I'm from a small org, fully embracing the leading edge.
But I can See the following scenario:
1) Org has large internal App written for IE6 only. Can't upgrade so users are forced to have IE6 on their workstations 2) Org's IT admins are well aware of the security problems IE6 forces them to work around. 3) Roll out the Chrome plugin, and set things up so everything *but* the internal site uses Chrome.
Installing IE upgrades makes it difficult to leave an ie6 & ie_latest deployment side-by-side in a 'supported' fashion (Unless ms has a 'supported' way of doing this?)
Using the Chrome plugin lets the Org upgrade the browser to something maintained & more secure on their deployment, while allowing the archaic app to work as expected.
What if our government told us they were infected by Ebola, or anthrax, or some other bioterrist agent and shouldn't be touched? (Whether or not they are)
Having your hands rot off doesn't seem to far fetched now...
Smart folks might be able to figure out & confirm the government is full of crap. But lots of the folks out there, who can't even explain the scientific method? They might be inclined to believe them. Why would the government lie to them?
Cox does it too, iirc. I've seen it @ places where I've help setup computers. I had been running my own dnscacher that directly hit the root servers, but when I learned about Cox doing it, I discovered they have a pair of DNS servers that *don't* exhibit this behavior and changed my resolver to hit those (to be net friendly). I'd switch it back to the roots in a heartbeat if they started being stupid about it again.
Re:And to celebrate, it issued the command:
on
Unix Turns 40
·
· Score: 1
It also fails if you happen to have more than 65k kids on your lawn....
Nginx has been getting a lot of press lately, much of which is well deserved.
This article is simply that -- use a front-end reverse proxy (like nginx) to your backend server, and let nginx handle the ssl transaction and pass the body of the HTTP request to your backend server where it handles the important stuff.
This is not an uncommon strategy, and lets you have a lot of flexability.
I just bought a new 2009-model-year minivan for the family.
When I'm out solo-driving, and when it's safe to do so, I test the handling of the vehicle.
It's tricker to lose control of it; (Compared to other cars w/o it) it has traction control, ABS and a host of other saftey features. When I manage to put it into a skid that the Trac control can recover from, a light blinks on the dash. When it can't recover anymore, it starts beeping @ you.
According to the fine print though, it has an Electronic Data Recorder. So anytime I do something stupid like that, It gets stored in some memory chip in the car somewhere....
Anyone happen to know where one could pickup MP3's of the event? archive.org has a few debates from last time around, but nothing current, and I have not been able to pick them up.
iTunes used to have them the last time I used iTunes. Sadly, my Mac died a long time ago, and I haven't been able to sign on to the iTunes store in a *long* time.
I stumbled upon brackup not too long ago, trying to solve a similar problem.
I believe brackup solves (1) I believe they want to support windows, and test on it, You can put the script + cygwin on a usb drive (2) (Dunno if it has an ftp plugin, but you can snag a perl dev to add that; it supports amazon s3, and sftp at least), (3) supports incremental updates, (4) does that too.
"When is it acceptable to encourage users to accept a self-signed SSL cert?"
The answer is: Never.
You realize, however, that this is exactly how SSH works?
The first time you connect to an ssh server, the server sends out it's key. It's self-signed key. And the client polietly asks you "Would you like to accept this key?, here is it's fingerprint" It's now the *users* responsibility to trust that key, via some other secure channel or web of trust. *This* is the only opportunity for a MITM attack, even in SSH.
From that point on, the key is saved, and the ssh client complains loudly when something goes wrong with it.
Self-Signed Certs behave in exactly the same manner. If this site can provide a secure channel to advertise it's correct self-signed key fingerprint, and users cache + save that key, then they get exactly the same kind of security they'd get with ssh.
I do question, however, their decision to use mismatched certs + site names. This will cause the browser to throw up a warning regardless of whether it's cached or not, which will probably desensitize users to the severity of these kinds of warnings.
Someone mentioned wine works, so I'll try that, but I used vmware to snag the albums @ the lower price.
The utility is silly, when you buy an album you get a.amz file which appears to be a base64 blob, that directs the utility to download all the rest of the files. The utility then immeidatly deletes the.amz file and proceeds to download them in sequence.
I dunno why they couldn't throw together a simple little java app to let other platforms download.
But, yeay! DRM free MP3's. I can deal with this rather than a integrated store/player that takes away features at every upgrade... *cough*itunes*cough*
An attack is even easier if the key passively responds --
merely construct a repeater, and hide it near your target car owner. Walk up to the car with the other end of the repeater, and blam, free entry into the car.
If it's done right, then it'll be handy. IIRC, linux uses free pages of memory for disk cache, and if an application needs more pages, it just invalidates the disk cache pages, and allocates them to the app.
If Windows caches applications into free memory pages during disk idle times, it'd probably make a huge difference, so long as it doesn't take memory away from the currently actively running applications.
You better believe that's a useful key. Imagine, Stopping your word processor, changing the way a piece of code runs, resuming it, and reaping the benefts of your instant fix???
We too have used Emberl 1.3.x for 6 years, and we keep find all sorts of bugs with it. It has a heavy.xs layer, and have had many problems with Seg Faults. We're stuck with it for now because of legacy, but we're planning a move in the near future to Tempate Toolkit,
I'd strongly suggest
Mason - Mason's syntax almost looks like php's <% %>, but it's perl.
Template Toolkit - Another great templating language, it encourages you to seperate your code from your template, which is a good thing.
Most recent beta includes DAAP access -- meaning you can access iTunes shares. It also supports ATP; It writes a unique identifier to the files, and it will 'refind' them in the database with your ratings, and other metadata, no matter where it moves to.
It uses a SQL Database as a backend, either Sqlite (by default) or postgres (mysql too, I think). When you use the sqlite db, there's nothing to setup, it just works.
Slashdot Mirror
I'm from a small org, fully embracing the leading edge.
But I can See the following scenario:
1) Org has large internal App written for IE6 only. Can't upgrade so users are forced to have IE6 on their workstations
2) Org's IT admins are well aware of the security problems IE6 forces them to work around.
3) Roll out the Chrome plugin, and set things up so everything *but* the internal site uses Chrome.
Installing IE upgrades makes it difficult to leave an ie6 & ie_latest deployment side-by-side in a 'supported' fashion (Unless ms has a 'supported' way of doing this?)
Using the Chrome plugin lets the Org upgrade the browser to something maintained & more secure on their deployment, while allowing the archaic app to work as expected.
I hope they don't do any hollywood accounting.
We made no profits last year. 57% of 0 == 0!.
What if we had enemies dropping pamphlets on us?
What if our government told us they were infected by Ebola, or anthrax, or some other bioterrist agent and shouldn't be touched? (Whether or not they are)
Having your hands rot off doesn't seem to far fetched now ...
Smart folks might be able to figure out & confirm the government is full of crap. But lots of the folks out there, who can't even explain the scientific method? They might be inclined to believe them. Why would the government lie to them?
Cox does it too, iirc. I've seen it @ places where I've help setup computers. I had been running my own dnscacher that directly hit the root servers, but when I learned about Cox doing it, I discovered they have a pair of DNS servers that *don't* exhibit this behavior and changed my resolver to hit those (to be net friendly). I'd switch it back to the roots in a heartbeat if they started being stupid about it again.
It also fails if you happen to have more than 65k kids on your lawn....
Nginx has been getting a lot of press lately, much of which is well deserved.
This article is simply that -- use a front-end reverse proxy (like nginx) to your backend server, and let nginx handle the ssl transaction and pass the body of the HTTP request to your backend server where it handles the important stuff.
This is not an uncommon strategy, and lets you have a lot of flexability.
I just bought a new 2009-model-year minivan for the family.
When I'm out solo-driving, and when it's safe to do so, I test the handling of the vehicle.
It's tricker to lose control of it; (Compared to other cars w/o it) it has traction control, ABS and a host of other saftey features. When I manage to put it into a skid that the Trac control can recover from, a light blinks on the dash. When it can't recover anymore, it starts beeping @ you.
According to the fine print though, it has an Electronic Data Recorder. So anytime I do something stupid like that, It gets stored in some memory chip in the car somewhere ....
Safari has Webkit @ it's core.
FF devs can look @ the Webkit source. FF devs can also look @ the Google Chrome Source, which is also based on webkit.
In fact, webkit is licensed under BSD + GPL, so IANAL, but I think this mesans FF can even *use* webkit's code directly in their browser ...
You can already do this now, with Amazon S3 and Brackup
It'll encrypt it, and split up the files, so the owner of the target host can't infer anything from the stuff you store there.
Just don't lose your key :)
Awesome, I spotted the links I wanted @ the bottom, I didn't see that the first few times I searched.
thanks again!
Anyone happen to know where one could pickup MP3's of the event? archive.org has a few debates from last time around, but nothing current, and I have not been able to pick them up.
iTunes used to have them the last time I used iTunes. Sadly, my Mac died a long time ago, and I haven't been able to sign on to the iTunes store in a *long* time.
I stumbled upon brackup not too long ago, trying to solve a similar problem.
I believe brackup solves (1) I believe they want to support windows, and test on it, You can put the script + cygwin on a usb drive (2) (Dunno if it has an ftp plugin, but you can snag a perl dev to add that; it supports amazon s3, and sftp at least), (3) supports incremental updates, (4) does that too.
http://search.cpan.org/~bradfitz/Brackup/
Svn trunk and his release here:
http://brad.livejournal.com/2205967.html
Doesn't par2 already employ reed-solomon? (http://en.wikipedia.org/wiki/Parchive)
And it has all sorts of options let you configure the amount of redundancy you'd like?
And it has (ahem) been very well tested in the recovery of incomplete binary archives ... ?
Now that usenet has been stripped of binaries, we'll have to find other uses for these tools ....
Well. They really can make the software as complex + bug ridden as they want.
They only have to make sure that the code that runs the robot that presses the reset button is bug free :)
You realize, however, that this is exactly how SSH works?
The first time you connect to an ssh server, the server sends out it's key. It's self-signed key. And the client polietly asks you "Would you like to accept this key?, here is it's fingerprint" It's now the *users* responsibility to trust that key, via some other secure channel or web of trust. *This* is the only opportunity for a MITM attack, even in SSH.
From that point on, the key is saved, and the ssh client complains loudly when something goes wrong with it.
Self-Signed Certs behave in exactly the same manner. If this site can provide a secure channel to advertise it's correct self-signed key fingerprint, and users cache + save that key, then they get exactly the same kind of security they'd get with ssh.
I do question, however, their decision to use mismatched certs + site names. This will cause the browser to throw up a warning regardless of whether it's cached or not, which will probably desensitize users to the severity of these kinds of warnings.
The difference is that this is legally questionable. I'm pretty sure the license forbids reverse compilation and disassembly like this ....
With FOSS, you know exactly what your rights are.
What if Joe created the mp3, and has owner rights?
What if Joe has Worldwide distribution rights?
How does Joe explain to his hard drive that he's not a criminal by default?
Why does Joe have to explain to his hard drive that he's not a criminal by default?
Someone mentioned wine works, so I'll try that, but I used vmware to snag the albums @ the lower price.
.amz file which appears to be a base64 blob, that directs the utility to download all the rest of the files. The utility then immeidatly deletes the .amz file and proceeds to download them in sequence.
The utility is silly, when you buy an album you get a
I dunno why they couldn't throw together a simple little java app to let other platforms download.
But, yeay! DRM free MP3's. I can deal with this rather than a integrated store/player that takes away features at every upgrade... *cough*itunes*cough*
An attack is even easier if the key passively responds --
merely construct a repeater, and hide it near your target car owner. Walk up to the car with the other end of the repeater, and blam, free entry into the car.
Techincally no ... But it seems they put you on a "list" if you do it this way.
If it's done right, then it'll be handy. IIRC, linux uses free pages of memory for disk cache, and if an application needs more pages, it just invalidates the disk cache pages, and allocates them to the app.
If Windows caches applications into free memory pages during disk idle times, it'd probably make a huge difference, so long as it doesn't take memory away from the currently actively running applications.
You better believe that's a useful key. Imagine, Stopping your word processor, changing the way a piece of code runs, resuming it, and reaping the benefts of your instant fix???
/me waits patiently for SqueakOS
We too have used Emberl 1.3.x for 6 years, and we keep find all sorts of bugs with it. It has a heavy .xs layer, and have had many problems with Seg Faults. We're stuck with it for now because of legacy, but we're planning a move in the near future to Tempate Toolkit,
I'd strongly suggestI'll 3rd that.
Most recent beta includes DAAP access -- meaning you can access iTunes shares. It also supports ATP; It writes a unique identifier to the files, and it will 'refind' them in the database with your ratings, and other metadata, no matter where it moves to.
It uses a SQL Database as a backend, either Sqlite (by default) or postgres (mysql too, I think). When you use the sqlite db, there's nothing to setup, it just works.
Not always.
I found about about the 9/11 planes on slashdot, then turned on the TV to see what was happening, just in time to see the 2nd plane hit.