I agree, if your concern is possession of the phone, then soft tokens are almost equal to SMS. The big difference is the ability to intercept the code out on the network (VoIP, Google Voice, etc...).
One thing that I have seen done with RSA tokens that could be done with software tokens as well as SMS tokens would be appending a PIN to the token. That way even if the token is stolen, the thief would need to know the PIN and where to append it. You don't need a biometric to unlock the token, just a password or PIN to be the 2nd factor.
Context here - NIST is setting standards for government security. If you are running a government system or are the vendor selling to the government, this will apply to you. DoD and IRS shouldn't be using SMS 2-factor authentication for users of their systems. DoD is not really the problem here, since 2-factor to them is certificates on smart cards (CAC), but I wouldn't be surprised to see IRS using SMS based 2-factor for some kinds of password recovery.
SMS based 2-factor for taxpayers accessing the IRS...that could be harder to replace.
So Google and the rest of us don't have to abandon SMS for 2 factor, but I'm kinda in agreement with NIST - not the best idea due to the ability to intercept the authentication code.
I think that my wife was tricked into this one. I'm not sure if it is the same company, but here is what happened to her:
1. Bought Tickets on TicketMaster.com (paid 50% in "fees" - bastards) 2. After she finished paying she was sent to a site where they offered a "free trial" for some kind of discount service. Being that it came after the checkout she just closed the web browser. 3. Company starts billing the card she paid TicketMaster with several months later. 4. We notice the change and have it charged back. 5. They claim we signed up by _NOT_ explicitly doing anything on that page after the checkout. We should have unchecked the "sign me up" and then submitted the form to not sign up. 6. We and our bank disagree and charge them back anyway.
The real kicker is that they never even tried to deliver the login details to their "discount" website to her. I never thought that I could have a lower opinon of TicketMaster, but that did it. Bunch of rat sucking, baby raping, bastards.
I think that RedHat and/or IBM need to issue a press release like this very soon:
Steve Ballmer recently said Linux infringes on Microsoft's IP. We call bullshit.
Mr. Balmer: If you think or any of your associates know of a way that Linux is infringing on one of Microsoft's patents or copyrights, tell us. We will fix it.
However, we will not be playing guessing games like your friends over at SCO wanted us to. We will however open up our patent war chest and start World War III if that is what you really want.
Simply put - put up or shut up. And if you prefer neither will can do the latter for you.
Your move Mr. Balmer.
Something like that would be nice to nip this in the bud now. Just fewer typos and spelling errors.
There already is a fix in BIND (at least in the 9.2.4 release shipped with RHEL 4 & all like distros). Just add this to your "options" section of your bind.conf:
This would allow the localhost, the machines on the mygroup ACL, one computer at 10.10.10.1 and all the hosts in 10.2.3.0/24 access to recursive queries.
If you don't need to provide recursive lookups at all, you can just use this:
The company that I work for got one of those "letters" via email once over our metadata. The guy claimed that they had a trademark on the term "Safety Software". I looked it up and he did in fact have the trademark. I turned it over to the Vice President of the company and that was the last time I had heard about it. The phrase is no longer in our metadata, but I have no idea if this guy's letter had anything to do with it.
The VP thought it was rather funny that this guy got a trademark on something that could be used to describe a lot of software out there, but we couldn't get a trademark on some program names we had been using for several years that were much more spesfic.
At this point it is too late, but if you would have ignored the first letter there is a chance that this guy would have forgotten about the whole thing. Not likly, but would have been worth a shot to say that you didn't get the first message when you get papers by mail.
I agree. Espically since the metadata does not matter anymore, just put this jerk's nastygram in there. For increased pleasure make sure that you strip out any other TM'd phrases or words so they can't tell you to remove the letter's text.
What Tracy Impotent Jerk Barnes doesn't realize is that modern search engines use links like hardrock to figure out relivance. So a few links could start moving your website above their website for the "hardrock" search term without you changeing a single metatag on your site.
Ok, I know that I have read here that a few groups are making new updates for RedHat 7.3, but now I can't remember which story or groups. Anybody remember which story that was. As I recall one group was going to charge $5/machine and another was going to do it for free. I don't think that Fedora Legacy ever got around to supporting the old RedHat stuff, or did they?
Last year I was in London on my Honeymoon. We ened up doing a lot of shopping and hit a few music/video stores. My wife, who had no idea what region codes were, started picking up a few DVDs that are not available in the US. (A couple of them were Eddie Izzard as I recall) She was very disappointed when I told her that these DVDs would not play in the DVD palayers at home without hacking them.
Whoever was distributing those DVDs LOST money since we can't buy them here (I've never seen them on shelves here and I didn't care enough about them to try to find them on Amazon). Really, what kind of business model is it to make it impossible to buy your product? Drop the region codes and they will probabily increase sales and kill a few pirates in the process!
Better yet, I love how that looks like a Windows error. I really hate it when I get Windows like Kernel error in my desktop manager. No wait, I've never had a kernel error (panic) that was not the fault of some bad hardware and I have been using Linux as my primary desktop for at least 5 years now!
Me thinks that if MS is going to go after Linux for stability, they should take care of business at home first.
I just had a problem with my 1996 Cavalear. Long story short I knew it was an ignition problem so I replaced the spark plugs, then the spark plug wires. Neither of these fixed the problem and the next thing to replace was the coil pack and then the ignition module.
Since I had just replace the wires I had found the coil packs and ignition modules we mounted in the dumbest palace...on the back of the engine, above the transmission! Now I know modern cars are packing the engine into a smaller and smaller area to give more room for the people rideing in the car, but since there was a ton of space in front of the engine, where a part that will fail several times in the lifetime of the car could have been mounted, it really pissed me off.
I gave up and took it in to my mechanic and the bill was around $140 to replace the coil pack that I suspected. If I would have replaced the part it would have cost me $20!
Whenever money is involved, these companies are always inventing ways to extract as much money as they can. And they wonder why we end up trying to "cheap out" and bargan shop the hell out of them.
I'm a big fan of Dotster. They are $14.95/year and have a nice web interface that works well with multiple domains. I know they are not the cheapest anymore, but I've never had a problem with them and I'm not going to change to try and save $7/year.
Also to I like that they are very active trying to keep Verisign and ICANN in line. They also are good about putting out warnings about domain scammers like "Domain Registry of America" and there likes.
The effect of the DMCA on reverse engineering is complicated. The DMCA does not flatly ban reverse engineering, but if you have to circumvent a technical protection measure in order to do your reverse engineering, then the DMCA will be an issue. The DMCA does have a limited safe harbor for reverse engineering, but it has been widely criticized as too narrow.
I hate to dodge your question, but I'm not really qualified to say whether what the clone makers did would be legal under 2003 law.
As to weather or not the DMCA would have been broken by reverse engineering the BIOS is still not know, but I'm sure that had it back then, some IBM laywer would have added to the the lawsuit as a bit more leverage.
One of the worst things about the DMCA is it's chilling effects. People are not doing things that are totally legal for fear of the law. For example, including a DVD player that uses the DeCSS code in a Linux distro because they might get sued under the DMCA. Now they would probabily would win, but not after loosing Billions of dollars in a drawn out court battle. That part of the law just makes me sick.
Here are some answers/clarifycations on some stuff I've already seen in the coments here:
iSCSI is a SAN (Storage Area Network) replacement. It is not a file shareing system like Samba or NFS. The primary advantage of iSCSI over something like Fiber Channel is cost. You can build an iSCSI system with regular Ethernet switches where as Fiber Channel requires "special" switches and cableing. I would think that two systems could use the same iSCSI target, but only where it would make sense and where the file system could handle such access.
Yes, there are already are adapters. (Not quite sure how they are out ahead of the spec, but why would you let a little thing like that slow you down). They connect to the Ethernet switch (usually a gigabit switch) and therefor could boot off a volume via iSCSI.
Notebook and laptop computers will use Solid State Disks as the main external memory storage because of their low power consumption and resilience to mechanical stress. There is no need for the external memory storage to withstand environmental conditions that are better than those required by the LCD screens. LCD environmental requirements are generally more restrictive than those for mechanical disk drives.
The majority of portable computers will continue to be equipped with magnetic and optical mechanical drives. The competition in this market will be challenging because the customers in this market will be price sensitive. We still believe that some customers who need the higher performance and reliability of our E-Disks® will be willing to pay more.
Not that it isn't a good idea, but they are just not going to price them to compete with the standard Magnetic disks. But looking at the performace these would kick butt in any server application!
Your right, I doubt that the IP cartels would be so stupid as to try and test this law, but here is an idea to test it:
What if I were to create a "DRM" technology and protect some sort of work with it. Then a friend of mine could break this "DRM" system. I could then sue them using the DMCA. Essentially become the plantif for a DeCSS type case and try and take it all the way to the Supreme Court. The only difference is that I would not pull all the "dirty lawyer" tricks and blead the defense dry. It would take years, but not cost too much.
Not sure if this could work, but it would give RIAA and MPAA quite a headache!
Not to be overly optimistic here, but I think this case could show just how bad the DMCA really is to Joe Public. It is not being used as intended (Take my copyrighted material off your website now! or Your taking my crapy "digital protection" off my copyrighted work, stop it!), but instead it is being used as a bully tactic. Right or wrong the copyright holder should be able to protect what he thinks are his works, but with the DMCA he has been given a club that is far to large.
Just being a little less optimistic, my bet is that one of the following happens:
The DMCA charge fails because of the reverse engineering parts of the law. - DUH!
The plantif drops that charge and goes after something else and wins on that. DMCA dosen't get its day in court like it needs.
This whole thing gets thrown out because it was just silly to begin with.
But what I would like to see happen is that they loose a battle with the DMCA and it goes all the way to the Supreme Court. (Where in a 7 to 2 decision they decide that the Congress can extend copyrights indefinitly because that is a limited ammount of time - oh what wrong thread.)
I just seems like nobody wants to test this new law, but everybody wants to use it like the club it was designed to be. Somebody need to fight this thing in court, but that will take years and lots of cash.
By "War on terror" you are talking about Bill Gates' war on terror right? He is quite "terrorized" by the though of people being able to choose their software vendor based on the merits of the product and not by what is forced down there throat. If you run something other than the latest version of M$ Window$ "the terrorists have won".
IANAL (God I hate it when people start posts like that), but Wouldn't this be a great case to challenge the DMCA with? If all the facts are straight here then DOW Chemicals has enfringed on the first amendment rights of the person who wrote the parody. Bill of rights should proove that this law at least in this case should not be applied, but at best could make the DMCA unconstitutional.
If that dosn't stir the pot, how about a lawsuit aganst Verio. The DMCA says that the ISP (in this case it should be Thing.Net must take down the material. DOW knew that Thing.Net would have complied only to allow the counter notice and reposting part of the DMCA to go into effect or just fired back with a "Liar, Liar, we have Lawyers too" letter since they specialize in activists sites. DOW chose wisely and picked the ISP's ISP and pretty much guaranteed that Thing.Net would have to bow to the pressure. And now Verio is cutting off Thing.Net in 60 days?!? The DMCA dosen't say anything about that! Get a lawyer and sue them to hell!
I looked through my weblogs and noticed this crap in my logs, so I though about filling there log with a few hundred links to a picture that would properly express my feelings, but my wife convenced me otherwise. Since I was able to track the assholes down, I just emailed there ISP and ironicly the spammer assholes at there abuse address. Check out the nasty gram I shot off to them. I doubt it will make a diffrence, but it made me feel better.
I agree, pointless is bad, it cost's money, but it isn't nearly as bad as the loss of freedom. If you take my money (via taxes or any other such manner) I still have the freedom to complain, orgainize, and tell the world why I don't like your tax; however, when you take my freedom (in this case free speech) no ammount of money can buy it back.
So given the choice of waisting money or loosing freedom, I would pick waisting money. At least that way I could still have half a chance to fix the problem if I wanted to.
In this case the real fight is freedom of speech and not giving up just a little bit of it to "make the world safer for children". With any government this is just the start of taking away more and more of that freedom until it is completely worthless. As an added bonus I'm also against a waistful government agency.
Slashdot Mirror
I agree, if your concern is possession of the phone, then soft tokens are almost equal to SMS. The big difference is the ability to intercept the code out on the network (VoIP, Google Voice, etc...).
One thing that I have seen done with RSA tokens that could be done with software tokens as well as SMS tokens would be appending a PIN to the token. That way even if the token is stolen, the thief would need to know the PIN and where to append it. You don't need a biometric to unlock the token, just a password or PIN to be the 2nd factor.
Context here - NIST is setting standards for government security. If you are running a government system or are the vendor selling to the government, this will apply to you. DoD and IRS shouldn't be using SMS 2-factor authentication for users of their systems. DoD is not really the problem here, since 2-factor to them is certificates on smart cards (CAC), but I wouldn't be surprised to see IRS using SMS based 2-factor for some kinds of password recovery.
SMS based 2-factor for taxpayers accessing the IRS...that could be harder to replace.
So Google and the rest of us don't have to abandon SMS for 2 factor, but I'm kinda in agreement with NIST - not the best idea due to the ability to intercept the authentication code.
I think that my wife was tricked into this one. I'm not sure if it is the same company, but here is what happened to her:
1. Bought Tickets on TicketMaster.com (paid 50% in "fees" - bastards)
2. After she finished paying she was sent to a site where they offered a "free trial" for some kind of discount service. Being that it came after the checkout she just closed the web browser.
3. Company starts billing the card she paid TicketMaster with several months later.
4. We notice the change and have it charged back.
5. They claim we signed up by _NOT_ explicitly doing anything on that page after the checkout. We should have unchecked the "sign me up" and then submitted the form to not sign up.
6. We and our bank disagree and charge them back anyway.
The real kicker is that they never even tried to deliver the login details to their "discount" website to her. I never thought that I could have a lower opinon of TicketMaster, but that did it. Bunch of rat sucking, baby raping, bastards.
I think that RedHat and/or IBM need to issue a press release like this very soon:
Something like that would be nice to nip this in the bud now. Just fewer typos and spelling errors.
There already is a fix in BIND (at least in the 9.2.4 release shipped with RHEL 4 & all like distros). Just add this to your "options" section of your bind.conf:
allow-recursion { localhost; mygroup; 10.10.10.1; 10.2.3.0/24; };
This would allow the localhost, the machines on the mygroup ACL, one computer at 10.10.10.1 and all the hosts in 10.2.3.0/24 access to recursive queries.
If you don't need to provide recursive lookups at all, you can just use this:
recursion no;
This is not just exclusive to Microsoft. It happens whenever a new company enters a market and starts getting business from existing companies.
The same can be said about Linux entering the OS market. Microsoft is not only marketing around Linux but they are also putting lower cost alternatives on the market. No real news here, competition is good for consumers except when it is monopolistic behavior
Missouri's prisoners are allowed to play video games!?!
Isn't is supposed to be a punishment to be in prison? Part of that is not being allowed to have stuff like this to enjoy. Prison is supposed to suck!
The company that I work for got one of those "letters" via email once over our metadata. The guy claimed that they had a trademark on the term "Safety Software". I looked it up and he did in fact have the trademark. I turned it over to the Vice President of the company and that was the last time I had heard about it. The phrase is no longer in our metadata, but I have no idea if this guy's letter had anything to do with it.
The VP thought it was rather funny that this guy got a trademark on something that could be used to describe a lot of software out there, but we couldn't get a trademark on some program names we had been using for several years that were much more spesfic.
Since this story made me remeber that whole thing, I did a Google search on the phrase I don't think that the company was selling anti-virus software
At this point it is too late, but if you would have ignored the first letter there is a chance that this guy would have forgotten about the whole thing. Not likly, but would have been worth a shot to say that you didn't get the first message when you get papers by mail.
I agree. Espically since the metadata does not matter anymore, just put this jerk's nastygram in there. For increased pleasure make sure that you strip out any other TM'd phrases or words so they can't tell you to remove the letter's text.
What Tracy Impotent Jerk Barnes doesn't realize is that modern search engines use links like hardrock to figure out relivance. So a few links could start moving your website above their website for the "hardrock" search term without you changeing a single metatag on your site.
Ok, I know that I have read here that a few groups are making new updates for RedHat 7.3, but now I can't remember which story or groups. Anybody remember which story that was. As I recall one group was going to charge $5/machine and another was going to do it for free. I don't think that Fedora Legacy ever got around to supporting the old RedHat stuff, or did they?
Last year I was in London on my Honeymoon. We ened up doing a lot of shopping and hit a few music/video stores. My wife, who had no idea what region codes were, started picking up a few DVDs that are not available in the US. (A couple of them were Eddie Izzard as I recall) She was very disappointed when I told her that these DVDs would not play in the DVD palayers at home without hacking them.
Whoever was distributing those DVDs LOST money since we can't buy them here (I've never seen them on shelves here and I didn't care enough about them to try to find them on Amazon). Really, what kind of business model is it to make it impossible to buy your product? Drop the region codes and they will probabily increase sales and kill a few pirates in the process!
Better yet, I love how that looks like a Windows error. I really hate it when I get Windows like Kernel error in my desktop manager. No wait, I've never had a kernel error (panic) that was not the fault of some bad hardware and I have been using Linux as my primary desktop for at least 5 years now!
Me thinks that if MS is going to go after Linux for stability, they should take care of business at home first.
I just had a problem with my 1996 Cavalear. Long story short I knew it was an ignition problem so I replaced the spark plugs, then the spark plug wires. Neither of these fixed the problem and the next thing to replace was the coil pack and then the ignition module.
Since I had just replace the wires I had found the coil packs and ignition modules we mounted in the dumbest palace...on the back of the engine, above the transmission! Now I know modern cars are packing the engine into a smaller and smaller area to give more room for the people rideing in the car, but since there was a ton of space in front of the engine, where a part that will fail several times in the lifetime of the car could have been mounted, it really pissed me off.
I gave up and took it in to my mechanic and the bill was around $140 to replace the coil pack that I suspected. If I would have replaced the part it would have cost me $20!
Whenever money is involved, these companies are always inventing ways to extract as much money as they can. And they wonder why we end up trying to "cheap out" and bargan shop the hell out of them.
I'm a big fan of Dotster. They are $14.95/year and have a nice web interface that works well with multiple domains. I know they are not the cheapest anymore, but I've never had a problem with them and I'm not going to change to try and save $7/year.
Also to I like that they are very active trying to keep Verisign and ICANN in line. They also are good about putting out warnings about domain scammers like "Domain Registry of America" and there likes.
Link does not login. Just scroll over to the right about 1 page width. The page just renders badly under Mozilla.
Sure we can be the worlds police men. It's called a "regime change". If you missed the last example, I'll demonstrate again for you:
The effect of the DMCA on reverse engineering is complicated. The DMCA does not flatly ban reverse engineering, but if you have to circumvent a technical protection measure in order to do your reverse engineering, then the DMCA will be an issue. The DMCA does have a limited safe harbor for reverse engineering, but it has been widely criticized as too narrow.
I hate to dodge your question, but I'm not really qualified to say whether what the clone makers did would be legal under 2003 law.
As to weather or not the DMCA would have been broken by reverse engineering the BIOS is still not know, but I'm sure that had it back then, some IBM laywer would have added to the the lawsuit as a bit more leverage.
One of the worst things about the DMCA is it's chilling effects. People are not doing things that are totally legal for fear of the law. For example, including a DVD player that uses the DeCSS code in a Linux distro because they might get sued under the DMCA. Now they would probabily would win, but not after loosing Billions of dollars in a drawn out court battle. That part of the law just makes me sick.
Here are some answers/clarifycations on some stuff I've already seen in the coments here:
iSCSI is a SAN (Storage Area Network) replacement. It is not a file shareing system like Samba or NFS. The primary advantage of iSCSI over something like Fiber Channel is cost. You can build an iSCSI system with regular Ethernet switches where as Fiber Channel requires "special" switches and cableing. I would think that two systems could use the same iSCSI target, but only where it would make sense and where the file system could handle such access.
Yes, there are already are adapters. (Not quite sure how they are out ahead of the spec, but why would you let a little thing like that slow you down). They connect to the Ethernet switch (usually a gigabit switch) and therefor could boot off a volume via iSCSI.
Cisco also makes a device that can bridge lagacy SAN networks to iSCSI
From their own Applications page you can see that their not even looking for the laptop market:
Not that it isn't a good idea, but they are just not going to price them to compete with the standard Magnetic disks. But looking at the performace these would kick butt in any server application!
Your right, I doubt that the IP cartels would be so stupid as to try and test this law, but here is an idea to test it:
What if I were to create a "DRM" technology and protect some sort of work with it. Then a friend of mine could break this "DRM" system. I could then sue them using the DMCA. Essentially become the plantif for a DeCSS type case and try and take it all the way to the Supreme Court. The only difference is that I would not pull all the "dirty lawyer" tricks and blead the defense dry. It would take years, but not cost too much.
Not sure if this could work, but it would give RIAA and MPAA quite a headache!
Not to be overly optimistic here, but I think this case could show just how bad the DMCA really is to Joe Public. It is not being used as intended (Take my copyrighted material off your website now! or Your taking my crapy "digital protection" off my copyrighted work, stop it!), but instead it is being used as a bully tactic. Right or wrong the copyright holder should be able to protect what he thinks are his works, but with the DMCA he has been given a club that is far to large.
Just being a little less optimistic, my bet is that one of the following happens:
But what I would like to see happen is that they loose a battle with the DMCA and it goes all the way to the Supreme Court. (Where in a 7 to 2 decision they decide that the Congress can extend copyrights indefinitly because that is a limited ammount of time - oh what wrong thread.)
I just seems like nobody wants to test this new law, but everybody wants to use it like the club it was designed to be. Somebody need to fight this thing in court, but that will take years and lots of cash.
<sarcasm theme="following from previous post">
By "War on terror" you are talking about Bill Gates' war on terror right? He is quite "terrorized" by the though of people being able to choose their software vendor based on the merits of the product and not by what is forced down there throat. If you run something other than the latest version of M$ Window$ "the terrorists have won".
</sarcasm>
IANAL (God I hate it when people start posts like that), but Wouldn't this be a great case to challenge the DMCA with? If all the facts are straight here then DOW Chemicals has enfringed on the first amendment rights of the person who wrote the parody. Bill of rights should proove that this law at least in this case should not be applied, but at best could make the DMCA unconstitutional.
If that dosn't stir the pot, how about a lawsuit aganst Verio. The DMCA says that the ISP (in this case it should be Thing.Net must take down the material. DOW knew that Thing.Net would have complied only to allow the counter notice and reposting part of the DMCA to go into effect or just fired back with a "Liar, Liar, we have Lawyers too" letter since they specialize in activists sites. DOW chose wisely and picked the ISP's ISP and pretty much guaranteed that Thing.Net would have to bow to the pressure. And now Verio is cutting off Thing.Net in 60 days?!? The DMCA dosen't say anything about that! Get a lawyer and sue them to hell!
I looked through my weblogs and noticed this crap in my logs, so I though about filling there log with a few hundred links to a picture that would properly express my feelings, but my wife convenced me otherwise. Since I was able to track the assholes down, I just emailed there ISP and ironicly the spammer assholes at there abuse address. Check out the nasty gram I shot off to them. I doubt it will make a diffrence, but it made me feel better.
I agree, pointless is bad, it cost's money, but it isn't nearly as bad as the loss of freedom. If you take my money (via taxes or any other such manner) I still have the freedom to complain, orgainize, and tell the world why I don't like your tax; however, when you take my freedom (in this case free speech) no ammount of money can buy it back.
So given the choice of waisting money or loosing freedom, I would pick waisting money. At least that way I could still have half a chance to fix the problem if I wanted to.
In this case the real fight is freedom of speech and not giving up just a little bit of it to "make the world safer for children". With any government this is just the start of taking away more and more of that freedom until it is completely worthless. As an added bonus I'm also against a waistful government agency.