OK, I'm one of the people that has an extra bit to my prescription -- prisms. Specifically, I've got 5 prisms out on each eye. What, oh knower of these things, does this actually mean? Wikipedia only says they're "not seen in most prescriptions".
They're sold in various forms. There's the book that I have (the mondo book) which is meant for Calc I -- Calc III and has derivitatves, integrals, power series and vectors. It has a gold cover.
Then there are the blue cover books which are broken down into "each topic has a book".
Then there's another set of gold cover books that are somewhere between the blue books and the mondo gold book.
A good webmail option is kinda a catch. Squirrelmail is nice, but compared to OWA its really out of its league.
I recently went through the quest for a decent webmail client for my home network. I have seen the promised land, and it is The Horde.
PHP front end. Multiple storage backends from filesystems to the standard gaggle of databases. An interesting web-accessible VFS that I can see being really useful in a corporate environment.
IMP (the mail component) can read mail from multiple sources -- either POP3, IMAP or IMAP/SSL (maybe more, those are just the ones that I know). It also deals with spam management at the individual client level.
Consolidated bookmarks that are web-accesible; notes; tasks; calendars; address book.
It can use LDAP (as well as about three dozen other things) for user authentication -- an important consideration when contemplating 1,000,000 users.
A little apache magic, and it's all SSL secured.
I don't know how it would work in a large, large environment, but with Postgresql for a backing store, I imagine it could scale as far as you wanted it to.
I've only been using it for a few days, but I'm really impressed.
Hypercard and Macintosh System 6 and Oracle 5 (or maybe it was 6) -- just beautiful.
You could make actual databases that real people with little tiny desktop computers could use over a network AND you could do a lot of it by dragging boxes around on a screen.
this method has in fact been in use since 1982. Which kind of makes me wonder how long ago something would have to happen for the article submitter to no longer use the word "recently."
Judaism and halacha operate on a very long timescale. For instance, in any good book about Jewish prayer services there will be a number of statements like, "Relatively recently, in the early 1600s, some additions were made..." Things change slowly in these parts.
However the paper admits that the only way to be sure that you have killed a kernel rootkit is to completely erase an infected hard drive and reinstall the operating system from scratch.
That was always the process at places I've worked when a *nix box got rooted. Once it's happened there's no way to be sure of *anything* on the machine.
I'm sure if someone wanted to spend a few days or weeks on super-guru forensics they might be able to recover from it, but that's usually not feasible.
Actually, I hate to disappoint you (really, I'm a FreeBSD user, this is going to be my one pro-Microsoft post of the year).
My girlfriend's machine is a PIII-800 with 192Mb of RAM and a GeForce3. Windows XP Home is pretty damned snappy on it. I relentlessly maintain it so there's no spyware or viruses.
I'm sure any of the latest and greatest games would crush it, but the original Half-Life runs smoothly. So does Firefox.
you're not supposed to reboot an X terminal as often as a Windows workstation - you just lock it and leave it as is. This comes from older times, but still shows
typically, people just arrange their windows *once* and leave them that way. For a very, very long time. When time comes to reboot, they save their session, preserving their windows' position (okay, this does not work all the time) then log back in again later.
Too true. My SO has used my computer a few times. I finally broke down and gave her a lecture.
"All of my windows stay in the same places. I open tabs in firefox and keep them open for days. Every time I come back to my computer, I expect it to look exactly the way it did when I left it because I never reboot it. Everytime I *do* reboot it, all of the windows come back in the same place that they used to be. Please don't move windows or close tabs."
It's a very interesting cultural difference that I've never really thought about before. As a *nix user, I think of my desktop as having an almost permanent state. mutt is always open on screen one. Web browser on screen two. Screen three is xterms to my local machine. Four is remote xterms. When I do reboot, they all just appear in their proper places.
Most windows users I know seem to regard their desktop as a dumping ground for icons; with auto-arrange, the icons move around so there's always this mouse-hovering-looking-for-an-icon.
I don't see a card as being mandatory in the "all biometrics, all the time" world. Until biometrics becomes more of a commodity, there's a need for cards. You can't exactly press your fingerprint on your monitor to buy something from amazon.
A variant of the PIN change that I just thought of was just changing fingers in the event of a compromise. The bank has all ten of my prints -- if there was a need, you could switch from finger #1 to finger #2.
Someone stealing your identity by getting a hold of your finger print just means that now there are two people who can access your ATM account if they both know your PIN, you and the person who stole your identy last time, ie you're in the exact same position you are in today.
Actually, you're in a slightly better position. With ATMs, if the card is stolen, you're screwed even if you know the PIN.
With a biometric/PIN combo even if someone else knows your PIN and has manufactured whatever biometric-hacking-device they might need...you still have access to it.
Today, if your ATM stolen (and we'll assume that the PIN is compromised) you contact the bank. *clicky-clicky* "OK, sir, that card has been turned off. It will be two weeks before another card is sent to us -- you'll have to pick it up at the bank".
Biometrically, the same situation plays out more like: contact the bank. "OK, sir, we're turning that PIN off. What new PIN would you like? *clicky-clicky* OK, you can start using it right away".
If banks used biometric coupled with PINs I think that we'd be much better off in the case of a compromise. If banks actually used something a bit less trivial than a four-digit PIN -- perhaps a passphrase (notice my slick attempt to try and tie this thread into the actual story being discussed) -- it would be even better.
I've helped implement a biometric system for time-keeping. I've also worked in very, very secure environments.
There are two definite (and related) advantages to biometric systems.
One -- the bar to "unauthorized use of credentials" is raised to a higher level. Which, to a large degree, is what all security is about. If ${large organization of nefarious intent} wants my data, they have the means to get it. Biometrics helps weed out the less well-funded and well-motivated people. It's like me using one-time passwords for SSH access. No, it doesn't prevent someone from entering my house and installing a tiny hardware key-logger in my PC, but it does stop all of those clowns running dictionary attacks.
With biometrics, people can't just rummage around a desk looking for the password post-it. They (as in your case) have to arrange for greasy finger-print covered glasses and scotch tape. Not insurmountable, just a bit more difficult.
Two -- any kind of remotely plausible deniability in the event of a breach is gone. ("Uh, I don't know how it happened. I just happened to have a jelly mold of this guy's fingerprint..."). Unauthorized access to a biometrically controlled system is pretty solid primae faciae evidence that Evil Deeds[TM] are afoot.
Yes, there are problems with biometric authorization. Irrevocability being a very large one. Almost all of the people complaining about biometrics being ineffective -- and almost all of the people touting them as *the* solution to all security problems -- are forgetting one thing.
Security is about the whole organizational process. Total security is enhanced or diminished by the particular method of authentication that you use -- and poor authentication can undermine a lot of the rest of the system. Hackable authentication does not automatically invalidate the rest of the security process. 100% provable authentication does not automatically mean that your system is 100% secure.
Let's look at the example of an anonymous FTP server. There's no authentication. None. However, any sensible person would be running it read-only. It would be jailed or chrooted. IP addresses would be logged for auditing purposes. The partition that the ftp server is serving data from could be mounted noexec. Blah, blah, blah, etc, etc, etc. Here's a case where zero authentication does not mean zero security.
People often talk about biometrics in the context of some theoretical, non-existent system where there is no other security other than this one, initial biometric authentication...and the whole system is either "secure" or "insecure" based on the authentication. Which is just garbage.
Even in the simplest case -- biometric time-keeping -- there are other checks in the system.
Let's assume that worker A and worker B have colluded to provide each other with false handprints. We'll leave out such annoying real-world problems like, "Hey, Bob, why are you clocking in with that jelly-filled hand-on-a-stick ?" and assume that worker A and worker B can at any time just clock in and clock out as each other without anyone noticing.
OK, at the end of the week, Manager M gets a payroll report. Manager M gives it a cursory glance. Uber-manager N gets the same report, and gives it an even more cursory glance. Let's not even talk about Director O -- we know that it's just sitting in her in-box with all of the other reports.
HR Flunkie T runs the weekly "check for discrepancies between scheduled shifts and actual time worked" and sends those to Manager, Uber-Manager and Director. Manager M fires an email back saying, "Hey, no problem." Or perhaps the email says, "Hey, worker A is showing up as having no discrepancies -- I distinctly remember that he was thirty minutes late on Tuesday".
Every month, Auditor X takes a brief look at all of the discrepancies between last month and today and all of the explanations for them. Auditor X looks for any suspicious or unusual patterns -- and the absenc
I worked for that now-bankrupt and sadly-missed Metricom.
Down in the Houston NOC, there was this room that dated from the company's earlier days. IIRC, it wasn't a "real" server room...some sort of legacy from the earlier days of mad expansion.
There were a bunch of servers in the room -- cables went in and out, there were switches, lots of blinking lights.
The problem was that nobody was sure what these machines actually did. Obviously they were doing *something* -- I mean, hey, look at all of those lights blinking.
It was the room of "don't go in there and touch anything because if something gets messed up we might be screwed". It was spoken of with hushed tones.
What surprises me is that nobody yet seems to have seriously jumped into a potentially great business opportunity of offering remote linux administrations for home users.
It's definitely an interesting idea, and I've toyed with ideas like it. The one thing that stops me dead in my tracks is my memories (PLEASE! ARGH! KILL ME NOW!) of providing phone support to users in a large corporate environment.
*ring, ring* Me: Super-whiz Home Admins, how may I help you? Granny: I just bought me one of those digifed cameras at WalMart. Me: OK, ma'am, what's the problem? Granny: It doesn't work. Me: Well, you might want to call WalMart about that. Granny: Lookie here, son! I'm paying you good money, and I expect an answer! Me: Ma'am, we provide support for... Granny: I pay you to make my computer work! None of your lip! This digified camera won't work!...
I'm sure you see my point. The idea is great...the actuality of providing quality support to a random cross-section of the population makes me shiver.
The FBI's argument of "umm, well, it's not indexed so we can't find it" is, at best, moronic -- at worst, it's an attempt to intentionally deny FOIA requests by claiming "keyword isn't indexed, no document for you".
The whole concept of an index revolves around most-common keywords. You index what is most likely to be searched for -- that's why indexes enhance performance. Indexes are about speeding up queries -- they're not about filtering queries.
Surely the FBI employs someone that knows about "grep". I understand that indexing is useful. In this instance, though, we're talking about the FBI failing to find documents in its possession because they weren't "indexed". Guess what, if the FBI *makes* the indexes and refuses to comply with FOIA requests on the basis of "that keyword wasn't indexed" then all FOIA requests are worthless.
Now that I think about it, I'm off to write a letter to my various Congress-critters.
In my definition, having a network connection to a contractor that is connected to the Internet is being externally connected. According to your logic, my computer at home isn't externally connected, it just has a line to my ISP...and they just happen to be connected.
I run no Microsoft products at home. I only look for Unix jobs. DTS is one of the coolest and most useful products that I've used in the last fifteen years.
DTS is just about the only reason to install MSSQL. I first used DTS back in the MSSQL 7 days. A client had an old multi-gigabyte dBase database they needed to migrate. The new database was MSSQL, but the schemas had all changed, all of the old constraints and triggers were in the application code. Using DTS, it took me a week.
I don't use SQL Server for databases -- just for DTS. I'm well aware that various ODBC drivers can munge things up. I'm sure that there are many pitfalls that I've managed to avoid. But DTS just rocks.
If I'm working with a client that has Microsoft products -- and most of them do -- I always suggest using DTS for data migrations. Even if the have to buy a license. (Yup, it's that good).
If you can get Windows to talk from one system to another via ODBC -- or programatically -- DTS makes data migration almost easy.
By far, DTS, is the best MS product that I've ever used.
Slashdot Mirror
You're being architecture-centric. IBM's just released z196 mainframe chip is 5.2Ghz.
http://www.theregister.co.uk/2010/07/23/ibm_z196_mainframe_processor/
OK, I'm one of the people that has an extra bit to my prescription -- prisms. Specifically, I've got 5 prisms out on each eye. What, oh knower of these things, does this actually mean? Wikipedia only says they're "not seen in most prescriptions".
I'm actually a male that knits.
No, no, no.
They're sold in various forms. There's the book that I have (the mondo book) which is meant for Calc I -- Calc III and has derivitatves, integrals, power series and vectors. It has a gold cover.
Then there are the blue cover books which are broken down into "each topic has a book".
Then there's another set of gold cover books that are somewhere between the blue books and the mondo gold book.
A good webmail option is kinda a catch. Squirrelmail is nice, but compared to OWA its really out of its league.
I recently went through the quest for a decent webmail client for my home network. I have seen the promised land, and it is The Horde.
PHP front end. Multiple storage backends from filesystems to the standard gaggle of databases. An interesting web-accessible VFS that I can see being really useful in a corporate environment.
IMP (the mail component) can read mail from multiple sources -- either POP3, IMAP or IMAP/SSL (maybe more, those are just the ones that I know). It also deals with spam management at the individual client level.
Consolidated bookmarks that are web-accesible; notes; tasks; calendars; address book.
It can use LDAP (as well as about three dozen other things) for user authentication -- an important consideration when contemplating 1,000,000 users.
A little apache magic, and it's all SSL secured.
I don't know how it would work in a large, large environment, but with Postgresql for a backing store, I imagine it could scale as far as you wanted it to.
I've only been using it for a few days, but I'm really impressed.
Hypercard and Macintosh System 6 and Oracle 5 (or maybe it was 6) -- just beautiful.
You could make actual databases that real people with little tiny desktop computers could use over a network AND you could do a lot of it by dragging boxes around on a screen.
It was just amazing.
IIRC, it was actually some of the cards in the RSS-D, not the whole thing.
Judaism and halacha operate on a very long timescale. For instance, in any good book about Jewish prayer services there will be a number of statements like, "Relatively recently, in the early 1600s, some additions were made..." Things change slowly in these parts.
You've maintained some of my code, I see.
Didn't I see you on some X-files episode?
However the paper admits that the only way to be sure that you have killed a kernel rootkit is to completely erase an infected hard drive and reinstall the operating system from scratch.
That was always the process at places I've worked when a *nix box got rooted. Once it's happened there's no way to be sure of *anything* on the machine.
I'm sure if someone wanted to spend a few days or weeks on super-guru forensics they might be able to recover from it, but that's usually not feasible.
XP would be dismal on the same hardware
Actually, I hate to disappoint you (really, I'm a FreeBSD user, this is going to be my one pro-Microsoft post of the year).
My girlfriend's machine is a PIII-800 with 192Mb of RAM and a GeForce3. Windows XP Home is pretty damned snappy on it. I relentlessly maintain it so there's no spyware or viruses.
I'm sure any of the latest and greatest games would crush it, but the original Half-Life runs smoothly. So does Firefox.
It got slashdotted real quick.
you're not supposed to reboot an X terminal as often as a Windows workstation - you just lock it and leave it as is. This comes from older times, but still shows
typically, people just arrange their windows *once* and leave them that way. For a very, very long time. When time comes to reboot, they save their session, preserving their windows' position (okay, this does not work all the time) then log back in again later.
Too true. My SO has used my computer a few times. I finally broke down and gave her a lecture.
"All of my windows stay in the same places. I open tabs in firefox and keep them open for days. Every time I come back to my computer, I expect it to look exactly the way it did when I left it because I never reboot it. Everytime I *do* reboot it, all of the windows come back in the same place that they used to be. Please don't move windows or close tabs."
It's a very interesting cultural difference that I've never really thought about before. As a *nix user, I think of my desktop as having an almost permanent state. mutt is always open on screen one. Web browser on screen two. Screen three is xterms to my local machine. Four is remote xterms. When I do reboot, they all just appear in their proper places.
Most windows users I know seem to regard their desktop as a dumping ground for icons; with auto-arrange, the icons move around so there's always this mouse-hovering-looking-for-an-icon.
Being a good developer is like being a good writer.
You know all of the rules, and you follow them most of the time. You also know that blindly following the rules in every single case is stupid.
I don't see a card as being mandatory in the "all biometrics, all the time" world. Until biometrics becomes more of a commodity, there's a need for cards. You can't exactly press your fingerprint on your monitor to buy something from amazon.
A variant of the PIN change that I just thought of was just changing fingers in the event of a compromise. The bank has all ten of my prints -- if there was a need, you could switch from finger #1 to finger #2.
Someone stealing your identity by getting a hold of your finger print just means that now there are two people who can access your ATM account if they both know your PIN, you and the person who stole your identy last time, ie you're in the exact same position you are in today.
Actually, you're in a slightly better position. With ATMs, if the card is stolen, you're screwed even if you know the PIN.
With a biometric/PIN combo even if someone else knows your PIN and has manufactured whatever biometric-hacking-device they might need...you still have access to it.
Today, if your ATM stolen (and we'll assume that the PIN is compromised) you contact the bank. *clicky-clicky* "OK, sir, that card has been turned off. It will be two weeks before another card is sent to us -- you'll have to pick it up at the bank".
Biometrically, the same situation plays out more like: contact the bank. "OK, sir, we're turning that PIN off. What new PIN would you like? *clicky-clicky* OK, you can start using it right away".
If banks used biometric coupled with PINs I think that we'd be much better off in the case of a compromise. If banks actually used something a bit less trivial than a four-digit PIN -- perhaps a passphrase (notice my slick attempt to try and tie this thread into the actual story being discussed) -- it would be even better.
I've helped implement a biometric system for time-keeping. I've also worked in very, very secure environments.
There are two definite (and related) advantages to biometric systems.
One -- the bar to "unauthorized use of credentials" is raised to a higher level. Which, to a large degree, is what all security is about. If ${large organization of nefarious intent} wants my data, they have the means to get it. Biometrics helps weed out the less well-funded and well-motivated people. It's like me using one-time passwords for SSH access. No, it doesn't prevent someone from entering my house and installing a tiny hardware key-logger in my PC, but it does stop all of those clowns running dictionary attacks.
With biometrics, people can't just rummage around a desk looking for the password post-it. They (as in your case) have to arrange for greasy finger-print covered glasses and scotch tape. Not insurmountable, just a bit more difficult.
Two -- any kind of remotely plausible deniability in the event of a breach is gone. ("Uh, I don't know how it happened. I just happened to have a jelly mold of this guy's fingerprint..."). Unauthorized access to a biometrically controlled system is pretty solid primae faciae evidence that Evil Deeds[TM] are afoot.
Yes, there are problems with biometric authorization. Irrevocability being a very large one. Almost all of the people complaining about biometrics being ineffective -- and almost all of the people touting them as *the* solution to all security problems -- are forgetting one thing.
Security is about the whole organizational process. Total security is enhanced or diminished by the particular method of authentication that you use -- and poor authentication can undermine a lot of the rest of the system. Hackable authentication does not automatically invalidate the rest of the security process. 100% provable authentication does not automatically mean that your system is 100% secure.
Let's look at the example of an anonymous FTP server. There's no authentication. None. However, any sensible person would be running it read-only. It would be jailed or chrooted. IP addresses would be logged for auditing purposes. The partition that the ftp server is serving data from could be mounted noexec. Blah, blah, blah, etc, etc, etc. Here's a case where zero authentication does not mean zero security.
People often talk about biometrics in the context of some theoretical, non-existent system where there is no other security other than this one, initial biometric authentication...and the whole system is either "secure" or "insecure" based on the authentication. Which is just garbage.
Even in the simplest case -- biometric time-keeping -- there are other checks in the system.
Let's assume that worker A and worker B have colluded to provide each other with false handprints. We'll leave out such annoying real-world problems like, "Hey, Bob, why are you clocking in with that jelly-filled hand-on-a-stick ?" and assume that worker A and worker B can at any time just clock in and clock out as each other without anyone noticing.
OK, at the end of the week, Manager M gets a payroll report. Manager M gives it a cursory glance. Uber-manager N gets the same report, and gives it an even more cursory glance. Let's not even talk about Director O -- we know that it's just sitting in her in-box with all of the other reports.
HR Flunkie T runs the weekly "check for discrepancies between scheduled shifts and actual time worked" and sends those to Manager, Uber-Manager and Director. Manager M fires an email back saying, "Hey, no problem." Or perhaps the email says, "Hey, worker A is showing up as having no discrepancies -- I distinctly remember that he was thirty minutes late on Tuesday".
Every month, Auditor X takes a brief look at all of the discrepancies between last month and today and all of the explanations for them. Auditor X looks for any suspicious or unusual patterns -- and the absenc
I worked for that now-bankrupt and sadly-missed Metricom.
Down in the Houston NOC, there was this room that dated from the company's earlier days. IIRC, it wasn't a "real" server room...some sort of legacy from the earlier days of mad expansion.
There were a bunch of servers in the room -- cables went in and out, there were switches, lots of blinking lights.
The problem was that nobody was sure what these machines actually did. Obviously they were doing *something* -- I mean, hey, look at all of those lights blinking.
It was the room of "don't go in there and touch anything because if something gets messed up we might be screwed". It was spoken of with hushed tones.
What surprises me is that nobody yet seems to have seriously jumped into a potentially great business opportunity of offering remote linux administrations for home users.
...
It's definitely an interesting idea, and I've toyed with ideas like it. The one thing that stops me dead in my tracks is my memories (PLEASE! ARGH! KILL ME NOW!) of providing phone support to users in a large corporate environment.
*ring, ring*
Me: Super-whiz Home Admins, how may I help you?
Granny: I just bought me one of those digifed cameras at WalMart.
Me: OK, ma'am, what's the problem?
Granny: It doesn't work.
Me: Well, you might want to call WalMart about that.
Granny: Lookie here, son! I'm paying you good money, and I expect an answer!
Me: Ma'am, we provide support for...
Granny: I pay you to make my computer work! None of your lip! This digified camera won't work!
I'm sure you see my point. The idea is great...the actuality of providing quality support to a random cross-section of the population makes me shiver.
The FBI's argument of "umm, well, it's not indexed so we can't find it" is, at best, moronic -- at worst, it's an attempt to intentionally deny FOIA requests by claiming "keyword isn't indexed, no document for you".
The whole concept of an index revolves around most-common keywords. You index what is most likely to be searched for -- that's why indexes enhance performance. Indexes are about speeding up queries -- they're not about filtering queries.
Surely the FBI employs someone that knows about "grep". I understand that indexing is useful. In this instance, though, we're talking about the FBI failing to find documents in its possession because they weren't "indexed". Guess what, if the FBI *makes* the indexes and refuses to comply with FOIA requests on the basis of "that keyword wasn't indexed" then all FOIA requests are worthless.
Now that I think about it, I'm off to write a letter to my various Congress-critters.
In my definition, having a network connection to a contractor that is connected to the Internet is being externally connected. According to your logic, my computer at home isn't externally connected, it just has a line to my ISP...and they just happen to be connected.
Trust no one. Not even yourself.
I run no Microsoft products at home. I only look for Unix jobs. DTS is one of the coolest and most useful products that I've used in the last fifteen years.
DTS is just about the only reason to install MSSQL. I first used DTS back in the MSSQL 7 days. A client had an old multi-gigabyte dBase database they needed to migrate. The new database was MSSQL, but the schemas had all changed, all of the old constraints and triggers were in the application code. Using DTS, it took me a week.
I don't use SQL Server for databases -- just for DTS. I'm well aware that various ODBC drivers can munge things up. I'm sure that there are many pitfalls that I've managed to avoid. But DTS just rocks.
If I'm working with a client that has Microsoft products -- and most of them do -- I always suggest using DTS for data migrations. Even if the have to buy a license. (Yup, it's that good).
If you can get Windows to talk from one system to another via ODBC -- or programatically -- DTS makes data migration almost easy.
By far, DTS, is the best MS product that I've ever used.
You know, I've got a problem. I'd love to write a polite, well-reasoned, cogent letter explaining why this proposal is silly.
Unfortunately, I can't get past, "IT'S ALL JUST FUCKING BITS!".
No, it's more like "Olivia Newton-John *in* the pleasure dome of Kublai Khan."