The key or password is part of the identifcation which is very different to authorization.
You can easily be in posession of a key to a lock that is currently recognized as valid identifiation method. That does not imply that you are authorized.
Taking your own example, if you lose your house key and someone finds it and happens to know that is the key to your house, they have the identifiation information for your house, they may not be authorized to use it. You do not know that your key has been lost so it is still regarded as a valid idenfication. It only becomes an issue if the person who found the key uses it to gain entry to your home - this is the unauthorized access part.
So if you accidentally leave the door to your house open it okay for someone to come in and cause intentional damage to its contents ? No it isn't (there are two crimes here, one criminal (breaking and entering) and the other probably civil (but it depends exactly on what was done with said term paper). A "computer" parallel to this would be script kiddies access systems using information they found from a friend and the posting the private information out on other sites.
Or thing about it this way, you are a student in a large dorm that has a master key, is it okay for the staff who maintain the system to give the key to a friend to come in and steal your term paper (and I really do mean paper (dead trees) here) and rip it off as his own work ?
Computers are far too difficult for the vast majority of people to have the faintest clue of what is going on. Even trained professionals make mistakes sometimes.
A webserver that has obvious public content, sure it can be accessed. An ftp server that is obviously anoymous ftp, probably you are starting to touch a grey area because even an anoymous ftp server asks for identification.
Access to a system because you guessed a "trivial" password, certainly not - you have been authorized and you intended to gain access to a system you had not been given permission to do so. However if you had been properly authorized (by the owner or someone acting legally on their behalf) to gain access to the system by guess in the password, it is not unauthroized access.
In summary, "Grow up and thing about data just as you would physical things".
If you had an xterm running with the curses based suninstall then you used the Solaris 1 of 2 CD to install. That is not webstart. Webstart is on CD 0.
The fact that you can't have a mirror'd boot device is a limitation that doesn't exist in Solaris when using LVM (aka Disksuite, aka ODS, SVM) or Veritas.
Solaris has resource management controls as well. Users and groups can be assigned to projects, projects,users,groups can all be given resource limits for CPU/Memory/disk space/and many other resource control points in the system.
These resouce policies can even be stored network wide in NIS/NIS+ and LDAP.
The access rights to files are are based on the identity of the RPC principle. In the default AUTH_SYS (aka AUTH_UNIX) RPC authentication system that is just uids and gids. That RPC principle is then mapped to a a unix id because thats what the exported/shared filesystem needs to get.
However NFSv3 (on Solaris only, but comming to Linux) and NFSv4 support running over RPCSEC_GSS which allows for using Kerberos, LIPKEY, SPKM and anything else you can express as a GSS-API mechanism.
Using Kerberos as the GSS mechanism under RPC gives you the ability to have encrypted NFS transport and strong authentication and access rights.
1) The product formerly known as Disksuite but now much enhanced with many of the features that used to be used to compare with Veritas: Integrated as a core Solaris 9 feature (lvm).
2) See last weeks news, Sun has already started shipping GNOME 2.x packages for Solaris 8 & 9.
3) WebStart Wizards + SVR4 packaging is a lot more powerful than most people realise. Please don't confusing the power of the package system with a nice easy download thingy. Remeber also that Sun does real patches not just upgrade everything to the latest bits. Our enterprise level customers need this - minimal change.
4) We ship a full CD worth of stuff including gcc and top already compiled and in SVR4 package form (gets installed into/opt/sfw by default).
5) The reason for dropping the "2" from Solaris naming is that there are no plans for a Solaris 3.x line (that would be SunOS 6.x). That one is all down to marketing - I hated it when I first saw it but it actually makes a lot of sense.
All this does is create a very lucritive database that the spammers will want to get hold of. Sad but probably true.
I'm also really confused how the State of Colorado believes that companies will pay to find out who they can't contact, when they can just ignore the list and contact lots of people. A spammer really isn't likely to fork out money to find out who not to email - because if they accidentally email people on the list it reduces their defence in court.
The post below yours in my thread list gave a good answer.
The SSH protocol as defined by the IETF SECSH working group does pretty much what you ask of it. The major caveat to not using a certificate is that you can't be sure that the communication isn't being intercepted (man in the middle attack). However most (all?) implementations of the SSH protocol use a concept called "known hosts". The known hosts list is the public keys of the hosts you have previously connected to - most (all?) implementations store the name, and the IP addresses.
The known hosts allows you to ensure that on subsequent visits to the same site it is still the same as the one you agreed to trust the first time you connected.
There is no reason why a web browser couldn't implement the same thing. In fact it does when it is telling you that it can't validate the path of a certificate and asks if you want to trust the subject of the certificate.
For example OpenSSH asks a question like this on the first connection to sourceforge.net:
The authenticity of host 'shell.sourceforge.net (66.35.250.208)' can't be established. DSA key fingerprint is 4c:68:03:d4:5c:58:a6:1d:9d:17:13:24:14:48:ba:99.
Are you sure you want to continue connecting (yes/no)?
If I answer yes the public key of shell.sourceforge.net is recorded in my known hosts database.
This is assuming that you have made some effort (or don't care) to verify out of band that the fingerprint of the public key is what you expect. This is exactly the same as what you are expected to do when you get the dialog in your web browser that says the issuer of the certificate wasn't recognised.
The difference ? PKI Certificates attempt to tell you who you should trust by using Trust Anchors. If you want to simulate the PGP model, simply remove all the Trust Anchors from your browser and start from scratch.
The technical specs for the cards say they only work between 5C and 55C. Not much use for large parts of the Global in winter. Non operating mode goes down to -20C.
So using it in your portable PDA, MP3/OGG player etc in winter is just too bad;-(
Just because a document is published in Excel format it doesn't mean that it was generated by Microsoft Excel. StarOffice can export as well a import Microsoft formats.
I do work at Sun. We have a program called Sun-on-Sun which means we run the buisness on Sun hardware and where possible Sun Software.
StarOffice is used when spreadsheets are used. In general all our Microsoft Office like needs are met by StarOffice today and in the past (prior to Sun aquiring Star Division) Applix was used. There is still some use of Framemaker for very large and complex documents.
I used Minix as part of the file systems component of our OS design/internals course. At that time Glasgow University Computing Science department was a PC free zone (Only Sun SPARC & m68k and Mac m68k).
The version of Minix we used ran as a userland process under SunOS 4.1.x.
I've been wearing CIBA Vision Focus Night and Day contacts for 2 years now. You can wear them for upto 30 days constantly. I've even been swimming in the sea and swimming pools with them; without goggles - hard to type goggles and not make it google;-).
I believe they only just got approval in the US in the last 6 months or so. I live in California and asked my optomotrist about LASIK after having worn the CIBA lenses for about a year (I got my lenses from the UK and at that time had to order the next set my mailorder from the UK as well since they weren't approved in the US). This was the first time he had heard of the CIBA lenses and said that my eyes looked like they had never worn lenses and the risk of LASIK was considerably higher than wearing these lenses for the rest of my life.
Remeber LASIK is major surgery and as always there is a risk of it going wrong.
I'm not sure if the CIBA lenses can help with the astigmatism you mentioned but it is worth asking.
Solaris 9 has projects(4) which is more like login classes on BSD. When integrated with SRM (Resource Manager) then you can really take control of what resources a program can consume.
Trying to find a PAL playback on NTSC TV is much harder.
I bought a Sony SLV-ED100 which claims to play Any or NTSC/PAL/SECAM on either NTSC or PAL and record in NTSC or PAL. I've spent hours trying to get it to putout a proper colour NTSC picture from a PAL tape out of the component video - no luck. Unfortunately I didn't discover this until a bought a TV that was NTSC only (my previous Sony is NTSC/PAL).
The obvious thing to me is to look for other gem stones that don't have such a dubious cartel infrastucture around them. My wife has a diamond ring but I'm sure she would have been happy with a saffire if I had refused to by a diamond for the reasons you gave - she is ware of "industry" but still likes diamonds none the less.
Many of the Royal wedding engaement rings don't use a single diamond as the centre stone but have used others like Ruby's and emeralds instead - some also have diamonds a "support" stones but you could drop that.
Your other alternative is not to go with a gem stone ring at all. Quite a few of my married friends only have wedding rings. Not because they were marring cheap guys but some for the reasons you cite. In these cases they have much more detailed metal work on the wedding band than the traditional gold band.
This has been done before on a slightly different scale.
When you have a storage array that supports multi initiator SCSI you can connect one connection of the array to the external facing machine in read-only mode and the other connection to the internal facing machine in read-write mode.
The best way to install it on Linux/Solaris is to first run the install as root but add the/net argument. Put this installation some where "global" (say/usr/local/OpenOffice.
IMNSHO this should be the default if you install as root.
Once that has completed run/usr/local/OpenOffice/program/setup for each user - select workstation install this will create your local config directory which is small.
Most of the maths types I know aren't good at arithmetic and I've even heard some say that the whole point of maths was to avoid doing arithmetic.
The maths papers I remember sitting at University (in Scotland) never had many marks associated with the final arithmetic answer (if there even was one), so there was no motivation to spend time doing arithmetic - and no point in having a calculating aid in the class room or exam.
Slashdot Mirror
The key or password is part of the identifcation which is very different to authorization.
You can easily be in posession of a key to a lock that is currently recognized as valid identifiation method. That does not imply that you are authorized.
Taking your own example, if you lose your house key and someone finds it and happens to know that is the key to your house, they have the identifiation information for your house, they may not be authorized to use it. You do not know that your key has been lost so it is still regarded as a valid idenfication. It only becomes an issue if the person who found the key uses it to gain entry to your home - this is the unauthorized access part.
So if you accidentally leave the door to your house open it okay for someone to come in and cause intentional damage to its contents ? No it isn't (there are two crimes here, one criminal (breaking and entering) and the other probably civil (but it depends exactly on what was done with said term paper). A "computer" parallel to this would be script kiddies access systems using information they found from a friend and the posting the private information out on other sites.
Or thing about it this way, you are a student in a large dorm that has a master key, is it okay for the staff who maintain the system to give the key to a friend to come in and steal your term paper (and I really do mean paper (dead trees) here) and rip it off as his own work ?
Computers are far too difficult for the vast majority of people to have the faintest clue of what is going on. Even trained professionals make mistakes sometimes.
A webserver that has obvious public content, sure it can be accessed. An ftp server that is obviously anoymous ftp, probably you are starting to touch a grey area because even an anoymous ftp server asks for identification.
Access to a system because you guessed a "trivial" password, certainly not - you have been authorized and you intended to gain access to a system you had not been given permission to do so. However if you had been properly authorized (by the owner or someone acting legally on their behalf) to gain access to the system by guess in the password, it is not unauthroized access.
In summary, "Grow up and thing about data just as
you would physical things".
If you had an xterm running with the curses based suninstall then you used the Solaris 1 of 2 CD to install. That is not webstart. Webstart is on CD 0.
The fact that you can't have a mirror'd boot device is a limitation that doesn't exist in Solaris when using LVM (aka Disksuite, aka ODS, SVM) or Veritas.
Solaris has resource management controls as well. Users and groups can be assigned to projects, projects,users,groups can all be given resource limits for CPU/Memory/disk space/and many other resource control points in the system.
These resouce policies can even be stored network wide in NIS/NIS+ and LDAP.
The access rights to files are are based on the identity of the RPC principle. In the default AUTH_SYS (aka AUTH_UNIX) RPC authentication system that is just uids and gids. That RPC principle is then mapped to a a unix id because thats what the exported/shared filesystem needs to get.
However NFSv3 (on Solaris only, but comming to Linux) and NFSv4 support running over RPCSEC_GSS which allows for using Kerberos, LIPKEY, SPKM and anything else you can express as a GSS-API mechanism.
Using Kerberos as the GSS mechanism under RPC gives you the ability to have encrypted NFS transport and strong authentication and access rights.
1) The product formerly known as Disksuite but now much enhanced with many of the features that used to be used to compare with Veritas: Integrated as a core Solaris 9 feature (lvm).
/opt/sfw by default).
2) See last weeks news, Sun has already started shipping GNOME 2.x packages for Solaris 8 & 9.
3) WebStart Wizards + SVR4 packaging is a lot more powerful than most people realise. Please don't confusing the power of the package system with a nice easy download thingy. Remeber also that Sun does real patches not just upgrade everything to the latest bits. Our enterprise level customers need this - minimal change.
4) We ship a full CD worth of stuff including gcc and top already compiled and in SVR4 package form (gets installed into
5) The reason for dropping the "2" from Solaris naming is that there are no plans for a Solaris 3.x line (that would be SunOS 6.x). That one is all down to marketing - I hated it when I first saw it but it actually makes a lot of sense.
All this does is create a very lucritive database that the spammers will want to get hold of. Sad but probably true.
I'm also really confused how the State of Colorado believes that companies will pay to find out who they can't contact, when they can just ignore the list and contact lots of people. A spammer really isn't likely to fork out money to find out who not to email - because if they accidentally email people on the list it reduces their defence in court.
Installing the medialib packages (not part of Solaris or the GNOME download) should improve peformance. You can download these from here
The SSH protocol as defined by the IETF SECSH working group does pretty much what you ask of it. The major caveat to not using a certificate is that you can't be sure that the communication isn't being intercepted (man in the middle attack). However most (all?) implementations of the SSH protocol use a concept called "known hosts". The known hosts list is the public keys of the hosts you have previously connected to - most (all?) implementations store the name, and the IP addresses.
The known hosts allows you to ensure that on subsequent visits to the same site it is still the same as the one you agreed to trust the first time you connected.
There is no reason why a web browser couldn't implement the same thing. In fact it does when it is telling you that it can't validate the path of a certificate and asks if you want to trust the subject of the certificate.
For example OpenSSH asks a question like this on
the first connection to sourceforge.net:If I answer yes the public key of shell.sourceforge.net is recorded in my known hosts database.
This is assuming that you have made some effort (or don't care) to verify out of band that the fingerprint of the public key is what you expect. This is exactly the same as what you are expected to do when you get the dialog in your web browser that says the issuer of the certificate wasn't recognised.
The difference ? PKI Certificates attempt to tell you who you should trust by using Trust Anchors. If you want to simulate the PGP model, simply remove all the Trust Anchors from your browser and start from scratch.
The technical specs for the cards say they only work between 5C and 55C. Not much use for large parts of the Global in winter. Non operating mode goes down to -20C.
;-(
So using it in your portable PDA, MP3/OGG player etc in winter is just too bad
Just because a document is published in Excel format it doesn't mean that it was generated by Microsoft Excel. StarOffice can export as well a import Microsoft formats.
I do work at Sun. We have a program called Sun-on-Sun which means we run the buisness on Sun hardware and where possible Sun Software.
StarOffice is used when spreadsheets are used. In general all our Microsoft Office like needs are met by StarOffice today and in the past (prior to Sun aquiring Star Division) Applix was used. There is still some use of Framemaker for very large and complex documents.
Solaris 8 onwards already has IPsec integrated into the core kernel. Solaris 9 introduced IKE.
I used Minix as part of the file systems component of our OS design/internals course. At that time Glasgow University Computing Science department was a PC free zone (Only Sun SPARC & m68k and Mac m68k).
The version of Minix we used ran as a userland process under SunOS 4.1.x.
I've been wearing CIBA Vision Focus Night and Day contacts for 2 years now. You can wear them for upto 30 days constantly. I've even been swimming in the sea and swimming pools with them; without goggles - hard to type goggles and not make it google ;-).
I believe they only just got approval in the US in the last 6 months or so. I live in California and asked my optomotrist about LASIK after having worn the CIBA lenses for about a year (I got my lenses from the UK and at that time had to order the next set my mailorder from the UK as well since they weren't approved in the US). This was the first time he had heard of the CIBA lenses and said that my eyes looked like they had never worn lenses and the risk of LASIK was considerably higher than wearing these lenses for the rest of my life.
Remeber LASIK is major surgery and as always there is a risk of it going wrong.
I'm not sure if the CIBA lenses can help with the astigmatism you mentioned but it is worth asking.
Solaris 9 has projects(4) which is more like login classes on BSD. When integrated with SRM (Resource Manager) then you can really take control of what resources a program can consume.
Isn't that what Nextel Direct Connect is ?
NTSC playback on PAL works just fine.
Trying to find a PAL playback on NTSC TV is
much harder.
I bought a Sony SLV-ED100 which claims to play Any or NTSC/PAL/SECAM on either NTSC or PAL and record in NTSC or PAL. I've spent hours trying to get it to putout a proper colour NTSC picture from a PAL tape out of the component video - no luck. Unfortunately I didn't discover this until a bought a TV that was NTSC only (my previous Sony is NTSC/PAL).
I think the "diamond engagement ring" tradition started in the US and spread outwards.
The obvious thing to me is to look for other gem stones that don't have such a dubious cartel infrastucture around them. My wife has a diamond ring but I'm sure she would have been happy with a saffire if I had refused to by a diamond for the reasons you gave - she is ware of "industry" but still likes diamonds none the less.
Many of the Royal wedding engaement rings don't use a single diamond as the centre stone but have used others like Ruby's and emeralds instead - some also have diamonds a "support" stones but you could drop that.
Your other alternative is not to go with a gem stone ring at all. Quite a few of my married friends only have wedding rings. Not because they were marring cheap guys but some for the reasons you cite. In these cases they have much more detailed metal work on the wedding band than the traditional gold band.
Kind of, but you can't not pay it even if you are unable to recieve the BBC channels or (for some reason) choose not to watch them.
If you live in the UK you do need a license to operate a TV that is capable of recieving "broadcast" programming.
This has been done before on a slightly different scale.
When you have a storage array that supports multi initiator SCSI you can connect one connection of the array to the external facing machine in read-only mode and the other connection to the internal facing machine in read-write mode.
The best way to install it on Linux/Solaris is to first run the install as root but add the /net argument. Put this installation some where "global" (say /usr/local/OpenOffice.
/usr/local/OpenOffice/program/setup for each user - select workstation install this will create your local config directory which is small.
IMNSHO this should be the default if you install as root.
Once that has completed run
Your are confusing Mathematics with Arithmetic ;-)
Most of the maths types I know aren't good at arithmetic and I've even heard some say that the whole point of maths was to avoid doing arithmetic.
The maths papers I remember sitting at University (in Scotland) never had many marks associated with the final arithmetic answer (if there even was one), so there was no motivation to spend time doing arithmetic - and no point in having a calculating aid in the class room or exam.