Google will never sell, rent or share your personal information, including your Gmail address or email content, with any third parties
for marketing purposes without your express permission.
Ah, good! So I won't receive any spam from John Ashcroft any time soon...
That being said, a KVM is awfully handy if you need control over a machine during the early boot stages -- you can't get to the BIOS settings display using X forwarding.:-)
Get a mainboard that supports serial console redirection, like the Tyan Tomcat i875P, and hook the (first) serial port up to a multi-serial board in another box, or get the excellent (but expensive) Cyclades TS-Series console server.
We just picked up four of them as firewalls (in 1U cases from Chenbro) as well a backup server, and the redirection works like a charm.
[E]very smart idea you have will be ripped off by the BigMonopolisticCompany(TM)
That's true irrespective of any "intellectual property" laws.
By the way, patents are the reason why Sun got 1.6bil$ from Microsoft. Without patents, Microsoft could have just trample Sun into the ground without bothering to spend a dime.
Without Sun having a couple of hundred millions to put up in (potential) legal fees, there wouldn't even have been a lawsuit, let alone a settlement.
Your patents are only worth what you can spend to defend them in court. The whole criticism of the patent system with regards to software (at least) is that it creates an additional barrier to market entry, and thus makes competing on the merits of the product harder.
Big corporations do not compete on the quality of their products, but the strength of their "solution", i. e. how much they can lock-in their customers or bribe decision makers. In retail software, it's not much different; the general populace is just more gullible.
An article featured on Slashdot last year lays out the underlying complexity of the power grid very well: "The World's Largest Machine"
OK, it's nitpicking, but the largest machine is arguably the telephone system. Among other things, it maintains a synchronized clock (8 kHz base), even across oceans and continents.
I wouldnt be surprised if one day someone starts an agency to research names that have absolutely no bad connotations in any language.
I'm too lazy to look it up now, but this has been standard practice with product naming for large companies for at least 20 years now. Apparently, there never was a Palm IV because that's some unlucky number in some asian country, and there's plenty more funny names, in one language or another. The few Google queries I tried mostly talk about domain squatting, unfortunately.
It's a standard pratice for large agencies, and there are quite a number of people specializing in finding "nice" sounding names that actually don't mean anyting in any language.
My wife showed me an article about a two-seater diesel powered Mercedes apparently now available in Europe and apparently coming to North America in a couple of years. If I did the arithmetic correctly, it gets about a hundred miles per gallon.
Your wife probably read about Smart, a joint vernture between DaimlerChrysler and Swatch. The Smart U.K. site says 60 mpg so that's not too shabby.
The best feature, I believe, is how incredible small this thing is. You can park two in a standard parking spot, or even park perpendicular to the road. For those of us living in crowded European cities and can't do without a car, this is very compelling.
On the other hand, I'd rather not think about what a soccer mom can do with her tank, er SUV, to it... which is probably the reason they haven't introduced them in the US yet.
I was quite confused when I received spam from myself: apparently, whatever sorting had been done led to the faked message coming from my work email address, and be directed at my personal account. And the local part wasn't even similar.
While the proposed method might provide some additional heuristics for a spam filter, it certainly is not the magical cure...
Also, the bookmarks are stored in the standard plist XML format, so exporting them is easy even with a text editor. And I'm fairly certain that some enterprising soul would come up with a small utility to make it Mom safe.
Look at ~/Library/Safari/Bookmarks.plist; double-clicking will bring up the Property List Editor, or use your favorite text editor to look at the raw HTML.
Even more mail servers are going to think I'm a spammer now.
And how am I supposed to know that your machine has not been taken over by a spammer?
Proper mail service is not that expensive, and since you're running your own mail server already anyway, rent a virtual server somewhere. Don't tell me you don't know enough people to split the cost of $10-$30/month with.
You're alreay spending upwards of $30 a month on broadband, you're paying for your vanity domain, and most likely, already are paying for web hosting for said domain, but you can't be bothered to run a mail server properly? Get real. With that attitude, you're part of the problem.
[A]nything they transmit over the net is sniffable
with a little effort.
I do realize this is/. but this is just bullshit. SSL/TLS is not vulnerable to man in the middle attacks as long as the trust chain is not violated.
Are there many people out there that do not understand that just clicking Yes when they're presented with a warning will expose them to all kinds of malicious attacks from some random web site? Yes, sure.
But any security system is only going to hold up if the people using it understand it's limitations. Namely, in the case of SSL/TLS, that the Root CA's whose certs are embedded in your browser are doing a proper job of only handing out certs to trustworthy people.
And how many "security experts" still believe that using your own CA is somehow less secure than one of the commerical ones, when dealing with VPN/Intranet traffic?
That's 20km/65kph = 1107 seconds. Which converts to slightly less than 942 KBps.
Only if you assume that only one pidgeon can be en-route at any time. Over the space of 20 km, and with an unlimited supply of pidgeons, I would guess you could fit at least 20.000 on to the "line". If we use the available space above and to the left and right, probably a lot more.
The reason why the voting machine doesn't produce an audit trail is that it's rather difficult to produce such an audit trail AND assure that votes cast will be anonymous.
I don't think this is the reason the vendors have not included a paper trail (if only for the reason that I don't believe they're that smart).
But once again, why do not use the time-proven method of making marks on a piece of paper, and counting the ballots manually, under supervision?
People here have pointed out that paper ballots can be manipulated, and that the process of paper voting can be manipulated. However, these processes have been used for centuries, and the security vulnerabilities are well understood. I do not believe that the security implication of the machines and the new processes are well understood at this time.
I've not heard any really convincing argument why computerized vote casting is better, or in which way. Random assertions of "Jane Doe, 84, cannot figure out how to mark the ballot" do not instill confidence in me that any different process is necessarily better. I do realize that being able to include illiterates to make a competent choice is a laudable goal; I just think that designing the ballot to be usable without being able to read is a lot more effective approach than using an untested, poorly thought-out touch-screen display, and then claiming that "using a touch-screen is easier". (Just to give one example.)
But nobody has ever asked "did you write this code yourself?"
Things do get noticed. The original author most likely is going to find out eventually, and then your reputation is on the line.
I don't expect to stay in my current job, or with my current employer, until I retire (winning the lottery nonwithstanding).
I probably wouldn't want to work for a company where the hiring manager would not be Googling my name for references, especially since I have listed minor contributions to FreeBSD in my resume. So, basically, if I do screw up with a contribution, or worse, hide the fact that I copied some code when I wasn't allowed to, I will have a harder time getting a good job. At least in terms of job satisfaction, instead of just compensation.
There's at least one current case in the FreeBSD community (but not in CVS) where authorship is questionable that I'm aware of, so it does happen. And I'm confident the guys can work out their differences, especially since the origin of the code is so obvious, and the added value by the second developer is significant; re-adding the original copyright can not be that hard.
Remember the coffee cam? Now that was cool. Wasn't it at MIT?
German weekly Der Spiegel (think Time or Newsweek) did buy the Trojan Room coffee machine, and has it up and running again (after refurbishment). I was even lucky enough to have a cup when I was visiting them some time ago:-)
Re:The greatest threat...
on
Real Security?
·
· Score: 1
I use a password storage system with 256 blowfish encryption, but the idea that I have to store passwords in a password-protected system is a little scary.
I don't remember quite where I read this, but Bruce Schneier keeps them on a piece of paper in his wallet.
Learn how to configure the Directory Access feature to protect your Mac from a malicious DHCP server.
DISCUSSION
Please note that the exploit requires the malicious DHCP server to be located on your local subnet. For typical home network configurations with a broadband (DSL or cable service) modem and a NAT (Network Address Translation) device, such as Apple's Airport, this exploit is not possible.
[...]
If your Mac is configured to use a directory service consult with your IT administrator before changing any settings.
Hold down Command-S while starting up the machine.
Open Firmware Password is a little utility that will set up the password for Open Firmware, which you could also do from the Open Firmware prompt (Cmd-Opt-O-F).
Once set, you cannot boot from anything but the default startup disk. Also you need to enter the root password to enter single-user. (If root is enabled.)
I'm not sure I fully understand the problem, but it appears to me that the defaults of just accepting information from DHCP for authentication and authorization are wong; not necessarily any piece of software. (It is debateble whether the very possibility of obtaining such information from DHCP is such a bad idea that the option should not be offered at all.)
Obviously, the fix is not quite so easy: instead of just updating a binary or two, Apple needs to devise a program/an advisory that will alert users to the problem, and that also makes sure people don't shoot themselves in the foot (turn option off, suddently you can't log in anymore).
Devising such a thing, and testing it in a wide variety of environments will take time, so I wouldn't blame Apple for "reacting slowly" just yet.
Slashdot Mirror
From the Gmail privacy policy:
Ah, good! So I won't receive any spam from John Ashcroft any time soon...
Get a mainboard that supports serial console redirection, like the Tyan Tomcat i875P, and hook the (first) serial port up to a multi-serial board in another box, or get the excellent (but expensive) Cyclades TS-Series console server.
We just picked up four of them as firewalls (in 1U cases from Chenbro) as well a backup server, and the redirection works like a charm.
I'll bite.
That's true irrespective of any "intellectual property" laws.
Without Sun having a couple of hundred millions to put up in (potential) legal fees, there wouldn't even have been a lawsuit, let alone a settlement.
Your patents are only worth what you can spend to defend them in court. The whole criticism of the patent system with regards to software (at least) is that it creates an additional barrier to market entry, and thus makes competing on the merits of the product harder.
Big corporations do not compete on the quality of their products, but the strength of their "solution", i. e. how much they can lock-in their customers or bribe decision makers. In retail software, it's not much different; the general populace is just more gullible.
I'd suggest you grow up and get more cynical :-)
OK, it's nitpicking, but the largest machine is arguably the telephone system. Among other things, it maintains a synchronized clock (8 kHz base), even across oceans and continents.
I'm too lazy to look it up now, but this has been standard practice with product naming for large companies for at least 20 years now. Apparently, there never was a Palm IV because that's some unlucky number in some asian country, and there's plenty more funny names, in one language or another. The few Google queries I tried mostly talk about domain squatting, unfortunately.
It's a standard pratice for large agencies, and there are quite a number of people specializing in finding "nice" sounding names that actually don't mean anyting in any language.
Bullshit:
$ cat exec.c
./exec foo
(Slashcode loses the tabs/nbsps.)#include <stdio.h>
#include <unistd.h>
#include <sysexits.h>
int
main(int argc, char *argv[])
{
if(argc <= 1)
{
fprintf(stderr,"Need to specify a file to execute.\n");
return EX_USAGE;
}
if (execve(argv[1],argv+1,NULL) <= 0)
{
perror("execve() failed");
}
}
$ make
cc exec.c -o exec
$ echo '#!/bin/sh' >foo
$
execve() failed: Permission denied
The best feature, I believe, is how incredible small this thing is. You can park two in a standard parking spot, or even park perpendicular to the road. For those of us living in crowded European cities and can't do without a car, this is very compelling.
On the other hand, I'd rather not think about what a soccer mom can do with her tank, er SUV, to it... which is probably the reason they haven't introduced them in the US yet.
While the proposed method might provide some additional heuristics for a spam filter, it certainly is not the magical cure...
dot at dot at dot at dot at.
Bah, I'm going to hold out for a dual 64 bit laptop. With a RAID array. And hookers!
Look at ~/Library/Safari/Bookmarks.plist; double-clicking will bring up the Property List Editor, or use your favorite text editor to look at the raw HTML.
I'm too old.
Proper mail service is not that expensive, and since you're running your own mail server already anyway, rent a virtual server somewhere. Don't tell me you don't know enough people to split the cost of $10-$30/month with.
You're alreay spending upwards of $30 a month on broadband, you're paying for your vanity domain, and most likely, already are paying for web hosting for said domain, but you can't be bothered to run a mail server properly? Get real. With that attitude, you're part of the problem.
Are there many people out there that do not understand that just clicking Yes when they're presented with a warning will expose them to all kinds of malicious attacks from some random web site? Yes, sure.
But any security system is only going to hold up if the people using it understand it's limitations. Namely, in the case of SSL/TLS, that the Root CA's whose certs are embedded in your browser are doing a proper job of only handing out certs to trustworthy people.
And how many "security experts" still believe that using your own CA is somehow less secure than one of the commerical ones, when dealing with VPN/Intranet traffic?
Since putting the update in, RDC has become quite unstable, crashing right at startup, or a few minutes into the session. Anyone else seeing this?
But once again, why do not use the time-proven method of making marks on a piece of paper, and counting the ballots manually, under supervision?
People here have pointed out that paper ballots can be manipulated, and that the process of paper voting can be manipulated. However, these processes have been used for centuries, and the security vulnerabilities are well understood. I do not believe that the security implication of the machines and the new processes are well understood at this time.
I've not heard any really convincing argument why computerized vote casting is better, or in which way. Random assertions of "Jane Doe, 84, cannot figure out how to mark the ballot" do not instill confidence in me that any different process is necessarily better. I do realize that being able to include illiterates to make a competent choice is a laudable goal; I just think that designing the ballot to be usable without being able to read is a lot more effective approach than using an untested, poorly thought-out touch-screen display, and then claiming that "using a touch-screen is easier". (Just to give one example.)
I don't expect to stay in my current job, or with my current employer, until I retire (winning the lottery nonwithstanding).
I probably wouldn't want to work for a company where the hiring manager would not be Googling my name for references, especially since I have listed minor contributions to FreeBSD in my resume. So, basically, if I do screw up with a contribution, or worse, hide the fact that I copied some code when I wasn't allowed to, I will have a harder time getting a good job. At least in terms of job satisfaction, instead of just compensation.
There's at least one current case in the FreeBSD community (but not in CVS) where authorship is questionable that I'm aware of, so it does happen. And I'm confident the guys can work out their differences, especially since the origin of the code is so obvious, and the added value by the second developer is significant; re-adding the original copyright can not be that hard.
He recommended it in an earlier Crypto-Gram.
Salient quote:
Once set, you cannot boot from anything but the default startup disk. Also you need to enter the root password to enter single-user. (If root is enabled.)
Obviously, the fix is not quite so easy: instead of just updating a binary or two, Apple needs to devise a program/an advisory that will alert users to the problem, and that also makes sure people don't shoot themselves in the foot (turn option off, suddently you can't log in anymore).
Devising such a thing, and testing it in a wide variety of environments will take time, so I wouldn't blame Apple for "reacting slowly" just yet.