Self-signed HTTPS provide security against passive attacks (eavesdropping) but nothing against active (MITM) attacks. Active attacks are simple and easily deployed (especially a wifi cafe setting).
The problem is an attack against a CA signed HTTPS will look EXACTLY like a self-signed HTTPS. Promoting self signing to the untrained will destroy the ability for CAs to secure the web.
Which leads to what the CA actually provides. They provide the financial papertrail to link the cert to the funding source that paid for it. That is a very important link.
Because the website with a self-signed cert looks EXACTLY like a MITM attack. Even if the original site uses a CA signed cert, a person could MITM using a self-signed cert and hope the person just clicks "OK". Self-signed provide a bit of security against passive attacks (packet sniffing) but NOTHING against active attacks (MITM). Again, a self-signed cert looks EXACTLY like a MITM attack. Assuming that the first connect isn't a MITM is risky.
CAs provide a financial paper trail. That's where the trust comes from. Figure out how to find someone and they become more honest. True criminal can get around it (and have for centuries) but it helps keep some order.
My last experience with web certs was over a decade ago and with Verisign. They required the domain holder to have a DnB number and provide a letter on company letterhead. There was a few other requirements and both us (the tech consultants) and the contracting company had to interact with Verisign. It took a few weeks to complete and seemed worth the hundreds paid.
Too bad the quest for cheap has made the CA checks worthless.
I agree completely. Sometimes the parents just AREN'T available. The children shouldn't suffer just because of circumstances beyond their control. This is happening more often in American society.
Just last school year my wife and I tutored my niece so she could catch up to her class. With 3-4 hour sessions each day after school she caught up and and excelled past our expectations. Most kids won't get that chance.
Modern education can't assume a strong at home follow up. Naturally kids with the parents involved has a strong advantage.
Look into the FUSE module Phonebook http://www.freenet.org.nz/phonebook/. You can set up multiple layers each with different passphrases. It is called "Deniable Encryption". It is also very handy for managing different stores with a single mount point.
The fact that you're using it probably doesn't look very good though.
What you say is correct but you're not thinking of the consequences of that design. All execution happens on the X client side which then uses RPC (gross oversimplification) to communicate with X server. Since all execution happens on the client, all deps must be satisfied on the client. If the client doesn't have an X runtime (xlib, gtk, qt, etc), it just won't run.
With app bundles you can move the bundle to a random machine (say headless with no X installed) and have it work. All the libs (including xlib) are in the bundle so you have no dependency problems.
App dirs can check the system dirs first. You load a single shared lib. It is upgradable. A standard Linux desktop will already have the common libs installed and updated. And this has the advantage of working over ssh X forwarded connections without installing all the dependencies. Very handy.
PATH env. Mostly none cmd-line apps. There are zsh configs that search a dir for appdirs and add them to the path.
Appdirs can search system libs first. They're used just in case. Storage is cheap and plentiful to most people. If it isn't to you, use a more conventional method.
Config files. A apps check both a system/etc and a user ~/.foo.
When considering this keep this in mind. This is really targeted towards app developers to distribute their software. Compare it to autopackage and LSB.
Drop your appdirs to/apps and manage it howerver you like. Share it, rsync it, use 0install, whatever.
The FHS is actually very simplistic. It has a few broad categories (/bin,/usr,/usr/local,/opt) and shoehorns everything into those terms. Systems like this, GoboLinux and stow, offer increased flexibility over the FHS. GoboLinux even provides a FHS similar view of the system.
I'm wasting mod points replying but this needs to be said.
App Bundles can be configured to search installed system libraries first. This also solves the security update issue. The bundled libs are only used as a last resort.
Regarding config files and/var. This is mainly aimed user applications. Would you install MySQL this way? Maybe to play with but NEVER as a server. This is perfect for apps like Gimp, k3b, OpenOffice, Firefox, etc. Config files can always be checked in two locations. A system/etc and a user ~/.foo.conf
Too apply this idea to the system level look at GoboLinux[http://www.gobolinux.org/] or GNU stow. Both use symlinks to map the individual dirs to a common heirarchy.
Close but wrong. Remember he said data on BOTH SIDES. Your trick just causes the drive to view the double density disk as high density. In both cases the 3.5 was always double sided.
The GP was referring to old single sided 5.25" floppy disks. On the edge of each disk was a notch cut out of the plastic. You'd cover the notch with a shinny metallic sticker to write protect the disk. Someone figured out that you could cut a similar notch on the other side and flip the disk over. This became very common and you could buy special tools to make the notch with proper alignment. Eventually, software publishers used the trick to reduce disk count.
This wouldn't work with double side drives (Like in the XT) but worked great with the C64 and Atari 8 bits. Not sure about the Apple II.
Sounds like what the "other" Rutan is doing. Look up the XCOR EZ-Rocket. Its a small solid fuel rocket that is used as the sole powerplant for a Long-EZ.
Here's a link: http://www.xcor.com/ezrocket-content.html
Everyone is looking at it backwards. The reason for the 1d nature of the left/right distinct is due to the 2 political parties. Both have evolved their views and beliefs to maximize their political attraction. With additional parties we get additional dimensions.
You description is interesting. Seems like you could almost do a FFT(ish) on it for analysis.
That doesn't necessairly mean that I wouldn't sign up for the trip if I had the disposable funds.
That is exactly the point. Even questioning the safety measures, you would do it. Its just the matter of funds. Me, I could but it isn't worth it. Both from a risk (I don't want to make my wife a widow) and cost (I have better ways to spend six figures) standpoint. Wow, I'm getting old. A few years ago I'd have my deposit in.
Do you also play games? Would you do it if you had zero interest in XBox games. Regarding MythTV, once Tivo goes out of business. Can't leave the ease of use and don't mind the somewhat closed system.
Sounds like he has political problems as well. He might be able to get this through management.
Now, if 100% of your pages served are unique, nothing in the world can help you, other than replicating that application on more or faster servers.
A caching proxy will still improve the performance of your static objects (images, stylesheets). This will then relieve pressure on your dynamic engine. This is similar to having a dedicated server handling static objects without the added complexity.
Because many Linux users (including myself) switched to OS X for better laptop support. The pragmatic among us just want something that works (hibernate/battery life) and has a posix base.
With Linux officially supported on a laptop that increases options. Comparing with Apple make sense since it is a shared market.
Go use Windows instead of OS X if you want the best hardware support.
On a side note. I'd like to have a encrypted partition/image on my USB flash drive. It needs to be accessible from Linux and WinXP. Bonus points for OS X support too. Any solutions?
Ever since I quite smoking, my allergies (grass/pollen) have been worse than I experienced in years. Basically since I college which is where I started smoking. I'm guessing smoking caused a constant irritation of my sinuses that resulted in a thickening of the mucus layer. That thickening offerred improved resistance to pollen.
I know a hobbyist magazine back in the '80s used to print entire programs in barcode format. I think it was for the old Radio Shack Model 100 laptop.
It was Home Computing. And it was for Apple IIs and IBM PCs. Very similar to that card reader for Gameboy today. Also the programs were few hundred line basic programs. The also printed them at text so you could type them in.
All that means is your dad cares more about the security of his house than his wifi network. I mean, if they can see the sticky they're either: A-a friend or family. or B-a burglar. If the former, he probably doesn't mind them using his cable modem. If the later, he won't have a computer soon.
Some people really need to put "computer security" into perspective.
The point is there is only a handful of apps you need under Win32. Those apps keep you tied to Win32 for a part of the day. Because you have to use Win32 for part of the day you're tempted to stay there to avoid the pain/time of a reboot into Linux, just to reboot into Win a few hours (tomorrow/whatever) later. Win4Lin (and CoLinux in reverse) or other compatiblity tools prevent the need of the reboot which keeps you in a single environment. You no longer need to make a choice and can use the preferred app whether Win32 or Linux.
Its called compromise. Something society as a whole can't seem to understand it seems.
By contrast, Apple, in the early releases of Mac OS, showed enough foresight to tell developers how to keep their code future-proof, and developers who adhered to those protocols (which were not all that restrictive) wrote apps that still run today, under an entirely new OS on an entirely different CPU.
Excellent point. It is an example of holding your developers to a higher standard and them then matching it. Of course, you need excellent documentation so developers know how to write safe code. MSDN libraries are often vague. This leads to making assumptions about the black boxes.
Slashdot Mirror
Don't like Card's politics but like the Ender universe. Buy the book used, preferably from a local bookstore.
Self-signed HTTPS provide security against passive attacks (eavesdropping) but nothing against active (MITM) attacks. Active attacks are simple and easily deployed (especially a wifi cafe setting).
The problem is an attack against a CA signed HTTPS will look EXACTLY like a self-signed HTTPS. Promoting self signing to the untrained will destroy the ability for CAs to secure the web.
Which leads to what the CA actually provides. They provide the financial papertrail to link the cert to the funding source that paid for it. That is a very important link.
Because the website with a self-signed cert looks EXACTLY like a MITM attack. Even if the original site uses a CA signed cert, a person could MITM using a self-signed cert and hope the person just clicks "OK". Self-signed provide a bit of security against passive attacks (packet sniffing) but NOTHING against active attacks (MITM). Again, a self-signed cert looks EXACTLY like a MITM attack. Assuming that the first connect isn't a MITM is risky.
CAs provide a financial paper trail. That's where the trust comes from. Figure out how to find someone and they become more honest. True criminal can get around it (and have for centuries) but it helps keep some order.
My last experience with web certs was over a decade ago and with Verisign. They required the domain holder to have a DnB number and provide a letter on company letterhead. There was a few other requirements and both us (the tech consultants) and the contracting company had to interact with Verisign. It took a few weeks to complete and seemed worth the hundreds paid.
Too bad the quest for cheap has made the CA checks worthless.
I agree completely. Sometimes the parents just AREN'T available. The children shouldn't suffer just because of circumstances beyond their control. This is happening more often in American society.
Just last school year my wife and I tutored my niece so she could catch up to her class. With 3-4 hour sessions each day after school she caught up and and excelled past our expectations. Most kids won't get that chance.
Modern education can't assume a strong at home follow up. Naturally kids with the parents involved has a strong advantage.
Be careful. With his new found wealth he can afford lawyers now.
Look into the FUSE module Phonebook http://www.freenet.org.nz/phonebook/. You can set up multiple layers each with different passphrases. It is called "Deniable Encryption". It is also very handy for managing different stores with a single mount point.
The fact that you're using it probably doesn't look very good though.
What you say is correct but you're not thinking of the consequences of that design. All execution happens on the X client side which then uses RPC (gross oversimplification) to communicate with X server. Since all execution happens on the client, all deps must be satisfied on the client. If the client doesn't have an X runtime (xlib, gtk, qt, etc), it just won't run.
With app bundles you can move the bundle to a random machine (say headless with no X installed) and have it work. All the libs (including xlib) are in the bundle so you have no dependency problems.
App dirs can check the system dirs first. You load a single shared lib. It is upgradable. A standard Linux desktop will already have the common libs installed and updated. And this has the advantage of working over ssh X forwarded connections without installing all the dependencies. Very handy.
PATH env. Mostly none cmd-line apps. There are zsh configs that search a dir for appdirs and add them to the path.
/etc and a user ~/.foo.
Appdirs can search system libs first. They're used just in case. Storage is cheap and plentiful to most people. If it isn't to you, use a more conventional method.
Config files. A apps check both a system
When considering this keep this in mind. This is really targeted towards app developers to distribute their software. Compare it to autopackage and LSB.
Drop your appdirs to /apps and manage it howerver you like. Share it, rsync it, use 0install, whatever.
/usr, /usr/local, /opt) and shoehorns everything into those terms. Systems like this, GoboLinux and stow, offer increased flexibility over the FHS. GoboLinux even provides a FHS similar view of the system.
The FHS is actually very simplistic. It has a few broad categories (/bin,
I'm wasting mod points replying but this needs to be said.
/var. This is mainly aimed user applications. Would you install MySQL this way? Maybe to play with but NEVER as a server. This is perfect for apps like Gimp, k3b, OpenOffice, Firefox, etc. Config files can always be checked in two locations. A system /etc and a user ~/.foo.conf
App Bundles can be configured to search installed system libraries first. This also solves the security update issue. The bundled libs are only used as a last resort.
Regarding config files and
Too apply this idea to the system level look at GoboLinux[http://www.gobolinux.org/] or GNU stow. Both use symlinks to map the individual dirs to a common heirarchy.
Close but wrong. Remember he said data on BOTH SIDES. Your trick just causes the drive to view the double density disk as high density. In both cases the 3.5 was always double sided.
The GP was referring to old single sided 5.25" floppy disks. On the edge of each disk was a notch cut out of the plastic. You'd cover the notch with a shinny metallic sticker to write protect the disk. Someone figured out that you could cut a similar notch on the other side and flip the disk over. This became very common and you could buy special tools to make the notch with proper alignment. Eventually, software publishers used the trick to reduce disk count.
This wouldn't work with double side drives (Like in the XT) but worked great with the C64 and Atari 8 bits. Not sure about the Apple II.
Sounds like what the "other" Rutan is doing. Look up the XCOR EZ-Rocket. Its a small solid fuel rocket that is used as the sole powerplant for a Long-EZ.
Here's a link: http://www.xcor.com/ezrocket-content.html
Everyone is looking at it backwards. The reason for the 1d nature of the left/right distinct is due to the 2 political parties. Both have evolved their views and beliefs to maximize their political attraction. With additional parties we get additional dimensions.
You description is interesting. Seems like you could almost do a FFT(ish) on it for analysis.
That doesn't necessairly mean that I wouldn't sign up for the trip if I had the disposable funds.
That is exactly the point. Even questioning the safety measures, you would do it. Its just the matter of funds. Me, I could but it isn't worth it. Both from a risk (I don't want to make my wife a widow) and cost (I have better ways to spend six figures) standpoint. Wow, I'm getting old. A few years ago I'd have my deposit in.
Do you also play games? Would you do it if you had zero interest in XBox games. Regarding MythTV, once Tivo goes out of business. Can't leave the ease of use and don't mind the somewhat closed system.
The assault rifle ban expired. I thought the lottery was safer than that.
This will only help with bandwidth problems.
Sounds like he has political problems as well. He might be able to get this through management.
Now, if 100% of your pages served are unique, nothing in the world can help you, other than replicating that application on more or faster servers.
A caching proxy will still improve the performance of your static objects (images, stylesheets). This will then relieve pressure on your dynamic engine. This is similar to having a dedicated server handling static objects without the added complexity.
Because many Linux users (including myself) switched to OS X for better laptop support. The pragmatic among us just want something that works (hibernate/battery life) and has a posix base.
With Linux officially supported on a laptop that increases options. Comparing with Apple make sense since it is a shared market.
Go use Windows instead of OS X if you want the best hardware support.
The software support is what matters to me.
On a side note. I'd like to have a encrypted partition/image on my USB flash drive. It needs to be accessible from Linux and WinXP. Bonus points for OS X support too. Any solutions?
On a serious note.
Ever since I quite smoking, my allergies (grass/pollen) have been worse than I experienced in years. Basically since I college which is where I started smoking. I'm guessing smoking caused a constant irritation of my sinuses that resulted in a thickening of the mucus layer. That thickening offerred improved resistance to pollen.
Still not planning to start again.
I know a hobbyist magazine back in the '80s used to print entire programs in barcode format. I think it was for the old Radio Shack Model 100 laptop.
It was Home Computing. And it was for Apple IIs and IBM PCs. Very similar to that card reader for Gameboy today. Also the programs were few hundred line basic programs. The also printed them at text so you could type them in.
*sigh*
All that means is your dad cares more about the security of his house than his wifi network. I mean, if they can see the sticky they're either: A-a friend or family. or B-a burglar. If the former, he probably doesn't mind them using his cable modem. If the later, he won't have a computer soon.
Some people really need to put "computer security" into perspective.
The point is there is only a handful of apps you need under Win32. Those apps keep you tied to Win32 for a part of the day. Because you have to use Win32 for part of the day you're tempted to stay there to avoid the pain/time of a reboot into Linux, just to reboot into Win a few hours (tomorrow/whatever) later. Win4Lin (and CoLinux in reverse) or other compatiblity tools prevent the need of the reboot which keeps you in a single environment. You no longer need to make a choice and can use the preferred app whether Win32 or Linux.
Its called compromise. Something society as a whole can't seem to understand it seems.
By contrast, Apple, in the early releases of Mac OS, showed enough foresight to tell developers how to keep their code future-proof, and developers who adhered to those protocols (which were not all that restrictive) wrote apps that still run today, under an entirely new OS on an entirely different CPU.
Excellent point. It is an example of holding your developers to a higher standard and them then matching it. Of course, you need excellent documentation so developers know how to write safe code. MSDN libraries are often vague. This leads to making assumptions about the black boxes.