Use Google's VPN and the telco won't be able to detect the VOIP. Of course, the NSA^H^H^HGoogle will be listening in to your call, but hey, you can't have everything...
Does anyone remember when the first Google article was posted on Slashdot? I remember checking out the new search engine and it sucked (compared to Altavista). Then a few more articles on Slashdot and it became my preferred search engine.
I guess the Slashdot editors deserve some Google shares...:-)
Initially I thought that Google would be wise to require a Gmail account for Google Secure Access. But this turned out not to be the case. They use HTTPS to create a temporary account, possibly to make things easier to set up for users. I figured they won't know who is connecting so basically it works as an anonymising proxy.
HOWEVER... I just found out that Google Secure Access is reading the Google cookie set by Internet Explorer! So it is not that anonymous at all. I could also not login through a manual PPTP connection using account details retrieved in XML. Google really wants you to use their Google Secure Access app...
What else are they doing behind your back? There _is_ something fishy going on...
Are you saying that they support not only PPTP but L2TP/IPsec too? Do you know the IPsec preshared key (PSK) then? Is it the same for everybody, or is it the same as the MS-CHAPv2 password, or... ?
You'll have to trust Google that they aren't doing evil with all the traffic you send their way.
Agreed, but isn't this the case for any ISP? Do you trust your current ISP? If so, why not set up your own VPN server to use when you connect over an open access point...
Google seems to use PPTP as their VPN protocol. In theory this should mean that you can use other OSes than Windows 2000/XP as well, if you configure the connection manually.
However, they seem to be generating the username and password on the fly. The username consists of a number. I had expected that you'd have to use your Gmail username and password but this is not the case. There is something fishy about it. Presumably the Google Secure Access client retrieves some credentials over an out-of-band connection (HTTPS? Will have to figure out with a network sniffer).
There are some curious things in the VPN connectiod that GSA creates. First, they use an IP address (66.28.250.27) instead of vpn.google.com. The IP address is not even owned by Google. The connectiod allows the outdated protocols CHAP and MS-CHAPv1 to be used. Ouch. It also binds the MS Client and File and Printer Sharing to the connection. You better have a firewall on your system before you connect.
PublicVPN seems to be a better option but it is not free.
Don't forget the fingerprints. The new identity cards will store information about a person's fingerprints. Children will be required to have these cards on them as well.
WHQL certification is a flop anyway. Most of the drivers that I encountered were not signed. Exceptions were drivers shipped with Windows itself and Nvidia drivers.
It more likely that Microsoft would threaten to keep said hardware vendor out of the loop: no advance info, no SDKs, no preferential status, no co-marketing etc. etc.
This is exactly why some people prefer Linux on their PDA: because the vendor does not want to release Windows Mobile updates for that particular model.
In the SSL comparison, they're using the fastest (though slightly less secure) choice of encryption algorithms in IIS and the slowest in Apache. They're comparing RC4+MD5 to 3DES+SHA1.
I found another flaw on that same page.
VeriTest also write that Windows 2003 was using RSA key exchange and Red Hat was using Diffie-Hellman (DH).
But DH is vulnerable to a Man-in-the-Middle attack so SSL uses RSA to perform the authentication.
So Red Hat is doing RSA and DH, whereas Windows is doing only RSA!
Using OpenSSL's ssltest program I noticed that DH+RSA was 50% slower than RSA:
And I would not be surprised if Windows 2003 was using SSLv2 (faster and insecure) while Linux was using TLS1! Because that is another parameter that VeriTest is not disclosing.
Slashdot Mirror
My keyboard had a temporary failure. ee, there it happen again. I hate thi keyboard.
easyHotel got these too. They've even shaped the rooms to Stelios' posture! :-)
You can probably add Nicon to that mix as well. Because I don't think they will be using wafer steppers from outside of Japan.
What games actually take advantage of those dual cores?
You completely missed the sarcasm.
By contrasting commercial software with "shareware" you overlooked Open Source etc. Besides, most shareware software is in fact commercial.
You could have said: "VS2005 can be used for commercial as well as non-commercial software". Or: "... for closed source and Free and Open Source".
I did not comment on your VS2005 strategy, I just noticed something about using the word "shareware" by you and your colleagues at Microsoft.
So Open Source is out, eh?
You are lumping together Open Source, freeware, public domain etc. as "shareware". Nice spin. Company policy?
Use Google's VPN and the telco won't be able to detect the VOIP. Of course, the NSA^H^H^HGoogle will be listening in to your call, but hey, you can't have everything...
I voted for Saddam! :-)
Does anyone remember when the first Google article was posted on Slashdot? I remember checking out the new search engine and it sucked (compared to Altavista). Then a few more articles on Slashdot and it became my preferred search engine.
:-)
I guess the Slashdot editors deserve some Google shares...
Except that Google Secure Access reads the Google cookie set in Internet Explorer... (Check with Filemon).
Initially I thought that Google would be wise to require a Gmail account for Google Secure Access. But this turned out not to be the case. They use HTTPS to create a temporary account, possibly to make things easier to set up for users. I figured they won't know who is connecting so basically it works as an anonymising proxy.
HOWEVER... I just found out that Google Secure Access is reading the Google cookie set by Internet Explorer! So it is not that anonymous at all. I could also not login through a manual PPTP connection using account details retrieved in XML. Google really wants you to use their Google Secure Access app...
What else are they doing behind your back? There _is_ something fishy going on...
Are you saying that they support not only PPTP but L2TP/IPsec too? Do you know the IPsec preshared key (PSK) then? Is it the same for everybody, or is it the same as the MS-CHAPv2 password, or... ?
Agreed, but isn't this the case for any ISP? Do you trust your current ISP? If so, why not set up your own VPN server to use when you connect over an open access point...
I can connect with my Gmail account but then the connection hangs at the "Port opened" message...
However, they seem to be generating the username and password on the fly. The username consists of a number. I had expected that you'd have to use your Gmail username and password but this is not the case. There is something fishy about it. Presumably the Google Secure Access client retrieves some credentials over an out-of-band connection (HTTPS? Will have to figure out with a network sniffer).
There are some curious things in the VPN connectiod that GSA creates. First, they use an IP address (66.28.250.27) instead of vpn.google.com. The IP address is not even owned by Google. The connectiod allows the outdated protocols CHAP and MS-CHAPv1 to be used. Ouch. It also binds the MS Client and File and Printer Sharing to the connection. You better have a firewall on your system before you connect. PublicVPN seems to be a better option but it is not free.
Yeah, but Microsoft continues to use RC4 in protocols such as SSL and RDP...
Isn't it time to abandon RC4 too while they are at it?
Don't forget the fingerprints. The new identity cards will store information about a person's fingerprints. Children will be required to have these cards on them as well.
Still, the DMCA scares a lot of non-Americans. Remember Dmitry Sklyarov? Some crypto researchers now refuse to make their findings public.
The colour refers to the FFII comparing the European Commission to a banana republic.
Time to switch again...
WHQL certification is a flop anyway. Most of the drivers that I encountered were not signed. Exceptions were drivers shipped with Windows itself and Nvidia drivers.
It more likely that Microsoft would threaten to keep said hardware vendor out of the loop: no advance info, no SDKs, no preferential status, no co-marketing etc. etc.
This is exactly why some people prefer Linux on their PDA: because the vendor does not want to release Windows Mobile updates for that particular model.
Laurens Janszoon Coster was the first! :-)
I found another flaw on that same page.
VeriTest also write that Windows 2003 was using RSA key exchange and Red Hat was using Diffie-Hellman (DH).
But DH is vulnerable to a Man-in-the-Middle attack so SSL uses RSA to perform the authentication.
So Red Hat is doing RSA and DH, whereas Windows is doing only RSA!
Using OpenSSL's ssltest program I noticed that DH+RSA was 50% slower than RSA:
$ time ./ssltest -num 1000 -tls1 -cert server.pem -key server.key -c_cert client.pem -c_key client.key -cipher "RC4-MD5:@STRENGTH" -client_auth -server_auth -CAfile cacert.pem
./ssltest -num 1000 -tls1 -cert server.pem -key server.key -c_cert client.pem -c_key client.key -cipher "EDH-RSA-DES-CBC3-SHA:@STRENGTH" -client_auth -server_auth -CAfile cacert.pem
$ time
And I would not be surprised if Windows 2003 was using SSLv2 (faster and insecure) while Linux was using TLS1! Because that is another parameter that VeriTest is not disclosing.
openssl speed rc4 md5 des-ede3 sha1
(Get OpenSSL here if you are using Windows). You will see that the first two algorithms are much faster, especially for larger blocks.
I say this shootout is rigged.