I think it has been discontinued, which is a pity. I have one and it is great. It can support a couple of 19" monitors w/o problems as the monitor shelf is supported by steel.
At one stage, I even constructed a poor-mans dealer desk using a Jerker - two monitors, two weokstation boxes and a keyboard + switch.
Altavista used a somewhat brute-force approach. With Tru-64, they could effectively run large parts of their database in memory.
Digitial, in their infinite wisdom din't quite understand what their engineers had done and the message of what they were doing was kargely ignored for marketing to managers. Sure, techies knew what was going on, but the message should have been rephrased for management.
The marketing opportunity was largely lost and Altavista was surpassed.
Bochs is a real emulator (allows emulation on non x86 hardware). It has a BIOS and virtual disks. It may be slow, but Turbotax should run inside very nicely and have zero access to the outside world. Any program running under Bochs can't break out and unless it does timing tests, it shouldn't even be aware that it is inside a virtual machine. I believe the disk images are held as sparse files and will contain whatever is written there at the LBN level. If it hasn't been written too before, it will just contain zeroes when first accessed.
One of the applications for Bochs is anti-virus research, so it should be ideal also for programs that want to do dubious things.
I thought we got away from this with halfway decent operating systems like Win2K and XP.
This isn't a warranty issue, it is about a system knowingly making an undocumented change to the system which may cause damage. In such cases, the disclaimer in the EULA isn't worth a damn.
I would say, go for a refund and costs for the repair, but the costs of repair should come from a consultant as suggested. A private person can't easily cost the time for rebuilding the MBR, although a company can.
If for, example, you were a Symantec subscriber doing business with South Korea, it was a little sad if you had your patch installed as per Symantec's warning, because South Korea still dropped off the map.
The problem with Slammer, is that it didn't just screw up the infected machines, it ate so much bandwidth that untill the routers and firewalls were locked down, the protected systems were as badly effeted by the outage as the systems that were not protected by Symantec.
If they had contacted a backbone provider with information about the port, the outage could have been stopped as quickly as it occurred.
If I'm emulating small operating systems, or at least ones with true microkernels, then this solution would be ok. If I'm running something like Win 2K, I would have to be very patient because a lot is happening in kernel space.
SELINUX us a lovely system but essentially it is just a modified kernel and a couple of utilities. The SELINUX mods are guaranteed pretty secure, but so is a PANICed machine. A lot of what RH has done is to stabalise the kernel and then to package around it.
In any case, the loadable security module sounds like a better bet for the future as it minimises what has to be a permanent part of the kernel (gets it past Linus) and concentrates the changes in one place for an easy audit.
I started working with OpenVMS, which implements ACLs quite well for just about everything, including the file system.
The key point when I first learned about the real-world use of ACLs is that they cost performance. The more ACEs to be checked before an ACCEPT or DENY, the slower the access. The 'secret' was grant access to groups rather than individuals and then to grant or revoke group membership. It is fast and easy to manage.
Moving to WinNT and later ACLs was easy although the tools, whilst prettier, were harder to use. However the ability to tune access to shared resources across an entire organisation meant that it was accepted rapidly.
I know XFS does ACLs but reliable ACL support has been a little difficult for some of the other filesystems like ext3. RedHat, for example, were due to ship with it in 8.0, but the bug reports during the beta phase forced them to withdraw it.
According the Web-page, Samba-TNG doesn't do ACLs yet on any file system. This is a shame because that is exactly what we need (in addition to PDC/BDC support) that would allow orgnisations to drop in Linux systems to replace Win NT servers. I'll happily wait for 2K support but those ACLs are important now.
In Germany, until you have worked more than six months you are not entitled to full rights. However, if you are an employee earning less than a certain amount, the company *must* pay social contributions including public health insurance (i.e., AOK).
As an employee you can not be made to work more than 40 hours or anti-social hours without benefits. To work on a Sunday, you normally require a waiver unless you are an IT worker working in the banking field.
I guess you are working 'Freiberufliche', in which case, you pay your own sickness insurance and have unpaid holiday. OTOH, you should be paid more, about 50 Eur/Hr or better.
Check out one of the German IT Web sites such gulp.de as they maintain a survey of going-rates for permanent and contract rates.
Actually it brings the problem of what do you encrypt when you are running out of OTP? This is why I use the term 'premium'. If the plain-text material isn't so important, then it can be sent by other means - second-class crypto with a shorter key and a complicated algorithm such as AES which whilst isn't known to be insecure, it isn't as proveably secure as an OTP.
It is always possible for single OTP to go astray. However, instead of sending one, you can send two or more by different routes and then combine them together with an XOR.
This is one reason why diplomatic couriers still get used. Some of them are almost certainly carrying CDROMs of random stuff for OTPs. The problem is that you must never, ever reuse the key material for good security so it is always at a premium.
Too small, you need their lqarger models (lower on the same page) or a shuttle or similar with enough memory and disk space. The issue with the really small boards is that it becomes rather difficult to shoehorn everything there. You may also find that you need to split the system across a second mini-PC.
You will have to buy at least a single-user Exchange+Server licence so you can keep it preconfigured, i.e. to run replication on Exchange and SQL Server. However, remember that you can only move the multi-user licenses around when the primary system is dead.
It is those little additional items keeping the systems legal that will cost you (more than the hardware). I've gone through this before so I sympathise.
I must admit that I have myself hacked together a prototype with GPL'ed code for a client and then gone back and rewritten the thing from scratch to eliminate the GPL code.
I didn't 'cleanroom' as there was only one of me and splitting my brain in two to separate spec from code wasn't feasible. However, if you take a toolchain consistsing of A, B and C, it is often possible to rewrite it so that one goes directly from A and C, the end result being somewhat cleaner and faster and bearing minimal resemblance to the original tool-chain.
Personally, if they had done something similar 'borrowing the interface spec' but writing their own code, I wouldn't object and doubt the developers would that much. However, someone must check the resulting code is indeed different.
I have worked for a long time with investment bankers. Economic realities do not come into it, it is what other people think.
The same with the shuttle. I'm afraid there are a significant number of people out there who bekeve that god is on their side, if they feel that their beliefs are justified - they will fight harder.
You buy cash vouchers...
on
Cashless Society
·
· Score: 2, Interesting
I know this is funny but here is what actually happens at a particular club in Europe, Golden Dolls in Frankfurt.. You buy "Golden Dollars" (Note: not euros) with your Credit or Debit card, you insert said "Dollar" into lady's whatever. Lady exchanges said "dollars" back for real money at a house discount. Cash tipping isn't permitted.
Most of this is pretty dangerous anyway because the new powers are just so open to abuse. For example, stating that someone is no longer a US citizen if they behave against US interests is a great way of putting that person beyond the reach of the courts (say,. like John Walker Lindh). Who decides that the person is no longer a citizen? Is a peace protestor to be so declared as against US interests? There are no checks in this, the legislations must be killed.
Threshold cryptography (key splitting) definitely is a useful system and I know that PRZ worked on at least one such system for protecting the backups of a major information services company.
Threshold cryptography is one of the easiest sells to banks. They all know about dual keys already from their safes, and the old Swift codebooks would come in two parts. However, if it isn't actual cash (say securities), it is remarkable how lax they are.
The fact is that a lot of advanced crypto is unsellable as it is. However, it may be used to improve an application to give it an edge the competition. The problems here lie not with fundemental cryptographic algorithms but with the implementations, especially the protocols.
The X.509 style guide is actually very useful. The CCITT standards are expensive and difficult to find outside a university library limited lending section.
There are some online copies knocking around, because the CCITT temporarily made there stuff publicly available over the Internet, but now you have to pay.
What I have done is just to use code examples from open source software and hope the author got things right. Many people do this but they may steal stuff that is at best partially working. This is one way that bugs with certificate handling can propagate.
I was hoping the paper would touch on some of the political problems facing cryptography, such as how amateur cryptographers in the U.S. should go about posting code for review and humiliation without the black vans pulling up outside.
Pete is a Kiwi. He lives in Auckland. He has been invited to the US in the past by the FBI in the days when PRZ was being investigating for possible export violations. He decliined.
Incidently there is a formeral disclosure address that someone set up. I forget what it is, but the author send of an Email to the authorities and told them that he was running an archive. Otherwise, it isn't really a problem if it isn't a product (i.e., for free discussion purposes). If it is a commercial product then it is a little more complicated.
Any ciphertext is vulnerble when either the plain-text can be discovered oreven worse, the keys are disclosed. This happens during enciphering and deciphering.
If you want to be suitably paranoid, you boot Tin-Foil hat Linux. The boot media may be write-protected and the machiine can be off the net. You ignore the original OS and boot your own. You are only vulnerable to BIOS modifications.
I was shown a work position with four cameras on the employee.
What were they doing?
Counting/Sorting Dollars and other currencies. It was a regional office of the Central Bank of Russia. The money arrived in cassettes was loaded into the counting machine and then left in cassettes. Sometimes the machine had to be opened by the operator and that was why the cameras were there.
I have also visited secret facilities in the west and frequently had to work under the camera. Although none were so bad as the Central Bank office. OTOH, I've not been in a nuclear weapons facility.
Slashdot Mirror
False info. Spamassasin doesn't mark the GPG doen just the random string.
At one stage, I even constructed a poor-mans dealer desk using a Jerker - two monitors, two weokstation boxes and a keyboard + switch.
Digitial, in their infinite wisdom din't quite understand what their engineers had done and the message of what they were doing was kargely ignored for marketing to managers. Sure, techies knew what was going on, but the message should have been rephrased for management.
The marketing opportunity was largely lost and Altavista was surpassed.
One of the applications for Bochs is anti-virus research, so it should be ideal also for programs that want to do dubious things.
This isn't a warranty issue, it is about a system knowingly making an undocumented change to the system which may cause damage. In such cases, the disclaimer in the EULA isn't worth a damn.
I would say, go for a refund and costs for the repair, but the costs of repair should come from a consultant as suggested. A private person can't easily cost the time for rebuilding the MBR, although a company can.
It isn't the GPG signature, it is the random string. Some spammers try to defeat signature tracking systems by adding a random sequence to the text.
The problem with Slammer, is that it didn't just screw up the infected machines, it ate so much bandwidth that untill the routers and firewalls were locked down, the protected systems were as badly effeted by the outage as the systems that were not protected by Symantec.
If they had contacted a backbone provider with information about the port, the outage could have been stopped as quickly as it occurred.
If I'm emulating small operating systems, or at least ones with true microkernels, then this solution would be ok. If I'm running something like Win 2K, I would have to be very patient because a lot is happening in kernel space.
In any case, the loadable security module sounds like a better bet for the future as it minimises what has to be a permanent part of the kernel (gets it past Linus) and concentrates the changes in one place for an easy audit.
The key point when I first learned about the real-world use of ACLs is that they cost performance. The more ACEs to be checked before an ACCEPT or DENY, the slower the access. The 'secret' was grant access to groups rather than individuals and then to grant or revoke group membership. It is fast and easy to manage.
Moving to WinNT and later ACLs was easy although the tools, whilst prettier, were harder to use. However the ability to tune access to shared resources across an entire organisation meant that it was accepted rapidly.
I know XFS does ACLs but reliable ACL support has been a little difficult for some of the other filesystems like ext3. RedHat, for example, were due to ship with it in 8.0, but the bug reports during the beta phase forced them to withdraw it.
According the Web-page, Samba-TNG doesn't do ACLs yet on any file system. This is a shame because that is exactly what we need (in addition to PDC/BDC support) that would allow orgnisations to drop in Linux systems to replace Win NT servers. I'll happily wait for 2K support but those ACLs are important now.
When will they support ACLs? This is the big gotcha ifor commercial use? I guess they will need ACLs in the underlying file systm as a prerequisite.
As an employee you can not be made to work more than 40 hours or anti-social hours without benefits. To work on a Sunday, you normally require a waiver unless you are an IT worker working in the banking field.
I guess you are working 'Freiberufliche', in which case, you pay your own sickness insurance and have unpaid holiday. OTOH, you should be paid more, about 50 Eur/Hr or better.
Check out one of the German IT Web sites such gulp.de as they maintain a survey of going-rates for permanent and contract rates.
Actually it brings the problem of what do you encrypt when you are running out of OTP? This is why I use the term 'premium'. If the plain-text material isn't so important, then it can be sent by other means - second-class crypto with a shorter key and a complicated algorithm such as AES which whilst isn't known to be insecure, it isn't as proveably secure as an OTP.
This is one reason why diplomatic couriers still get used. Some of them are almost certainly carrying CDROMs of random stuff for OTPs. The problem is that you must never, ever reuse the key material for good security so it is always at a premium.
You will have to buy at least a single-user Exchange+Server licence so you can keep it preconfigured, i.e. to run replication on Exchange and SQL Server. However, remember that you can only move the multi-user licenses around when the primary system is dead.
It is those little additional items keeping the systems legal that will cost you (more than the hardware). I've gone through this before so I sympathise.
I didn't 'cleanroom' as there was only one of me and splitting my brain in two to separate spec from code wasn't feasible. However, if you take a toolchain consistsing of A, B and C, it is often possible to rewrite it so that one goes directly from A and C, the end result being somewhat cleaner and faster and bearing minimal resemblance to the original tool-chain.
Personally, if they had done something similar 'borrowing the interface spec' but writing their own code, I wouldn't object and doubt the developers would that much. However, someone must check the resulting code is indeed different.
The same with the shuttle. I'm afraid there are a significant number of people out there who bekeve that god is on their side, if they feel that their beliefs are justified - they will fight harder.
I know this is funny but here is what actually happens at a particular club in Europe, Golden Dolls in Frankfurt.. You buy "Golden Dollars" (Note: not euros) with your Credit or Debit card, you insert said "Dollar" into lady's whatever. Lady exchanges said "dollars" back for real money at a house discount. Cash tipping isn't permitted.
One man's terrorist is another's freedom fighter.
Threshold cryptography is one of the easiest sells to banks. They all know about dual keys already from their safes, and the old Swift codebooks would come in two parts. However, if it isn't actual cash (say securities), it is remarkable how lax they are.
The fact is that a lot of advanced crypto is unsellable as it is. However, it may be used to improve an application to give it an edge the competition. The problems here lie not with fundemental cryptographic algorithms but with the implementations, especially the protocols.
There are some online copies knocking around, because the CCITT temporarily made there stuff publicly available over the Internet, but now you have to pay.
What I have done is just to use code examples from open source software and hope the author got things right. Many people do this but they may steal stuff that is at best partially working. This is one way that bugs with certificate handling can propagate.
Incidently there is a formeral disclosure address that someone set up. I forget what it is, but the author send of an Email to the authorities and told them that he was running an archive. Otherwise, it isn't really a problem if it isn't a product (i.e., for free discussion purposes). If it is a commercial product then it is a little more complicated.
Any ciphertext is vulnerble when either the plain-text can be discovered oreven worse, the keys are disclosed. This happens during enciphering and deciphering.
If you want to be suitably paranoid, you boot Tin-Foil hat Linux. The boot media may be write-protected and the machiine can be off the net. You ignore the original OS and boot your own. You are only vulnerable to BIOS modifications.
I was shown a work position with four cameras on the employee.
What were they doing?
Counting/Sorting Dollars and other currencies. It was a regional office of the Central Bank of Russia. The money arrived in cassettes was loaded into the counting machine and then left in cassettes. Sometimes the machine had to be opened by the operator and that was why the cameras were there.
I have also visited secret facilities in the west and frequently had to work under the camera. Although none were so bad as the Central Bank office. OTOH, I've not been in a nuclear weapons facility.