Yes, you very well covered if your laptop gets stolen, as long as the power's off. The only copy of your private key is on the hard disk, and your passphrase is required to use it, because it's encrypted.
If your laptop is stolen while powered on with an active login session, you may be screwed.
Essentially it goes:
Remote machine: At the request of user bar, I will permit any machine that can prove it has private key foo to log in as user bar.
Local machine: If user bar (or baz) supplies the password for key foo, I can decrypt it. If I can decrypt key foo, I will use it to log into the remote machine.
So in fact, the remote machine doesn't trust your local machine, it trusts the key.
The only decrypted copy of the key is in memory. If you're really unlucky, it got swapped to disk, and was recovered by the person who stole your laptop. Recovering a key like this is nontrivial to do, but not impossible.
SSH can use several forms of authentication, including public key cryptography. You use a password to encrypt your private key, which you supply on login.
Once your private key is decrypted, SSH can use it to authenticate you on any site that uses your public key for authentication.
There is security at every step. You typically have to be logged in as yourself (or root) to read your private key, you have to supply a password to decrypt the key, and you can remove they key from memory at any time.
You can't have better resolution than the original. Displaying a digitally-produced movie using a digital projector eliminates an information-losing digital-to-analog conversion.
I saw Shrek on a digital screen, and I could sure tell. It was more like watching TV than watching a movie, but I mean that in a good way-- There was no flicker, no film grain. The image was stable, sharp, and the colour was good.
For digitally-produced works, digital projection Just Makes Sense, and I expect the day will come when it beats out film projection even for film-based movies.
Maybe some winmodems are supported, but THIS ONE ISN'T. So in this case, the inclusion of this winmodem means that Windows is required to take full advantage of the hardware.
Read the article. They talk about how some winmodems are supported, but not this one.
And, like the other people said, I'd rather see an open-source driver.
Yes, there's a Heinlein book called The Man who Sold the Moon. It's a collection of Future History stories, with the story "The Man who Sold the Moon" as its "title track".
I've never read it, because I assumed that The Past Through Tomorrow contained all the Future History stories.
His point is that Lucent shouldn't have the right to any changes you make, merely those changes you publish.
If you write something for completely personal use that falls under the license, why should Lucent have any rights to it? What if your changes turn out to be dangerous or highly embarassing?
This clause basically gives Lucent rights to a seach warrant on your development machine. Keep software companies out of my computer. That's what I ask.
This looks like very useful software, if it works as advertised. Where I work, we have an entire Win2k server whose only purpose is providing authentication. For us, this could be the missing link.
It seems like an alternative to the Samba TNG project. Where SMBTNG is working to create Open Source Domain Controllers that run under Unix, pGina makes Domain Controllers irrelevent by allowing Win2k to use Open Source *nix authentication methods.
I have to think though, that pGina is probably far simpler to implement than Samba TNG.
I admit ignorance. But he's talking about upgrading motherboards and CPUs, which must be Mac-specific, hence lower volumes, hence higher prices. Or are motherboard upgrades even available?
GCC isn't a "product", and it's not under the sole control of a competitor, and it doesn't compete with the Visual C compiler.
GCC isn't a product, it's a program. Visual Studio is a product. If Microsoft wants to have a patch for GCC, no one is stopping them. GCC does not compete with the Visual C compiler because you can't buy Visual C without a compiler.
But I'll back down a bit and say MS should provide a portability switch, and make sure that code that compiles with no warnings under it should compile on GCC.
Here are some random ways MS could cooperate with open-source:
MS should document every API and protocol. That documentation should include BSD-licensed or public-domain reference implementations.
They should either fix their lame POSIX implementation so Cygwin isn't needed, or contribute to Cygwin.
They should work to ensure that Visual C can use GCC as its compiler, and that anything that the Visual C compiler can build can also be built by gcc.
They should include a rootless X Window server in future versions of Windows so that Unix (open and closed source) software can be ported to Windows more easily.
For network tools they maintain (ping, tracert), they should switch to the FreeBSD or Gnu tools, and synchronize their trees.
They should contribute to cfdisk, fdisk and the vfat tools to make their output completely compatible with windows. Or they could open-source their own "fdisk" and "format" tools so they could be ported to Linux and xBSD.
They should discourage developers from creating IE-only web pages, encouraging developers to follow web standards instead. This will make it easier on the open-source browser developers.
They should make their "web fonts" copyright-free: Andale Mono, Georgia, Verdana, Arial, even Times New Roman would make great cross-platform standards.
They could also make some of their patents royalty-free for open-source software.
They could also submit all of.NET to a standards body, and guarantee that they will not ever patent any of it, so the MONO project has a more certain future.
I think you're drawing the wrong conclusion from the fact that your Windows game machine requires more upgrades.
1. The fact that you have a whole machine for gaming suggests that Mac isn't a viable gaming platform for you.
2. Games require more upgrades than mp3s, CD-RW and digital imaging
3. If Mac were a viable gaming platform for you, you'd be upgrading more. I don't know how Mac upgrade costs compare to PC upgrade costs, but you'd probably be spending more than your PC upgrade costs, and significantly less than you spend on Mac and PC combined.
Routing is not a misnomer. In fact, there are two things broken; their proxy server and their routing. Their proxy server is buggy or misconfigured; their router is deliberately broken so that it sends any traffic on port 80 to their proxy machine, instead of the server it was intended to go to. If this wasn't his ISP, we'd call it a man-in-the-middle attack.
Slashdot Mirror
Of course, some OSes support encrypted swap. . .
Yes, you very well covered if your laptop gets stolen, as long as the power's off. The only copy of your private key is on the hard disk, and your passphrase is required to use it, because it's encrypted.
If your laptop is stolen while powered on with an active login session, you may be screwed.
Essentially it goes:
Remote machine: At the request of user bar, I will permit any machine that can prove it has private key foo to log in as user bar.
Local machine: If user bar (or baz) supplies the password for key foo, I can decrypt it. If I can decrypt key foo, I will use it to log into the remote machine.
So in fact, the remote machine doesn't trust your local machine, it trusts the key.
The only decrypted copy of the key is in memory. If you're really unlucky, it got swapped to disk, and was recovered by the person who stole your laptop. Recovering a key like this is nontrivial to do, but not impossible.
SSH can use several forms of authentication, including public key cryptography. You use a password to encrypt your private key, which you supply on login.
Once your private key is decrypted, SSH can use it to authenticate you on any site that uses your public key for authentication.
There is security at every step. You typically have to be logged in as yourself (or root) to read your private key, you have to supply a password to decrypt the key, and you can remove they key from memory at any time.
iD does it. My copy of Quake III Arena, for example
Thanks for clearing that up, Jon. Someone should have moderated you up.
Does anyone know what this story's about? I mean, seriously.
MHP something? From whatsisname? Something about digital TV?
Sigh.
You can't have better resolution than the original. Displaying a digitally-produced movie using a digital projector eliminates an information-losing digital-to-analog conversion.
I saw Shrek on a digital screen, and I could sure tell. It was more like watching TV than watching a movie, but I mean that in a good way-- There was no flicker, no film grain. The image was stable, sharp, and the colour was good.
For digitally-produced works, digital projection Just Makes Sense, and I expect the day will come when it beats out film projection even for film-based movies.
Maybe some winmodems are supported, but THIS ONE ISN'T. So in this case, the inclusion of this winmodem means that Windows is required to take full advantage of the hardware.
Read the article. They talk about how some winmodems are supported, but not this one.
And, like the other people said, I'd rather see an open-source driver.
Yes, there's a Heinlein book called The Man who Sold the Moon. It's a collection of Future History stories, with the story "The Man who Sold the Moon" as its "title track".
I've never read it, because I assumed that The Past Through Tomorrow contained all the Future History stories.
Hey! Us Canadians don't have thick accents! It's Southern Americans that do!
His point is that Lucent shouldn't have the right to any changes you make, merely those changes you publish.
If you write something for completely personal use that falls under the license, why should Lucent have any rights to it? What if your changes turn out to be dangerous or highly embarassing?
This clause basically gives Lucent rights to a seach warrant on your development machine. Keep software companies out of my computer. That's what I ask.
That's because there's no free fixed-point implementation.
:-)
There's a hole in the bucket, dear Liza.
Major copyright issues.
It might be legal for Slashdot to set up a caching proxy server, (like ISPs do), but can you really see that?
Hmm, that might just be a subscriber feature. . .
A faster/slower would go faster, but use gas more slowly.
Actually, I think it's wide 'cause it's a scan of a magazine ad.
This looks like very useful software, if it works as advertised. Where I work, we have an entire Win2k server whose only purpose is providing authentication. For us, this could be the missing link.
It seems like an alternative to the Samba TNG project. Where SMBTNG is working to create Open Source Domain Controllers that run under Unix, pGina makes Domain Controllers irrelevent by allowing Win2k to use Open Source *nix authentication methods.
I have to think though, that pGina is probably far simpler to implement than Samba TNG.
Thinner. :-P
I admit ignorance. But he's talking about upgrading motherboards and CPUs, which must be Mac-specific, hence lower volumes, hence higher prices. Or are motherboard upgrades even available?
GCC isn't a "product", and it's not under the sole control of a competitor, and it doesn't compete with the Visual C compiler.
GCC isn't a product, it's a program. Visual Studio is a product. If Microsoft wants to have a patch for GCC, no one is stopping them. GCC does not compete with the Visual C compiler because you can't buy Visual C without a compiler.
But I'll back down a bit and say MS should provide a portability switch, and make sure that code that compiles with no warnings under it should compile on GCC.
Here are some random ways MS could cooperate with open-source:
.NET to a standards body, and guarantee that they will not ever patent any of it, so the MONO project has a more certain future.
.
MS should document every API and protocol. That documentation should include BSD-licensed or public-domain reference implementations.
They should either fix their lame POSIX implementation so Cygwin isn't needed, or contribute to Cygwin.
They should work to ensure that Visual C can use GCC as its compiler, and that anything that the Visual C compiler can build can also be built by gcc.
They should include a rootless X Window server in future versions of Windows so that Unix (open and closed source) software can be ported to Windows more easily.
For network tools they maintain (ping, tracert), they should switch to the FreeBSD or Gnu tools, and synchronize their trees.
They should contribute to cfdisk, fdisk and the vfat tools to make their output completely compatible with windows. Or they could open-source their own "fdisk" and "format" tools so they could be ported to Linux and xBSD.
They should discourage developers from creating IE-only web pages, encouraging developers to follow web standards instead. This will make it easier on the open-source browser developers.
They should make their "web fonts" copyright-free: Andale Mono, Georgia, Verdana, Arial, even Times New Roman would make great cross-platform standards.
They could also make some of their patents royalty-free for open-source software.
They could also submit all of
I could go on, but I'd better not. .
I think you're drawing the wrong conclusion from the fact that your Windows game machine requires more upgrades.
1. The fact that you have a whole machine for gaming suggests that Mac isn't a viable gaming platform for you.
2. Games require more upgrades than mp3s, CD-RW and digital imaging
3. If Mac were a viable gaming platform for you, you'd be upgrading more. I don't know how Mac upgrade costs compare to PC upgrade costs, but you'd probably be spending more than your PC upgrade costs, and significantly less than you spend on Mac and PC combined.
Routing is not a misnomer. In fact, there are two things broken; their proxy server and their routing. Their proxy server is buggy or misconfigured; their router is deliberately broken so that it sends any traffic on port 80 to their proxy machine, instead of the server it was intended to go to. If this wasn't his ISP, we'd call it a man-in-the-middle attack.
I've got an old Avermedia TV98 (BT848) and Geforce 3 V3800 deluxe (philips chipset) in my dual-athlon system, and there's no incompatibility.
Winelib is a Linux-native win32 API implementation. Once you get your code working with winelib, you don't need two codebases.
The article originally appeared here last week. Sheesh. Don't pretend it's an original Slashdot article if it's not.