Call me crazy, but do I really want Google knowing my phone number? It seems like nobody is even thinking of this one. What happens when they make this mandatory?
I would probably worry about that when the time comes. All of the griping about this is really quite irritating. There is zero indication that this will ever be mandatory.
If he didn't know that was the key, he almost certainly thought that the initial tweet was calling out coordinates in a game of battleship--hence the reference.
No irony, not even any coincidence.
If he knew it was the key, it might have been the double entendre one of my sibling-posters referred to.
They weren't listening. They just realized that there was no need to have the Patriot Act in order to engage in the activities they justified under the Patriot Act.
I tried the RCs of Vista. Copying "protected" files to "protected" areas (including c:/, and most directories therein, including user-created ones) required three confirmations. Performing my job, I came across operations requiring 5 confirmations. Installing software which thought that it needed root could have countless prompts.
MS fixed a lot of this just before release, but a lot of people I knew tried these early versions and wrote off the OS completely.
A combination of the MS fixes and software becoming smarter about required permissions means that using Vista today is quite pleasant, for Windows.
Personally, I bought an iPad because it gave me the best of both worlds--I could use Nook or Kindle books, or iBooks if I was really crazy. If that breaks, I'll sell my iPad and get the first 3.0 Android tablet as a replacement.
What we really need is device-independent books. That's going to be hard to do with DRM, though.
I had a bit of a brain fart there. MAC addresses are obviously 48-bit. Nonetheless, the same magic can happen with 64-bit prefixes, though you could obviously get better utilization with a larger prefix.
MAC addresses are 64-bit. By handing out a/64 prefix to the user, a bit of convenience can be achieved wherein the MAC address of the adapter is automatically used as the last 64-bits of the user's IPv6 address.
Is there any logical reason to have kids in the first place? They eat up your resources (figuratively and literally) with practically little potential for gain until they are into their thirties (at which time they are likely to make enough to support you should you need it.) Though they pay into Social Security, that won't likely benefit the parent until the child is in their forties. The money saved and invested for 22 years (old school with parents paying for 4 years of college) or longer (as today's economy sees many twenty-somethings still living at home) would likely yield much better returns.
You can log in, however it gives you a blank cookie jar to start. You would have to log in to Gmail from within Incognito mode in order for this site to detect you.
Once Sony detects a cracked console, they can disable that console. All they have to do is have multiple checks in the game. Maybe the first check gets bypassed and the game can run. If the second check doesn't have to do with running the game--it just alerts Sony that this particular console is cracked--then they can mass ban people.
I always wonder why this logic doesn't get applied to the FSF more often. When they demand 100% open software and blast people who wanting to make the choice to also use or ship proprietary software, they're advocating fewer choices and calling that freedom.
Software Freedom is not orthogonal to but is also not equal to User Freedom.
Software Freedom potentially provides the freest landscape ultimately, but there may be growing pains.
I liken this argument to Gitmo. Gitmo (restrictions of freedoms and due process, and going against our Constitution) is a necessary evil to ultimate freedom.
The mute switch is not a hard mute--it's up to the software to detect its position and respond accordingly. Most Apple software in 4.2 respected the switch. A great deal of third-party software did not. This inconsistent behavior is sort of the antithesis of Apple's design principles, and frankly, I don't know why they bothered to put a hardware mute switch that doesn't mute everything. Holding the down-volume button mutes everything I've come across.
For me, though, the scrolling is the big pet peeve I have with Android. All of the rest of the things that iOS does in this regard are nice, but they don't tend to bug me.
Which phone did you buy? My Galaxy S trumps my iPhone 3gs in every aspect (I never bothered to get an iPhone 4). I keep reading how sluggish Android is (note, not reality there... Android is an OS, iPhone is hardware) and have yet to see it on the Galaxy S, Incredible, and Blackflip.
Honestly, I think people are either making it up or buying really low end hardware and allowing every app they've installed to run in the background.
The thing is, Apple cheats. To get the UI speeds, they render only partially. Take an iOS device, load a long webpage (like a slashdot page with all of the comments expanded) and scroll down really fast. The scrolling is like butter, but once you get a certain way down the page, you see a placeholder for rendered content and the phone then has to catch up. Android's browser renders and scrolls the whole thing seamlessly, which means there can be some judder (I've seen it on Galaxy S phones as well) but there's no waiting once you actually get to the content you're looking for.
The upshot of the iPhone method is that scrolling is smooth. For the content which is already rendered, I can much more easily hit my target on the page, as long as it's within a page or two (scrollways) of my starting location.
Personally, I prefer the instant feedback when scrolling. I generally feel like I'm moving a physical object when scrolling on an iOS device, whereas with Android, I feel like I'm using a gesture UI. There's nothing wrong with either--it's personal preference.
That said, I still say that the iPhone's UI is better, and I consider the app selection to be better. The Droid is more hackable, has fewer overall restrictions, and syncs much better with the cloud (I've wiped my Droid while out of town and been back to full working order without having to have a computer to restore my backups--that said, I never had to wipe my phone while I had an iPhone.)
Both phones are adequate. I switched to Android so that I could make a reasonable comparison and an educated decision. After a year, I think I'm ready to switch back.
You get a safe, store the root password(s) in envelopes in the safe signed by the admin. The key to the safe is in the hands of an administrative assistant, the CEO, whomever.
In the event of a plane crash, the CEO can authorize the opening of the safe to get the passwords. When they are used or the passwords are changed, you obviously must update the contents of the safe.
Why do you think that/bin/bash would be whitelisted?
That said, getting this kind of security is fairly tough because you have to ensure that any utilities can't escape to shell or open files that would in turn allow circumvention. For example, if vim is whitelisted, you can:shell. That can be disabled as a compile-time option. But:r/usr/local/etc/sudoers will allow the person running vim as root to modify sudoers. I don't recall if:r can be disabled, because it's mostly irrelevant--you can modify the contents of the buffer and:w!/usr/local/etc/sudoers
SELinux (or equivalent) is really required to be absolutely sure. Of course, you still do the sudo whitelist, because you want to do these things in layers.
However, making a system require multiple individuals for any root operation (think of the classic two-key process to launch a nuke)
The idea is that certain operations are too dangerous to allow an individual to perform. You want two or more people acting in coordination in order to perform the operation. We see this kind of thing with encryption key recovery (m of n people required to come together in order to reconstruct a root key, for example--which is how the DNSSEC key is secured.) In this way, a rogue individual cannot compromise the security of the system--it takes a conspiracy of some previously-determined magnitude.
Of course, when "superuser" means "I can do anything on the system," the concept of security breaks down. At best, you can still have accountability if your logs are sent off-site and secured appropriately. You could certainly require m of n to access the log server (reconstruct an SSH key which is then used to pull the logs off of the server) or send them to several immutable accounts (think Gmail), each of which is only accessible by one superuser.
You could do the key recovery dance to access any server, but as the OP points out, this is too cumbersome for many of the mundane operations which require root.
Slashdot Mirror
Are you saying that it's impossible to have two-factor authentication over the Internet?
Call me crazy, but do I really want Google knowing my phone number? It seems like nobody is even thinking of this one. What happens when they make this mandatory?
I would probably worry about that when the time comes. All of the griping about this is really quite irritating. There is zero indication that this will ever be mandatory.
If he didn't know that was the key, he almost certainly thought that the initial tweet was calling out coordinates in a game of battleship--hence the reference.
No irony, not even any coincidence.
If he knew it was the key, it might have been the double entendre one of my sibling-posters referred to.
They weren't listening. They just realized that there was no need to have the Patriot Act in order to engage in the activities they justified under the Patriot Act.
I tried the RCs of Vista. Copying "protected" files to "protected" areas (including c:/, and most directories therein, including user-created ones) required three confirmations. Performing my job, I came across operations requiring 5 confirmations. Installing software which thought that it needed root could have countless prompts.
MS fixed a lot of this just before release, but a lot of people I knew tried these early versions and wrote off the OS completely.
A combination of the MS fixes and software becoming smarter about required permissions means that using Vista today is quite pleasant, for Windows.
Personally, I bought an iPad because it gave me the best of both worlds--I could use Nook or Kindle books, or iBooks if I was really crazy. If that breaks, I'll sell my iPad and get the first 3.0 Android tablet as a replacement.
What we really need is device-independent books. That's going to be hard to do with DRM, though.
I had a bit of a brain fart there. MAC addresses are obviously 48-bit. Nonetheless, the same magic can happen with 64-bit prefixes, though you could obviously get better utilization with a larger prefix.
MAC addresses are 64-bit. By handing out a /64 prefix to the user, a bit of convenience can be achieved wherein the MAC address of the adapter is automatically used as the last 64-bits of the user's IPv6 address.
For what it's worth, they were quite willing to refund my money when I complained. Even after the warranty had expired.
Why? How do you know?
Fair enough. I inferred something which wasn't there.
I don't know. Maybe because the survival instinct in me is pretty strong, or because my death would hurt those who care about me.
Is there any logical reason to have kids in the first place? They eat up your resources (figuratively and literally) with practically little potential for gain until they are into their thirties (at which time they are likely to make enough to support you should you need it.) Though they pay into Social Security, that won't likely benefit the parent until the child is in their forties. The money saved and invested for 22 years (old school with parents paying for 4 years of college) or longer (as today's economy sees many twenty-somethings still living at home) would likely yield much better returns.
You can log in, however it gives you a blank cookie jar to start. You would have to log in to Gmail from within Incognito mode in order for this site to detect you.
The truth is that analog was far more robust. I might not get a great signal, but I got a usable one. Now I don't even get that.
Once Sony detects a cracked console, they can disable that console. All they have to do is have multiple checks in the game. Maybe the first check gets bypassed and the game can run. If the second check doesn't have to do with running the game--it just alerts Sony that this particular console is cracked--then they can mass ban people.
I always wonder why this logic doesn't get applied to the FSF more often. When they demand 100% open software and blast people who wanting to make the choice to also use or ship proprietary software, they're advocating fewer choices and calling that freedom.
Software Freedom is not orthogonal to but is also not equal to User Freedom.
Software Freedom potentially provides the freest landscape ultimately, but there may be growing pains.
I liken this argument to Gitmo. Gitmo (restrictions of freedoms and due process, and going against our Constitution) is a necessary evil to ultimate freedom.
It's worse than that.
The mute switch is not a hard mute--it's up to the software to detect its position and respond accordingly. Most Apple software in 4.2 respected the switch. A great deal of third-party software did not. This inconsistent behavior is sort of the antithesis of Apple's design principles, and frankly, I don't know why they bothered to put a hardware mute switch that doesn't mute everything. Holding the down-volume button mutes everything I've come across.
You can tap the screen instead of pressing the home button to dismiss the task manager.
You're probably right.
For me, though, the scrolling is the big pet peeve I have with Android. All of the rest of the things that iOS does in this regard are nice, but they don't tend to bug me.
Which phone did you buy? My Galaxy S trumps my iPhone 3gs in every aspect (I never bothered to get an iPhone 4). I keep reading how sluggish Android is (note, not reality there... Android is an OS, iPhone is hardware) and have yet to see it on the Galaxy S, Incredible, and Blackflip.
Honestly, I think people are either making it up or buying really low end hardware and allowing every app they've installed to run in the background.
The thing is, Apple cheats. To get the UI speeds, they render only partially. Take an iOS device, load a long webpage (like a slashdot page with all of the comments expanded) and scroll down really fast. The scrolling is like butter, but once you get a certain way down the page, you see a placeholder for rendered content and the phone then has to catch up. Android's browser renders and scrolls the whole thing seamlessly, which means there can be some judder (I've seen it on Galaxy S phones as well) but there's no waiting once you actually get to the content you're looking for.
The upshot of the iPhone method is that scrolling is smooth. For the content which is already rendered, I can much more easily hit my target on the page, as long as it's within a page or two (scrollways) of my starting location.
Personally, I prefer the instant feedback when scrolling. I generally feel like I'm moving a physical object when scrolling on an iOS device, whereas with Android, I feel like I'm using a gesture UI. There's nothing wrong with either--it's personal preference.
This is where we post the obligatory iPhone vs Evo ( http://www.youtube.com/watch?v=FL7yD-0pqZg ).
That said, I still say that the iPhone's UI is better, and I consider the app selection to be better. The Droid is more hackable, has fewer overall restrictions, and syncs much better with the cloud (I've wiped my Droid while out of town and been back to full working order without having to have a computer to restore my backups--that said, I never had to wipe my phone while I had an iPhone.)
Both phones are adequate. I switched to Android so that I could make a reasonable comparison and an educated decision. After a year, I think I'm ready to switch back.
You get a safe, store the root password(s) in envelopes in the safe signed by the admin. The key to the safe is in the hands of an administrative assistant, the CEO, whomever.
In the event of a plane crash, the CEO can authorize the opening of the safe to get the passwords. When they are used or the passwords are changed, you obviously must update the contents of the safe.
Why do you think that /bin/bash would be whitelisted?
That said, getting this kind of security is fairly tough because you have to ensure that any utilities can't escape to shell or open files that would in turn allow circumvention. For example, if vim is whitelisted, you can :shell. That can be disabled as a compile-time option. But :r /usr/local/etc/sudoers will allow the person running vim as root to modify sudoers. I don't recall if :r can be disabled, because it's mostly irrelevant--you can modify the contents of the buffer and :w! /usr/local/etc/sudoers
SELinux (or equivalent) is really required to be absolutely sure. Of course, you still do the sudo whitelist, because you want to do these things in layers.
I think you missed the point:
However, making a system require multiple individuals for any root operation (think of the classic two-key process to launch a nuke)
The idea is that certain operations are too dangerous to allow an individual to perform. You want two or more people acting in coordination in order to perform the operation. We see this kind of thing with encryption key recovery (m of n people required to come together in order to reconstruct a root key, for example--which is how the DNSSEC key is secured.) In this way, a rogue individual cannot compromise the security of the system--it takes a conspiracy of some previously-determined magnitude.
Of course, when "superuser" means "I can do anything on the system," the concept of security breaks down. At best, you can still have accountability if your logs are sent off-site and secured appropriately. You could certainly require m of n to access the log server (reconstruct an SSH key which is then used to pull the logs off of the server) or send them to several immutable accounts (think Gmail), each of which is only accessible by one superuser.
You could do the key recovery dance to access any server, but as the OP points out, this is too cumbersome for many of the mundane operations which require root.