On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's somewhat less so in many cases.
On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's alwaysless so in all cases.
Because if you rush, you can probably stock up on N900s. If you get, oh say, 5 they should last you for a while until the smart company makes a true power phone again that puts the OS in the hands of the user.
Oh, and I forgot to add: the keyboard, being a real X based system, can be completely remapped at will. The ~ key, for example, doesn't exist by default so I added it to shift-up-arrow. Similarily, you can remove unused symbols and replace with better ones (eg, I never write about British currency but I do write with %s all the time).
Agree completely. Being able to ssh out out-of-the-box is awesome. What's even better is being able to ssh in. Think rsync both directions! I frequently ssh into my phone when I've accidentally left in it the bedroom.
But what really makes it great is that it's a full system. Yeah, typing code on a small keyboard is never fun but in a pinch when it's all you have, it's by far the best. When your phone has emacs, git, svn,... it's almost equivalent to your desktop *except* for the smaller keyboard.
[one of these days I want to hook up a bluetooth keyboard and see how a full day on it would be]
I've used both AT&T and T-Mobile on my N900. T-Mobile is actually the cheaper of the two. And the N900 only supports 3G data speeds on T-Mobile as well, which is lame IMHO but true.
Ok, here: I'm not with comcast and the original post was just insanely uninformed. Go read *anywhere* else about dnssec and you'll find that comcast will have a hard time figuring out how turning it on can be a bad thing.
Ahhh, but its "intended to obscure the meaning thereof" not just obscure it.
They could do two things to prevent people from buying any radios but theirs:
Develop a patented voice-over-foo protocol and '''not''' release the specs to obscure the transmission.
Develop a patented voice-over-foo protocol and release the format so that anyone could write a decoder and simply go after manufacturers with their patent to make the "fat stacks of cash"
They win doing either one. But I argue until they fall into #2 they're with the intent to obscure. (if option #2 didn't exist, it would be a different story)
Using PSK-31 is an attempt to obscure the meaning of the communication from anyone that doesn't buy a computer sound card interface?
No, because the protocol is open and anyone can record it and get it translated at any point now or in the future. Or get it translated by a friend. Or create your own hardware to decode it using spare parts. Or use O-scope to replay it and decode by hand. Or...
With D-Star that's not the case at all because they're deliberately not releasing the specs to keep you from decoding it! I'd call that obscuring it.
Your license is supposed to be your station's physical address, not your mailing address.
Nope. Your address is supposed to be registered so the FCC can contact you.
97.23
Each license grant must show the grantee's correct name and mailing address. The mailing address must be in an area where the amateur service is regulated by the FCC and where the grantee can receive mail delivery by the United States Postal Service. Revocation of the station license or suspension of the operator license may result when correspondence from the FCC is returned as undeliverable because the grantee failed to provide the correct mailing address.
And in fact if you look through the entire part 97, the almost exclusive use of the word "address" follows the word "mailing".
You need to start by getting a license and afterwards equipment.
You're welcome to read my short (ie, not overwhelming) web page on the subject: http://www.ws6z.com/becomeaham.html
I actually been saying (to friends) for a long time that the whole concept of income tax just isn't worth it. It's more complex than it needs to be and unfairly taxes based on what you make, not how much you need. I even wrote up my solution a week ago as a blog entry: http://pontifications.hardakers.net/thoughts/in-which-wes-rewrites-the-tax-code/
well, then you just need two keys on your device. '.' and '-'. Then you can send morse code, your device can interpret it and then SMS the real text to your friends who aren't, um, up to 60 wpm. Your clueful friends that can at least do 20wpm can have their device recode it back to morse so they can play it to them while they're driving!
WS6Z
DNSSEC does data authentication and has never strived to do encryption. Ok, NSEC3 added hashes of names to the negative answers so you couldn't walk the domains, but that still isn't encryption. The only thing DNSSEC adds to the DNS data is signatures and hashes on existing data.
Now, having said that, DNSSEC does let you securely look up SSH fingerprints, X509 keys, etc from DNS data so that you can do key bootstapping. There is even a patch to openssh to automatically accept a key if it matches a fingerprint that was securely retrieved using DNSSEC.
Personally, I'd be happy to pay the asking price for the N900 for a phone that added 2 things. A decent amount of RAM (no, 256M isn't "decent" and swap/flash don't count) 1G minimum, I'd prefer 2G.
FWIW, I've been using a N900 heavily lately and it simply rocks. I was sure that 256M wouldn't be enough either, but I've found that it does quite well for everything I use it for. The applications are small in general and I've only occasionally started closing a few windows because it was beginning to feel sluggish. In fact, I'm rarely ever even using the full 256M in the first place. Add to that the 3x swap and you actually get something close to 1G of usable memory. Swap certainly isn't as good as real memory, but it's helped by the fact that the transfer rate to the SSD is likely better than that to a spinning disk (but, no I haven't measured it. yet.).
My only real problem with the N900 is the way they designed the / partition. It's only 256M as well and though they have solutions to deal with that in place, it's still too small and I think they could have moved a number of directories off of it and still had a flashable root succeed by moving things afterwards.
A summary is that the device certainly has met my expectations of it. Is it a full netbook with 1G of memory? No. But it's a ton smaller and I'm *never* without a full linux system on my hip. Except, of course, when it's in my hand. I don't expect to run gimp on it, though, but probably would if it had 2G of memory.
It frequently has to do not with just NSEC records but with memory requirements in general. Unfortunately, adding in all the crytographic hashes and NSEC records and keys tends to triple the memory requirements of a name server. Since versign and other folks would rather not publish a completely signed.com zone because of the added costs they're using NSEC3 instead which lets them skip publishing signatures for anything they don't want to. Thus there is very little cost change to them and they can still say "hey, we're super cool and have signed our zone now" but in reality they've signed only a small fraction of it.
As for NSEC going away, it's not likely. The root zone will be signed using NSEC as there is no reason not to since it's a public zone (there is no hidden data) and they want to sign every aspect of it (and it's small, so the cost isn't large). Other zones that don't have issues with privacy or with signing everything will likely use it too, as it's cheaper (CPU-wise especially) to actually deploy and use.
Because DNS tries to keep replies as small as possible for most of the data they introduced two types of keys into DNSSEC. One is a Zone Signing Key (ZSK) which signs all the data in a zone. The other is a Key Signing Key (KSK) which is used to sign just they keys in the zone (both ZSKs and KSKs are signed by it and the ZSK signs they keys too for that matter). This provides a number of benefits. Some people believe that ZSKs can be smaller and you can change them more frequently (on the order of every 1-6 months). Since the only one that signs these keys is the zone owner it's very easy to swap in a new ZSK (there are some timing issues involved, but there is no third-party communication that has to happen). Some people also use the fact that ZSKs can be easily replaced to treat them with a bit less protection security and key them online (required for dynamic DNS support) or in a less security containment system which lets them be used more easily and freely (e.g. for DNS zones that change frequently). The KSK only needs to be brought out when the signatures on the keys are expiring or the keys need changing. When you change a KSK, however, you typically need to inform your parent (e.g..com) about the key change so that they can sign your new KSK (by signing a DS fingerprinting record). This is more of a pain, so people tend to only want to change KSKs on a infrequent basis (2-5 years is the common thinking).
Slashdot Mirror
And we didn't need them either! Now get off our lawn!
Hmm... Let me fix this for ya:
On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's somewhat less so in many cases.
On the contrary, I push it all the time because it's a great tool... when it's the right tool for the job. If that job involves manipulating and/or storing sensitive data, it's alwaysless so in all cases.
Um, you forgot two lines:
- Nokia can't easily retreat, having crossed/burned/blown up it's Linux/Maemo/MeeGo/Android-related bridges.
- ?????
- Profit!!!
Because if you rush, you can probably stock up on N900s. If you get, oh say, 5 they should last you for a while until the smart company makes a true power phone again that puts the OS in the hands of the user.
I suspect a hostile take over. They should have installed a https server so we'd know the redirect wasn't part of a nefarious plot.
Oh, and I forgot to add: the keyboard, being a real X based system, can be completely remapped at will. The ~ key, for example, doesn't exist by default so I added it to shift-up-arrow. Similarily, you can remove unused symbols and replace with better ones (eg, I never write about British currency but I do write with %s all the time).
But what really makes it great is that it's a full system. Yeah, typing code on a small keyboard is never fun but in a pinch when it's all you have, it's by far the best. When your phone has emacs, git, svn, ... it's almost equivalent to your desktop *except* for the smaller keyboard.
[one of these days I want to hook up a bluetooth keyboard and see how a full day on it would be]
I've used both AT&T and T-Mobile on my N900. T-Mobile is actually the cheaper of the two. And the N900 only supports 3G data speeds on T-Mobile as well, which is lame IMHO but true.
Ok, here: I'm not with comcast and the original post was just insanely uninformed. Go read *anywhere* else about dnssec and you'll find that comcast will have a hard time figuring out how turning it on can be a bad thing.
So you'd be fine with me and a friend communicating over some AES encrypted VoHAM protocol as long as I sold the key to anyone that wanted it for $1M?
Ahhh, but its "intended to obscure the meaning thereof" not just obscure it.
They could do two things to prevent people from buying any radios but theirs:
They win doing either one. But I argue until they fall into #2 they're with the intent to obscure. (if option #2 didn't exist, it would be a different story)
Using PSK-31 is an attempt to obscure the meaning of the communication from anyone that doesn't buy a computer sound card interface?
No, because the protocol is open and anyone can record it and get it translated at any point now or in the future. Or get it translated by a friend. Or create your own hardware to decode it using spare parts. Or use O-scope to replay it and decode by hand. Or ...
With D-Star that's not the case at all because they're deliberately not releasing the specs to keep you from decoding it! I'd call that obscuring it.
Your license is supposed to be your station's physical address, not your mailing address.
Nope. Your address is supposed to be registered so the FCC can contact you.
97.23 Each license grant must show the grantee's correct name and mailing address. The mailing address must be in an area where the amateur service is regulated by the FCC and where the grantee can receive mail delivery by the United States Postal Service. Revocation of the station license or suspension of the operator license may result when correspondence from the FCC is returned as undeliverable because the grantee failed to provide the correct mailing address.
And in fact if you look through the entire part 97, the almost exclusive use of the word "address" follows the word "mailing".
You need to start by getting a license and afterwards equipment. You're welcome to read my short (ie, not overwhelming) web page on the subject: http://www.ws6z.com/becomeaham.html
PO Boxes take care of that for you.
I actually been saying (to friends) for a long time that the whole concept of income tax just isn't worth it. It's more complex than it needs to be and unfairly taxes based on what you make, not how much you need. I even wrote up my solution a week ago as a blog entry: http://pontifications.hardakers.net/thoughts/in-which-wes-rewrites-the-tax-code/
We're now talking about sending morse code over bluetooth to a mobile phone for purposes of texting. This MUST be slashdot.
well, then you just need two keys on your device. '.' and '-'. Then you can send morse code, your device can interpret it and then SMS the real text to your friends who aren't, um, up to 60 wpm. Your clueful friends that can at least do 20wpm can have their device recode it back to morse so they can play it to them while they're driving! WS6Z
Don't forget morse code! Somewhere on youtube is the video of the morse code experts beating the world record holder for text messaging speed.
Laws are like sausages, it's best not to watch them being made
It's probably worth stating that it's also best not to eat them.
Now, having said that, DNSSEC does let you securely look up SSH fingerprints, X509 keys, etc from DNS data so that you can do key bootstapping. There is even a patch to openssh to automatically accept a key if it matches a fingerprint that was securely retrieved using DNSSEC.
FWIW, I've been using a N900 heavily lately and it simply rocks. I was sure that 256M wouldn't be enough either, but I've found that it does quite well for everything I use it for. The applications are small in general and I've only occasionally started closing a few windows because it was beginning to feel sluggish. In fact, I'm rarely ever even using the full 256M in the first place. Add to that the 3x swap and you actually get something close to 1G of usable memory. Swap certainly isn't as good as real memory, but it's helped by the fact that the transfer rate to the SSD is likely better than that to a spinning disk (but, no I haven't measured it. yet.).
My only real problem with the N900 is the way they designed the / partition. It's only 256M as well and though they have solutions to deal with that in place, it's still too small and I think they could have moved a number of directories off of it and still had a flashable root succeed by moving things afterwards.
A summary is that the device certainly has met my expectations of it. Is it a full netbook with 1G of memory? No. But it's a ton smaller and I'm *never* without a full linux system on my hip. Except, of course, when it's in my hand. I don't expect to run gimp on it, though, but probably would if it had 2G of memory.
As for NSEC going away, it's not likely. The root zone will be signed using NSEC as there is no reason not to since it's a public zone (there is no hidden data) and they want to sign every aspect of it (and it's small, so the cost isn't large). Other zones that don't have issues with privacy or with signing everything will likely use it too, as it's cheaper (CPU-wise especially) to actually deploy and use.
Because DNS tries to keep replies as small as possible for most of the data they introduced two types of keys into DNSSEC. One is a Zone Signing Key (ZSK) which signs all the data in a zone. The other is a Key Signing Key (KSK) which is used to sign just they keys in the zone (both ZSKs and KSKs are signed by it and the ZSK signs they keys too for that matter). This provides a number of benefits. Some people believe that ZSKs can be smaller and you can change them more frequently (on the order of every 1-6 months). Since the only one that signs these keys is the zone owner it's very easy to swap in a new ZSK (there are some timing issues involved, but there is no third-party communication that has to happen). Some people also use the fact that ZSKs can be easily replaced to treat them with a bit less protection security and key them online (required for dynamic DNS support) or in a less security containment system which lets them be used more easily and freely (e.g. for DNS zones that change frequently). The KSK only needs to be brought out when the signatures on the keys are expiring or the keys need changing. When you change a KSK, however, you typically need to inform your parent (e.g. .com) about the key change so that they can sign your new KSK (by signing a DS fingerprinting record). This is more of a pain, so people tend to only want to change KSKs on a infrequent basis (2-5 years is the common thinking).
My wording should have probably been "at least November for everywhere"