There are multiple layers of virtualization that could be used. A BSD jails approach could be used for sandboxing and library dependency (lib X.Y for Jail 1, lib X.Z for Jail 2). A Docker style approach could be used. Or whatever awesome new micro-virt someone can come up with that's not as heavy as a traditional virtual machine.
The VM for each application is a good idea. Android got close, by at least creating a user for each app using the standard unix permission model where each user can't see another user's files so each app is separate. But they still have all the "what APIs does this device allow" and "what APIs have this program implemented" problems similar to "what libraries does this distro have".
I know of one large company that maintains it's own "drop" like service where you can upload confidential files, and share them with other employees or clients. There are sensible defaults for the maximum allowed users as well as a time delay (after X days the files are deleted).
I don't think the parent was complaining about not being able to modify his own linux desktop because there are other shared users. I think the problem might be around distributions that only release certain versions of software. For example, I run an "old" Ubuntu 10.04 LTS release. It is nearly impossible to install the latest Chromium build due to package dependencies and management. However, I can run the latest Firefox since I can download the tarball directly. (And no, I shouldn't have to upgrade the entire operating system just to run a simple userspace program.)
Power is killed, but the magnetron keeps spinning and some microwaves can escape. Best to hit the stop button and wait a second before opening the door.
Considering it costs around $250 to "register" your nationally Registered Trademark with the Trademark Clearinghouse (http://trademark-clearinghouse.com/) in order to even purchase ANY new gTLD in Sunrise, it's not too far fetched to purchase a "block" that covers hundreds of TLDs for a few hundred dollars. Alternately, trademark holders can purchase domains in Sunrise at a few hundred dollars each which is what the registries charge.
I don't disagree that the whole new gTLD "market" is a cash cow for ICANN, the new registries, and registrars (middle-men).
ICANN allowed it and now they're back pedaling since these brand and trademark holders pretty much have to purchase their brands in every new gTLD anyway, so the ICANN fee of 18-25 cents per domain really adds up.
Many registry operators have them, they are called "blocks" where you put a block on your TM'd string like "slashdot". For example, the Donuts registry which has over 200 new gTLDs allows you to buy a "block" which applies to all their TLDs for a fairly reasonable fee (a few hundred dollars).
.sucks does have blocking... but it kinda sucks (-:
I'm not sure where you got your numbers from, there are only 919 root-delegated Top Level Domains. There are a few hundred more pending new gTLD application with ICANN so the total for the next few years won't exceed 1200. (There are plans for a second round of new gTLD applications. The first round cost each applicant $185,000 USD.)
Definitions: TLD = Top Level Domain gTLD = Generic Top Level Domain (.com,.net,.org,.info,.biz) new gTLD = New Generic Top Level Domain recently allowed by ICANN (.club,.bike,.software,.guru,.ninja,.computer,.sucks,.wtf,.porn,.xn--io0a7i,.google,.canon etc etc) sTLD = Sponsored Top Level Domain aka "restricted TLD" (.aero,.pro,.tel,.museum,.travel,.edu,.coop etc) ccTLD = Country Code Top Level Domain (.uk,.me,.io, etc) Extension = a sub-domain you can register under (.co.uk,.de.com, 0.bg,.com.au etc)
Sponsored TLDs are restricted. For instance, you need a "UIN" delegated by the "Travel Industry" for a.travel domain, only legit museums can get a.museum domain, and only licensed professionals can get a.pro domain, which is why you don't see many of them (and never get spam from them either).
All legacy gTLDs are unrestricted. For awhile,.info domains were sold super cheap ( $5) so scammers bought them up.
Most new gTLDs are unrestricted, while some are restricted like.berlin and.nyc (need to be local to the city) and.bank (need to be a real financial institution and get audited every 2 years and sign your domain with DNSSEC, etc).
ccTLDs can do whatever they want and are not governed by ICANN.
For now, you can "blacklist" new gTLDs without much consequence, because people and businesses are only starting to use them. Keep in mind scammers/spammers/annoying-people register CHEAP domains, so you might want to blacklist.xyz (cheap) but not.bank (expensive). But in the future, legitimate activities under new gTLDs will occur so you might want to allow them over time.
But really, why block at the TLD level and not based on content and RFC compliance?
You can get a $15.sucks domains -- BUT it must be hosted on the registry's website, which provides a "moderated forum" for expressing speech about something you think sucks.
The $2500 for trademark holders is extreme relative to other new gTLDs. Many charge a few hundred dollars for "trademark enabled sunrise registrations" (where you must have a registered trademark with the ICANN approved Trademark Clearinghouse (TMCH) which costs a few hundred dollars a year to maintain).
What if you skipped Pastebin and any other "internet" site and only posted your GPG messages on a.onion site? Then you don't need to use a TOR exit node. For just a few users it might also be suspicious, but hard to track. But if thousands of users were doing it, there could be enough noise to hide in.
To follow that, the security problems we're discussing might not even be on the end user's devices themselves.
The biggest holes seem to be with the corporations data security (or lack thereof) and willing sharing of personal information to even less secure third parties.
If you're worried about identity theft, malware from some shady website may not be as big of a concern as a data breach involving thousands of customers.
I've always wanted something like this projector + camera shining down on a pool table.
It could record all of the shots, and easily show you a prior table position so you could "un-do" a shot as well as re-play slow motion video of a "break" or other action. Based on varying games, it could count and keep score (cutthroat, multiple iterations of "4 ball run", etc etc) by just displaying the scores somewhere on the table.
For interactivity, it could "visualize" the line of an intended ball strike by viewing your cue stick and anticipating the output (it wouldn't be perfect with only a top-view camera, but good enough). Once you find your desired "line" a voice or other gesture control could "freeze" the drawn lines, allowing you to more easily aim.
Looks nice, but not secure. They don't offer HTTPS for their website. When you login to your account, it's "re-branded" https://idp.secureserver.net/.
Seems like they're too cheap to buy their own cert and host their own gateway to the domain management console.
What I mean is, can I just download your plain hosts file over the web? Instead of downloading your software and extracting it. Whether it's a giant 3M line file or 250k lines or smaller doesn't matter as long as it's decent. It seems like maintaining the hosts entries is the hard part!
Slashdot Mirror
There are multiple layers of virtualization that could be used. A BSD jails approach could be used for sandboxing and library dependency (lib X.Y for Jail 1, lib X.Z for Jail 2). A Docker style approach could be used. Or whatever awesome new micro-virt someone can come up with that's not as heavy as a traditional virtual machine.
The VM for each application is a good idea. Android got close, by at least creating a user for each app using the standard unix permission model where each user can't see another user's files so each app is separate. But they still have all the "what APIs does this device allow" and "what APIs have this program implemented" problems similar to "what libraries does this distro have".
I know of one large company that maintains it's own "drop" like service where you can upload confidential files, and share them with other employees or clients. There are sensible defaults for the maximum allowed users as well as a time delay (after X days the files are deleted).
Here is another option if you want to outsource: https://www.sendthisfile.com/i...
Linux Package Deployment
I don't think the parent was complaining about not being able to modify his own linux desktop because there are other shared users. I think the problem might be around distributions that only release certain versions of software. For example, I run an "old" Ubuntu 10.04 LTS release. It is nearly impossible to install the latest Chromium build due to package dependencies and management. However, I can run the latest Firefox since I can download the tarball directly. (And no, I shouldn't have to upgrade the entire operating system just to run a simple userspace program.)
Maybe linking up these simulators in multiplayer could be a new sport that only uses electricity instead of fuel and tires.
Spectators could choose their viewing angles (or multiple at once) as well as spectate in the "cockpit" like we do for FPS games.
Power is killed, but the magnetron keeps spinning and some microwaves can escape. Best to hit the stop button and wait a second before opening the door.
You have the same key problem with SSL/TLS certificates -- can't use your cert without your private key on the VPS.
Considering it costs around $250 to "register" your nationally Registered Trademark with the Trademark Clearinghouse (http://trademark-clearinghouse.com/) in order to even purchase ANY new gTLD in Sunrise, it's not too far fetched to purchase a "block" that covers hundreds of TLDs for a few hundred dollars. Alternately, trademark holders can purchase domains in Sunrise at a few hundred dollars each which is what the registries charge.
I don't disagree that the whole new gTLD "market" is a cash cow for ICANN, the new registries, and registrars (middle-men).
ICANN allowed it and now they're back pedaling since these brand and trademark holders pretty much have to purchase their brands in every new gTLD anyway, so the ICANN fee of 18-25 cents per domain really adds up.
Many registry operators have them, they are called "blocks" where you put a block on your TM'd string like "slashdot". For example, the Donuts registry which has over 200 new gTLDs allows you to buy a "block" which applies to all their TLDs for a fairly reasonable fee (a few hundred dollars).
I'm not sure where you got your numbers from, there are only 919 root-delegated Top Level Domains. There are a few hundred more pending new gTLD application with ICANN so the total for the next few years won't exceed 1200. (There are plans for a second round of new gTLD applications. The first round cost each applicant $185,000 USD.)
Definitions: .net, .org, .info, .biz) .bike, .software, .guru, .ninja, .computer, .sucks, .wtf, .porn, .xn--io0a7i, .google, .canon etc etc) .pro, .tel, .museum, .travel, .edu, .coop etc) .me, .io, etc) .de.com, 0.bg, .com.au etc)
TLD = Top Level Domain
gTLD = Generic Top Level Domain (.com,
new gTLD = New Generic Top Level Domain recently allowed by ICANN (.club,
sTLD = Sponsored Top Level Domain aka "restricted TLD" (.aero,
ccTLD = Country Code Top Level Domain (.uk,
Extension = a sub-domain you can register under (.co.uk,
Sponsored TLDs are restricted. For instance, you need a "UIN" delegated by the "Travel Industry" for a .travel domain, only legit museums can get a .museum domain, and only licensed professionals can get a .pro domain, which is why you don't see many of them (and never get spam from them either).
All legacy gTLDs are unrestricted. For awhile, .info domains were sold super cheap ( $5) so scammers bought them up.
Most new gTLDs are unrestricted, while some are restricted like .berlin and .nyc (need to be local to the city) and .bank (need to be a real financial institution and get audited every 2 years and sign your domain with DNSSEC, etc).
ccTLDs can do whatever they want and are not governed by ICANN.
For now, you can "blacklist" new gTLDs without much consequence, because people and businesses are only starting to use them. Keep in mind scammers/spammers/annoying-people register CHEAP domains, so you might want to blacklist .xyz (cheap) but not .bank (expensive). But in the future, legitimate activities under new gTLDs will occur so you might want to allow them over time.
But really, why block at the TLD level and not based on content and RFC compliance?
You can get a $15 .sucks domains -- BUT it must be hosted on the registry's website, which provides a "moderated forum" for expressing speech about something you think sucks.
The $2500 for trademark holders is extreme relative to other new gTLDs. Many charge a few hundred dollars for "trademark enabled sunrise registrations" (where you must have a registered trademark with the ICANN approved Trademark Clearinghouse (TMCH) which costs a few hundred dollars a year to maintain).
What if you skipped Pastebin and any other "internet" site and only posted your GPG messages on a .onion site? Then you don't need to use a TOR exit node. For just a few users it might also be suspicious, but hard to track. But if thousands of users were doing it, there could be enough noise to hide in.
And like one of the consultants in the article said, why not just use GPG on Pastebin?
Focusing on NIST and the NSA
Choose a safer curve
That or there's just nothing to say since it's not real news.
I love that Slashdot has been doing this for years and wish more news sites did the same. (Ideally The Onion would report actual news today only.)
To follow that, the security problems we're discussing might not even be on the end user's devices themselves.
The biggest holes seem to be with the corporations data security (or lack thereof) and willing sharing of personal information to even less secure third parties.
If you're worried about identity theft, malware from some shady website may not be as big of a concern as a data breach involving thousands of customers.
You mean like DANE?
Agreed. Those "story arc avoiding episodes" are commonly referred to as the Monster of the Week and were always the most enjoyable X-Files episodes.
I've always wanted something like this projector + camera shining down on a pool table.
It could record all of the shots, and easily show you a prior table position so you could "un-do" a shot as well as re-play slow motion video of a "break" or other action. Based on varying games, it could count and keep score (cutthroat, multiple iterations of "4 ball run", etc etc) by just displaying the scores somewhere on the table.
For interactivity, it could "visualize" the line of an intended ball strike by viewing your cue stick and anticipating the output (it wouldn't be perfect with only a top-view camera, but good enough). Once you find your desired "line" a voice or other gesture control could "freeze" the drawn lines, allowing you to more easily aim.
Fun stuff, and I didn't even watch the video (:
Looks nice, but not secure. They don't offer HTTPS for their website. When you login to your account, it's "re-branded" https://idp.secureserver.net/. Seems like they're too cheap to buy their own cert and host their own gateway to the domain management console.
Watching from 5:00 to 6:00 is perfect, thanks!
Sounds like a ++good idea to me! FTFY
Bilbo Baggins was the best. This is somewhat entertaining: https://www.youtube.com/watch?...
What I mean is, can I just download your plain hosts file over the web? Instead of downloading your software and extracting it. Whether it's a giant 3M line file or 250k lines or smaller doesn't matter as long as it's decent. It seems like maintaining the hosts entries is the hard part!