1) Encrypted file transfer 2) User authentication 3) chroot jail environment
After initally looking at F-Secure's ssh server for Windows to match the system standards. We found out that certain SSH subsystems (namely sftp) we not 100% compatible with all clients. I'd put the openssh code up against commercial offerings if you can spend a little bit of time configuring.
In the end we waived standards and used Linux, openssh+openssl+ldap. It did require patching the sftp subsystem for chroot access that was obtained off of the openssh mailing list. This does require a suid executable, but since our customers are [semi] trusted, the risk of them smashing the stack is manageable.
Customers can now sftp or scp in and are rooted to the ~username directory. At present, implementation has be as easy as our dedicated line FTP customers. Ironically, we recommend commerical SSH clients...
Wow. And LLNL was definitely part of the holy trinity along with LANL and Sandia as the preminent nuclear weapons sites. Getting stuck in a Kane booth at LLNL was always so much fun.:/
From the computer science side of things though, Livermore has contributed a lot. It'd be sad to see them disbanded.
It's very likely that if someone gained access to my strong password without my knowledge, they'll have access to the next one I choose as well. Weakening the passwords just helps them get that initial foothold.
If the method used is not an accidental disclosure, this is true. But I would contend that requiring password changes does not weaken passowrd selection if the user is alredy familiar with creating strong passwords. Mandatory changes can assist in risk assesment by providing a known window of opportunity.
If the compromise happened accidentily (shoulder surfing, etc), the time the intruder has is limited to the password change policy.
If I changed those passwords on a regular basis, I'd have to come up with something easier to remember to make up for the decreased learning time. That would likely make my password less secure.
The reason mandatory password changes are used to limit the window of vulnerabiltiy in the event someone does get the password (by hook or by crook). What if someone gains access to your strong password without your knowledge? If you don't change it in 3, 6, or 12 months (or years), they have complete access, potentially without your knowledge.
Passwords are not the greatest authentication method, but when compared to the trade-offs of other mechanisms such as smartcards, 2 factor approachs, biometrics, etc., they are still the easiest to manage.
There's even a better way with encryption such as PGP. We use it here at work. All critical files are encrypted not only with the keys of those who need to see it, but with a special escrow key that we all have on our key ring.
In the safe deposit box is a couple CD-R's with the private key and the passphrase. And just in case, the protected private key is stored on paper.
Other alternatives would be to use true key escrow. Employee keys are broken up in n parts, which are given to different departments, locations, etc. A certain number of these key parts can be used to recreate the complete key pair. A nice feature of the now defunct NAI PGP division. Grrrr.
Mac OS X does a great job of this right now. Close the screen, unplug the TiBook from the network, go home|work. Open the screen and you're running in less than 10 seconds.
Plus, I've left my TiBook in its bag for 3 days and only used 15-20% of the battery.
I *started* to use my Tivo to stop this from happening. It doesn't take much willpower not to select something that the Tivo recordered but I don't wish to watch (such as the Oscar crap). However, I did watch the Cheryl Crow videos.
If you want to rail on TV, let's start with Enterprise doing those 2 hours episodes and overwritng my West Wing season pass!:>
As long as you vacuum my floor and do the dished I'd be happy. Well, there is the chance that you'd try to steal something.
But, if you defined in a contact what you would and wouldn't do, and we both agreed to that, c'mon over. This is what all Tivo users did when they bought their units (and subscriptions).
Hell, Tivo have done a good job at both attempting to run a business and not getting overly draconian in their use of of the PVR.
I know it's stupid, but I would upgrade my 4 month old TiBook 667 to the new model (800Mhz) in a heartbeat, if the price differential wasn't too much.
best damned laptop I've ever owned, and sexy to boot!
...and those covered-up logo's
on
Good Guys Use Macs
·
· Score: 2, Informative
I'm new to the Apple Computer Company of the 00s, but having used the svelt TiBook, I've started to recognize it more often on TV. I guess looks do count for something, but it is refreshing to see OS X grace the screen once in a while.
CSI - TiBooks throughout the lab, never see the back of the screen or it's blocked by something.
West Wing - CJ & Co tapping away on TiBook' also, normally hidden by a [tasteful] vase.
Props to Six Feet Under for using Apple's top of the line laptop to write pr0n.
Any college experience is helpful, no matter what the job. In the long term it helps with interacting with your peers, especially if they are professionals. A common background and all that. And it historically gets you more money for the same job (go HR.... you bastards!).
But in the area of system administration, having a *fundamental* understanding of computer science will take you a long way--especially if in the future you decide system administration no longer does it for you. Personally, boolean algerbra, compiler design, structured programming, etc. Plus, the interaction with others in the same field is all good.
In my experience, college ehanced my skills, understanding for what those damned programmer types do, and has allowed me to quickly come up to speed on the skillz-du-jour to keep myself marketable.
Is the internal Airport card and Orinoco Sliver or Gold? I know some of the older AP's and Airport cards were rebadged Silvers, but my TiBook/667 can do 128-bit WEP, which I thought was only possible with the Gold card.
For me, I think it's pretty silly of Nevada to include a mushroom cloud on the plate, but I guess if that's what they want to be associated with, that's their choice.:)
Why is it silly? The Nevada Test Site is part of southern Nevada's history. In the day of above ground testing, it was common to see the remains of mushroom clouds over mountain ranges to the north.
During it's heydey in the 60s - 80s, the NTS generated a lot of jobs, both directly and indirectly for Nevada residents. Plus all them damn LASL (err, LANL), SNL, and LLNL folks coming over for the tests.:) Most Las Vegans probably remember the fleets of buses that headed out each morning up US-95 to the site. Sucked working in the forward areas though and having to get up at 4.30 to catch the early buses.
There is some cool tech that went on out there too, especially in remote sensing and data communications in support of nuclear and non-nuclear activities. Driving the site to maintain these networks gave a real sense of cold war history, and the part that the NTS provided. Plus, some of the most pragmatic engineers and scientists I've had the please to work with.
I'm glad to that my home state finally has a license plate that doesn't look like a smugde on a silver background. Too bad I live in Atlanta now and can't get me one o' those. Oh, if someone is going to burn down Atlanta, please, please, please make sure to do up to the perimenter so we can get some decent roads in/out of here.
It's a little different when you make a purchase at a store vs. the 'net. Until they ship the product to you, it's still an order, no matter if you hit the "submit" button or not.
I'd say it is similar to someone in the store writing up a sales order for price $x, then having the front register deny it based on the wrong price. I love getting deals too, but this is just a group of people trying to get a product based on a couple/few stores honoring an obviously whacked price.
Shuttles??? My god man, this is Vegas! You're supposed to get into the 92' black and gold super-strech limo. (Not that those add to the congestion on the strip.
They've beent alking about putting in a monorail system for a while now. At least since the mid-80's when I did work for the convention and visitors authority. Does anyone still know if the monorail between the MGM Grand and the old MGM (catty corner to Caesars) still runs?
From what I can discern, they are trying to get rid of are the so-called "master merchants", or aggregators. A master merchant will engage with an acquirer for processing MasterCard. MasterCard doesn't deal directly with the end merchant in this case.
It appears to be a play to get rid of the third-partys. I wonder if this will play into Visa/Amex's favor?
Slashdot Mirror
I have a hard time believing that the DA, SEC, or FTC would go after a company that made unprofitable business decisions. Anybody know?
Shareholder lawsuits. Happen all the time, normally for stupid stuff.
That's all good and fine if an intelligent species ever visits the Earth....
Our company had similar requirements:
1) Encrypted file transfer
2) User authentication
3) chroot jail environment
After initally looking at F-Secure's ssh server for Windows to match the system standards. We found out that certain SSH subsystems (namely sftp) we not 100% compatible with all clients. I'd put the openssh code up against commercial offerings if you can spend a little bit of time configuring.
In the end we waived standards and used Linux, openssh+openssl+ldap. It did require patching the sftp subsystem for chroot access that was obtained off of the openssh mailing list. This does require a suid executable, but since our customers are [semi] trusted, the risk of them smashing the stack is manageable.
Customers can now sftp or scp in and are rooted to the ~username directory. At present, implementation has be as easy as our dedicated line FTP customers. Ironically, we recommend commerical SSH clients...
Red hearts! Green clovers! Blue diamonds!!!
Wow. And LLNL was definitely part of the holy trinity along with LANL and Sandia as the preminent nuclear weapons sites. Getting stuck in a Kane booth at LLNL was always so much fun. :/
From the computer science side of things though, Livermore has contributed a lot. It'd be sad to see them disbanded.
It's very likely that if someone gained access to my strong password without my knowledge, they'll have access to the next one I choose as well. Weakening the passwords just helps them get that initial foothold.
If the method used is not an accidental disclosure, this is true. But I would contend that requiring password changes does not weaken passowrd selection if the user is alredy familiar with creating strong passwords. Mandatory changes can assist in risk assesment by providing a known window of opportunity.
If the compromise happened accidentily (shoulder surfing, etc), the time the intruder has is limited to the password change policy.
If I changed those passwords on a regular basis, I'd have to come up with something easier to remember to make up for the decreased learning time. That would likely make my password less secure.
The reason mandatory password changes are used to limit the window of vulnerabiltiy in the event someone does get the password (by hook or by crook). What if someone gains access to your strong password without your knowledge? If you don't change it in 3, 6, or 12 months (or years), they have complete access, potentially without your knowledge.
Passwords are not the greatest authentication method, but when compared to the trade-offs of other mechanisms such as smartcards, 2 factor approachs, biometrics, etc., they are still the easiest to manage.
There's even a better way with encryption such as PGP. We use it here at work. All critical files are encrypted not only with the keys of those who need to see it, but with a special escrow key that we all have on our key ring.
In the safe deposit box is a couple CD-R's with the private key and the passphrase. And just in case, the protected private key is stored on paper.
Other alternatives would be to use true key escrow. Employee keys are broken up in n parts, which are given to different departments, locations, etc. A certain number of these key parts can be used to recreate the complete key pair. A nice feature of the now defunct NAI PGP division. Grrrr.
Mac OS X does a great job of this right now. Close the screen, unplug the TiBook from the network, go home|work. Open the screen and you're running in less than 10 seconds.
Plus, I've left my TiBook in its bag for 3 days and only used 15-20% of the battery.
I stopped watching TV because the ads enraged me.
I *started* to use my Tivo to stop this from happening. It doesn't take much willpower not to select something that the Tivo recordered but I don't wish to watch (such as the Oscar crap). However, I did watch the Cheryl Crow videos.
If you want to rail on TV, let's start with Enterprise doing those 2 hours episodes and overwritng my West Wing season pass! :>
As long as you vacuum my floor and do the dished I'd be happy. Well, there is the chance that you'd try to steal something.
But, if you defined in a contact what you would and wouldn't do, and we both agreed to that, c'mon over. This is what all Tivo users did when they bought their units (and subscriptions).
Hell, Tivo have done a good job at both attempting to run a business and not getting overly draconian in their use of of the PVR.
---
I know it's stupid, but I would upgrade my 4 month old TiBook 667 to the new model (800Mhz) in a heartbeat, if the price differential wasn't too much.
best damned laptop I've ever owned, and sexy to boot!
I'm new to the Apple Computer Company of the 00s, but having used the svelt TiBook, I've started to recognize it more often on TV. I guess looks do count for something, but it is refreshing to see OS X grace the screen once in a while.
CSI - TiBooks throughout the lab, never see the back of the screen or it's blocked by something.
West Wing - CJ & Co tapping away on TiBook' also, normally hidden by a [tasteful] vase.
Props to Six Feet Under for using Apple's top of the line laptop to write pr0n.
It appears that most of the deaths descirbed on that site are for people being stupid. Really stupid.
Until Microsoft launches the online service and some true statistics come in, it's all speculation.
Any college experience is helpful, no matter what the job. In the long term it helps with interacting with your peers, especially if they are professionals. A common background and all that. And it historically gets you more money for the same job (go HR.... you bastards!).
:>
But in the area of system administration, having a *fundamental* understanding of computer science will take you a long way--especially if in the future you decide system administration no longer does it for you. Personally, boolean algerbra, compiler design, structured programming, etc. Plus, the interaction with others in the same field is all good.
In my experience, college ehanced my skills, understanding for what those damned programmer types do, and has allowed me to quickly come up to speed on the skillz-du-jour to keep myself marketable.
You're young, so investigate them options!
Is the internal Airport card and Orinoco Sliver or Gold? I know some of the older AP's and Airport cards were rebadged Silvers, but my TiBook/667 can do 128-bit WEP, which I thought was only possible with the Gold card.
And interestingly enough, Lathrop Wells, where prostitution is legal in Nye County, NV, is only 35.42 from the Test Site. So sayeth the MaqQuest
For me, I think it's pretty silly of Nevada to include a mushroom cloud on the plate, but I guess if that's what they want to be associated with, that's their choice. :)
:) Most Las Vegans probably remember the fleets of buses that headed out each morning up US-95 to the site. Sucked working in the forward areas though and having to get up at 4.30 to catch the early buses.
Why is it silly? The Nevada Test Site is part of southern Nevada's history. In the day of above ground testing, it was common to see the remains of mushroom clouds over mountain ranges to the north.
During it's heydey in the 60s - 80s, the NTS generated a lot of jobs, both directly and indirectly for Nevada residents. Plus all them damn LASL (err, LANL), SNL, and LLNL folks coming over for the tests.
There is some cool tech that went on out there too, especially in remote sensing and data communications in support of nuclear and non-nuclear activities. Driving the site to maintain these networks gave a real sense of cold war history, and the part that the NTS provided. Plus, some of the most pragmatic engineers and scientists I've had the please to work with.
I'm glad to that my home state finally has a license plate that doesn't look like a smugde on a silver background. Too bad I live in Atlanta now and can't get me one o' those.
Oh, if someone is going to burn down Atlanta, please, please, please make sure to do up to the perimenter so we can get some decent roads in/out of here.
Your wish, my command:
Internal Computer Driver's License
I resigned from a small Caribbean country's Computer User's Society when they spent upwards of USD$25K to implement this....
It's a little different when you make a purchase at a store vs. the 'net. Until they ship the product to you, it's still an order, no matter if you hit the "submit" button or not.
I'd say it is similar to someone in the store writing up a sales order for price $x, then having the front register deny it based on the wrong price. I love getting deals too, but this is just a group of people trying to get a product based on a couple/few stores honoring an obviously whacked price.
Shuttles??? My god man, this is Vegas! You're supposed to get into the 92' black and gold super-strech limo. (Not that those add to the congestion on the strip.
They've beent alking about putting in a monorail system for a while now. At least since the mid-80's when I did work for the convention and visitors authority. Does anyone still know if the monorail between the MGM Grand and the old MGM (catty corner to Caesars) still runs?
Uh, as long as the monorail doesn't go over the North-South runway, they should be ok.
Dude! Didn't you see the red lights on the front fans? Easily can push through 5x airflow with those puppies at 1/2 the dB level!
I bet they bought all the pieces-parts online from PayPal vendors.... and used a TechTV MasterCard!
WTG Yoshi, now can you make one for me? Oh, throw in a Colecovision too please.
From what I can discern, they are trying to get rid of are the so-called "master merchants", or aggregators. A master merchant will engage with an acquirer for processing MasterCard. MasterCard doesn't deal directly with the end merchant in this case.
It appears to be a play to get rid of the third-partys. I wonder if this will play into Visa/Amex's favor?