The idea is not to save you fifty-seconds of time by deleting your spam. That's a fringe benefit. The idea is to stop spam by making it harder and more expensive to do so. If we can up the price and difficulty to a certain point spam will no longer be a viable marketting technique.
You're missing no voodoo magic whatsoever, I think you've simply failed to think this through in its entirety. You claim you're sending 50 emails a day. In all likelihood most of these emails are not first-contact emails which would require a crypto challenge, but are in fact addressed to an established-contact which doesn't challenge you.
But for the sake of argument lets say all 50 of these emails are first contact. Dandy. Lets look at how this goes. You write the first letter, and proofread it, and click send. Your system does not immediately lock for ten seconds. Instead your message goes into your outgoing message queue. While you are writing and proofreading your next message the system is busily computing the hash for the previous message.
Let's suppose even further that you type uncommonly fast, require not proofreading, and get all 50 of the messages into your outbox. You take a deep breath, run to the bathroom or for a refill on your coffee, or whatever -- guess whats happening while you're afk?
Fine, why not encourage these developers to develop for Linux instead? If their software is technically superior and wanted then this is the idea community for it.
Real, at least for their server software is (or was...) almost entirely a Linux shop. Real helped Linux make inroads into the server market at a LOT of companies. I'm still under NDA so I'm only mentioning two of the ones I could find press releases for quickly, but this includes companies with great big satelite networks (PanAmSat for one), a couple of great big phone companies (like Deutshce Telecom)...
Real also helped a lot in the fight to get Linux drivers for a whole bunch of video capture cards...
...if you are interested in a blog for the masses (nerdly masses that is) then/. works pretty well. If you have practical suggestions for making/. work better then write and submit an article about how you would go about doing that. I'm sure we'd all love to hear your suggestions....
I'm the first to admit I'm a/. n00b (hAhA - fr1st pr0st on the subject of Fjornir's n00bness) -- I've been playing this stupid game for a bit less than three years... But what makes you think the/. editors would run such a story?
Hey! This is about the _Navy_ dammit! They are _not_ "troops"! They're sailors, or bluejackets. Never troops. Even the brother-buggering-marines (My Ass Rides In Navy Equipped Ships) don't deserve to be called "troops".
Well, that's great as far as it goes, except for the fact that it is more or less impossible. The presence of additional encoded information would be pretty obvious by comparing the size of the cyphertext against the size of the plaintext generated by your red herring key. This could be mitigated, to some extent, by having your herring be larger than the real data you were trying to hide.
Further, if your red herring is taken, 'they' will need to know what algorithm was used to encrypt it in order to make use of it. And you can bet whoever does the decrypt job will have read the README on this algorithm...
As if that wasn't enough, with the cyphertext for the bundle, the herring key, and the herring plaintext, the balance of the cyphertext in the bundle would fall to cryptanalysis (although it would prove to be difficult to convert that cyphertext back to plaintext.)
A better solution, in my estimation, is to have part of your key on removable, destroyable media, and the rest of your key set to self-destruct on a deadman switch -- have it start over-writing itself again and again and again with random data if you don't invoke xeyes every 6 hours or whatever. Then you can hopefully be assured that either the memory chip/whatever in your pocket will be destroyed, or that your deadman will have time to trip. If one part of your key is compromised, then they'll have part of it -- but good like working out the other 2048 bits, hey?
"But what if the memory card fails / I get stuck in traffic and miss the window on my deadman / whatever???" -- Simple. Use a re-brewable key derived from a lot of sources. A 32 bit checksum of the doom.wad that shipped with v1.666, the ISBN of The Joy of Cooking, an article from the google usenet archives (strip the html and all of the whitespace and headers in case they change the way they display it), the VIN from your first car, the phone numbers for three Planned Parenthood clinics in three suburbs of your city. When you put it all together in the right order with the right mechanism you've got your key back.
Fashion is fickle. The plain band is no longer the style -- more elaboraate rings and rings with settings are in higher demand. The plain band (which was the appropriate style when the index started tracking it 19 years ago) has fallen due to diminished demand.
The gold rings are less expensive most likely from the fluctuation of the price of gold.
Actually, gold is up slightly. The index attributes the fall in the price of rings to changes in fashion. The plain band which the index tracks (and was favored 20 years ago when the index was started) has fallen due to the rising popularity of more ornate rings, and those with settings.
Stand outside a middleschool or highschool (Do _not_ tresspass!) with Linux CDs, mini-manuals (give lots of URLs for help and support), and a soda all bundled in a bag.
Sure, most kids will just snag the soda and ditch the rest... But there will always be the curious kids. Furthermore, the nextgen geeks will be bound to get chummy over an event like this ("I dual boot debian TOO!") -- tell them they should support the community by helping the other interested kids install linux...
I am certain you have read the article, thus I am certain you are aware that the offending systems were not in Virginia, nor offshore. In fact they were located in North Carolina.
Certainly your extensive knowledge of geography made you aware of this fact when the write-up of this story included such gems as Virginia arrested a North Carolina man... and He was arrested...in Raleigh, NC
Of course I read the article. What you failed to read was the post I was responding to, which was questioning the viability of a monthly-update scheme, and not related to this specific patch (which, in all honesty, sure seems fux0r3d).
That's the whole point, see! Having patch-day be a regular event allows lusers to set reminders, "Yay! Patch-day! I get six 5-minute coffee breaks because all of these need seperate reboots!" and stay current.
But admins aren't subjected to the constant trickle of noncriticals... "Huh. An alert just popped into my mailbox saying there's a patch I need.... Its not patchday, so I wonder how big the impact will be for us..." And if its big he can take appropriate action...
Somehow you've managed to miss the point entirely. Vulnerabilities at the top/left of the matrix (such as the RPC hole blaster exploited -- a system level compromise achieved remotely requiring no user intervention) will have patches available more or less immediately. As you move down the list (...DoS, source fragment disclosure on ASP pages...) or to the right (...requires server-side instantiation of objFoo, requires user to view malicious webpage...) it is more likely to be rolled into the monthly patch cycle.
And thanks oodles for the out-of-context quote which actually addressed your concern, if only you had read it.
...and of course you read the announcement about this, didn't you? And as such you know that they will still release zero-hour patches for vulnerabilities which are actively being exploited in the wild and/or are to the top left of the threat matrix (remote/system level explots).
Slashdot Mirror
The idea is not to save you fifty-seconds of time by deleting your spam. That's a fringe benefit. The idea is to stop spam by making it harder and more expensive to do so. If we can up the price and difficulty to a certain point spam will no longer be a viable marketting technique.
You're missing no voodoo magic whatsoever, I think you've simply failed to think this through in its entirety. You claim you're sending 50 emails a day. In all likelihood most of these emails are not first-contact emails which would require a crypto challenge, but are in fact addressed to an established-contact which doesn't challenge you.
But for the sake of argument lets say all 50 of these emails are first contact. Dandy. Lets look at how this goes. You write the first letter, and proofread it, and click send. Your system does not immediately lock for ten seconds. Instead your message goes into your outgoing message queue. While you are writing and proofreading your next message the system is busily computing the hash for the previous message.
Let's suppose even further that you type uncommonly fast, require not proofreading, and get all 50 of the messages into your outbox. You take a deep breath, run to the bathroom or for a refill on your coffee, or whatever -- guess whats happening while you're afk?
3 days left... :)
...having your entire body vigorously rubbed with a cheese grater...
Real, at least for their server software is (or was...) almost entirely a Linux shop. Real helped Linux make inroads into the server market at a LOT of companies. I'm still under NDA so I'm only mentioning two of the ones I could find press releases for quickly, but this includes companies with great big satelite networks (PanAmSat for one), a couple of great big phone companies (like Deutshce Telecom)...
Real also helped a lot in the fight to get Linux drivers for a whole bunch of video capture cards...
...doesn't excuse the shit they pulled, but...
I liked it the other way around better. I hadn't scrolled down to see your correction so I was wondering why you didn't have your Funny points.
I consider eight to ten days in orbit to be considerably more than a quick ride on the pukelator.
Ummm... What am I supposed to say? "Congratulations, you're as ignorant as your dictionary?"
What's the sound shit makes when it hits the fan?
Maaa-reeeeeeen.
I'm the first to admit I'm a /. n00b (hAhA - fr1st pr0st on the subject of Fjornir's n00bness) -- I've been playing this stupid game for a bit less than three years... But what makes you think the /. editors would run such a story?
Hey! This is about the _Navy_ dammit! They are _not_ "troops"! They're sailors, or bluejackets. Never troops. Even the brother-buggering-marines (My Ass Rides In Navy Equipped Ships) don't deserve to be called "troops".
Further, if your red herring is taken, 'they' will need to know what algorithm was used to encrypt it in order to make use of it. And you can bet whoever does the decrypt job will have read the README on this algorithm...
As if that wasn't enough, with the cyphertext for the bundle, the herring key, and the herring plaintext, the balance of the cyphertext in the bundle would fall to cryptanalysis (although it would prove to be difficult to convert that cyphertext back to plaintext.)
A better solution, in my estimation, is to have part of your key on removable, destroyable media, and the rest of your key set to self-destruct on a deadman switch -- have it start over-writing itself again and again and again with random data if you don't invoke xeyes every 6 hours or whatever. Then you can hopefully be assured that either the memory chip/whatever in your pocket will be destroyed, or that your deadman will have time to trip. If one part of your key is compromised, then they'll have part of it -- but good like working out the other 2048 bits, hey?
"But what if the memory card fails / I get stuck in traffic and miss the window on my deadman / whatever???" -- Simple. Use a re-brewable key derived from a lot of sources. A 32 bit checksum of the doom.wad that shipped with v1.666, the ISBN of The Joy of Cooking, an article from the google usenet archives (strip the html and all of the whitespace and headers in case they change the way they display it), the VIN from your first car, the phone numbers for three Planned Parenthood clinics in three suburbs of your city. When you put it all together in the right order with the right mechanism you've got your key back.
Fashion is fickle. The plain band is no longer the style -- more elaboraate rings and rings with settings are in higher demand. The plain band (which was the appropriate style when the index started tracking it 19 years ago) has fallen due to diminished demand.
Actually, gold is up slightly. The index attributes the fall in the price of rings to changes in fashion. The plain band which the index tracks (and was favored 20 years ago when the index was started) has fallen due to the rising popularity of more ornate rings, and those with settings.
It is actually flyering you need to do stealthy out here. :P
Stand outside a middleschool or highschool (Do _not_ tresspass!) with Linux CDs, mini-manuals (give lots of URLs for help and support), and a soda all bundled in a bag. Sure, most kids will just snag the soda and ditch the rest... But there will always be the curious kids. Furthermore, the nextgen geeks will be bound to get chummy over an event like this ("I dual boot debian TOO!") -- tell them they should support the community by helping the other interested kids install linux...
Why the fuck would anyone want to come here/now?
Sir, You may do well to change browsers. No banding is present in the 'after' image.
Certainly your extensive knowledge of geography made you aware of this fact when the write-up of this story included such gems as Virginia arrested a North Carolina man... and He was arrested...in Raleigh, NC
Be careful what you wish for... What if your p0rn is going 'merely' being 'passed through' VA and happens to be against their laws?
Of course I read the article. What you failed to read was the post I was responding to, which was questioning the viability of a monthly-update scheme, and not related to this specific patch (which, in all honesty, sure seems fux0r3d).
But admins aren't subjected to the constant trickle of noncriticals... "Huh. An alert just popped into my mailbox saying there's a patch I need.... Its not patchday, so I wonder how big the impact will be for us..." And if its big he can take appropriate action...
Somehow you've managed to miss the point entirely. Vulnerabilities at the top/left of the matrix (such as the RPC hole blaster exploited -- a system level compromise achieved remotely requiring no user intervention) will have patches available more or less immediately. As you move down the list (...DoS, source fragment disclosure on ASP pages...) or to the right (...requires server-side instantiation of objFoo, requires user to view malicious webpage...) it is more likely to be rolled into the monthly patch cycle.
And thanks oodles for the out-of-context quote which actually addressed your concern, if only you had read it.
...and of course you read the announcement about this, didn't you? And as such you know that they will still release zero-hour patches for vulnerabilities which are actively being exploited in the wild and/or are to the top left of the threat matrix (remote/system level explots).
Uhm. Then do it. I certainly won't stop you. What is the point of this public spewage?
You're putting me on, right? Did you file a bug yet?