and I know that I was taking advantage of their non-enforcement. I've got no bones against them starting enforcement now. But I'm not going to pay for their business account (again), which is about double what I'm paying now, when for the same amount I can get the same service (broadband + allowed to run servers) plus a static IP.
Thanks for the tip. I use AdBlocker for Firefox, but it would be good to have something like this for all the browsers in the house.
When I worked at the helpdesk of a small ISP, we were approached by this company to see if we were interested in letting them test their ad-inserting proxy server on our customers. I protested that it was scummy and might lead to legal trouble (I was guessing) over changing pages in-flight, but my bosses didn't listen. That was back in 2002 or 2003, and I left shortly after to take another job. No idea what's going on there now.
I'm moving to a new ISP since my current one has started blocking port 25 in and out. I run my own mail server, so I appreciate that Uniserve's TOS explicitly allow servers (clause #19). However, they also explicitly say that they insert ads:
Needless to say I'm not happy about that, but in Vancouver my choices are limited: Telus (who'll censor web pages if they belong to a union striking against them), Shaw, or a handful of small ADSL ISPs that all seem to be much the same. Uniserve seems the best of a bad bunch.
...Director of Unix Development, Andy Ritger; the BSDTalk podcast interviewed him and Christian Zander last year about NVidia's support for the BSDs.
...and I was too late. However, .net and .org are still open...
Arghhh...I'd post this on my blog -- hosted in Canada -- but (long story) I'm going to be moving it to a Linode account shortly for about three months, right before I go on vacation. Last thing I want is to come back to a takedown notice, esp. since there are a bunch of other websites on the machine as well.
This is exactly why I wanted to avoid hosting in the US. Canada isn't perfect (see: hate crime legislation), and I've no doubt there are lots of ISPs that would buckle automatically to a foreign takedown notice, but these kinds of laws are just ridiculous.
*That* is fucking hilarious. Thanks for that.
One more "me, too". I hate dancing baloney on a web page, and doubly so when it's for useless, distracting, intrusive advertising. Not to mention all the stupid security problems that come up when you just blindly trust any code to run in your web browser.
For a handful of sites, JavaScript is worth turning on; for everything else, there's NoScript.
In August I took a month long vacation to Central America, backpacking from one Mayan ruin to the next, and I never officially took time off. I submitted my columns, provided reports and other input, participated in conference calls and interacted via e-mail. I used hotel Wi-Fi connections and local cybercafes to communicate and Skype to make business calls. Nobody knew I was sunburned, drinking from a coconut and listening to howler monkeys as I replied to their e-mails.
I'm sorry, is some strange new use of the word "vacation" I'm not familiar with? Why in the name of the eight-hour day would you go some place neat and exciting and use your time there to work? What is wrong with you? Why would you pay good money to work from exotic locations?
Put down the laptop, turn off the cel phone and leave your work behind you! That is what a vacation is for!
Sheesh.
CoralCache:
http://www.thelocal.se.nyud.net:8090/6645/2007030...for this fight at freedom-to-tinker.com. The whole series on AACS is worth reading, as is every single thing he posts.
Another vote for early stuff. IMHO you can divvy up RAH pretty well by pre- or post-SIASL (with "Moon Is A Harsh Mistress" clearly leading up to SIASL). My fave by far is "The Puppet Masters"; if you (grandparent) haven't tried it I'd recommend making time for it.
I agree that the post-SIASL stuff is pretty wretched. And I'm not really a fan of SIASL/Moon. But man, I am entertained beyond all reason by just about everything before that.
Check out the SAGE sysadmin toolbox page, and scooch down to "What's the scoop on hearing protectors and noise-cancelling headsets?". (The whole damn page is useful, too...)
Can you give some examples? I'm not trying to be snotty; I'm genuinely curious. I love pf's syntax waaaay better than iptables, esp. for firewalls w/more than two NICs, but I'd be interested to know how the underlying code compares. (Not a prograammer, though I can read C w/effort, so other opinions are valuable to me.)
to no longer use ReiserFS as its default FS (orig. reported on OSNews.com...don't think I've seen it here yet). I think this came out before the whole Hans Reiser affair, BTW.
SuSE contrasted the ease of upgrading ReiserFS and ExtFS versions: