Using the install-root feature of RPM should
go some distance, but to ensure that none of the scripts that might be run for pre- or post-installation do anything to you files you might additionally use chroot.
Set up a minimal system in a directory of your choice. This might take some time, but if you tar the dir prior to doing the first installation you can recycle it later.
the go to the dir and do
chroot your-dir $SHELL
and continue with installation as usual. should you be missing any file from the mini-system, just change to another shell and add.
Afterwards you will not only know what your packages requires (never trust the Requires statement B-), but you can also be sure that no files outside of this directory have been changed.
This solution has some advantages over the use-additional-system path, since your systems might be limited, especially if you require special hardware and stuff. Also a complete installation might take a while. taking out your trusty chroot-tar is much quicker.
You should look away from Verisign and Thawte (a Versign company). There are other CAs and they
offer a serious reduction for renewals (like 50%)
and for your n+1th certificate too.
Your argument about the cost is valid only to a certain point. A lot of the cost for a cert comes from continuous costs to the vendor: maintaining a directory service, keeping the root key safe, paying for the initial investment for bricks and mortar security, etc.
Our price modell also gives a certain (up to 50%) rebate on additional certs as well as renewal of existing cert, so the effort for identification is accounted for only once.
As for the lack of international support and the lack of english pages: please visit us again after the CeBit 2001 (~ March 22. 2001), as we will release the new web pages. It is wierd how much longer a cycle takes once you have to watch out for maintaining a certain abount of quality in your pages B-}
This comment is a marketing plug written by a marketing drone. Accept information at you own risk. B-)
But some name recognition for what is admittedly successful (even if unofficial) PKI should have been given...
While I still think that PGPs 'Web Of Trust' is a neat idea, I had the opportunity to see that I does not scale well nor is useable by DAUs(1) in the wild. Except when degenerated to a hirarchical modell as in a PKI, where PKIX standards work better
PGP only works well in a tightly nit network. If there are more then two to three steps from an identity that I have verified personally to the identity that I want to trust, the trust in the diligence in the intermediate parties is lacking. And the consideration that goes into a well maintained Web is lacking with most DAUs
1: DAU: Dümmster Anzunehmender User, german from most stupid asumeable user
No currently developed public key encryption algorithm has been mathematically demonstrated to be secure.
In addition to the comments others have already may on the question whether an algorithm needs to be proven secure to be useable, I would like to remark that the security of a PKI does not lie with just one algorithm. As long as there is at least one asymetric algorithm that has not been cracked for a given key lenght, PKIs will work.
If you select PKI components you should allways look for support for multiple asymetric algorithms. Then you only need to change the keys. Something PKIs are MUCH better at then the mathematically secure one pad ciphers.
And let me asure you, the ciphers are not the biggest weakness in PKIs. As allways, People are. And I know what I am talking about. I work as a marketing drone for a CA.
So what's wrong with calling your coworker with a message (EG "I like green tea") and encrypting that message with your private key (using gpg or pgp), and putting
your public key up on the web (giving the URL to the public key over the phone) or putting your public key on the keyservers?
Because clicking on sign&encrypt in Netscape is so much simpler.
As the original author is stating, the ex-soviets are security conscious too, so he should get their certs from some directory service (or, if using Messanger, included in every signed mail) and encrypt with S/MIME directly.
Basically all Communicator or Mozilla derived Browsers will work. Try Beonex, Friends said it worked fine for them. I myself had troubles with the archive, but thats just me.
With X.509 it is allways crucial to have the root keys installed. And the Verisign ones are in the programs mentioned above. This minimizes the effort for the uninitiated.
It should not be so difficult to includet the PSE from Mozilla in s/w like Balsa, if they offer a generic way to manipulate the network connection before it is made.
But I allways had the impression that most coders in the free software arena prefer PGP, thus never took the time to write the code to support S/MIME and SSL.
The neccesary backend libraries are there (here for instance), but the integration and the GUI needed to make it happen in end-user software where never done. The good thing about the mozilla PSE is the fact that it has some concept of doing the GUI itself, only the integration has still to be done.
If I only had more hours to the day B-)
You might want to hold the parties!
RSA recently got an exclusive license to
Compaqs Multi-Prime Algorithm, which
is IIRC patented. So nothing is lost for RSA.
They will continue to put a stranglehold on
America as far as encryption software goes, as servers will grow more and more unable to support the workload that is generated by verifying the signature on connections. The multi-prime helps solve that problem technically.
[Warning! This is pure ADVERTISEMENT, but I simply love my city and know of some foreigners that never wanted to leaver after comming here]
Wellcome to Hamburg
In the the IT sector everybody speaks english, and most people on the street do so as well. We have a large english,irish and american community, even got an english speaking theather. As traditional port, we are germanys gateway to the world
While the whole of germany is currently looking for IT personal, Hamburg also offers a richt Multi-Media and PR scene, that gives good working opportunities for the graphically inclined.
Hamburg has lots to offer with a cool Heavy Metal scene if you are into that, or lots of other arts and culture.
Hamburg is at the intersection of three Rivers, with lots of watersports to do, the climate has mild winters and no weather extremes as the USA is prone to. The streets are clean and have a friendly athmosphere. The city has a superior public transport system (I do not own a car, I do not need it. No designated driver nessecary)
Hamburg is close enough to Hannover to sleep in your own bed when being sent to CeBit (Which will happen if you plan on working in the IT Sector)
And If you are looking for jobs, mail me I've got good jobs to offer (the relevant part of my geek code is 'ULS+++$' B-)
Critical programmes [...], are usually custom-written, making them twice as difficult to attack. ...And are ten times as likely to have weaknesses. Well, while he got [cr|h]acker right, the open source concept he cannot grasp.
Moasic-2000 may not ask such questions, nor make indications on 'fringness' or 'geeknes'
But KnockOff0.2(tm) will do. And because it is cheaper, a lot of Schools will buy it.
And all Schools will skimp on the Training that any such Programm would require in order to use it sensibly.
This is a piece of software, that follows the same patterns as any other software. Does anybody learn netiquette when having training for their e-mail Software? (in case they do at all)
I think that somebody should tell american legislators that nacism means separation of the unwanted and does not _start_ with the mass killing of inocent.
- a 6' 220 lbs german who went to an american high school and told the quarterback to his face that he does not want the slot in the opening offensive lineup.
There very simple reason for not using a modified english is the simple fact that a language expresses how you think, and there are some things that are inaccurately or incompletely expresses in english. Unfortunately I cannot give an example, as a) we are holding this discussion in english and b) none comes to mind right now.
I wonder how this tranlator is supposed to handle this issue. It would hardly be used in diplomatic circles, as every nouance is needed there.
Anybody ever read 'When HARLIE was one 2.0' by David Gerrold? I talks a lot about the talking-thinking paradigm in an easy digested novel form.
But on the otherhand, I know that in my head/memory I use a more symbolic representation, this is indicated by that I can usually not recall word by word what was said, but I recall the contents (=symbolic?), both intelectual and emotional.
It is not just you! I have the same impression. This leads to funny things like citing a dialog in a language that you never heard it in. But since you only remember the information that was transmitted on a higher level , that you can translate (or rather re-encode) on the fly.
But if you are listening to one language it is very hard to translate because you continue to thing in that language.
One other rather funny effect I (native german) had when in high school while staying in the US: In american history we where shown a film about typical americana; the 4th of July parade, with some major-dude holding a speech. Suddendly I noticed some comotion around me and people asking 'what f* is he talking about'. It took me quite some time to notice that the whole film was in german. (in order to show that only a single voice would have turned the US into a german speaking nation) Very surreal that.
While this is allmost correct, it is irrelevant with netscape communicator.
The comm traps any signal and remaps the ones that result from a programming error (SegFault, BUS, and some others, esp. threat ctrl ones on Solaris) to SIGBUS. So the fact that you see a SIGBUS doesn't mean that something threw a SIGBUS.
GDB will tell you interesting things even without debugging symbols
I do not see such a problem with clicky-do-it-all installers. They only need to have code signing as an unbreakable requirement. Then there would be accountability.
We cannot just copy from the other world. We need to improvise every step of the way.
Microsoft owns 30%+ of SCO. It is questionable whether RH wants to buy something in which M$ has some level of control.
And if the buy is done by stock swap M$ will hold a sizeable chunk of RH. Now this might make the job of the Justice department much easier, but is not something Bob Young would enjoy.
I have heard this done with the CLOWN (500+ node) system assembled in Paderborn, Germany on 06th Dec 1998. They rather used the speakers, so you could listen w/o a radio, but I neverd before heard such an wierd sound.
Now technically it is a lot simpler than creating FM signals, but still is fun to listen to. They used a simple server that send modified pings to the nodes that contained the freq in the timeout field IIRC. A small programm would send rising freq to the nodes by their ip numbers. The way the nodes where layout, you could hear the wave swirling around you when you stepped into the cluster.
Slashdot Mirror
- its own computing platform (primitive as it may be)
- you may desing models that actually look good (better than Meccano at least)
- may design modells that can carry a lot of load ( more than Lego at least )
My favorite allways was the 3 foot high oil drilling plattform that I used as a ladder to reach my upper bookshelves. (geekcode s+:+)Set up a minimal system in a directory of your choice. This might take some time, but if you tar the dir prior to doing the first installation you can recycle it later. the go to the dir and do
chroot your-dir $SHELL
and continue with installation as usual. should you be missing any file from the mini-system, just change to another shell and add.
Afterwards you will not only know what your packages requires (never trust the Requires statement B-), but you can also be sure that no files outside of this directory have been changed.
This solution has some advantages over the use-additional-system path, since your systems might be limited, especially if you require special hardware and stuff. Also a complete installation might take a while. taking out your trusty chroot-tar is much quicker.
mfg 12decode
You should look away from Verisign and Thawte (a Versign company). There are other CAs and they offer a serious reduction for renewals (like 50%) and for your n+1th certificate too.
Our price modell also gives a certain (up to 50%) rebate on additional certs as well as renewal of existing cert, so the effort for identification is accounted for only once.
As for the lack of international support and the lack of english pages: please visit us again after the CeBit 2001 (~ March 22. 2001), as we will release the new web pages. It is wierd how much longer a cycle takes once you have to watch out for maintaining a certain abount of quality in your pages B-}
This comment is a marketing plug written by a marketing drone. Accept information at you own risk. B-)
I beg to differ: TC TrustCenter
They still do PGP certificate, PGP PKIs. Their PGP Root key is here
I did say that I work for them and that this is a shameless plug, didn't I?
While I still think that PGPs 'Web Of Trust' is a neat idea, I had the opportunity to see that I does not scale well nor is useable by DAUs(1) in the wild. Except when degenerated to a hirarchical modell as in a PKI, where PKIX standards work better
PGP only works well in a tightly nit network. If there are more then two to three steps from an identity that I have verified personally to the identity that I want to trust, the trust in the diligence in the intermediate parties is lacking. And the consideration that goes into a well maintained Web is lacking with most DAUs
1: DAU: Dümmster Anzunehmender User, german from most stupid asumeable user
In addition to the comments others have already may on the question whether an algorithm needs to be proven secure to be useable, I would like to remark that the security of a PKI does not lie with just one algorithm. As long as there is at least one asymetric algorithm that has not been cracked for a given key lenght, PKIs will work.
If you select PKI components you should allways look for support for multiple asymetric algorithms. Then you only need to change the keys. Something PKIs are MUCH better at then the mathematically secure one pad ciphers.
And let me asure you, the ciphers are not the biggest weakness in PKIs. As allways, People are. And I know what I am talking about. I work as a marketing drone for a CA.
Because clicking on sign&encrypt in Netscape is so much simpler.
As the original author is stating, the ex-soviets are security conscious too, so he should get their certs from some directory service (or, if using Messanger, included in every signed mail) and encrypt with S/MIME directly.
The same Certificate (to do away with the VeriSign product names) may be used for S/MIME -> mail and client authenticated SSL -> web-site access.
VeriSign will give you a X.509 Cert (possibly in a PKCS#7 Message Format).
VeriSign might deliver Certs on SmartCard-like token, which are accessed from Netscape via a PKCS#11 compliant driver.
With X.509 it is allways crucial to have the root keys installed. And the Verisign ones are in the programs mentioned above. This minimizes the effort for the uninitiated.
It should not be so difficult to includet the PSE from Mozilla in s/w like Balsa, if they offer a generic way to manipulate the network connection before it is made.
But I allways had the impression that most coders in the free software arena prefer PGP, thus never took the time to write the code to support S/MIME and SSL.
The neccesary backend libraries are there (here for instance), but the integration and the GUI needed to make it happen in end-user software where never done. The good thing about the mozilla PSE is the fact that it has some concept of doing the GUI itself, only the integration has still to be done. If I only had more hours to the day B-)
Too much slotting of 'Highlander 2' maybe?
B-)
But I will not chant 'we are free', coz we aint
(and apologies to everyone about me not previewing)
RSA recently got an exclusive license to Compaqs Multi-Prime Algorithm, which is IIRC patented. So nothing is lost for RSA.
They will continue to put a stranglehold on America as far as encryption software goes, as servers will grow more and more unable to support the workload that is generated by verifying the signature on connections. The multi-prime helps solve that problem technically.
Wellcome to Hamburg
In the the IT sector everybody speaks english, and most people on the street do so as well. We have a large english,irish and american community, even got an english speaking theather. As traditional port, we are germanys gateway to the world
While the whole of germany is currently looking for IT personal, Hamburg also offers a richt Multi-Media and PR scene, that gives good working opportunities for the graphically inclined.
Hamburg has lots to offer with a cool Heavy Metal scene if you are into that, or lots of other arts and culture.
Hamburg is at the intersection of three Rivers, with lots of watersports to do, the climate has mild winters and no weather extremes as the USA is prone to. The streets are clean and have a friendly athmosphere. The city has a superior public transport system (I do not own a car, I do not need it. No designated driver nessecary)
Hamburg is close enough to Hannover to sleep in your own bed when being sent to CeBit (Which will happen if you plan on working in the IT Sector)
And If you are looking for jobs, mail me I've got good jobs to offer (the relevant part of my geek code is 'ULS+++$' B-)
It might not be publically availiable,
but since the days of Navigator 1.0, I have allways been using ftp21.netscape.com and it still works fine.
Critical programmes [...], are usually custom-written, making them twice as difficult to attack.
...And are ten times as likely to have weaknesses.
Well, while he got [cr|h]acker right, the open source concept he cannot grasp.
Moasic-2000 may not ask such questions, nor
make indications on 'fringness' or 'geeknes'
But KnockOff0.2(tm) will do. And because it is
cheaper, a lot of Schools will buy it.
And all Schools will skimp on the Training that any such Programm would require in order to use it sensibly.
This is a piece of software, that follows the same patterns as any other software. Does anybody learn netiquette when having training for their e-mail Software? (in case they do at all)
I think that somebody should tell american legislators that nacism means separation of the unwanted and does not _start_ with the mass killing of inocent.
- a 6' 220 lbs german who went to an american high school and told the quarterback to his face that he does not want the slot in the opening offensive lineup.
There very simple reason for not using a modified english is the simple fact that a language expresses how you think, and there are some things that are inaccurately or incompletely expresses in english. Unfortunately I cannot give an example, as a) we are holding this discussion in english and b) none comes to mind right now.
I wonder how this tranlator is supposed to handle this issue. It would hardly be used in diplomatic circles, as every nouance is needed there.
Anybody ever read 'When HARLIE was one 2.0' by David Gerrold? I talks a lot about the talking-thinking paradigm in an easy digested novel form.
mfg
But on the otherhand, I know that in my head/memory I use a more symbolic representation, this is indicated by that I can usually not recall word by word what was said, but I recall the contents (=symbolic?), both intelectual and emotional.
It is not just you!
I have the same impression. This leads to funny things like citing a dialog in a language that you never heard it in. But since you only remember the information that was transmitted on a higher level , that you can translate (or rather re-encode) on the fly.
But if you are listening to one language it is very hard to translate because you continue to thing in that language.
One other rather funny effect I (native german) had when in high school while staying in the US: In american history we where shown a film about typical americana; the 4th of July parade, with some major-dude holding a speech. Suddendly I noticed some comotion around me and people asking 'what f* is he talking about'. It took me quite some time to notice that the whole film was in german. (in order to show that only a single voice would have turned the US into a german speaking nation) Very surreal that.
mfg
While this is allmost correct, it is irrelevant with netscape communicator.
The comm traps any signal and remaps the ones that result from a programming error (SegFault, BUS, and some others, esp. threat ctrl ones on Solaris) to SIGBUS. So the fact that you see a SIGBUS
doesn't mean that something threw a SIGBUS.
GDB will tell you interesting things even without debugging symbols
I do not see such a problem with clicky-do-it-all installers. They only need to have code signing as an unbreakable requirement. Then there would be accountability.
We cannot just copy from the other world. We need to improvise every step of the way.
There is one more point to it:
Microsoft owns 30%+ of SCO. It is questionable whether RH wants to buy something in which M$ has some level of control.
And if the buy is done by stock swap M$ will hold a sizeable chunk of RH. Now this might make the job of the Justice department much easier, but is not something Bob Young would enjoy.
mfg lutz
I have heard this done with the CLOWN (500+ node)
system assembled in Paderborn, Germany on 06th Dec 1998.
They rather used the speakers, so you could
listen w/o a radio, but I neverd before heard such an wierd sound.
Now technically it is a lot simpler than creating
FM signals, but still is fun to listen to. They used a simple server that send modified pings to the nodes that contained the freq in the timeout field IIRC. A small programm would send rising freq to the nodes by their ip numbers. The way the nodes where layout, you could hear the wave swirling around you when you stepped into the cluster.