Right now in existing operating systems, some sort of keyboard driver will translate the keystrokes coming down the wire into characters and pass it where it needs to be. Of course, anywhere between the driver and the keryboard can be compromised. You can tamper with the physical cable, between the cable and the keyboard port, or directly in the software.
Now imagine this scenerio to fight this:
The keyboard and OS are NGSCB (Microsoft's Next-Generation Secure Computing Base (NGSCB)) -aware.
They have been configured to work together. (Leave the discussion for HOW that happens another day)
The keyboard will ENCRYPT all keystrokes and ensure the integrity of the data with a message digest and send the secure payload to the OS.
The OS kernel driver for the keyboard receives the data. The keyboard driver is untrusted, and can do nothing with the data except drop it. Ok. Denial of service if this is a rogue driver. But nothing else can happen. No information disclosure. It can't read the information. A proper keyboard driver would see this special payload and transfer it to the trusted environment through the use of a secure conduit transport. (Microsoft calls their particular environment Nexus, and have easy to use API to accomplish this)
Here the trusted computing base can pass the payload to the proper secure driver, in this case a secure keyboard driver that can verify the integrity of the data and unencrypt it. It can then determine what information can be passed back to the untrusted kernel. Microsoft calls these drivers agents, or more commonly NCA. In the case of password management, they can verify passwords securely on the trusted side, and just pass back particular results to the untrusted side.
At this point... both software and hardware keystroke loggers become useless. They can do very little but record the encrypted payload. (Of course they could try to brute crack this.. but a good design would account for this). It's actually quite a neat design... except that you have to trust the "trusted code base". Of course, you don't HAVE to. You could replace Microsoft's Nexus with your own. And from my understanding they are making provisions for that in Longhorn. But should I trust you any more than Microsoft?
I am over simplifing this, but my point is that Trustworthy Computing is actually a good thing.
On http://www.suspiciousfifth.com, we've released our second record independently, under the inde lable "Independent Records" (http://www.inderec.com). They provide the SoundScan barcode, list us in the database, and even link to our online storefront.
We have a ProTools rig in our basement, I did all the artwork, and we gig to pay the manufacturing bills - http://www.digitalsunspot.com does a great job printing and pressing. They did our first record.
If you looked and heard the record, you would't be able to tell it's an independent release. We've sold hundreds of CDs online (from our site) and are looking to hit the 1000's mark soon.
But you know, honestly, the hard part is not making your record available via the web, it's finding the kind of money a record company would front to market it. I don't care how creative your great your disc is, if you don't push it in people's faces - they will never hear it.
I also work for a large organization and we use Datawatch's QSM Server product. It works quite well, allowing ticket integration with the SDLC and SLA levels and allows you to build a problem topic tree for every application supported. Has good email notification and UI as well. Supports various enterprise level backends.
http://www.datawatch.com/img/prod_qsmserver_lrg. gi f
My brother works for the company that is heading up Microsoft's Midwest Windows 2003 Server Campaign. They are called ARCHRIVAL - Check them out here: http://www.archrival.com
See, the problem with pushing your own music online without the help of a huge recording company is that your MP3 looks exactly like every other Indie band's mp3s on the net. There are no press conferences, no flashy online promo events by Coca-Cola to push the downloads. Just an MP3 that is 3+ meg - and the only thing that makes it unique from the million others (until you play it of course) is it's name - or someone's review of it. I'm speaking from experience. My band is due to release our first full length on Nov. 23rd. And the big question is - "How do we promote this online?"
Where I live there is great, great support for local music. The scene is stellar, there is local radio support and a huge website dedicated to the arts in the city. We have produced bands like 311 and The Faint, but all without much help from online music promotion.
A P2P arena is even harder, as people actually have to be LOOKING for your music vs. stumbling across it. Do I just search for random words hoping to get cool music? That is not gonna happen.
This is exactly why I take every advantage I get to promo online (I.E, my sig:) Any commments?
A FLOWING word of advice.
on
Water Computing
·
· Score: 0, Offtopic
Don't read this article when you are on your 8th Corona. I got half way through, then had this sudden urge to, well...piss like a race horse.....I'm goin to get my freak on at the clubs -
My first question is, you say I sound like I'm barely out of high school? Is that because I can spell and use proper english? This sentence is pathetic - "When you have a drive fail and find out that your RAID was properly set up then you find out about real downtime."
You're making yourself look stupid, but I'll give you the benefit of the doubt.
I'll agree with you that hardware failure is a large portion of downtime. Very true. My point is, I'm not sure what kind of site your company is hosting, or the amount of traffic you get, but the one I developed sure as hell won't run on $2000 worth of hardware. That's a fact.
The funny thing is, I don't even know why I'm arguing with you. You insulted me, and I gave you an explanation on my question. So, I guess I'm not sure of the point you are trying to get across? Plus, I more or less don't really give a shit. So, unless you want have an educated conversation, restate your point, and help me understand what it is you are trying to prove, I'm done...
P.S. Direct me to where this article says it is ONLY about webservers.
Hmmm...you must live in La-La land if you think that all large companies have redundant systems, or that the sys admin has anything to do with the amount of money Mr. CEO is willing to spend on IT (redundancy isn't cheap) given the market state. But what is even better is your quote - "Downtime is meaningless". Have you ever had a job in IT? Evidently not.
Wow, you need to chill out. If you are relating to this sentence: "The study revealed that Windows administrators spent twice as much time patching systems and dealing with other security-related issues than did Solaris or Linux admins."
Great, you got me on the patching issue. Congrats. Wanna cookie? I'm still interested if they calculated in downtime.
I believe someone on slashdot posted this link to the XMMS MP3 Plugin for Red Hat 8.0 a couple days ago. I guess some of ya'll aren't paying attention.:)
I'm one of those guys that just can't resist installing a fresh new copy of the latest version of RH the day after is is released. With all the hype surrounding 8.0, I was stoked to start running this OS. Truthfully, I was less interested in the GUI and more focused on the integration of Apache 2.0, gcc 3.2..etc. The install was quick, AND painless. BUT, the damn installer would not allow me to "deselect" the base DBMSs and install MYSQL alone unless I "selected all packages individually".
Seems ODD to me....
Other than that...the only problems I had was with my own PHP code being incompatible with the latest version of PHP 4.2.x (which also annoys me). Oh, and P.S. don't try to "dump your data" out of your old phpMyAdmin, and try to import it in to the new version. IT NADA WORK.
But I must say, RH 8.0's interface is perty. Sucks there is no MP3 support..Unless you go HERE
I'm a songwriter, and I considered Napster to be a really great vehicle to get my music to others that would normally not get the opportunity hear it. I own my music, and I wanted to give it away free. That is my right. Are you telling me that this argument doesn't matter? Also, Napster didn't break "a law". There were no laws governing P2P file sharing technology. The people using Napster and downloading copyrighted material that they DIDN'T ALREADY OWN were the ones breaking the laws. Not the company itself....if I use my Jeep Wrangler as a getaway car in a robbery maybe we should sue Jeep for "Breaking Laws" and giving me the opportunity to commit a crime. Those Vehicle Making Bastards.
Why dosen't the US develop an OS strictly for secure governmental transactions/use? The country definatly has the resources. The outcome would be a system that no one could just "install at home" and discover weaknesses. I'm sure there are downsides (and feel free to let me know)..but in my mind no existing OS (be it free or not) is secure enough for what uncle sam wants to use it for.
1.) What is the Opportunity Cost/Monitary Cost of a College Degree? Maybe a couple of years of average wages - assuming you attend a 2 year tech school (few will pay the big bucks to a kid with a high school degree, regardless of knowledge or experience). Plus, the cost of school itself.
2.) Benefits of a degree - You have something to put in the "Education" are of your resume other than a high school degree. It may sound trival & stupid...but it's true. - The chance to work with top of the line technology (depending on the school) and to be around others who are equally interested in your field (this is where you learn the most) - You increase your market value
I think the basic question that you have to ask yourself is: "Do I want to be an SA for the rest of my career?".
I was in the same boat coming out of high school (graduated in 1996). I had way more experence in the "computing area" than many adults I knew. In fact in 93-94, I was the only one in my high school with internet access (1200 baud:)). so, naturally I felt like I could easly enter the job market. But something just erked me about not having some sort of higher education to give myself the chance for advancement in case I wanted to change fields later in life.
I'm graduating next week with a Masters Degree in e-Business, and I really feel that I made the right choice. Don't trap yourself into a career by passing up a college degree, even a 2 year school would be sufficient. It will only enhance your marketability when applying for jobs.
For the movie Titanic, the production studio Digital Domain used Linux on a network of more than a hundred DEC Alpha machines to render the special effects. However, they used 350 SGI machines running IRIX and a hundred DEC Alphas running Windows NT for the artistic aspects of the production. Linux was judged not-ready in 1997 for the video desktop.
So, what's developed with Linux as a desktop operating system for video production in the last few years? [www.linuxjournal.com]
Slashdot Mirror
We don't need "pills" when we will have microscopic robots that can battlebot bad bacteria and win every time.
Right now in existing operating systems, some sort of keyboard driver will translate the keystrokes coming down the wire into characters and pass it where it needs to be. Of course, anywhere between the driver and the keryboard can be compromised. You can tamper with the physical cable, between the cable and the keyboard port, or directly in the software.
Now imagine this scenerio to fight this:
The keyboard and OS are NGSCB (Microsoft's Next-Generation Secure Computing Base (NGSCB)) -aware.
They have been configured to work together. (Leave the discussion for HOW that happens another day)
The keyboard will ENCRYPT all keystrokes and ensure the integrity of the data with a message digest and send the secure payload to the OS.
The OS kernel driver for the keyboard receives the data. The keyboard driver is untrusted, and can do nothing with the data except drop it. Ok. Denial of service if this is a rogue driver. But nothing else can happen. No information disclosure. It can't read the information. A proper keyboard driver would see this special payload and transfer it to the trusted environment through the use of a secure conduit transport. (Microsoft calls their particular environment Nexus, and have easy to use API to accomplish this)
Here the trusted computing base can pass the payload to the proper secure driver, in this case a secure keyboard driver that can verify the integrity of the data and unencrypt it. It can then determine what information can be passed back to the untrusted kernel. Microsoft calls these drivers agents, or more commonly NCA. In the case of password management, they can verify passwords securely on the trusted side, and just pass back particular results to the untrusted side.
At this point... both software and hardware keystroke loggers become useless. They can do very little but record the encrypted payload. (Of course they could try to brute crack this.. but a good design would account for this). It's actually quite a neat design... except that you have to trust the "trusted code base". Of course, you don't HAVE to. You could replace Microsoft's Nexus with your own. And from my understanding they are making provisions for that in Longhorn. But should I trust you any more than Microsoft?
I am over simplifing this, but my point is that Trustworthy Computing is actually a good thing.
My band, Suspicious Fifth, does it all ourselves.
On http://www.suspiciousfifth.com, we've released our second record independently, under the inde lable "Independent Records" (http://www.inderec.com). They provide the SoundScan barcode, list us in the database, and even link to our online storefront.
We have a ProTools rig in our basement, I did all the artwork, and we gig to pay the manufacturing bills - http://www.digitalsunspot.com does a great job printing and pressing. They did our first record.
If you looked and heard the record, you would't be able to tell it's an independent release. We've sold hundreds of CDs online (from our site) and are looking to hit the 1000's mark soon.
But you know, honestly, the hard part is not making your record available via the web, it's finding the kind of money a record company would front to market it. I don't care how creative your great your disc is, if you don't push it in people's faces - they will never hear it.
Nate
Lead Vocals
Suspicious Fifth
http://www.suspiciousfifth.com
I also work for a large organization and we use Datawatch's QSM Server product. It works quite well, allowing ticket integration with the SDLC and SLA levels and allows you to build a problem topic tree for every application supported. Has good email notification and UI as well. Supports various enterprise level backends.
. gi f
http://www.datawatch.com/img/prod_qsmserver_lrg
My brother works for the company that is heading up Microsoft's Midwest Windows 2003 Server Campaign. They are called ARCHRIVAL - Check them out here: http://www.archrival.com
WebWiz
See, the problem with pushing your own music online without the help of a huge recording company is that your MP3 looks exactly like every other Indie band's mp3s on the net. There are no press conferences, no flashy online promo events by Coca-Cola to push the downloads. Just an MP3 that is 3+ meg - and the only thing that makes it unique from the million others (until you play it of course) is it's name - or someone's review of it. I'm speaking from experience. My band is due to release our first full length on Nov. 23rd. And the big question is - "How do we promote this online?"
:) Any commments?
Where I live there is great, great support for local music. The scene is stellar, there is local radio support and a huge website dedicated to the arts in the city. We have produced bands like 311 and The Faint, but all without much help from online music promotion.
A P2P arena is even harder, as people actually have to be LOOKING for your music vs. stumbling across it. Do I just search for random words hoping to get cool music? That is not gonna happen.
This is exactly why I take every advantage I get to promo online (I.E, my sig
Don't read this article when you are on your 8th Corona. I got half way through, then had this sudden urge to, well...piss like a race horse. ....I'm goin to get my freak on at the clubs -
PEACE
Thanks,
N-dogg.
HA!
:(
Damn....you know, I was just asking for it to comment on someone's grammer.
Thanks
My first question is, you say I sound like I'm barely out of high school? Is that because I can spell and use proper english? This sentence is pathetic - "When you have a drive fail and find out that your RAID was properly set up then you find out about real downtime."
You're making yourself look stupid, but I'll give you the benefit of the doubt.
I'll agree with you that hardware failure is a large portion of downtime. Very true. My point is, I'm not sure what kind of site your company is hosting, or the amount of traffic you get, but the one I developed sure as hell won't run on $2000 worth of hardware. That's a fact.
The funny thing is, I don't even know why I'm arguing with you. You insulted me, and I gave you an explanation on my question. So, I guess I'm not sure of the point you are trying to get across? Plus, I more or less don't really give a shit. So, unless you want have an educated conversation, restate your point, and help me understand what it is you are trying to prove, I'm done...
P.S. Direct me to where this article says it is ONLY about webservers.
Thanks for the info!
Hmmm...you must live in La-La land if you think that all large companies have redundant systems, or that the sys admin has anything to do with the amount of money Mr. CEO is willing to spend on IT (redundancy isn't cheap) given the market state. But what is even better is your quote - "Downtime is meaningless". Have you ever had a job in IT? Evidently not.
Wow, you need to chill out.
If you are relating to this sentence: "The study revealed that Windows administrators spent twice as much time patching systems and dealing with other security-related issues than did Solaris or Linux admins."
Great, you got me on the patching issue. Congrats. Wanna cookie? I'm still interested if they calculated in downtime.
Did they calculate in the cost of Downtime w/ Microsoft Win.? (lost business, opportunity cost).
How about maintence costs? IE patches?
I believe someone on slashdot posted this link to the XMMS MP3 Plugin for Red Hat 8.0 a couple days ago. I guess some of ya'll aren't paying attention. :)
GO HERE
I'm one of those guys that just can't resist installing a fresh new copy of the latest version of RH the day after is is released. With all the hype surrounding 8.0, I was stoked to start running this OS. Truthfully, I was less interested in the GUI and more focused on the integration of Apache 2.0, gcc 3.2..etc. The install was quick, AND painless. BUT, the damn installer would not allow me to "deselect" the base DBMSs and install MYSQL alone unless I "selected all packages individually".
Seems ODD to me....
Other than that...the only problems I had was with my own PHP code being incompatible with the latest version of PHP 4.2.x (which also annoys me). Oh, and P.S. don't try to "dump your data" out of your old phpMyAdmin, and try to import it in to the new version. IT NADA WORK.
But I must say, RH 8.0's interface is perty. Sucks there is no MP3 support..Unless you go HERE
They can suck my Uncompressed JPEG.
What a joke.
Right on....It's a 1998 TJ (Black). Last year I toughed it up with some 32 inch tires. (wanted 33, but needed a lift package for that)
Geeze, I know....the money was blowing everywhere ;)
I'm a songwriter, and I considered Napster to be a really great vehicle to get my music to others that would normally not get the opportunity hear it. I own my music, and I wanted to give it away free. That is my right. Are you telling me that this argument doesn't matter? Also, Napster didn't break "a law". There were no laws governing P2P file sharing technology. The people using Napster and downloading copyrighted material that they DIDN'T ALREADY OWN were the ones breaking the laws. Not the company itself....if I use my Jeep Wrangler as a getaway car in a robbery maybe we should sue Jeep for "Breaking Laws" and giving me the opportunity to commit a crime. Those Vehicle Making Bastards.
Why dosen't the US develop an OS strictly for secure governmental transactions/use? The country definatly has the resources. The outcome would be a system that no one could just "install at home" and discover weaknesses. I'm sure there are downsides (and feel free to let me know)..but in my mind no existing OS (be it free or not) is secure enough for what uncle sam wants to use it for.
A shot of the Gnome 2.0 Desktop
w w.gnome.org/~gman/GNOME2-apps.png
http://www.gnome.org/~gman/GNOME2.png
http://w
1.) What is the Opportunity Cost/Monitary Cost of a College Degree?
:)). so, naturally I felt like I could easly enter the job market. But something just erked me about not having some sort of higher education to give myself the chance for advancement in case I wanted to change fields later in life.
Maybe a couple of years of average wages - assuming you attend a 2 year tech school (few will pay the big bucks to a kid with a high school degree, regardless of knowledge or experience). Plus, the cost of school itself.
2.) Benefits of a degree
- You have something to put in the "Education" are of your resume other than a high school degree. It may sound trival & stupid...but it's true.
- The chance to work with top of the line technology (depending on the school) and to be around others who are equally interested in your field (this is where you learn the most)
- You increase your market value
I think the basic question that you have to ask yourself is: "Do I want to be an SA for the rest of my career?".
I was in the same boat coming out of high school (graduated in 1996). I had way more experence in the "computing area" than many adults I knew. In fact in 93-94, I was the only one in my high school with internet access (1200 baud
I'm graduating next week with a Masters Degree in e-Business, and I really feel that I made the right choice. Don't trap yourself into a career by passing up a college degree, even a 2 year school would be sufficient. It will only enhance your marketability when applying for jobs.
Cliff, are you gonna pay the rent when I get fired for refusing to write code? I consider myself lucky to have a job programming. Lets get realistic.
Verizon dosen't have a 3G network.
For the movie Titanic, the production studio Digital Domain used Linux on a network of more than a hundred DEC Alpha machines to render the special effects. However, they used 350 SGI machines running IRIX and a hundred DEC Alphas running Windows NT for the artistic aspects of the production. Linux was judged not-ready in 1997 for the video desktop.
So, what's developed with Linux as a desktop operating system for video production in the last few years?
[www.linuxjournal.com]