Riiight... because designing an compressed-air based launch system that can fire a firework up to 800 feet into the air with a fairly precise height at apogee is so very trivial.
Umm, I think the point is that when someone says "I forget", they really mean "I forgot", because otherwise, it would be valid to re-word their statement as "I'm currently forgetting"... which is probably not what they meant. I know I very rarely realize when I'm in the process of forgetting something... "Hey, do you remember ?" "Actually, it's funny you should mention that, as it appears I'm forgetting *right* now!".
Well, first off, as the document mentions, one of the best ways to minimize this problem is through the use of... tada! *VPNs*. In fact, according to the very article you mentioned:
"Deploying a Virtual Private Network (VPN) to provide authentication and client-togateway security of transmitted data will also provide a partial solution... Note that completely securing a wireless network using a VPN solution involves more than simply setting up an external VPN server on the wired backbone network. While such a set up will protect wired traffic and wireless-to-wired connections, traffic between two wireless hosts will remain outside the scope of the VPN. To address this problem, several vendors have recently announced IPsec aware access points that will block all traffic from or to a host unless a secured connection with this host has been established."
Well, isn't that interesting.
Moreover, IPSec, SSL, and SSH are not easily compromised with MITM attacks... typically the attack is detected (the host key changes), meaning the user has some level of warning. IOW, IPSec (and others) are hardly "blind". Of course, in the case of IPSec, that depends greatly on the key exchange mechanism selected, but it's not nearly so bad as you imply.
IPSEC means encrypted end-to-end, not just over the wireless segment of the network.
Umm... no. IPSec just means encryption between two IP route points. So, for example, the plan for my wireless network involves an IPSec connection between any wireless end-points and my IPSec-enabled firewall.
Re:Better than IPSec over wi-fi...
on
IEEE Approves 802.11i
·
· Score: 3, Insightful
How is that a stop-gap? IPSec has one purpose: to protect IP traffic data over an insecure link. Sounds like it fits right into the wifi game. And given that it's a proven standard with many interoperable implementations, it still strikes me as an excellent option for people who wish to secure their wireless transmissions. This is especially true given that 802.11i won't be fully adopted in the market place for at least a year or two.
Besides, there are *many* issues regarding security aside from the wire protocol. As one other posted mentioned, key management is one of these issues. How does 802.11i deal with this? I know IPSec has many different solutions available for key management, meaning I can make it fit into my network infrastructure. How does 802.11i fit into this picture?
Umm, no... according to this, they have the fourth largest budget, and it's still roughly an 8th of what the US spends. In fact, the second-place nation, China, spends 55.9 million per year, compared to the US's whopping 276.7 million! Sorry, but no nation even approaches the US on military expenditures. Of course, total expenditures are only part of the picture. For example, the per capita numbers are quite interesting...
Umm, if I'm not mistaken, he was poking fun at America and Americans. Lighten up... not all Americans are blindly patriotic, arrogant pricks. BTW, I'm Canadian (just to eliminate any belief that I am somehow biased toward the US).
if you bought, say, 6 drives from a supplier, they're likely of the same lot
And that is why if I'm building a raid, I buy drives from multiple vendors. In fact, in my simple RAID-0 array that I have at home, I deliberately purchased two drives from completely different manufacturers. Of course, you may have problems with mismatched drive specs (for a large-scale RAID, you want the drives as similar as possible) but if you can purchase the drives from a number of sources, you reduce the chances of mass failures.
Holy crap. With a straight face, you're actually claiming that the government is *more* risk averse than corporations?
Okay, here's a clue: corporations only care about the bottom line. Worse, in the last 15-20 years, it's all been about the bottom line in the next, oh, 1-3 years (hell, these days, it's all about the next 2 quarters). Corporations will *never* "[take] risks in the hopes of making big bucks down the road". Why? Because they're incredibly risk averse regarding their bottom line. After all, the responsbility of a board of directories is to protect their shareholder's investment. Sorry, but in this case, capitalism is not the magic bullet you wish it to be.
Oh, and before you mention the X-Prize, keep in mind that going from 100km and returning to 150km and orbiting is *immense*, and probably not within reach of a small, private firm without massive amounts of venture capital (which they won't be able to get, because the investors are too risk averse to sink their money into something that has no immediate return).
the billions of dollars in aid sent from the US to help countries is also given no (or at least very little) media attention.
Well, that's probably because the existance of those billions is overshadowed by the fact that the US provides less dollars in foreign aid as a percentage of GDP than any other first world nation (source). Sorry, but, in terms of US foreign aid, the media got it right.
Wow! What news feed were you watching? You actually saw the WHOLE CULTURE on TV?? And they were ALL happy and cheering?! WOW!
Hate will destroy everyone.
Absolutely. Unfortunately, hate often begins with stereotypes by those who, apparently, are too ignorant to understand the difference between a small group of extremists and >1 BILLION people.
Easy. Do what I do. Use a 4096-bit public/private key pair, and keep the private key on a USB dongle on your (physical) keychain. *shrug* Of course, you probably want to back on your key on another device (CD-ROM in a physically secure location, for example), in case the USB drive goes kaput.
Bah. WiFi will never entirely replace existing cellular services. WiFi simply does not have the range. As a result, a real cellular phone service would have to place cells every 50 to 100 meters! This is *not* cheap... not only is there tons of hardware to deploy, there's also the cost of wiring these things up, not to mention that it's incredibly difficult to deploy new cells in the first place due to a shortage of good cell locations.
The fact is, WiFi and traditional cellular are more complementary than they are competative. Cellular can provide the large scale coverage, and WiFi can be used for hotspot coverage in busy locations (think office buildings, downtown metropolitan areas, etc).
Two people can weight the same while one person is a fat slob and the other is an very in shape professional athlete.
The thing is, not a lot of people realize this. Even fewer understand why: muscle is denser than fat! So, if you start a weight training regime, you may find that you don't lose as much weight as you expect. BUT, that doesn't mean you aren't losing fat! That's why it's far more important to focus on inches lost and total percentage of body fat.
Unless, of course, there's end-to-end encryption all the way to the speaker. "Just record from the speaker, then!" you say. Well, what you do is you add a watermark to the audio, and you stick DRM software in the recording devices such that they refuse to record if they detect the watermark (kinda like those dots they put on money that photocopiers search for). Suddenly, no "authorized" recording device will record protected audio. Viola! End-to-end DRM is achieved.
Now, nothing I said is particularly *easy*. Getting the technology in the marketplace is just beginning. And developing robust watermarks that survive re-encoding, D/A & A/D conversions, etc, is difficult. But, that's not to say it's impossible.
Why on earth don't you just use your ISPs SMTP server as a relay? It's there *specifically* for that purpose, anyway? Unless, of course, you're paranoid... in which case, you shouldn't be using email anyway (or should be using encryption).
This is easy enough to solve. Just set up your mail server to route email through your ISPs SMTP server. In the case of qmail, this meant putting my ISP's SMTP server in my smtproutes file. AFAIK, most other MTAs have a similar feature.
Riiight... because designing an compressed-air based launch system that can fire a firework up to 800 feet into the air with a fairly precise height at apogee is so very trivial.
Umm, I think the point is that when someone says "I forget", they really mean "I forgot", because otherwise, it would be valid to re-word their statement as "I'm currently forgetting"... which is probably not what they meant. I know I very rarely realize when I'm in the process of forgetting something... "Hey, do you remember ?" "Actually, it's funny you should mention that, as it appears I'm forgetting *right* now!".
Well, first off, as the document mentions, one of the best ways to minimize this problem is through the use of... tada! *VPNs*. In fact, according to the very article you mentioned:
... Note that completely securing a wireless network using a VPN solution involves more than simply setting up an external VPN server on the wired backbone network. While such a set up will protect wired traffic and wireless-to-wired connections, traffic between two wireless hosts will remain outside the scope of the VPN. To address this problem, several vendors have recently announced IPsec aware access points that will block all traffic from or to a host unless a secured connection with this host has been established."
"Deploying a Virtual Private Network (VPN) to provide authentication and client-togateway security of transmitted data will also provide a partial solution
Well, isn't that interesting.
Moreover, IPSec, SSL, and SSH are not easily compromised with MITM attacks... typically the attack is detected (the host key changes), meaning the user has some level of warning. IOW, IPSec (and others) are hardly "blind". Of course, in the case of IPSec, that depends greatly on the key exchange mechanism selected, but it's not nearly so bad as you imply.
End to end meaning if I setup IPsec between two hosts accross the internet, the data stays encrypted and unaltered during the transmission.
And you and I know full well that's not what the grandparent meant. He said:
IPSEC means encrypted end-to-end, not just over the wireless segment of the network.
This is obviously wrong, as per my post. So, tell me again, how was he *not* wrong?
IPSEC means encrypted end-to-end, not just over the wireless segment of the network.
Umm... no. IPSec just means encryption between two IP route points. So, for example, the plan for my wireless network involves an IPSec connection between any wireless end-points and my IPSec-enabled firewall.
How is that a stop-gap? IPSec has one purpose: to protect IP traffic data over an insecure link. Sounds like it fits right into the wifi game. And given that it's a proven standard with many interoperable implementations, it still strikes me as an excellent option for people who wish to secure their wireless transmissions. This is especially true given that 802.11i won't be fully adopted in the market place for at least a year or two.
Besides, there are *many* issues regarding security aside from the wire protocol. As one other posted mentioned, key management is one of these issues. How does 802.11i deal with this? I know IPSec has many different solutions available for key management, meaning I can make it fit into my network infrastructure. How does 802.11i fit into this picture?
Well, it's certainly not informative... we all produce *methane*, not methanol.
Whoops, s/million/billion/...
Umm, no... according to this, they have the fourth largest budget, and it's still roughly an 8th of what the US spends. In fact, the second-place nation, China, spends 55.9 million per year, compared to the US's whopping 276.7 million! Sorry, but no nation even approaches the US on military expenditures. Of course, total expenditures are only part of the picture. For example, the per capita numbers are quite interesting...
Umm, if I'm not mistaken, he was poking fun at America and Americans. Lighten up... not all Americans are blindly patriotic, arrogant pricks. BTW, I'm Canadian (just to eliminate any belief that I am somehow biased toward the US).
Damnit, typo. I meant RAID-1. Given the very subject line in the discussion, I would think that mistake was evident.
if you bought, say, 6 drives from a supplier, they're likely of the same lot
And that is why if I'm building a raid, I buy drives from multiple vendors. In fact, in my simple RAID-0 array that I have at home, I deliberately purchased two drives from completely different manufacturers. Of course, you may have problems with mismatched drive specs (for a large-scale RAID, you want the drives as similar as possible) but if you can purchase the drives from a number of sources, you reduce the chances of mass failures.
Actually, I even found a copy of the teachings of the Buddha in a hotel room, once.
Holy crap. With a straight face, you're actually claiming that the government is *more* risk averse than corporations?
Okay, here's a clue: corporations only care about the bottom line. Worse, in the last 15-20 years, it's all been about the bottom line in the next, oh, 1-3 years (hell, these days, it's all about the next 2 quarters). Corporations will *never* "[take] risks in the hopes of making big bucks down the road". Why? Because they're incredibly risk averse regarding their bottom line. After all, the responsbility of a board of directories is to protect their shareholder's investment. Sorry, but in this case, capitalism is not the magic bullet you wish it to be.
Oh, and before you mention the X-Prize, keep in mind that going from 100km and returning to 150km and orbiting is *immense*, and probably not within reach of a small, private firm without massive amounts of venture capital (which they won't be able to get, because the investors are too risk averse to sink their money into something that has no immediate return).
the billions of dollars in aid sent from the US to help countries is also given no (or at least very little) media attention.
Well, that's probably because the existance of those billions is overshadowed by the fact that the US provides less dollars in foreign aid as a percentage of GDP than any other first world nation (source). Sorry, but, in terms of US foreign aid, the media got it right.
Umm, it does that already. How do you think churches/mosques/etc get exemptions in the first place?
But to see that an entire culture...
Wow! What news feed were you watching? You actually saw the WHOLE CULTURE on TV?? And they were ALL happy and cheering?! WOW!
Hate will destroy everyone.
Absolutely. Unfortunately, hate often begins with stereotypes by those who, apparently, are too ignorant to understand the difference between a small group of extremists and >1 BILLION people.
Easy. Do what I do. Use a 4096-bit public/private key pair, and keep the private key on a USB dongle on your (physical) keychain. *shrug* Of course, you probably want to back on your key on another device (CD-ROM in a physically secure location, for example), in case the USB drive goes kaput.
Bah. WiFi will never entirely replace existing cellular services. WiFi simply does not have the range. As a result, a real cellular phone service would have to place cells every 50 to 100 meters! This is *not* cheap... not only is there tons of hardware to deploy, there's also the cost of wiring these things up, not to mention that it's incredibly difficult to deploy new cells in the first place due to a shortage of good cell locations.
The fact is, WiFi and traditional cellular are more complementary than they are competative. Cellular can provide the large scale coverage, and WiFi can be used for hotspot coverage in busy locations (think office buildings, downtown metropolitan areas, etc).
Two people can weight the same while one person is a fat slob and the other is an very in shape professional athlete.
The thing is, not a lot of people realize this. Even fewer understand why: muscle is denser than fat! So, if you start a weight training regime, you may find that you don't lose as much weight as you expect. BUT, that doesn't mean you aren't losing fat! That's why it's far more important to focus on inches lost and total percentage of body fat.
Unless, of course, there's end-to-end encryption all the way to the speaker. "Just record from the speaker, then!" you say. Well, what you do is you add a watermark to the audio, and you stick DRM software in the recording devices such that they refuse to record if they detect the watermark (kinda like those dots they put on money that photocopiers search for). Suddenly, no "authorized" recording device will record protected audio. Viola! End-to-end DRM is achieved.
Now, nothing I said is particularly *easy*. Getting the technology in the marketplace is just beginning. And developing robust watermarks that survive re-encoding, D/A & A/D conversions, etc, is difficult. But, that's not to say it's impossible.
Why on earth don't you just use your ISPs SMTP server as a relay? It's there *specifically* for that purpose, anyway? Unless, of course, you're paranoid... in which case, you shouldn't be using email anyway (or should be using encryption).
This is easy enough to solve. Just set up your mail server to route email through your ISPs SMTP server. In the case of qmail, this meant putting my ISP's SMTP server in my smtproutes file. AFAIK, most other MTAs have a similar feature.
Fool! It was "Great Joy, and Gratitude!" And it was, hands down, one of the worst moments in television. Ever. :)
Son of a...! I knew there was something wrong (and rather hilarious) with that sentence. *sigh* :)