I don't have any experience with Knology (or any other cable provider, for that matter), but in shopping for DSL service in DC, I've found that the folks who have bad experiences are a lot more likely to share their stories with the world than those who have great ones. I'm a perfect example - although I have had nothing but GREAT service from my provider (toad.net), I haven't gotten off my ass to post the rave reviews they deserve on sites like dslreports or whatnot. (Except, of course, noting that they kick ass several times here on slashdot!)
I wouldn't mod you down even if I had mod points, but I'd just make the point that your seem to be noting that the use of technology is somewhat further ahead of the curve in those industries than the mainstream public.
Regardless of your own views on porn, it's largely there for those who want it and avoidable for those that don't. <warning type="bad pun ahead">It's not like they shove porn down your throat like spammers do with their "information"</warning> I'd rather tell people I was in the adult business than a spammer!;) (Not that I'm in either, though!!!)
Not necessarily doable - depending on where the poster works, he/she may be legally restricted from connecting to the internet. For instance, there are several different networks that process classified information within the USG. Each is separate, and CANNOT (except for a few air-gapped, human-connected-for-short-time-period links) be bridged.
If something is connected to the Internet, it is a major vulnerability. Period. What would happen if a 'sploit for NTP was out and someone used it against the bridge machine? Your entire network of vulnerable information is now potentially compromised...
Paranoid approach? Sure. Vital to provide every possible safeguard against loss/compromise of sensitive information? Absolutely...
toad.net is a GREAT provider based in Severna Park, MD. They have nationwide coverage (if you can get DSL from any other company, you can get it from them too), and have no restrictions on port traffic. I run several sites with mail, web, SSL, SSH, etc, and have never had a problem.
You are correct in that there are some contries that are more pedantic in attempting to restrict electronic speech, and there are some that are less. However, I think the intent of the submittor is that other countries have (thus far) been the only ones to attempt to restrict the electronic speech made in other countries by citizens not of the country making the restriction attempts.
I see your point, and realize that you were mostly making one of sementics, but I think the differentiation of who's actually tried this hare-brained censorship is an important one to make.
The NexII seems to be what you are looking for. http://www.frontierlabs.com. $100 with no storage, and takes any CF or microdrive. super kickass - mine's on order.
Wait a minute - how can we take the advice on coloration of lighting from someone who's colorblind?
</kidding>
heh heh heh... Seriously, though, I agree that the GE Reveal bulbs make a world of difference. (For the record, the glass in the bulbs is a bluish-purple color;)
Just a quick comment - I wholeheartedly agree with the "security through obscurity is a bad thing" thought process, but when combined with other security features, as outlined here, it can be valuable. The best way to incorporate hidden features of your security plan is to "open" those features to a peer review of trusted (and NDA-bound) experts for their input. The number of experts is up to you, so make sure you balance "need to keep secret" with "enough insight to be valuable".
This way you can avoid the folly that one person's ideas are failsafe (they never are, after all), while still keeping the details from massive public consumption.
A poor analogy (but the only one I can think of right now) would be the details of the presidential security detail. By not publishing when the motorcades and aircraft will be moving/flying, the Secret Service adds a layer of security to the already armed-to-the-teeth plan. Relying exclusively on one or the other would not be enough to consider bullet-proof (no pun intended), but combining the two offers a degree of synergy, strengthening the overall plan.
My (rather uninformed) guess would be to tie your external interfaces together (the linux kernel supports this) and make them one logical net pipe. then your internal just has one to talk to, and if one fails/becomes unreliable, the others are still there to pick up the slack...
I've not done this, but it seems reasonable, anyway.
I just turned in about 500 pieces of old sun equipment today... the things weren't 10k's, but were definitely useful to someone.
Check your phone book for Defense Reutilization Management Office, or call a nearby military base and speak to someone in the communications squadron/unit to ask where you can go. EDS should have some of that info, considering the fact that they work many military contracts. The info may be in another division, though...
If you need info, e-mail me.
HAH!!!! The guy that makes those is my college roommate's brother! He started making dummies for hollywood stunt scenes, and realized that perv's will pay big bux for these things. Now he's raking in cash.
That's just too funny to see that on/.!
toad.net - these guys are extremely professional (techs who can answer your question on the phone -- in person! -- within 5 minutes both times I've had to call in the past 6 or so months). The fact that I've only had to call twice in over 6 months should say something too! (Both times were due to outside factors - fire in a t-3 warehouse-type place, and verizon cutting wires another.)
Seriously, check them out!
LFTP is an excellent command-line and scriptable tool. Check out the fm.net page for more info.
Not sure if it does the encrypted password part, but it has almost every other bell and whistle out there. My fave is the 'mirror' and 'mirror -R' commands - does a comparison with the local file timestamps/sizes and only "get"s or "put"s the required files.
Heh, you could just drop an 802.11b card into the system and hope the incidents happen where a kindly company has a wireless network for you to access...
Seriously, though, if you're talking about a mobile home-style command center, there are attachments to the directv dishes that make it pretty easy to aim them. I'd assume that holds for the DirecPC dishes too.
Nevermind - I just remembered that the direcpc system needs a phone uplink, so that won't work.
maybe just get a cheaper cellular connection? My Sprint one is much less than $0.17/min.
From the "what would such a system be like" section:
Web Service A little-known web site suddenly achieves popularity, perhaps with a link from Cool Site of the DaySM or a mention in a prominent news story. Word of mouth spreads, and soon the web site?s servers are overwhelmed. Or rather, would have been overwhelmed except that heuristics in the Millennium system had noticed the new link and already started replicating the site for increased availability. Monitored traffic increases confirm the situation and soon the site?s data has been "pre-cached" across the Internet. As the site?s usage drops over the following weeks, Millennium reallocates resources to meet new demands.
I just can't seem to understand WHY they didn't mention the slashdot effect in this paper!! I can remember CSOTD back in 94-95, but I must admit that I haven't looked at it in years - do they still get a lot of traffic?
Just a few minor points:
SCIF = Sensitive Compartmentalized Information Facility
You are pretty dead on about the requirements to certify a facility though. (I worked with certifying them a year or so ago.)
Within the past few years, the tide has changed a few times on what to do with media. Currently (to mean that this article is not legal guidance in my mind), the standard is to physically destroy and burn all media regardless of classification. My guys have a locker full of around 50-100 drives that are waiting to be sledgehammered and sent to a burn facility. (Not sure if this is a "lots of fire" one, "acid bath" one, or something I'm not even aware of...)
And overwriting ANY number of times is not enough to save it from the tools that a foreign intelligence agency would have. I'd assume that we have similar technology, but that's some of the cool stuff I'm not privvy to.;)
I'll be interested to see what guidance might be waiting for us when we get to work Monday...
And yes, those platter clocks/plaques do kick ass!
Not entirely true. Personal data (SSAN, DOB, etc) is considered "FOUO", or "For Official Use Only". This marking is actually a 'security handling' marking rather than an actual classification. (Not sure what you did in the Army, but consider a document that is SECRET// - it's actually SECRET, but can only be handled in the ways appropriate to that program.
And there is a TON of useful information that can be gleaned from UNCLASSIFIED data, as mentioned in numerous other posts here. Personally, I think that all drives (CLASS and UNCLASS should be destroyed. Media is cheap enough these days that a school could buy a smallish but usable drive for about 100 bux and have the rest of the hardware for free.
You could always take the character key, base-64 it, and XOR the bit string....
oh, wait a minute... you might get sued for that marvel of technical prowess!
Code has free speech qualities in that it expressed an individual's creative approach to solving a problem. When I see someone's more efficient approach to an algorithm in, say, Perl, I appreciate it for being "another way to do it". (Apologies to the original saying from Mr. Wall.) I LEARN from it - I broaden my horizons in ways to express creativity.
Similarly, when reading someone else's poetry or a novel, I appreciate and learn new ways to express things in the English language. (Sorry, I'm not very bilingual...) I see someone else's approach to describing a color or feeling or item, etc. As social creatures ('cept when on 24-hour coding binges!), this behavior is inherent to our being.
Another reason to use a full-quality fair-use clip is to accurately discriminate between two different pieces of media. If you could only use a black-and-white copy of a movie for fair-use instances, how could we fairly compare the quality (technical comparison, not content) of "Miracle on 34th Street" and "The Matrix"?
For that matter, if the movie companies go to such great lengths to provide a medium of superior quality, why would they relegate others to show a watered-down version of the product and not be able to "sing the praises" of new technology?
Not sure if this makes any sense, but that's just my thoughts off the top of my head.
Good points! In most cases, I agree that obscurity is marginal protection at best, but after reading this question an interesting thought came to mind:
Presently (i.e. disregarding work in the quantum crypto/computing fields), the most secure, and in fact ONLY KNOWN UNBREAKABLE cryptography is a one-time pad (OTP). The security here is that it will be (if correctly keyed) invulnerable to mathematical attacks such as frequency analysis. In fact, the ENTIRE security model for OTPs is in the fact that you don't let the "bad guys" get the pads!! So by protecting the pads ("obscuring" them), you can, for now, guarantee security.
So, to answer the question in the article, in some cases, open crypto is your achilles' heel. In those that are algorithmically secure (RSA, Rijndahl, etc), open standards can be a good thing and allow the masses to poke holes in ways you wouldn't think to do...
Great question - check out Simon Singh's "The Code Book", that's reviewed here somewhere on slashdot for more on it!
reminds me of the gtk+ frontend to the unix 'true' prog.
If I devise a way to get back the info that is...er... 'compressed,' could that be a DMCA violation if someone else distributes their movies after being lzip'ped?
Slashdot Mirror
I don't have any experience with Knology (or any other cable provider, for that matter), but in shopping for DSL service in DC, I've found that the folks who have bad experiences are a lot more likely to share their stories with the world than those who have great ones. I'm a perfect example - although I have had nothing but GREAT service from my provider (toad.net), I haven't gotten off my ass to post the rave reviews they deserve on sites like dslreports or whatnot. (Except, of course, noting that they kick ass several times here on slashdot!)
I wouldn't mod you down even if I had mod points, but I'd just make the point that your seem to be noting that the use of technology is somewhat further ahead of the curve in those industries than the mainstream public. ;) (Not that I'm in either, though!!!)
Regardless of your own views on porn, it's largely there for those who want it and avoidable for those that don't. <warning type="bad pun ahead">It's not like they shove porn down your throat like spammers do with their "information"</warning> I'd rather tell people I was in the adult business than a spammer!
Not necessarily doable - depending on where the poster works, he/she may be legally restricted from connecting to the internet. For instance, there are several different networks that process classified information within the USG. Each is separate, and CANNOT (except for a few air-gapped, human-connected-for-short-time-period links) be bridged.
If something is connected to the Internet, it is a major vulnerability. Period. What would happen if a 'sploit for NTP was out and someone used it against the bridge machine? Your entire network of vulnerable information is now potentially compromised...
Paranoid approach? Sure. Vital to provide every possible safeguard against loss/compromise of sensitive information? Absolutely...
toad.net is a GREAT provider based in Severna Park, MD. They have nationwide coverage (if you can get DSL from any other company, you can get it from them too), and have no restrictions on port traffic. I run several sites with mail, web, SSL, SSH, etc, and have never had a problem.
You are correct in that there are some contries that are more pedantic in attempting to restrict electronic speech, and there are some that are less. However, I think the intent of the submittor is that other countries have (thus far) been the only ones to attempt to restrict the electronic speech made in other countries by citizens not of the country making the restriction attempts.
I see your point, and realize that you were mostly making one of sementics, but I think the differentiation of who's actually tried this hare-brained censorship is an important one to make.
The NexII seems to be what you are looking for. http://www.frontierlabs.com. $100 with no storage, and takes any CF or microdrive. super kickass - mine's on order.
Wait a minute - how can we take the advice on coloration of lighting from someone who's colorblind?
</kidding>
heh heh heh... Seriously, though, I agree that the GE Reveal bulbs make a world of difference. (For the record, the glass in the bulbs is a bluish-purple color
Just a quick comment - I wholeheartedly agree with the "security through obscurity is a bad thing" thought process, but when combined with other security features, as outlined here, it can be valuable. The best way to incorporate hidden features of your security plan is to "open" those features to a peer review of trusted (and NDA-bound) experts for their input. The number of experts is up to you, so make sure you balance "need to keep secret" with "enough insight to be valuable".
This way you can avoid the folly that one person's ideas are failsafe (they never are, after all), while still keeping the details from massive public consumption.
A poor analogy (but the only one I can think of right now) would be the details of the presidential security detail. By not publishing when the motorcades and aircraft will be moving/flying, the Secret Service adds a layer of security to the already armed-to-the-teeth plan. Relying exclusively on one or the other would not be enough to consider bullet-proof (no pun intended), but combining the two offers a degree of synergy, strengthening the overall plan.
excellent!!! I'd never thought of that. Bravo!
My (rather uninformed) guess would be to tie your external interfaces together (the linux kernel supports this) and make them one logical net pipe. then your internal just has one to talk to, and if one fails/becomes unreliable, the others are still there to pick up the slack...
I've not done this, but it seems reasonable, anyway.
I just turned in about 500 pieces of old sun equipment today... the things weren't 10k's, but were definitely useful to someone.
Check your phone book for Defense Reutilization Management Office, or call a nearby military base and speak to someone in the communications squadron/unit to ask where you can go. EDS should have some of that info, considering the fact that they work many military contracts. The info may be in another division, though...
If you need info, e-mail me.
HAH!!!! The guy that makes those is my college roommate's brother! He started making dummies for hollywood stunt scenes, and realized that perv's will pay big bux for these things. Now he's raking in cash. /.!
That's just too funny to see that on
toad.net - these guys are extremely professional (techs who can answer your question on the phone -- in person! -- within 5 minutes both times I've had to call in the past 6 or so months). The fact that I've only had to call twice in over 6 months should say something too! (Both times were due to outside factors - fire in a t-3 warehouse-type place, and verizon cutting wires another.)
Seriously, check them out!
LFTP is an excellent command-line and scriptable tool. Check out the fm.net page for more info.
Not sure if it does the encrypted password part, but it has almost every other bell and whistle out there. My fave is the 'mirror' and 'mirror -R' commands - does a comparison with the local file timestamps/sizes and only "get"s or "put"s the required files.
Heh, you could just drop an 802.11b card into the system and hope the incidents happen where a kindly company has a wireless network for you to access...
Seriously, though, if you're talking about a mobile home-style command center, there are attachments to the directv dishes that make it pretty easy to aim them. I'd assume that holds for the DirecPC dishes too.
Nevermind - I just remembered that the direcpc system needs a phone uplink, so that won't work.
maybe just get a cheaper cellular connection? My Sprint one is much less than $0.17/min.
From the "what would such a system be like" section:
Web Service
A little-known web site suddenly achieves popularity, perhaps with a link from Cool Site of the DaySM or a mention in a prominent news story. Word of mouth spreads, and soon the web site?s servers are overwhelmed. Or rather, would have been overwhelmed except that heuristics in the Millennium system had noticed the new link and already started replicating the site for increased availability. Monitored traffic increases confirm the situation and soon the site?s data has been "pre-cached" across the Internet. As the site?s usage drops over the following weeks, Millennium reallocates resources to meet new demands.
I just can't seem to understand WHY they didn't mention the slashdot effect in this paper!! I can remember CSOTD back in 94-95, but I must admit that I haven't looked at it in years - do they still get a lot of traffic?
clean-room zapping, and re-assembly would be better, but what about the cost? is it worth x $100 drives?
(not a flame, just an honest question)
Just a few minor points: ;)
SCIF = Sensitive Compartmentalized Information Facility
You are pretty dead on about the requirements to certify a facility though. (I worked with certifying them a year or so ago.)
Within the past few years, the tide has changed a few times on what to do with media. Currently (to mean that this article is not legal guidance in my mind), the standard is to physically destroy and burn all media regardless of classification. My guys have a locker full of around 50-100 drives that are waiting to be sledgehammered and sent to a burn facility. (Not sure if this is a "lots of fire" one, "acid bath" one, or something I'm not even aware of...)
And overwriting ANY number of times is not enough to save it from the tools that a foreign intelligence agency would have. I'd assume that we have similar technology, but that's some of the cool stuff I'm not privvy to.
I'll be interested to see what guidance might be waiting for us when we get to work Monday... And yes, those platter clocks/plaques do kick ass!
Not entirely true. Personal data (SSAN, DOB, etc) is considered "FOUO", or "For Official Use Only". This marking is actually a 'security handling' marking rather than an actual classification. (Not sure what you did in the Army, but consider a document that is SECRET// - it's actually SECRET, but can only be handled in the ways appropriate to that program.
And there is a TON of useful information that can be gleaned from UNCLASSIFIED data, as mentioned in numerous other posts here. Personally, I think that all drives (CLASS and UNCLASS should be destroyed. Media is cheap enough these days that a school could buy a smallish but usable drive for about 100 bux and have the rest of the hardware for free.
You could always take the character key, base-64 it, and XOR the bit string....
oh, wait a minute... you might get sued for that marvel of technical prowess!
Similarly, when reading someone else's poetry or a novel, I appreciate and learn new ways to express things in the English language. (Sorry, I'm not very bilingual...) I see someone else's approach to describing a color or feeling or item, etc. As social creatures ('cept when on 24-hour coding binges!), this behavior is inherent to our being.
Another reason to use a full-quality fair-use clip is to accurately discriminate between two different pieces of media. If you could only use a black-and-white copy of a movie for fair-use instances, how could we fairly compare the quality (technical comparison, not content) of "Miracle on 34th Street" and "The Matrix"?
For that matter, if the movie companies go to such great lengths to provide a medium of superior quality, why would they relegate others to show a watered-down version of the product and not be able to "sing the praises" of new technology?
Not sure if this makes any sense, but that's just my thoughts off the top of my head.
Thanks for clearing it up. I hereby stand (type?) corrected.
Presently (i.e. disregarding work in the quantum crypto/computing fields), the most secure, and in fact ONLY KNOWN UNBREAKABLE cryptography is a one-time pad (OTP). The security here is that it will be (if correctly keyed) invulnerable to mathematical attacks such as frequency analysis. In fact, the ENTIRE security model for OTPs is in the fact that you don't let the "bad guys" get the pads!! So by protecting the pads ("obscuring" them), you can, for now, guarantee security.
So, to answer the question in the article, in some cases, open crypto is your achilles' heel. In those that are algorithmically secure (RSA, Rijndahl, etc), open standards can be a good thing and allow the masses to poke holes in ways you wouldn't think to do...
Great question - check out Simon Singh's "The Code Book", that's reviewed here somewhere on slashdot for more on it!
If there are even three corectly-spelled replies to this article, I'll be surprised!!!!
;)
(and yes, I know i mis-spelled "correctly"!)
reminds me of the gtk+ frontend to the unix 'true' prog. ...er... 'compressed,' could that be a DMCA violation if someone else distributes their movies after being lzip'ped?
If I devise a way to get back the info that is