Samsung was planning a dual-format player, but sadly they had to backtrack due to licensing difficulties. It appears that one or both of the camps are unwilling to permit dual format players, and are somehow writing this into their license agreements.
PEAP could reasonably be described as an open standard, but it has two problems:
It's unfinished, and there are implementations of different (incompatible) drafts in use.
Many implementations only support a very restricted set of EAP types over PEAP (eg EAP-MS-CHAP-V2 for microsoft and EAP-GTC for Cisco) which is a problem for interoperability.
The former problem should be resolved as the PEAP version 2 specification matures.
Re:University of Utah - 802.1x Campus Standard
on
Are You Using 802.1X?
·
· Score: 1
Thanks. Mainly I was just after any pointers before I consider trying this myself. Advice on what cards, APs, etc are known to work, any gotchas in configuring them, etc...
Incidentally, the Radiator web site has a useful list of APs that support 802.1x, which may be worth referencing somewhere...
-roy
Re:University of Utah - 802.1x Campus Standard
on
Are You Using 802.1X?
·
· Score: 1
Sorry, I think you misunderstand. I was after more info about the existing key-rotation support on linux.
I'll have a look at the list archives....
Many thanks,
-roy
Re:University of Utah - 802.1x Campus Standard
on
Are You Using 802.1X?
·
· Score: 1
The paper is not referring to WPA, but rather to the inherent key rotation that 802.1x provides. The Linux support does work, and with the right hardware users get per-user keys. This works today, and we use it often.
Interesting, thanks. Do you have any pointers to more info about this? I looked on the open1x site and in the READMEs that come with xsupplicant, but I couldn't find much.
Thanks,
-roy
Re:University of Utah - 802.1x Campus Standard
on
Are You Using 802.1X?
·
· Score: 1
The whitepaper talks about key rotation. But do you actually have this working on Linux? ie is there a card and driver that actually supports TKIP on Linux (in a WPA-compliant manner)? Is there anything on the horizon?
A google search failed to find any information on any ongoing TKIP/WPA work for Linux...
Some of the RBL lists also blacklist every IP block that is known to be used for dialup, DSL, or cable.
Some indeed do (eg the five-ten-sg.com blacklist)
However, (and notably) the MAPS DUL has a policy of only listing cable modem and DSL connections at the request of the ISP. ie it's considered legitimate for residential broadband customers to perform direct SMTP delivery, even if they have a dynamic address, unless their ISP says otherwise.
I would say that there is no clear community concensus that direct delivery from residential broadband connections should be disallowed, and I would therefore characterise any policy that does so as being aggressive (which is not to say that server operators shouldn't be allowed to use aggressive blacklisting policies if they so choose).
I would contrast this with the situation for dynamic dial-up addresses, where there is a much stronger community concensus that it is reasonable to reject direct SMTP from these addresses.
It doesn't appear to be an IE parsing error, it looks like it was blocked from IE at mozilla.org. As in if I use proxomitron to fake my user-agent it displays.
It appears to be valid XHTML [w3.org] and valid use of CSS [w3.org], so your comments seem strange, unless they serve different documents for different user agents. Have anybody tested this?
I think the poster simply didn't understand the error message.
I suspect that the poster mistook the w3.org URI for a reference to a web page on the W3C web site, when in fact it was a reference to an XML DTD.
I lived there for 7 years. I like multicultural cities, and I really dislike drunken, abusive, shaven headed white Brits. But I was talking about border controls, and I gather even the UK immigration service admits many of its officers are racists - but they can't replace them because (a)it takes time to train people, and (b)what decent person who wants a career wants to join an organisation stuffed with racists?
Things certainly seem to be better than they used to be. British citizens returning to Britain generally have a pretty easy time entering the country. A check of the passport is all that is done, and they process is quick enough that it's rare that any words are spoken by either side.
As a British-born British Citizen who is of half Asian descent, I used to find (10 or 15 years ago) that the immigration staff were always 'friendlier' to me than to my white friends or collegues: 'How are you?', 'Did you have a good journey?', etc.
Clearly the colour of my skin was a cue to engage in some idle smalltalk to check whether I spoke English (or perhaps just to check whether I had a British accent).
I certainly haven't encountered this pracise in the last five years, even though it used to be the norm....
Hmm... my passport is valid for another 7 years or so... now presumably this would require all passports to be reissued or reapplied for, or swapped as they expire.
As I understand it, it's only passports issued after October 2004 that will have to have biometric data. So you're right, it will be 10 years before the system is fully operational.
The UK are intending to introduce biometric id cards - there's already been consultation (so called) about it. The US biometric thing was sited by David Blunkett as a reason for us needing them... Details here [privacyinternational.org]
I'd also add that, whatever the outcome of the consultation on ID cards, ie whether or not they ever happen, and whether or not they end up containing biometric data (at least in the short term), it seems to me pretty unlikely that ID cards will be up and running by the US deadline of Oct 2004, let alone biometric data on passports (which hasn't even been consulted yet).
I very much doubt that many (any?) countries will meet the deadline, so the US will have two choices: extend the deadline, or effectively shut down the visa waiver programme.
But we already have the answer; the US would suspect that country's membership of the visa waiver programme, and their citizens would have to apply for visas, just like it worked in the old days.
The visas would, of course, include biometric data.
Thanks for that. More interesting, in fact, is the suggestion in the article you cite that the Schengen countries have already decided to go ahead with biometrics.
So biometrics look like they're a forgone conclusion in Europe.
The countries that are members of the US visa waiver programme (allowing short stays in the US without a visa) are required to implement biometrics on all passports issued after October 2004, otherwise their citizens will be required to apply for a US visa in order to visit the US.
The article comments that the Irish are concerned about the possible damage to trade and tourism that would result from the reintroduction of visa requirements.
I'll be intrested to see how this turns out, but I think there'll be a public outcry here in the UK if there's an attempt to include biometrics on British passports.
The most interesting (to me) comment in the article (which isn't elaborated further) is:
The legislation also requires foreign governments to use biometric technology in passports.
What if countries refuse? -- and I can't really see the rest of the world adding biometrics to their passports just becuase the US tells them to.
Being British, I don't currently require a visa for a short (up to 3 months?) visit to the US. I guess if Europe doesn't go along with these demands, I'm going to need a visa (which, presumably, will have biometrics embedded in it).
Go to www.expedia.co.uk (the British arm of the Microsoft-owned on-line travel agent), and search for a flight in Internet Explorer. Choose an itenary where Expedia offers special discounted fares ('Expedia Special Fares').
Now try the same search in Mozilla, and you'll find you aren't offered the discounted fares, so the cheapest fare offered to Mozilla users is noticably more expensive than the cheapest fare offered to Internet Explorer users.
(My test query is to search for a return flight from LHR to IAD, departing about two weeks in the future, and staying for about two weeks, with flight times around midday. This query reliably has discounted fares available (though prety much all major routes do).
I haven't tried this in Opera, or Netscape 6/7. Notably, Netscape 4.x users are offered the same deal as IE users.
Also notably, Expedia's US operation, www.expedia.com , didn't exhibit this kind of discrimination last time I checked.
in England hundreds of years ago. They called them debtor's prisons. Simple, you went to prison because you could not pay your debt. I am not sure how it made sense then nor now.
Not directly relevent, but the Fourth Protocol to the European Convention on Human Rights prohibits imprisonment for inability to pay debts (or more specifically, for any breach of contract).
The UK is one of a small number of members of the Council of Europe never to have ratified this European treay...
I believe that this practice is not that good --- especially when the mail was NOT sent by a real human, but ie. mailing list subscription robot, some account creation verification mechanism sending you password by mail etc. Also you may easily annoy those who write you a mail by bothering them with this automation, it can be easily considered as impolite. And the real fun starts when two people with this filtering try to get in touch; you protect yourself from mails not generated by a real human, but at the same time you produce such mails yourself.
TMDA has thought about all of these issues, and has solutions to many of them. That's as good a reason as any for using TMDA as the confirmation manager rather than reinventing the wheel.
The idea is a hybridization of SpamAssassin [spamassassin.org] and tmda (tagged message delivery agent) [tmda.org]
Great minds think alike. Though I think my approach is simpler (having only skimmed your page, so apologies if I've misunderstood).
My procmailrc simply passes all mail through SpamAssassin and then TMDA.
My TMDA rules say to accept anything that has the header 'X-Spam-Status: No'; anything that SpamAssassin thinks is spam automatically goes through TMDA's normal confirmation process.
There's slightly more to it than that, but not much. No new code is involved, just suitable configuration of SpamAssassin, TMDA and procmail.
It doesn't yet do everything that your solution does (in particularly the verifying the sender). I still need to think more about whether this is correct according to the RFCs, but thanks for the idea of doing it in a script, rather than waiting for my MTA to support it. (Incidentally, I believe that the latest postfix can do this itself, or am I getting confused with some other MTA?)
I keep meaning to put up a web page describing my approach in more detail. If you're interested, send mail to roy@gnomon.org.uk and it might encourage me to get round to documenting it sooner rather than later:)
Perhaps this is the start of having he "other" dns'es take off. We all know how bad Verisign is with DNS (like slamming, overcharging, and in general cheating).
I think you're confusing Verisign Global Registry Services, who run the.com and.net registries with Network Solutions, a division of Verisign, Inc who are a registrar for.com and.net (amongst other domains).
The IETF has been dicking arround for at least six years on this issue and no closer to a resolution.
Not true. The IETF solution was approved by the IESG some months ago for publication as a Proposed Standard.
One of the four documents has recently been published as an RFC, and the remaining three are in the RFC Editor Queue pending final RFC Editor and authors' review (ie publication as RFC is iminent).
draft-ietf-idn-idna-14 Internationalizing Domain Names in Applications (IDNA)
RFC 3454 Preparation of Internationalized Strings ("stringprep")
draft-ietf-idn-nameprep-11 Nameprep: A Stringprep Profile for Internationalized Domain Names
draft-ietf-idn-punycode-03 Punycode: A Bootstring encoding of Unicode for IDNA
Slashdot Mirror
Samsung was planning a dual-format player, but sadly they had to backtrack due to licensing difficulties. It appears that one or both of the camps are unwilling to permit dual format players, and are somehow writing this into their license agreements.
AFAICS, all the linked press release says is that VOIP should be subject to the existing laws on telephone tapping....
Or am I missing something?
PEAP could reasonably be described as an open standard, but it has two problems:
It's unfinished, and there are implementations of different (incompatible) drafts in use.
Many implementations only support a very restricted set of EAP types over PEAP (eg EAP-MS-CHAP-V2 for microsoft and EAP-GTC for Cisco) which is a problem for interoperability.
The former problem should be resolved as the PEAP version 2 specification matures.
Thanks. Mainly I was just after any pointers before I consider trying this myself. Advice on what cards, APs, etc are known to work, any gotchas in configuring them, etc...
Incidentally, the Radiator web site has a useful list of APs that support 802.1x, which may be worth referencing somewhere...
-roy
Sorry, I think you misunderstand. I was after more info about the existing key-rotation support on linux.
I'll have a look at the list archives....
Many thanks,
-roy
The paper is not referring to WPA, but rather to the inherent key rotation that 802.1x provides. The Linux support does work, and with the right hardware users get per-user keys. This works today, and we use it often.
Interesting, thanks. Do you have any pointers to more info about this? I looked on the open1x site and in the READMEs that come with xsupplicant, but I couldn't find much.
Thanks,
-roy
The whitepaper talks about key rotation. But do you actually have this working on Linux? ie is there a card and driver that actually supports TKIP on Linux (in a WPA-compliant manner)? Is there anything on the horizon?
A google search failed to find any information on any ongoing TKIP/WPA work for Linux...
-roy
Some of the RBL lists also blacklist every IP block that is known to be used for dialup, DSL, or cable.
Some indeed do (eg the five-ten-sg.com blacklist)
However, (and notably) the MAPS DUL has a policy of only listing cable modem and DSL connections at the request of the ISP. ie it's considered legitimate for residential broadband customers to perform direct SMTP delivery, even if they have a dynamic address, unless their ISP says otherwise.
I would say that there is no clear community concensus that direct delivery from residential broadband connections should be disallowed, and I would therefore characterise any policy that does so as being aggressive (which is not to say that server operators shouldn't be allowed to use aggressive blacklisting policies if they so choose).
I would contrast this with the situation for dynamic dial-up addresses, where there is a much stronger community concensus that it is reasonable to reject direct SMTP from these addresses.
AMPS is the old US analogue system.
The problem is that larger ISPs (ie Telstra, Optus, Connect.com etc) will only peer among themselves, and not with anyone further down the foodchain.
I thought that was pretty much the case the world over... The largest ISPs peer with each other, and the smaller ISPs are forced to buy transit.
I think the poster simply didn't understand the error message.
I suspect that the poster mistook the w3.org URI for a reference to a web page on the W3C web site, when in fact it was a reference to an XML DTD.
I lived there for 7 years. I like multicultural cities, and I really dislike drunken, abusive, shaven headed white Brits. But I was talking about border controls, and I gather even the UK immigration service admits many of its officers are racists - but they can't replace them because (a)it takes time to train people, and (b)what decent person who wants a career wants to join an organisation stuffed with racists?
Things certainly seem to be better than they used to be. British citizens returning to Britain generally have a pretty easy time entering the country. A check of the passport is all that is done, and they process is quick enough that it's rare that any words are spoken by either side.
As a British-born British Citizen who is of half Asian descent, I used to find (10 or 15 years ago) that the immigration staff were always 'friendlier' to me than to my white friends or collegues: 'How are you?', 'Did you have a good journey?', etc.
Clearly the colour of my skin was a cue to engage in some idle smalltalk to check whether I spoke English (or perhaps just to check whether I had a British accent).
I certainly haven't encountered this pracise in the last five years, even though it used to be the norm....
Hmm... my passport is valid for another 7 years or so... now presumably this would require all passports to be reissued or reapplied for, or swapped as they expire.
As I understand it, it's only passports issued after October 2004 that will have to have biometric data. So you're right, it will be 10 years before the system is fully operational.
The UK are intending to introduce biometric id cards - there's already been consultation (so called) about it. The US biometric thing was sited by David Blunkett as a reason for us needing them ... Details here [privacyinternational.org]
I'd also add that, whatever the outcome of the consultation on ID cards, ie whether or not they ever happen, and whether or not they end up containing biometric data (at least in the short term), it seems to me pretty unlikely that ID cards will be up and running by the US deadline of Oct 2004, let alone biometric data on passports (which hasn't even been consulted yet).
I very much doubt that many (any?) countries will meet the deadline, so the US will have two choices: extend the deadline, or effectively shut down the visa waiver programme.
Then you wouldn't be allowed in the US.
The US isn't that isolationist.
But we already have the answer; the US would suspect that country's membership of the visa waiver programme, and their citizens would have to apply for visas, just like it worked in the old days.
The visas would, of course, include biometric data.
Thanks for that. More interesting, in fact, is the suggestion in the article you cite that the Schengen countries have already decided to go ahead with biometrics.
So biometrics look like they're a forgone conclusion in Europe.
Sorry about the dropped tag above.
l
Found another reference that might be of interest:
http://www.gunweek.com/archives/2002/hs090102.htm
The countries that are members of the US visa waiver programme (allowing short stays in the US without a visa) are required to implement biometrics on all passports issued after October 2004, otherwise their citizens will be required to apply for a US visa in order to visit the US.
The article comments that the Irish are concerned about the possible damage to trade and tourism that would result from the reintroduction of visa requirements.
I'll be intrested to see how this turns out, but I think there'll be a public outcry here in the UK if there's an attempt to include biometrics on British passports.
So I guess I'll be needing a visa, then...
The most interesting (to me) comment in the article (which isn't elaborated further) is:
The legislation also requires foreign governments to use biometric technology in passports.
What if countries refuse? -- and I can't really see the rest of the world adding biometrics to their passports just becuase the US tells them to.
Being British, I don't currently require a visa for a short (up to 3 months?) visit to the US. I guess if Europe doesn't go along with these demands, I'm going to need a visa (which, presumably, will have biometrics embedded in it).
Go to www.expedia.co.uk (the British arm of the Microsoft-owned on-line travel agent), and search for a flight in Internet Explorer. Choose an itenary where Expedia offers special discounted fares ('Expedia Special Fares').
Now try the same search in Mozilla, and you'll find you aren't offered the discounted fares, so the cheapest fare offered to Mozilla users is noticably more expensive than the cheapest fare offered to Internet Explorer users.
(My test query is to search for a return flight from LHR to IAD, departing about two weeks in the future, and staying for about two weeks, with flight times around midday. This query reliably has discounted fares available (though prety much all major routes do).
I haven't tried this in Opera, or Netscape 6/7. Notably, Netscape 4.x users are offered the same deal as IE users.
Also notably, Expedia's US operation, www.expedia.com , didn't exhibit this kind of discrimination last time I checked.
in England hundreds of years ago. They called them debtor's prisons. Simple, you went to prison because you could not pay your debt. I am not sure how it made sense then nor now.
Not directly relevent, but the Fourth Protocol to the European Convention on Human Rights prohibits imprisonment for inability to pay debts (or more specifically, for any breach of contract).
The UK is one of a small number of members of the Council of Europe never to have ratified this European treay...
I believe that this practice is not that good --- especially when the mail was NOT sent by a real human, but ie. mailing list subscription robot, some account creation verification mechanism sending you password by mail etc. Also you may easily annoy those who write you a mail by bothering them with this automation, it can be easily considered as impolite. And the real fun starts when two people with this filtering try to get in touch; you protect yourself from mails not generated by a real human, but at the same time you produce such mails yourself.
TMDA has thought about all of these issues, and has solutions to many of them. That's as good a reason as any for using TMDA as the confirmation manager rather than reinventing the wheel.
The idea is a hybridization of SpamAssassin [spamassassin.org] and tmda (tagged message delivery agent) [tmda.org]
:)
Great minds think alike. Though I think my approach is simpler (having only skimmed your page, so apologies if I've misunderstood).
My procmailrc simply passes all mail through SpamAssassin and then TMDA.
My TMDA rules say to accept anything that has the header 'X-Spam-Status: No'; anything that SpamAssassin thinks is spam automatically goes through TMDA's normal confirmation process.
There's slightly more to it than that, but not much. No new code is involved, just suitable configuration of SpamAssassin, TMDA and procmail.
It doesn't yet do everything that your solution does (in particularly the verifying the sender). I still need to think more about whether this is correct according to the RFCs, but thanks for the idea of doing it in a script, rather than waiting for my MTA to support it. (Incidentally, I believe that the latest postfix can do this itself, or am I getting confused with some other MTA?)
I keep meaning to put up a web page describing my approach in more detail. If you're interested, send mail to roy@gnomon.org.uk and it might encourage me to get round to documenting it sooner rather than later
This issue is extensively discussed on D.J. Bernstein's page, here [cr.yp.to].
Actually, Dan Bernstein is discussing a different issue.
He is arguing that his own solution (IDNC3) is superior to the solution that the IETF has adopted (IDNA).
This has nothing to go with whether Verisign GRS should be allowed to break the DNS to promote internationalized domain names.
Perhaps this is the start of having he "other" dns'es take off. We all know how bad Verisign is with DNS (like slamming, overcharging, and in general cheating).
.com and .net registries with Network Solutions, a division of Verisign, Inc who are a registrar for .com and .net (amongst other domains).
I think you're confusing Verisign Global Registry Services, who run the
The IETF has been dicking arround for at least six years on this issue and no closer to a resolution.
Not true. The IETF solution was approved by the IESG some months ago for publication as a Proposed Standard.
One of the four documents has recently been published as an RFC, and the remaining three are in the RFC Editor Queue pending final RFC Editor and authors' review (ie publication as RFC is iminent).
draft-ietf-idn-idna-14 Internationalizing Domain Names in Applications (IDNA)
RFC 3454 Preparation of Internationalized Strings ("stringprep")
draft-ietf-idn-nameprep-11 Nameprep: A Stringprep Profile for Internationalized Domain Names
draft-ietf-idn-punycode-03 Punycode: A Bootstring encoding of Unicode for IDNA