Nevermind that ~70%+ of the spam sites I have been reporting are HOSTED in China. I had complained countless times to the Chinese whois contacts without positive result.
Here's maybe something you want to know.
We have been asked recently to help figure out network and server problems by two companies (one travel agencies, one of the fastest growning in China, one textile company), and two government agencies.
All were complaining that their network is slow, even during the evening when nobody's using, and they don't know why. These people are not in the business of managing networks and servers. Their system has been built up by patching here and there as the needs come up. Their email servers are very old software developed american companies (ah well).
They brought us in to do diagnostic. We took a look, and the network usage is at 90% during non-working hours. We took closer look, and found that the email server and a few machines were sending out tons of messages. We traced again, and found that 5 to 6 (in each company and in each agency) machines have been owned, and are sending out spam (!) using the local email server. Well duh....
Then we stayed up about two evenings trying to see if someone will log in. Sure enough, the spammer logged in, and uploading new spam message. We traced their IP, and here's what we found: one from Indianna (US), one from Texas (US again), one from Florida (US again), the last one from Mexico.
So, what do you think?
You can blame the Chinese for relaying spam or for not securing their network/server, but these are the people who are trying to cope with the growth of their business, and have no expertise to handle this security issue. I bet a lot of SMEs in America have the same problem too.
And if you want to fix the spam problem, shouldn't you fix the root problem first?
Oh yeah, I can tell you that in all the companies that I've worked for, small (from 10 people) and large (up to 20K people), every company has a ton of illegal softwares running around.
I recently worked for a large british corporation (recognizable if you read news!) as a technical consultant. I was working on a project, and I need to write documentation for the customers, and with it some pretty tedious diagramming. And I asked my boss to purchase a copy of Visio and she was like, what the fuck are you talking about? No question about spending money on software. Here, take this copy of Visio2000, the S/N is in there. I asked where did she get the copy from, well, it was from one of her friends, who copied from her company's CD, which is copied from another employee's friend CD. And who knows that CD orginally came from. And that's not the only piece of softwares required in that project we didn't buy: we didn't buy Sybase, we didn't buy JBuilder, and we didn't buy Merant JDBC driver either (coz two DBs, sybase & ms sql, must be supported), and we didn't pay for MS SQL either. Oh, did I tell you WinXP on that laptop has no valid license too coz someone insisted that we upgraded to WinXP from Win2K? I proposed to do the project with Emacs + Ant + JDK, and no need of JBuilder, and the boss insisted on JBuilder, coz it looks "professional" (she couldn't even read a single line of code!). You might think it's just my boss who is too cheap, but as far as I know, other people in other groups do that too.
And that's not the only company I know which did that.
And we were professionals (as in software professionals) and we were supposed to know better (or at least, know the license better). And that's what we did. Now imagine the guy who is not in the software industry.
I'm not saying that as an excuse, as I'm not proud of that. I tried to get valid software licenses, but when you got shot down everytime (even by the boss's boss, and higher), and you have everyone's breadth on your neck about that project, you do the god damn thing. Good thing I'm out of there fast.
But as far as I know, I never heard of the big guys (think HP, IBM, GE, P&G etc) got raided. Why is that?
>>SARS could have very well been the answer to China's overpopulation issues. >I'm sorry, but I can't believe this shit has been modded as "insightful". I guess it doesn't matter as long as it's Asians.:P
Amen, brother. Please mod parent up.
This is the kind of ignorant attitude that makes Americans hated by so many people. Don't get me wrong, I've lived in the US for 5 years, and most Americans are just fine people. A few loose-gun assholes like this one give American people very bad reputation outside.
Anyways, we are happy in China that this thing is over. A lot of businesses would have gone belly up, if this were to prolong for another month or so. A friend of mine, who is the CEO of a small trading company (oil industry monitoring devices), has seen their business drop by 50%, and they are the lucky one. Another friend's company, which is tightly related to travel industry, saw his business go down by 95%.
I'd like to see a mission before I believe any of it.. seems like China is just preparing for a cold war
Conspiracy theory put aside, I think this is a little bit exagerated.
The Chinese government (most high level officials who can make major governmental decisions, at least) are mostly practical. You can't really find anyone who is ultra-conservative and xenophobic right now, not those who are in the position to make decisions.
The major concerns right now to push the economic development as fast as we can (I say we, as I'm Chinese and living in Shanghai), unless there's concern about uncontrollable inflation.
Most officials now just try to play nice, especially with the US (remember the plan crash incident? Bush was amazingly arrogant at the time, but China kinda backed down not to get the sino-us relation into bad water). A lot of people think the government is spineless. But I think the government made a lot of decisions that are right, given the current situations here (economic, political, scientific,...etc). China still depends a lot on other countries, and the officials understand that.
And this is a good thing.
Sure, China tries to develop other areas of expertise too, so what? What does that have to do with Cold War? Why do we have to think that all scientific research must have anything to do with military conspiracy, especially when it is done in China, India, or Russia?
Do you think only people in the US love peace? We all do too. Just give us a chance and I believe we can contribute a lot to the progress of humanity too, just we have done in the past.
"Excuse me sit, could you step into the office here? Thank you. Now, you have been chosen at random to be strip-searched. This is not racial profiling. Please remove all of your clothes and bend over."
I don't know about you, but if I'm the bookstore security guard, I would not choose a man to strip-search, for sure.
Maybe you have different taste, but hey, that's fine with me:)
Yeah, just like this one we developed just for our "beloved" coworker a few years ago.
We all worked in the open cubicle land, and there was this guy always answered his phone with the speaker phone, and had the volume set to highest. Everyone heard and knew about all his dirty laundry with his wife (or girlfriend). Everytime after he had a dispute with his wife, he would swear at everything the whole day, and swear out loud . And he would bang on the drawer, etc.
One day, two of us decided it was enough. We wrote a little worm with a trojan. And this is just for his computer, it would not spread to anywhere else. After we sent it to the whole group as attachment, it would do nothing on other computer, and it would just behave funny on his computer. This is what it did:
- It would simulate, from time to time, like 15 times a day between 9am and 5pm, a BSOD by just popping up a blue screen and catch keypress and do nothing. This was easy, we downloaded the BSOD screensaver and used the pic. - Whenever he started up his Outlook, it would send a.wav file containing a big sound of fart to the audio device (oh, did I mention he had a nasty speaker too, and that he liked those weird sounds attached to his system events?). Everyone knows how to do this right? - Whenever he sent emails to his wife (he always told people about his wife's email, for some reasons), another stupid email is sent to his boss, about him complaining about women in general (we had a few simple templates for that:) This one was a little tricky, as it was the first time we hacked Outlook. - it would send some system binary file, picked in random from the system32 directory to the audio device. This would produce some weird scratchy sound. This is done a couple of times, especially between 12pm and 1:30pm, after lunch, when he was half asleep. - it would try to pop up some weird shit on his screen, by picking in random some file from the system32 directory.
Boy, the farting sound makes him so embarrassed, after everyone is complaining that this was gross (as if he wasn't gross enough before that!).
I left the company about a month after we did this, not sure what happened to him (and I didn't want to know anyway, obviously).
Non-compete agreements (NCA) are not necessarily bad, not all of them. If you are careful to read the details, and understand the real meaning of each sentence (i.e. don't be afraid to ask questions!), it's ok to sign NCA if it's not abusive.
I rememberd that I was once offered a job at a network security company, which required me to sign a background clearance agreement which stated that they can check every detail of my life, including all emails I've sent before, all news postings, all phone conversations, etc. Basically with one signature, I would have signed away my entire life's information. On top of that, I had to sign an NCA that said if I leave the company, I can't work in the computer security field for two years, or until their patents expire, or some BS like this. It was incredible. But the salary and benefits and stock options were all incredible too. I was making already 6-figures, and this gave me another 45% raise on top of my previous salary, plus stock options in the 6-figure range too. The offer was attracting, but I didn't sign the agreement. They were willing to modify the background checking requirements to my acceptance, but not the NCA. So I just turned it down.
Now that I've started my own software company, we also have a NCA, but it's very comprehensive. When an employee leaves the company, he can't compete directly in the exact same field, doing the exact same work, developing the exact same functionality. And that's only six months. He is not obviously barred from working in the same industry. Frankly, I don't know the legality of this agreement, but we do emphasize this aspect to new employees, as a precaution measure so that they understand the problems. One thing we want to achieve is to make our employees understand the ethical aspects of working in the hi-tech industry, and that's all.
ps: If I had accepted the offer I mentioned, I would be multi-millionaire by now, as the company had been acquired by a larger entity, and the stock options have been converted into the stock of that larger corporation. That's the price for sticking with your principles in life!
I thought/.ers don't hate MPAA/RIAA so much, right? But then, every week, we see this "Oooh, shiny DVD/CD" on some shit repackaged over and over, over (ok, I don't know if this one is repackaged or not, as I don't watch TV for the last five years now). And then every new or repackaged DVD/CD is a must-have.
No wonder we get all these stupid DMCA, permanent mickey mouse copyright extension, regional DVD encoding, "copy protection scheme" CD, etc. People would scream "bloody hell" one minute and rush to spend money on whatever MPAA/RIAA care to put on the market the next minute after. If I were an executive of an MPAA/RIAA-member corporation, I would have done exactly the same thing to milk you people, because that's too easy.
Sometimes, you can feel so lonely trying to make people understand MPAA/RIAA are bad, and there are many ways you can change things, and one of these is to vote with your money. Am I the only person here who don't own DVD player, don't have cable TV and don't watch TV, don't buy CD, don't go to cinema?
(I do go to live concerts tho).
Whatever, you can mod me down into oblivion for venting here, but I'm going to look at/. prefereneces if I can filter out all these movie/tv/CD/DVD-related junks.
According to the Passport Single Signon Protocol described in the article, it's probably much easier to break than what executives are made to believe.
The user has to be authenticated only once, and an authenticated cookie is issued, then the user is automatically authenticated to all Passport partner sites. A hijacked cookie will break the whole thing.
Attack by hijacking cookies is well known, I really don't understand why people can still buy into this kind of scheme, especially those make decision to adopt it.
2) If there are file formats, document them. 3) If there are APIs, expose them.
This is especially important. Good documentation is the best you can offer to developpers. Ok, most of them won't read, but eventually they will, and they expect good docs to be available, when they need it.
Also, publish examples, a lot of examples, and nice examples too. Publish advanced tricks to do things with your tools. The worst thing I hate about some vendors is, they try to keep everything secret, and hope that you will pay $3K for a 2-day introduction/concept training, then another $3K for first level training, another $3K for second level training, and so on.
As soon as I find out this, I don't use their products, period.
Last, and not the least, make your knowledge database searchable on the web, and accessible to everyone, including people who have not paid for the license (yet).
Exhibition no longer free?
on
Linuxworld Fun
·
· Score: 2
It used to be free for the exhibition floor, and you only had to pay for the seminars. It's no longer, the exhibition is now $30.
Gee, I guess that will be the first year I'm not attending, even though I'm local. It's kinda hard to justify to pay just to get exposed to ads, isn't it?
Yeah, human-drawn artificial border line is a big mess, and can have a very negative impact on people's life.
I had a friend at college who could really tell his country of birth. It all depends on the season and the result of the guerilla war. He was born in a village in the Golden Triangle (the border of Cambodia, Laos and Thailand). He would be cambodian or laotian and thai citizen, depending on who controlled the area. And when the drug warlord controlled the area, he would be stateless (in a no-man's land, and had to pledge allegiance to whoever controlled the area).
Hey since this thing repels bugs, I think MS should license this technology and make it part of their OS, and we would get a bug-free system, wouldn't we?
You can do whatever you want with this software, including making money and making yourself filthy rich. However, if you modify and improve this software, you must make your modification available to anyone who requests it, including the source code of your modification, and without imposing any extra conditions.
And if you are caught distributing this software, you'll receive a pad on the back for doing the good job.
One of the...ahem... interesting things Bill says is: "We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders." (emphasis added)
Hey, I don't have problem with that, if that can stop all the FUDs and other craps from Redmond...
... what happens to these fine machines when they are retired, or when the studio deems them too slow?
I sure can use one of these, gee, 4GB of RAM, that's more than the entire HD on my current machine.
Ok, don't tell me to go buy a new one. My machine, as old as it is, it running Linux just fine, thank you. Has been serving me for almost 5 years, and 3 or 3 more years, than I'll consider... hehe.
any japanese laptop shops that are willing to ship to US? Man, I'm drooling over these japanese ultra-light laptops (e.g. Libretto L5,...) which are not available in the US.
Sure, you can buy from dynamism.com or conics.net, but they are way expensive. conics.net charges a lot of fee for credit card.
And Toshiba, are you listening? There are people in the US and other places that like small and light laptops too, not just those "mastodontes". There IS a market out here.
Despite the claim of HavenCo, you have to really wonder how secure is the data center. I'm not talking about trying to crack in remotely, it would probably have the same issues as any other data center.
I'm talking about physical security. Now, if I'm running a really important site that requires extreme security, Sealand certainly will not fit my criteria. Gee, a group of 5 people can land a choper on that platform and basically take over the darn thing by force. And then, what do I do? I would have totally lost everything in there. This is especially true as the platform is so close to other countries, and it has absolute no protection.
I bet everyone here has read the book Cryptonomicon. There's a project of setting up a data haven in Philipines in that book, and they were digging really deep in the ground, and set up all kinds of physical security measures to protect it. That seems more plausible to me than this Sealand thingy.
I personally don't have the budget to attend any of these expensive conferences either. And my company, although with an annual revenue of $5B, would not pay for that, as I'm in the consulting division, and the manager does not believe that the cost would justify any benefits to the company (weird logic, I know, but I can't fire the manager, can I?).
So, my low budget solution is the following:
- Lurk around in the newsgroups like alt.computer.security, alt.hacker, alt.security.pgp, alt.sources.crypto, comp.lang.java.security, comp.os.linux.security, etc, just a bunch of security newsgroups. - Subscribe to security related mailing lists, like Bruce Schneier's Cryptogram. - Buy and read a lot of security related books - Download and play around with free and/or commercial (if available) softwares - visit frequently security related web sites, e.g. linuxsecurity.com,rootprompt.org (they do have some security related articles),... and a bunch of security related commercial company to see what they are doing, sometimes they have white papers that are quite good.
Sure, sometimes I wish I could attend some of the training sessions at the conference, that'd have saved me a lot of time.
And this requires a lot of personal commitment, and a lot of time. But I've learned a lot, thanks to a lot of people who are willing to share their tricks of trade and their knowledge.
Note that this also takes up a lot of my time at work, but the manager is not clued enough to know that, just like she does not know that a lot of people would spend time doing what she tries to disapprove at work (like spending time learning a new tools/prog.lang/etc). Cost-effective-wise and employee-satisfaction-wise, it is better to spend $5K to send an employee to a conference/seminar/training. Unfortunately, most managers and executives can't figure that out, although they would throw at you all these buzzwords like ROI, CBA (cost benefit analysis), and other craps.
Slashdot Mirror
Nevermind that ~70%+ of the spam sites I have been reporting are HOSTED in China. I had complained countless times to the Chinese whois contacts without positive result.
Here's maybe something you want to know.
We have been asked recently to help figure out network and server problems by two companies (one travel agencies, one of the fastest growning in China, one textile company), and two government agencies.
All were complaining that their network is slow, even during the evening when nobody's using, and they don't know why. These people are not in the business of managing networks and servers. Their system has been built up by patching here and there as the needs come up. Their email servers are very old software developed american companies (ah well).
They brought us in to do diagnostic. We took a look, and the network usage is at 90% during non-working hours. We took closer look, and found that the email server and a few machines were sending out tons of messages. We traced again, and found that 5 to 6 (in each company and in each agency) machines have been owned, and are sending out spam (!) using the local email server. Well duh....
Then we stayed up about two evenings trying to see if someone will log in. Sure enough, the spammer logged in, and uploading new spam message. We traced their IP, and here's what we found: one from Indianna (US), one from Texas (US again), one from Florida (US again), the last one from Mexico.
So, what do you think?
You can blame the Chinese for relaying spam or for not securing their network/server, but these are the people who are trying to cope with the growth of their business, and have no expertise to handle this security issue. I bet a lot of SMEs in America have the same problem too.
And if you want to fix the spam problem, shouldn't you fix the root problem first?
What the fuck are talking about? You are telling us that we need a search engine and both hands to find our uranus?
No, man....
Oh yeah, I can tell you that in all the companies that I've worked for, small (from 10 people) and large (up to 20K people), every company has a ton of illegal softwares running around.
I recently worked for a large british corporation (recognizable if you read news!) as a technical consultant. I was working on a project, and I need to write documentation for the customers, and with it some pretty tedious diagramming. And I asked my boss to purchase a copy of Visio and she was like, what the fuck are you talking about? No question about spending money on software. Here, take this copy of Visio2000, the S/N is in there. I asked where did she get the copy from, well, it was from one of her friends, who copied from her company's CD, which is copied from another employee's friend CD. And who knows that CD orginally came from. And that's not the only piece of softwares required in that project we didn't buy: we didn't buy Sybase, we didn't buy JBuilder, and we didn't buy Merant JDBC driver either (coz two DBs, sybase & ms sql, must be supported), and we didn't pay for MS SQL either. Oh, did I tell you WinXP on that laptop has no valid license too coz someone insisted that we upgraded to WinXP from Win2K? I proposed to do the project with Emacs + Ant + JDK, and no need of JBuilder, and the boss insisted on JBuilder, coz it looks "professional" (she couldn't even read a single line of code!). You might think it's just my boss who is too cheap, but as far as I know, other people in other groups do that too.
And that's not the only company I know which did that.
And we were professionals (as in software professionals) and we were supposed to know better (or at least, know the license better). And that's what we did. Now imagine the guy who is not in the software industry.
I'm not saying that as an excuse, as I'm not proud of that. I tried to get valid software licenses, but when you got shot down everytime (even by the boss's boss, and higher), and you have everyone's breadth on your neck about that project, you do the god damn thing. Good thing I'm out of there fast.
But as far as I know, I never heard of the big guys (think HP, IBM, GE, P&G etc) got raided. Why is that?
>>SARS could have very well been the answer to China's overpopulation issues. :P
>I'm sorry, but I can't believe this shit has been modded as "insightful". I guess it doesn't matter as long as it's Asians.
Amen, brother. Please mod parent up.
This is the kind of ignorant attitude that makes Americans hated by so many people. Don't get me wrong, I've lived in the US for 5 years, and most Americans are just fine people. A few loose-gun assholes like this one give American people very bad reputation outside.
Anyways, we are happy in China that this thing is over. A lot of businesses would have gone belly up, if this were to prolong for another month or so. A friend of mine, who is the CEO of a small trading company (oil industry monitoring devices), has seen their business drop by 50%, and they are the lucky one. Another friend's company, which is tightly related to travel industry, saw his business go down by 95%.
I'd like to see a mission before I believe any of it.. seems like China is just preparing for a cold war
...etc). China still depends a lot on other countries, and the officials understand that.
Conspiracy theory put aside, I think this is a little bit exagerated.
The Chinese government (most high level officials who can make major governmental decisions, at least) are mostly practical. You can't really find anyone who is ultra-conservative and xenophobic right now, not those who are in the position to make decisions.
The major concerns right now to push the economic development as fast as we can (I say we, as I'm Chinese and living in Shanghai), unless there's concern about uncontrollable inflation.
Most officials now just try to play nice, especially with the US (remember the plan crash incident? Bush was amazingly arrogant at the time, but China kinda backed down not to get the sino-us relation into bad water). A lot of people think the government is spineless. But I think the government made a lot of decisions that are right, given the current situations here (economic, political, scientific,
And this is a good thing.
Sure, China tries to develop other areas of expertise too, so what? What does that have to do with Cold War? Why do we have to think that all scientific research must have anything to do with military conspiracy, especially when it is done in China, India, or Russia?
Do you think only people in the US love peace? We all do too. Just give us a chance and I believe we can contribute a lot to the progress of humanity too, just we have done in the past.
"Excuse me sit, could you step into the office here? Thank you. Now, you have been chosen at random to be strip-searched. This is not racial profiling. Please remove all of your clothes and bend over."
:)
I don't know about you, but if I'm the bookstore security guard, I would not choose a man to strip-search, for sure.
Maybe you have different taste, but hey, that's fine with me
Yeah, just like this one we developed just for our "beloved" coworker a few years ago.
.wav file containing a big sound of fart to the audio device (oh, did I mention he had a nasty speaker too, and that he liked those weird sounds attached to his system events?). Everyone knows how to do this right? :) This one was a little tricky, as it was the first time we hacked Outlook.
We all worked in the open cubicle land, and there was this guy always answered his phone with the speaker phone, and had the volume set to highest. Everyone heard and knew about all his dirty laundry with his wife (or girlfriend). Everytime after he had a dispute with his wife, he would swear at everything the whole day, and swear out loud . And he would bang on the drawer, etc.
One day, two of us decided it was enough. We wrote a little worm with a trojan. And this is just for his computer, it would not spread to anywhere else. After we sent it to the whole group as attachment, it would do nothing on other computer, and it would just behave funny on his computer. This is what it did:
- It would simulate, from time to time, like 15 times a day between 9am and 5pm, a BSOD by just popping up a blue screen and catch keypress and do nothing. This was easy, we downloaded the BSOD screensaver and used the pic.
- Whenever he started up his Outlook, it would send a
- Whenever he sent emails to his wife (he always told people about his wife's email, for some reasons), another stupid email is sent to his boss, about him complaining about women in general (we had a few simple templates for that
- it would send some system binary file, picked in random from the system32 directory to the audio device. This would produce some weird scratchy sound. This is done a couple of times, especially between 12pm and 1:30pm, after lunch, when he was half asleep.
- it would try to pop up some weird shit on his screen, by picking in random some file from the system32 directory.
Boy, the farting sound makes him so embarrassed, after everyone is complaining that this was gross (as if he wasn't gross enough before that!).
I left the company about a month after we did this, not sure what happened to him (and I didn't want to know anyway, obviously).
Non-compete agreements (NCA) are not necessarily bad, not all of them. If you are careful to read the details, and understand the real meaning of each sentence (i.e. don't be afraid to ask questions!), it's ok to sign NCA if it's not abusive.
I rememberd that I was once offered a job at a network security company, which required me to sign a background clearance agreement which stated that they can check every detail of my life, including all emails I've sent before, all news postings, all phone conversations, etc. Basically with one signature, I would have signed away my entire life's information. On top of that, I had to sign an NCA that said if I leave the company, I can't work in the computer security field for two years, or until their patents expire, or some BS like this. It was incredible. But the salary and benefits and stock options were all incredible too. I was making already 6-figures, and this gave me another 45% raise on top of my previous salary, plus stock options in the 6-figure range too. The offer was attracting, but I didn't sign the agreement. They were willing to modify the background checking requirements to my acceptance, but not the NCA. So I just turned it down.
Now that I've started my own software company, we also have a NCA, but it's very comprehensive. When an employee leaves the company, he can't compete directly in the exact same field, doing the exact same work, developing the exact same functionality. And that's only six months. He is not obviously barred from working in the same industry. Frankly, I don't know the legality of this agreement, but we do emphasize this aspect to new employees, as a precaution measure so that they understand the problems. One thing we want to achieve is to make our employees understand the ethical aspects of working in the hi-tech industry, and that's all.
ps: If I had accepted the offer I mentioned, I would be multi-millionaire by now, as the company had been acquired by a larger entity, and the stock options have been converted into the stock of that larger corporation. That's the price for sticking with your principles in life!
I thought /.ers don't hate MPAA/RIAA so much, right? But then, every week, we see this "Oooh, shiny DVD/CD" on some shit repackaged over and over, over (ok, I don't know if this one is repackaged or not, as I don't watch TV for the last five years now). And then every new or repackaged DVD/CD is a must-have.
/. prefereneces if I can filter out all these movie/tv/CD/DVD-related junks.
No wonder we get all these stupid DMCA, permanent mickey mouse copyright extension, regional DVD encoding, "copy protection scheme" CD, etc. People would scream "bloody hell" one minute and rush to spend money on whatever MPAA/RIAA care to put on the market the next minute after. If I were an executive of an MPAA/RIAA-member corporation, I would have done exactly the same thing to milk you people, because that's too easy.
Sometimes, you can feel so lonely trying to make people understand MPAA/RIAA are bad, and there are many ways you can change things, and one of these is to vote with your money. Am I the only person here who don't own DVD player, don't have cable TV and don't watch TV, don't buy CD, don't go to cinema?
(I do go to live concerts tho).
Whatever, you can mod me down into oblivion for venting here, but I'm going to look at
now imagine running the heaviest hardware with the lightest of the light OS...
Agree.
According to the Passport Single Signon Protocol described in the article, it's probably much easier to break than what executives are made to believe.
The user has to be authenticated only once, and an authenticated cookie is issued, then the user is automatically authenticated to all Passport partner sites. A hijacked cookie will break the whole thing.
Attack by hijacking cookies is well known, I really don't understand why people can still buy into this kind of scheme, especially those make decision to adopt it.
Kludges like NIS+ and FNS could be made to work for as long as the sysadmins wore their lucky underwear,...
Good journalist will provide resource links to where one can buy lucky underwear.
Please reply if you know of any, please...
2) If there are file formats, document them.
3) If there are APIs, expose them.
This is especially important. Good documentation is the best you can offer to developpers. Ok, most of them won't read, but eventually they will, and they expect good docs to be available, when they need it.
Also, publish examples, a lot of examples, and nice examples too. Publish advanced tricks to do things with your tools. The worst thing I hate about some vendors is, they try to keep everything secret, and hope that you will pay $3K for a 2-day introduction
As soon as I find out this, I don't use their products, period.
Last, and not the least, make your knowledge database searchable on the web, and accessible to everyone, including people who have not paid for the license (yet).
It used to be free for the exhibition floor, and you only had to pay for the seminars. It's no longer, the exhibition is now $30.
Gee, I guess that will be the first year I'm not attending, even though I'm local. It's kinda hard to justify to pay just to get exposed to ads, isn't it?
It looks fine for make coffee, and I think it's still kinda crude for the 3-finger solution, eh?
Yeah, human-drawn artificial border line is a big mess, and can have a very negative impact on people's life.
I had a friend at college who could really tell his country of birth. It all depends on the season and the result of the guerilla war. He was born in a village in the Golden Triangle (the border of Cambodia, Laos and Thailand). He would be cambodian or laotian and thai citizen, depending on who controlled the area. And when the drug warlord controlled the area, he would be stateless (in a no-man's land, and had to pledge allegiance to whoever controlled the area).
Actually, it's like an american, but without pretending that you are the center of the universe.
Hey since this thing repels bugs, I think MS should license this technology and make it part of their OS, and we would get a bug-free system, wouldn't we?
All OS softwares should license as easy as this:
You can do whatever you want with this software, including making money and making yourself filthy rich. However, if you modify and improve this software, you must make your modification available to anyone who requests it, including the source code of your modification, and without imposing any extra conditions.
And if you are caught distributing this software, you'll receive a pad on the back for doing the good job.
Ah well, just a simpler version of this
One of the ...ahem... interesting things Bill says is: "We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders." (emphasis added)
Hey, I don't have problem with that, if that can stop all the FUDs and other craps from Redmond...
... what happens to these fine machines when they are retired, or when the studio deems them too slow?
I sure can use one of these, gee, 4GB of RAM, that's more than the entire HD on my current machine.
Ok, don't tell me to go buy a new one. My machine, as old as it is, it running Linux just fine, thank you. Has been serving me for almost 5 years, and 3 or 3 more years, than I'll consider... hehe.
any japanese laptop shops that are willing to ship to US? Man, I'm drooling over these japanese ultra-light laptops (e.g. Libretto L5, ...) which are not available in the US.
Sure, you can buy from dynamism.com or conics.net, but they are way expensive. conics.net charges a lot of fee for credit card.
And Toshiba, are you listening? There are people in the US and other places that like small and light laptops too, not just those "mastodontes". There IS a market out here.
Despite the claim of HavenCo, you have to really wonder how secure is the data center. I'm not talking about trying to crack in remotely, it would probably have the same issues as any other data center.
I'm talking about physical security. Now, if I'm running a really important site that requires extreme security, Sealand certainly will not fit my criteria. Gee, a group of 5 people can land a choper on that platform and basically take over the darn thing by force. And then, what do I do? I would have totally lost everything in there.
This is especially true as the platform is so close to other countries, and it has absolute no protection.
I bet everyone here has read the book Cryptonomicon. There's a project of setting up a data haven in Philipines in that book, and they were digging really deep in the ground, and set up all kinds of physical security measures to protect it. That seems more plausible to me than this Sealand thingy.
I personally don't have the budget to attend any of these expensive conferences either. And my company, although with an annual revenue of $5B, would not pay for that, as I'm in the consulting division, and the manager does not believe that the cost would justify any benefits to the company (weird logic, I know, but I can't fire the manager, can I?).
... and a bunch of security related commercial company to see what they are doing, sometimes they have white papers that are quite good.
So, my low budget solution is the following:
- Lurk around in the newsgroups like alt.computer.security, alt.hacker, alt.security.pgp, alt.sources.crypto, comp.lang.java.security, comp.os.linux.security, etc, just a bunch of security newsgroups.
- Subscribe to security related mailing lists, like Bruce Schneier's Cryptogram.
- Buy and read a lot of security related books
- Download and play around with free and/or commercial (if available) softwares
- visit frequently security related web sites, e.g. linuxsecurity.com,rootprompt.org (they do have some security related articles),
Sure, sometimes I wish I could attend some of the training sessions at the conference, that'd have saved me a lot of time.
And this requires a lot of personal commitment, and a lot of time. But I've learned a lot, thanks to a lot of people who are willing to share their tricks of trade and their knowledge.
Note that this also takes up a lot of my time at work, but the manager is not clued enough to know that, just like she does not know that a lot of people would spend time doing what she tries to disapprove at work (like spending time learning a new tools/prog.lang/etc). Cost-effective-wise and employee-satisfaction-wise, it is better to spend $5K to send an employee to a conference/seminar/training. Unfortunately, most managers and executives can't figure that out, although they would throw at you all these buzzwords like ROI, CBA (cost benefit analysis), and other craps.
... and all I got is this lousy boggy pentium....