Actually, you're only prompted for a passphrase when signing an e-mail/file, not when you encrypt. If you're getting prompted for both, then you're most likely doing a sign/encrypt rather than just an encrypt.
Right, I mis-spoke (in my haste to get the post out while the modding was good:D ). Thank you.
Pine/GnuPG ask me for a passphrase each time I encrypt and/or sign a message. This proves that I originated the message (not just some random punk who broke into my computer) for the purposes of authentication and non-repudiation.
The article and FAQ list were light on technical details, and I don't feel like registering for the actual whitepaper, but: since the aim of this service is to make encryption easy enough for common usage, I highly doubt there will be a passphrase prompt or any other method to ensure that the actual alleged sender is in fact the originator of a message. This seems to be confirmed by the statement that desktop mail clients (e.g. Outhouse) will be somehow directly "integrated" (how's that for nebulous?) with these proxy servers.
Without this precaution, I fail to see how this is anywhere as secure as straight-up PGP/GPG.
With this release (0.2), I have no typing speed/latency issues. The box is not that great, either -- an Athlon 1.533 with 256 MB. Maybe the difference could be explained by the fact that I compose all mail as text. If you use HTML, (1) a pox on you, and (2) try disabling that -- I'm genuinely curious to see if that makes a speed difference.
Mozilla's embedded mail client, even the latest version, has major issues... the message display pane likes to go apeshit. There's a bugzilla thread, in which the developers acknowledge the problem but don't seem to feel inclined to fix it. For that reason, I'm especially glad to see Thunderbird becoming viable.
Off to install Thunderbird 0.2 on the machines of all the extended family... boo free tech support.:(
Designing a 50 attowatt laser that can be focused at astronomical distances (potentially through the atmosphere, but there might not be much atmosphere left in its direct line of fire after a second or two) is left as an exercise to the reader...
You are aware that atto is a very small modifier, not a very large one, right? 50 attowatts is equivalent to 5.0 * (10 ^ -17) watts, or 0.00000000000000005 watts.
Perhaps you meant peta (10^15), exa (10^18), zetta (10^21), or yotta (10^24)?
Sure, you have the right to post whatever strings of characters you wish. However, twisting my words into points that I did not make, and are indeed contrary to the points I did make, serves only to make you look foolish and incapable of argument. If underscoring this fact is your goal, then congratulations: you win the blue ribbon.
Second, a "troll" designator means nothing. It's a function of which moderators happen to see which comments, which moods they're in at the time, which side of the issue they agree with, et cetera. My comment was also scored much higher (initially) than yours, attracting more moderator attention. Your inappropriate ad-hominem attacks, on the other hand, are definitely the trolls here.
As further evidence that you are indeed a troll, consider the definition -- one who posts crap in the hope that people such as myself will spend precious holiday minutes rebutting it, which, unsurprisingly, I'm doing.
Moving along to your actual points:
If there is no alternative to patching then why would somebody even bother with regression testing?
Geez, I dunno, maybe to make sure there are no ill side effects and reporting them to the vendor, to get a fixed patch, if there are? You know, exercising this quality we like to call "caution" when dealing with legendarily-buggy software?
And your dead wrong that it isn't the institutions responsibility to protect their network resources.
In addition to being careless or ignorant enough to replace "you're" with "your", you also seem to have some reading comprehension issues. In #6834249, I specifically said "The IT department has every right to implement network-level measures to stop the spread of malware."
It would be retarded for universities not to put some requirements on software the systems are required to run (anti-virus) and patches that must be applied (anything from windows update, if it's a windows box)
Nope. My box -- I will decide what gets installed on it. Period.
If you will refer back to #6835222, you will see that I support automatic disabling of switch ports when worm/virus activity is detected emanating therefrom. Problem solved, no invasive demands involved.
This is something that a competent systems/networks guy could engineer in a few days (strategically-placed intrusion detection systems, using ARP to translate to MAC addresses, then SNMP to search ports for the given MAC and remotely disable said port), and would be a much less invasive and labor-intensive system than pushing around patches.
Now I'm certainly not opposed to IT departments at schools campaigning and raising student awareness of patching, and making CD's available -- that's all well and good. What I'm arguing is mandated updates. That's over the line.
I'll also point out that I would come down on the other side of the issue in the case of a corporate network. For the mentally challenged, that means that I support *corporate* IT departments mandating and performing patching against worms/viruses. There's no issue there because the machines are owned by the company, to be used for company purposes.
So then, what is "bullshit", sir, is your advocacy of the jackbooted "install OUR software on YOUR personal machine NOW" theme, and your apparent inability to argue.
Don't make unsubstantiated statements. I am darned well aware of the damage these types of Microsoft malware can accomplish. I never said "don't patch", and you're silly (or worse) to put those words in my mouth. FWIW, all machines in my purview (friends, family, etc.) have been patched up well in advance.
My point, though, is that a college's IT department has no business forcing people to install shit on their machines. Today it's a patch. Tomorrow it's censorship software. (No shit: this was considered, and thankfully shot down, at my conservative Christian alma mater.) The hell with that. Personal machines are just that -- personal.
A compromise solution that I think we can both agree on would be to use SNMP to disable the switch ports of anyone caught propagating the malware until they could demonstrate patchedness. But don't walk around telling me I must install a certain piece of software on my machine. That's BS, especially since my OSes of choice (*nix family) are invulnerable to this shit and are far above the comprehension of the vast majority of my former school's IT department anyway.
I'll ignore all of your tinfoil hat / cave bullshit, since there are no grounds for that, and you're just trolling.
here at Oklahoma State University, the IT department gave all the RAs in all the dorms and apartments a fix-it CD, all users must run the software on the CD regardless of whether they don't think they have msblast/sobig, etc.
If that really happened, it would be the stupidest thing I've heard of in a while.
1. What if these patches introduce other problems/bugs? After all, this is M$ software we're talking about here. Has the IT department done exhaustive regression testing to make sure the patches won't cause other issues?
2. It would be stupid to pass around home-grown discs like this. What if someone in IT screwed up and included the wrong patches? Or, perhaps a bored, nefarious student working in IT included something like BackOrifice on the CD?
3. Obvious Slashdot objection -- what about those of us who don't run M$ shit? Are the RA's really clueful enough to realize this, or are they going to be stupid tools of the system and sit there and force you to attempt installation, and then accuse you of subversion when the Win32 binaries don't run on your *nix box?
These are just a few off-the-top examples of why this action was a Brain-Dead (TM) thing to do. The IT department has every right to implement network-level measures to stop the spread of malware. But their jurisdiction STOPS at the network jack in the wall!
Re:SCO.TXT w/ English trans
on
SCO Roundup
·
· Score: 1
Do you know what "6X7liA1zmJhyA" means?
I realize you were joking, but...
That's an old-school DES crypted password. If this text file is legit (doubtful), that would mean SCO is stupidly using old tech instead of modern MD5 passwords. Fools.
Right off the top of my head are these long-standing open-source packages with long histories of security holes: wu-ftpd [...] sendmail [...] vixie-cron
Wow, how could you forget the most obvious one?
The three you mentioned are indeed bad, but BIND is definitely, by far, the most bug-ridden, insecure, shoddily-designed piece of trash ever to embarrass the open-source community. No bitchfest about bad software is complete without mentioning BIND.
Between vixie-cron and BIND, I'd support a law prohibiting Paul Vixie from ever touching a computer again. Kinda like Kevin Mitnick's probation, but with actual justification this time around...
Anyway, a big "thank you" goes out to DJB for freeing the world from the mess that is BIND (and Sendmail, for that matter)!
Why, exactly? As a longtime Slashdotter, I know why I'm supposed to hate Microsoft, the RIAA, the MPAA, Adobe, DigitalConvergence (CueCat), AOL/TW, Apple, DoubleClick, ad nauseum, and now SCO, but what has IBM done? I thought that they were The Good Guys (TM), what with their US$1x10^9 Linux campaign and whatnot...
Overtime charges, benefits and basic salary for an $74k employee for the last three days are running what? At least $1000k per employee. With eight IT dudes running around fixing all of the Wintel systems
Please, please, tell me where I can find a $74K job "running around fixing [..] Wintel systems."
Come to think of it, tell me where I can find a $25K job doing same, and I will buy you a very large case of your favorite beverage.
Did you see the href over to IMDB's page on "Back to the Future"? If not, you're retarded.
If you indeed followed the hyperlink, there are two possibilities.
(1) You've seen the BttF trilogy, in which case you're retarded for not catching the significance of "jigga-watt" (the professor's mispronunciation of gigawatt)
(2) You've not seen the BttF trilogy, in which case you're retarded for replying in the manner you did without sufficient background knowledge -- the URL was an obvious clue-in to a geek joke.
Given that there wasn't yet a patch available when they were cracked, they in fact did discover the crack, and they in fact do have complete backups, on what basis do you conclude that the admin(s) "is/are incompetent"?
Running wuftpd when publicfile and pureftpd exist is strong evidence of incompetence.
Unbelievable. And I'm supposed to trust their methods and products with my enterprise?
What's unbelievable is the blatant stupidity of that statement.
Sure, this incident demonstrates that the person(s) in charge of the maintenance of ftp.gnu.org is/are incomptent. How you extrapolate from that to reach the conclusion that hundreds of GNU programs written and maintained by thousands of programmers are therefore sub-par, especially since these tools have been continually refined and perfected over the last decade or so and are objectively much better than those from any corporate vendor, is the truly incomprehensible matter.
One of the side effects, however, is an unpleasant body odour
...yeah...like this affects the slashdot crowd much...
I don't get this stereotype. At all. I can understand nerdy, lonely, fat, etc. as characterizing a good cross-section of the Slashdot readership. But smelly? Come on! If anything, wouldn't highly technical, detail-oriented people be clean freaks? I know I shower at least once every day...
Not that any of this matters. The baseless joke will continue to be made, and dumbass moderators (yes, I'm talking about you, sitting there with the mod points) will continue to reward its use. But I just had to get that rant off my (squeaky-clean) chest.
Slashdot Mirror
What we need is a common laptop form factor. [...] I want to build a laptop [...] I dont care if it's 8 inches wider than [Dell's] junk
Let me get this straight: you want a laptop that's 8 inches wider than standard laptops.
If we assume current laptops are around 12 inches wide, you're talking about a 20" laptop.
And you think this monstrosity will become a "common" form factor?
Actually, you're only prompted for a passphrase when signing an e-mail/file, not when you encrypt. If you're getting prompted for both, then you're most likely doing a sign/encrypt rather than just an encrypt.
:D ). Thank you.
Right, I mis-spoke (in my haste to get the post out while the modding was good
Pine/GnuPG ask me for a passphrase each time I encrypt and/or sign a message. This proves that I originated the message (not just some random punk who broke into my computer) for the purposes of authentication and non-repudiation.
The article and FAQ list were light on technical details, and I don't feel like registering for the actual whitepaper, but: since the aim of this service is to make encryption easy enough for common usage, I highly doubt there will be a passphrase prompt or any other method to ensure that the actual alleged sender is in fact the originator of a message. This seems to be confirmed by the statement that desktop mail clients (e.g. Outhouse) will be somehow directly "integrated" (how's that for nebulous?) with these proxy servers.
Without this precaution, I fail to see how this is anywhere as secure as straight-up PGP/GPG.
However i think that since 11/09/03 no one gives a toss about the niceties of civil liberties
I wasn't aware that anything much happened two days ago (9/11/03).
Any article that asks that question is automatically crap. Period. End of discussion.
Is CP/M dead? QBASIC? VMS? Yup, that's what I thought. Be careful of speaking in absolutes.
With this release (0.2), I have no typing speed/latency issues. The box is not that great, either -- an Athlon 1.533 with 256 MB. Maybe the difference could be explained by the fact that I compose all mail as text. If you use HTML, (1) a pox on you, and (2) try disabling that -- I'm genuinely curious to see if that makes a speed difference.
:(
Mozilla's embedded mail client, even the latest version, has major issues... the message display pane likes to go apeshit. There's a bugzilla thread, in which the developers acknowledge the problem but don't seem to feel inclined to fix it. For that reason, I'm especially glad to see Thunderbird becoming viable.
Off to install Thunderbird 0.2 on the machines of all the extended family... boo free tech support.
Designing a 50 attowatt laser that can be focused at astronomical distances (potentially through the atmosphere, but there might not be much atmosphere left in its direct line of fire after a second or two) is left as an exercise to the reader...
You are aware that atto is a very small modifier, not a very large one, right? 50 attowatts is equivalent to 5.0 * (10 ^ -17) watts, or 0.00000000000000005 watts.
Perhaps you meant peta (10^15), exa (10^18), zetta (10^21), or yotta (10^24)?
Sure, you have the right to post whatever strings of characters you wish. However, twisting my words into points that I did not make, and are indeed contrary to the points I did make, serves only to make you look foolish and incapable of argument. If underscoring this fact is your goal, then congratulations: you win the blue ribbon.
Second, a "troll" designator means nothing. It's a function of which moderators happen to see which comments, which moods they're in at the time, which side of the issue they agree with, et cetera. My comment was also scored much higher (initially) than yours, attracting more moderator attention. Your inappropriate ad-hominem attacks, on the other hand, are definitely the trolls here.
As further evidence that you are indeed a troll, consider the definition -- one who posts crap in the hope that people such as myself will spend precious holiday minutes rebutting it, which, unsurprisingly, I'm doing.
Moving along to your actual points:
If there is no alternative to patching then why would somebody even bother with regression testing?
Geez, I dunno, maybe to make sure there are no ill side effects and reporting them to the vendor, to get a fixed patch, if there are? You know, exercising this quality we like to call "caution" when dealing with legendarily-buggy software?
And your dead wrong that it isn't the institutions responsibility to protect their network resources.
In addition to being careless or ignorant enough to replace "you're" with "your", you also seem to have some reading comprehension issues. In #6834249, I specifically said "The IT department has every right to implement network-level measures to stop the spread of malware."
It would be retarded for universities not to put some requirements on software the systems are required to run (anti-virus) and patches that must be applied (anything from windows update, if it's a windows box)
Nope. My box -- I will decide what gets installed on it. Period.
If you will refer back to #6835222, you will see that I support automatic disabling of switch ports when worm/virus activity is detected emanating therefrom. Problem solved, no invasive demands involved.
This is something that a competent systems/networks guy could engineer in a few days (strategically-placed intrusion detection systems, using ARP to translate to MAC addresses, then SNMP to search ports for the given MAC and remotely disable said port), and would be a much less invasive and labor-intensive system than pushing around patches.
Now I'm certainly not opposed to IT departments at schools campaigning and raising student awareness of patching, and making CD's available -- that's all well and good. What I'm arguing is mandated updates. That's over the line.
I'll also point out that I would come down on the other side of the issue in the case of a corporate network. For the mentally challenged, that means that I support *corporate* IT departments mandating and performing patching against worms/viruses. There's no issue there because the machines are owned by the company, to be used for company purposes.
So then, what is "bullshit", sir, is your advocacy of the jackbooted "install OUR software on YOUR personal machine NOW" theme, and your apparent inability to argue.
Don't make unsubstantiated statements. I am darned well aware of the damage these types of Microsoft malware can accomplish. I never said "don't patch", and you're silly (or worse) to put those words in my mouth. FWIW, all machines in my purview (friends, family, etc.) have been patched up well in advance.
My point, though, is that a college's IT department has no business forcing people to install shit on their machines. Today it's a patch. Tomorrow it's censorship software. (No shit: this was considered, and thankfully shot down, at my conservative Christian alma mater.) The hell with that. Personal machines are just that -- personal.
A compromise solution that I think we can both agree on would be to use SNMP to disable the switch ports of anyone caught propagating the malware until they could demonstrate patchedness. But don't walk around telling me I must install a certain piece of software on my machine. That's BS, especially since my OSes of choice (*nix family) are invulnerable to this shit and are far above the comprehension of the vast majority of my former school's IT department anyway.
I'll ignore all of your tinfoil hat / cave bullshit, since there are no grounds for that, and you're just trolling.
here at Oklahoma State University, the IT department gave all the RAs in all the dorms and apartments a fix-it CD, all users must run the software on the CD regardless of whether they don't think they have msblast/sobig, etc.
If that really happened, it would be the stupidest thing I've heard of in a while.
1. What if these patches introduce other problems/bugs? After all, this is M$ software we're talking about here. Has the IT department done exhaustive regression testing to make sure the patches won't cause other issues?
2. It would be stupid to pass around home-grown discs like this. What if someone in IT screwed up and included the wrong patches? Or, perhaps a bored, nefarious student working in IT included something like BackOrifice on the CD?
3. Obvious Slashdot objection -- what about those of us who don't run M$ shit? Are the RA's really clueful enough to realize this, or are they going to be stupid tools of the system and sit there and force you to attempt installation, and then accuse you of subversion when the Win32 binaries don't run on your *nix box?
These are just a few off-the-top examples of why this action was a Brain-Dead (TM) thing to do. The IT department has every right to implement network-level measures to stop the spread of malware. But their jurisdiction STOPS at the network jack in the wall!
Do you know what "6X7liA1zmJhyA" means?
I realize you were joking, but...
That's an old-school DES crypted password. If this text file is legit (doubtful), that would mean SCO is stupidly using old tech instead of modern MD5 passwords. Fools.
I refuse to support people who want to screw me.
I, for one, do emphatically support people who want to screw me.
What the hell?!?
Right off the top of my head are these long-standing open-source packages with long histories of security holes: wu-ftpd [...] sendmail [...] vixie-cron
Wow, how could you forget the most obvious one?
The three you mentioned are indeed bad, but BIND is definitely, by far, the most bug-ridden, insecure, shoddily-designed piece of trash ever to embarrass the open-source community. No bitchfest about bad software is complete without mentioning BIND.
Between vixie-cron and BIND, I'd support a law prohibiting Paul Vixie from ever touching a computer again. Kinda like Kevin Mitnick's probation, but with actual justification this time around...
Anyway, a big "thank you" goes out to DJB for freeing the world from the mess that is BIND (and Sendmail, for that matter)!
IBM is an evil corporation, don't get me wrong
Why, exactly? As a longtime Slashdotter, I know why I'm supposed to hate Microsoft, the RIAA, the MPAA, Adobe, DigitalConvergence (CueCat), AOL/TW, Apple, DoubleClick, ad nauseum, and now SCO, but what has IBM done? I thought that they were The Good Guys (TM), what with their US$1x10^9 Linux campaign and whatnot...
Overtime charges, benefits and basic salary for an $74k employee for the last three days are running what? At least $1000k per employee. With eight IT dudes running around fixing all of the Wintel systems
Please, please, tell me where I can find a $74K job "running around fixing [..] Wintel systems."
Come to think of it, tell me where I can find a $25K job doing same, and I will buy you a very large case of your favorite beverage.
IN SOVIET RUSSIA, Mars builds power plants on YOU!
:)
Sorry, just had to.
What the hell is a jigga-watt?!?
Did you see the href over to IMDB's page on "Back to the Future"? If not, you're retarded.
If you indeed followed the hyperlink, there are two possibilities.
(1) You've seen the BttF trilogy, in which case you're retarded for not catching the significance of "jigga-watt" (the professor's mispronunciation of gigawatt)
(2) You've not seen the BttF trilogy, in which case you're retarded for replying in the manner you did without sufficient background knowledge -- the URL was an obvious clue-in to a geek joke.
1100MW nuclear reactor
Would that be one point one jigga-watts?!?
Given that there wasn't yet a patch available when they were cracked, they in fact did discover the crack, and they in fact do have complete backups, on what basis do you conclude that the admin(s) "is/are incompetent"?
Running wuftpd when publicfile and pureftpd exist is strong evidence of incompetence.
Unbelievable. And I'm supposed to trust their methods and products with my enterprise?
What's unbelievable is the blatant stupidity of that statement.
Sure, this incident demonstrates that the person(s) in charge of the maintenance of ftp.gnu.org is/are incomptent. How you extrapolate from that to reach the conclusion that hundreds of GNU programs written and maintained by thousands of programmers are therefore sub-par, especially since these tools have been continually refined and perfected over the last decade or so and are objectively much better than those from any corporate vendor, is the truly incomprehensible matter.
Enterprise my ass, anyway.
One of the side effects, however, is an unpleasant body odour
...yeah...like this affects the slashdot crowd much...
I don't get this stereotype. At all. I can understand nerdy, lonely, fat, etc. as characterizing a good cross-section of the Slashdot readership. But smelly? Come on! If anything, wouldn't highly technical, detail-oriented people be clean freaks? I know I shower at least once every day...
Not that any of this matters. The baseless joke will continue to be made, and dumbass moderators (yes, I'm talking about you, sitting there with the mod points) will continue to reward its use. But I just had to get that rant off my (squeaky-clean) chest.
Somebody explain to me how the f*** this got modded up to +5.
Here:
Okay, now mod me up to +5 too! Friggin' A.
I' dunno, I thin'k mayb'e Sla'shdo'tters are'all of one' opinion on thi's one...
"speling". From Apache, the module which auto-corrects typos in URLs.
Go read this...