None? For example there's Samsung Galaxy Nexus which has ICS.
Or you can get a Samsung Nexus S. It comes with Gingerbread. Then check the Android mailing lists for the update zip URL (or google it up, it was some google.com address). Download the.zip. Put it to your phone SD card as update.zip, boot into recovery mode (volumeup+power). Select to upgrade the update.zip. Let it upgrade the system. Done.
As a bonus all your data will be there, if you didn't wipe it.
I don't have a smart phone, yet (so no data to save). I have started looking around. But I'm only looking at unlocked phones because that's the only acceptable way. I won't be signing up with any provider term plan. I know most can do month to month to start (a friend of mine works as a rep for one of them and says they are not allow to offer M2M but should sign up whoever asks for it). I only want SIM-compatible phones, so Verizon is off the radar.
You know where to order one of these phones online, unlocked, w/o a provider plan?
That DOES break the internet... with respect to making the internet more secure and reliable. What SOPA should do is use outside means of law enforcement against the violators. The very serious problems with SOPA is that it requires breaking security integrity for ISPs to comply with the possible orders they could receive. It also will cost the ISPs substantially more money. And this is being done without the proper judicial due process the US Constitution requires (we can only hope this gets quickly knocked down by SCOTUS if this law passes).
It also breaks the fabric of the internet as a social medium, not just the technology. Companies like Facebook (disclaimer: I don't use Facebook) might well have to shutdown or go to a paid subscription model in order to finance the massive scale of review needed for uploaded content. And without uploaded content, what good are these social sites?
Facebook would end up being replaced by a fragmented gauntlet of fly-by-night services at various random locations around the world. Someone will invent a Torrent-like social medium infrastructure that will have many serious limitations, but will be better than nothing. In the end, it will end up driving more and more underground. Copyright violations won't stop. They will continue to increase.
SOPA is one of the most destructive stupidities to ever come out of Congress. And this is 2012.
I'm looking for an Android phone. None have Ice Cream Sandwich from the vendor. So I would need to upgrade (probably should, anyway). Which download should I use to do so since the vendor would not have it?
So your company is issuing iOS phones to the staff that need phone based access? Great. But I still would not want to work there because I don't want to carry around two phones.
It means the author of the article is confused. PPTP and L2TP and other VPN protocols can go over IPsec or they can go direct and use their own encryption. The author seems to be upset that Android doesn't use IPsec. If he knew me, he'd be upset with me, too, because I don't use IPsec, either... anymore.
Restricting access to particular services is best done by those services themselves doing the authentication. They would know what users are authorized for what functions. The remote Android user is in no position to sniff the server networks, so the fact that the traffic within the LANs is not encrypted does not matter as long as you trust your network admins... if you don't, you better be using an SSL layer to the server and trust your server admins.
If the remote user has ANY means to access the internet on the phone, either directly through the telco data bandwidth provider, or even proxied or routed through the VPN, then the phone MUST be considered unsafe, and it would be entirely inappropriate for it to be accessing any home base servers that don't authenticate (but that's just totally stupid to run that way under any circumstance).
... then just set the password for root to "rewt" and your done.
Seriously, the way banks do things should absolutely never be a model for security. Run BSD (not Windows, not Mac, and not Linux). Find the smallest open source web server that can do what you need (but absolutely not Apache), and review the source and history of bugs and exploits. Or just write your own. Avoid languages with lots of modules if you can, and certainly avoid those modules. As much as you can you need to be writing all the code. Most of the open source stuff out there was not written with "rock solid security in mind", or was any of the commercial stuff. But at least with open source you can review the code, so if you can't write the code, then review some open source.
I have yet to see ANY of the Tea Party candidates come out and say SOPA is bad law, will veto it if it comes to them when in office, and if it gets passed before they take office will refuse to enforce it and pressure Congress to revoke it.
I have heard from a second-hand source that Ron Paul is against it. But he's not Tea Party.
There is ONE similarity, however. A political party is moving to try to take over the country so they can impose their own narrow minded views on the whole country.
Hundreds of tons would not be worth it. But some of the objects out there probably have trillions of grams. That's a 't', the 20th letter of the English alphabet which implies a number with at least thirteen digits in decimal.
China does not have a monopoly on that. They didn't even create it. Cutting corners and cheating people existed in the industrial boom of the 19th century in the US, as carried out by big corporations. Even today that is still going on. And it's not just in technology. Financial services is doing this big time. China is just copying it.
Not everyone can go to that scale. I'm glad Facebook did, and hope more do. I looked at it a while back for what my job involves. It is not dismissed, but we can't do that right now. As more of that reaches commercial off the shelf markets, we can do more. More mainboards that use a DC voltage coming in mean more opportunity to reduce the conversion steps that waste the most power. But for various reasons I would never do DC above 48 volts. I have determined that the likely optimal voltage for powering a mainboard directly at one DC voltage is around 16-18 volts. That's way too low for a data center wide DC bus. But I'd never do that even at 48 volts because of the current hazard and conductor heat loss, or 380 volts because of the voltage hazard.
I'll stay with AC at the data center scale, even with a small data center. What I'd avoid is too many conversion steps. Just convert utility street distribution voltage to line voltage (416/240 in three phase, even in USA where you can get it) and bring that to each cabinet. Then convert AC to DC per cabinet or per blade frame (minimal DC fault current and at mainboard voltage). Design the blade frames so they can accept battery pack blades in each slot. Plug in CPU blades and/or battery blades in the balance you need between CPU capacity vs. battery capacity.
You don't have to do DC to be reasonably green. DC still has a number of issues, including safety. And just having DC alone does not make it green (you have to do DC smartly).
Just being smart about AC as well as the cooling systems can make improvements. For example, run your servers on 208 or 240 volts instead of 120 volts. And if you are building a new data center in North America, get your power from the utility at three phase 416Y/240 volts instead of 208Y/120 volts for the computer room (get separate 208Y/120 volts for the offices where needs for 120 is common). Use lights-out platforming as much as you can (last one out turn out the lights).
Use UPSes that can switch to "line interactive mode" instead of doing everything in "double conversion". Only extremely sensitive equipment needs double conversion all the time Don't do "whole data center" UPSes because you lose the ability to gradually migrate to greener models over time. About one UPS per rack should be sufficient.
Split your cooling load across multiple systems so the temperature stays more stable (one giant HVAC causes temperatures to go up and down a lot). Once stable, you can target the temperature at a higher level.
Are you sure you want anti-virus when the issue is about trojans? Maybe just be smart about what apps you download by making sure the place you get them from checks them first to be sure they are not Malware?
The IT department are NOT (supposed to be) teachers. They can take classes at the local community college if they want to learn stuff. Of course we know what works and works does not with computers. That's supposed to simply be accepted, and not objected to (except by our higher ups who can fire us if they choose to do so). It is true I don't know much or maybe know nothing about some jobs other people do. But their jobs are not involving making sure people don't expose the company network to outsiders.
... whatever the theft deprived the owner of. That can include the inconvenience of not having the car when the owner needs to make a beer and pizza run. It includes the damage to the car (if it gets returned). If never returned, then it is the whole replacement cost. It's the same for stealing any other tangible property.
For software, music, or movies, there is NOTHING that the DOWNLOADING of prevents except for the potential loss of business from that ONE downloader... or more if they then share it with others. But even if Alice downloads something and then shares it with Bob, the loss of potentially selling this to Bob can at best be split between Alice and Bob. It makes no sense to claim the full loss against Alice who share it with Bob, and to also claim the full loss against Bob for downloading it from Alice.
And this overlooks the notion that not everyone would buy it if that was the only choice. Lots of people have downloaded many MILLIONS of dollars worth of content and software, so there's no way in hell that can be considered anywhere near a million dollars in loss.
If the content (and software) industry wants to sell these things to me... a BSD/Linux user... then they need to be marketing it to me and my part of the market (BSD/Linux users), with copies/versions that work on my BSD or Linux computers. If it can't work on my computer, then I'm not in the market they target. If it happens to be that the pirate copy DOES work, but THEIR copy won't, it's still the same... they never INTENDED to sell to me, so there is ZERO loss if I don't buy it and just download it instead.
NewYorkCountryLawyer might grin, though, if he were to see the demand for admissions I would serve on THEM if they sued me. There would be items like "Admit that plaintiff has not marketed a Linux compatible version to the Linux market that defendant is in".:-)
Personally, I think it this is a pretty obvious attack to think of when designing a hash compression function.
I agree it is obvious. But it's also simple to avoid. And you don't even need high entropy for it. Storing a random number ONCE (like at install time) and then used in all instances would be resistant in most cases. So if/dev/urandom isn't available for some reason, that's not a show stopper (fall back to a hash of the install date, perhaps)
For some things I'm doing, I even skipped hash and went to BST. (My) BST (code) benched better than hash for scales up to what I usually do. I also made a HCBST (Hash Cached Binary Search Tree) where the hash part is collision-free and an attack like this would lead to BST timing instead of linked list timing. A hash that uses BST to resolve collisions might be the way to go where random seeding isn't an option (but most everywhere it is, so... meh).
I just reviewed all my PHP sites. I'm not using POST anywhere, so my exposure is small.
... who ask for utterly stupid things. For example the secretary that called IT for support because she was required to change her password and it wouldn't let her change it to the same one she had been using for the past year. Please, Billie Blair, why is it that WE IT people have to deal with such stupidity.
Or... the hack could have actually been executed inside the NYT network. We know big businesses are incapable of completely securing their networks, so it is plausible. Or it could have been a staffer error. We'll never know because people at NYT are all too familiar with all the many ways of covering up bad stuff.
Slashdot Mirror
None? For example there's Samsung Galaxy Nexus which has ICS.
Or you can get a Samsung Nexus S. It comes with Gingerbread. Then check the Android mailing lists for the update zip URL (or google it up, it was some google.com address). Download the .zip. Put it to your phone SD card as update.zip, boot into recovery mode (volumeup+power). Select to upgrade the update.zip. Let it upgrade the system. Done.
As a bonus all your data will be there, if you didn't wipe it.
I don't have a smart phone, yet (so no data to save). I have started looking around. But I'm only looking at unlocked phones because that's the only acceptable way. I won't be signing up with any provider term plan. I know most can do month to month to start (a friend of mine works as a rep for one of them and says they are not allow to offer M2M but should sign up whoever asks for it). I only want SIM-compatible phones, so Verizon is off the radar.
You know where to order one of these phones online, unlocked, w/o a provider plan?
That DOES break the internet ... with respect to making the internet more secure and reliable. What SOPA should do is use outside means of law enforcement against the violators. The very serious problems with SOPA is that it requires breaking security integrity for ISPs to comply with the possible orders they could receive. It also will cost the ISPs substantially more money. And this is being done without the proper judicial due process the US Constitution requires (we can only hope this gets quickly knocked down by SCOTUS if this law passes).
It also breaks the fabric of the internet as a social medium, not just the technology. Companies like Facebook (disclaimer: I don't use Facebook) might well have to shutdown or go to a paid subscription model in order to finance the massive scale of review needed for uploaded content. And without uploaded content, what good are these social sites?
Facebook would end up being replaced by a fragmented gauntlet of fly-by-night services at various random locations around the world. Someone will invent a Torrent-like social medium infrastructure that will have many serious limitations, but will be better than nothing. In the end, it will end up driving more and more underground. Copyright violations won't stop. They will continue to increase.
SOPA is one of the most destructive stupidities to ever come out of Congress. And this is 2012.
I'm looking for an Android phone. None have Ice Cream Sandwich from the vendor. So I would need to upgrade (probably should, anyway). Which download should I use to do so since the vendor would not have it?
So how does IPsec in tunnel mode communicate the user credentials to the internal servers being accessed?
So your company is issuing iOS phones to the staff that need phone based access? Great. But I still would not want to work there because I don't want to carry around two phones.
It means the author of the article is confused. PPTP and L2TP and other VPN protocols can go over IPsec or they can go direct and use their own encryption. The author seems to be upset that Android doesn't use IPsec. If he knew me, he'd be upset with me, too, because I don't use IPsec, either ... anymore.
Restricting access to particular services is best done by those services themselves doing the authentication. They would know what users are authorized for what functions. The remote Android user is in no position to sniff the server networks, so the fact that the traffic within the LANs is not encrypted does not matter as long as you trust your network admins ... if you don't, you better be using an SSL layer to the server and trust your server admins.
If the remote user has ANY means to access the internet on the phone, either directly through the telco data bandwidth provider, or even proxied or routed through the VPN, then the phone MUST be considered unsafe, and it would be entirely inappropriate for it to be accessing any home base servers that don't authenticate (but that's just totally stupid to run that way under any circumstance).
Or just use NoSQL.
... then just set the password for root to "rewt" and your done.
Seriously, the way banks do things should absolutely never be a model for security. Run BSD (not Windows, not Mac, and not Linux). Find the smallest open source web server that can do what you need (but absolutely not Apache), and review the source and history of bugs and exploits. Or just write your own. Avoid languages with lots of modules if you can, and certainly avoid those modules. As much as you can you need to be writing all the code. Most of the open source stuff out there was not written with "rock solid security in mind", or was any of the commercial stuff. But at least with open source you can review the code, so if you can't write the code, then review some open source.
I have yet to see ANY of the Tea Party candidates come out and say SOPA is bad law, will veto it if it comes to them when in office, and if it gets passed before they take office will refuse to enforce it and pressure Congress to revoke it.
I have heard from a second-hand source that Ron Paul is against it. But he's not Tea Party.
There is ONE similarity, however. A political party is moving to try to take over the country so they can impose their own narrow minded views on the whole country.
Hundreds of tons would not be worth it. But some of the objects out there probably have trillions of grams. That's a 't', the 20th letter of the English alphabet which implies a number with at least thirteen digits in decimal.
China does not have a monopoly on that. They didn't even create it. Cutting corners and cheating people existed in the industrial boom of the 19th century in the US, as carried out by big corporations. Even today that is still going on. And it's not just in technology. Financial services is doing this big time. China is just copying it.
Not everyone can go to that scale. I'm glad Facebook did, and hope more do. I looked at it a while back for what my job involves. It is not dismissed, but we can't do that right now. As more of that reaches commercial off the shelf markets, we can do more. More mainboards that use a DC voltage coming in mean more opportunity to reduce the conversion steps that waste the most power. But for various reasons I would never do DC above 48 volts. I have determined that the likely optimal voltage for powering a mainboard directly at one DC voltage is around 16-18 volts. That's way too low for a data center wide DC bus. But I'd never do that even at 48 volts because of the current hazard and conductor heat loss, or 380 volts because of the voltage hazard.
I'll stay with AC at the data center scale, even with a small data center. What I'd avoid is too many conversion steps. Just convert utility street distribution voltage to line voltage (416/240 in three phase, even in USA where you can get it) and bring that to each cabinet. Then convert AC to DC per cabinet or per blade frame (minimal DC fault current and at mainboard voltage). Design the blade frames so they can accept battery pack blades in each slot. Plug in CPU blades and/or battery blades in the balance you need between CPU capacity vs. battery capacity.
You don't have to do DC to be reasonably green. DC still has a number of issues, including safety. And just having DC alone does not make it green (you have to do DC smartly).
Just being smart about AC as well as the cooling systems can make improvements. For example, run your servers on 208 or 240 volts instead of 120 volts. And if you are building a new data center in North America, get your power from the utility at three phase 416Y/240 volts instead of 208Y/120 volts for the computer room (get separate 208Y/120 volts for the offices where needs for 120 is common). Use lights-out platforming as much as you can (last one out turn out the lights).
Use UPSes that can switch to "line interactive mode" instead of doing everything in "double conversion". Only extremely sensitive equipment needs double conversion all the time Don't do "whole data center" UPSes because you lose the ability to gradually migrate to greener models over time. About one UPS per rack should be sufficient.
Split your cooling load across multiple systems so the temperature stays more stable (one giant HVAC causes temperatures to go up and down a lot). Once stable, you can target the temperature at a higher level.
Are you sure you want anti-virus when the issue is about trojans? Maybe just be smart about what apps you download by making sure the place you get them from checks them first to be sure they are not Malware?
Virus != Malware (bearing Trojans)
Be sure to avoid the free open source software world ... plagiarism runs rampant there.
The IT department are NOT (supposed to be) teachers. They can take classes at the local community college if they want to learn stuff. Of course we know what works and works does not with computers. That's supposed to simply be accepted, and not objected to (except by our higher ups who can fire us if they choose to do so). It is true I don't know much or maybe know nothing about some jobs other people do. But their jobs are not involving making sure people don't expose the company network to outsiders.
... whatever the theft deprived the owner of. That can include the inconvenience of not having the car when the owner needs to make a beer and pizza run. It includes the damage to the car (if it gets returned). If never returned, then it is the whole replacement cost. It's the same for stealing any other tangible property.
For software, music, or movies, there is NOTHING that the DOWNLOADING of prevents except for the potential loss of business from that ONE downloader ... or more if they then share it with others. But even if Alice downloads something and then shares it with Bob, the loss of potentially selling this to Bob can at best be split between Alice and Bob. It makes no sense to claim the full loss against Alice who share it with Bob, and to also claim the full loss against Bob for downloading it from Alice.
And this overlooks the notion that not everyone would buy it if that was the only choice. Lots of people have downloaded many MILLIONS of dollars worth of content and software, so there's no way in hell that can be considered anywhere near a million dollars in loss.
If the content (and software) industry wants to sell these things to me ... a BSD/Linux user ... then they need to be marketing it to me and my part of the market (BSD/Linux users), with copies/versions that work on my BSD or Linux computers. If it can't work on my computer, then I'm not in the market they target. If it happens to be that the pirate copy DOES work, but THEIR copy won't, it's still the same ... they never INTENDED to sell to me, so there is ZERO loss if I don't buy it and just download it instead.
NewYorkCountryLawyer might grin, though, if he were to see the demand for admissions I would serve on THEM if they sued me. There would be items like "Admit that plaintiff has not marketed a Linux compatible version to the Linux market that defendant is in". :-)
Personally, I think it this is a pretty obvious attack to think of when designing a hash compression function.
I agree it is obvious. But it's also simple to avoid. And you don't even need high entropy for it. Storing a random number ONCE (like at install time) and then used in all instances would be resistant in most cases. So if /dev/urandom isn't available for some reason, that's not a show stopper (fall back to a hash of the install date, perhaps)
For some things I'm doing, I even skipped hash and went to BST. (My) BST (code) benched better than hash for scales up to what I usually do. I also made a HCBST (Hash Cached Binary Search Tree) where the hash part is collision-free and an attack like this would lead to BST timing instead of linked list timing. A hash that uses BST to resolve collisions might be the way to go where random seeding isn't an option (but most everywhere it is, so ... meh).
I just reviewed all my PHP sites. I'm not using POST anywhere, so my exposure is small.
I just want to know where to donate to end GoDaddy.
... who ask for utterly stupid things. For example the secretary that called IT for support because she was required to change her password and it wouldn't let her change it to the same one she had been using for the past year. Please, Billie Blair, why is it that WE IT people have to deal with such stupidity.
Or ... the hack could have actually been executed inside the NYT network. We know big businesses are incapable of completely securing their networks, so it is plausible. Or it could have been a staffer error. We'll never know because people at NYT are all too familiar with all the many ways of covering up bad stuff.
Post the email headers ... at least the one showing where the SMTP connection came from.
Look at the headers and see if the SMTP connection really came from 208.70.142.0/23 or not.