Every point that the person who was comparing SSH v. SRP made was completely wrong. I can't speak for every implementation of SSH, but we only need one, OpenSSH. Sure, if you don't really care about security, you can use password authentication instead of using a key. That key can not only be an RSA key, but also a blowfish key or a TIS or others... Personally, i prefer blowfish.
Now, is forcing someone to *only* allow logins when using a key really solving any problem? If you need to get in to your box from somewhere and you don't have time to do so otherwise, then login using password. If you have something so secure on your box that password is not acceptable (your paraniod and should never use ecom either 8-}) then just configure sshd so that it doesn't allow password logins.
Besides, in most systems, the cyrpto that you use for remote administration is surely the least of your worries. Why not switch to OpenBSD so that you can sleep at night?
I'm not sure how this really qualifies as a security risk. After reading the/. summary I figured out exactally what was done. I thought this kind of thing was common place... Anyways, the point is not to let some fsckin spammer get your email address!!! Besides, can you imagine what a pain in the rear it would be if we restricted what could be passed over the http protocol and recieve a cookie with... What would stop somebody from doing the same thing with frames tied to a cgi script? Come on. I'm sure some email clients will even accept frames... One last thing, instead of everybody in the world not allowing cookies to be set, why don't you just delete cookies upon login or reboot or something. The only way info about you is really gunna matter is if a lot of it is gathered, enough to link some guy clicking on stuff with what goes on in your head. But if you just delete your cookies daily, no bastards can track you around the net and you will still be able to use sites that maintain state with cookies. Better yet, just write a little script that edits your cookies file and removes all of the sites that you haven't approved every time you login...
I have been using Linux (on and off) for a couple of years now and have been wondering the same thing. I decided to dive in and ordered FreeBSD from CheapBytes. I have to say that I was fairly impressed, but the fun wasn't over yet. After getting FreeBSD going on my desktop, and getting most of my Hardware going (haven't got my ppp up yet) i decided to check out openbsd and put on the Dell Inspiron 7000 that i'm using now. I downloaded OpenBSD yesterday and burnt a CD of it this afternoon. I was installing it up into a minute ago when I got lost on using openbsd's fdisk implementation. Well, I'm off to track down some OpenBSD install tips. Later, and Happy BSDing
You don't have a very good chance of getting all of your clients to ditch windows in order to switch to Linux. Your probably right. Even if the alternative is better, they won't do it... They, like so many people are affraid of change. But there is something you can do! PERL! Ditch your old dos sessions and switch to perl. Setup a MySQL engine and apache+mod_perl at each client site and rewrite your app in pure perl... Don't even use the apache api, just straight cgi perl with apache::register... It will be smooth, fast, and stable! What are your waiting for? You should be hacking out some perl code right now!;) Later - and good Luck
Woopdie Doo... The frantic search to patent something to make your investors beleive that you are actually doing something (other than rapidly going into debt...) has produced yet another stupid patent.
I did notice that the actual patent talked about using an HTML document. Wouldn't that mean that you could use a bunch of javascript print statement to actually create the document?
Is the purpose of enhancments in communication to allow us to reach the pinacle of stupidity at an accelerating rate?
To me, this is just another example of why a powerful government is not beneficial to the people. This kind of thing seems to happen over and over and over in the United States.
Somebody who has a lot of cash to dangle under the nose of a Congre$ men up for reelection, realizes that because their because they have failed to keep up with the continually changing world, they are quickly going to become obsolete! By paying some congress member (in the form of campaign contributions) they are able to infringe upon the rights of the people, in order to keep themselves in power.
Two things to think about:
Is it actually possible for a government to give you, the citizen, rights? How long are we going to allow our rights to be stripped from us without standing up and creating a revolution!
I got into the whole BBS just as it was on the way out so I didn't get a chance to piss away 1000's of hours playing telnet adventures. The fact that I started out on the dark side of the OS world also made me think that text was boring. Since those early, misled days I have learned to love using a text interface, though using the web with lynx still isn't nearly as fun as with netscape... Anyways, for the past few months I have been searching for some cool text based adventure games that I could play locally (no multi-player necessary to make this kid happy). I want(ed) some games that use very little resources so that I that I have something to do while I'm waiting for something to compile. I have a fairly fast machine but I just don't want to have X sucking up any of my resources while I'm compiling something. I'm not creative enough to design a game in Hugo, but I can't wait to play some... In my search I came across adventure++ which looks like Hugo's old grandpa. Also, I found nethack, but have been unsuccessful at compiling it... Nethack sounds like exactally what I'm looking for, a text based local adventure game. I can't wait until somebody manages to build a little tetris game into vim...
Slashdot Mirror
Now, is forcing someone to *only* allow logins when using a key really solving any problem? If you need to get in to your box from somewhere and you don't have time to do so otherwise, then login using password. If you have something so secure on your box that password is not acceptable (your paraniod and should never use ecom either 8-}) then just configure sshd so that it doesn't allow password logins.
Besides, in most systems, the cyrpto that you use for remote administration is surely the least of your worries. Why not switch to OpenBSD so that you can sleep at night?
OpenBSD: Secure by Default... Ships with SSH
I'm not sure how this really qualifies as a security risk. After reading the /. summary I figured out exactally what was done. I thought this kind of thing was common place... Anyways, the point is not to let some fsckin spammer get your email address!!! Besides, can you imagine what a pain in the rear it would be if we restricted what could be passed over the http protocol and recieve a cookie with... What would stop somebody from doing the same thing with frames tied to a cgi script? Come on. I'm sure some email clients will even accept frames... One last thing, instead of everybody in the world not allowing cookies to be set, why don't you just delete cookies upon login or reboot or something. The only way info about you is really gunna matter is if a lot of it is gathered, enough to link some guy clicking on stuff with what goes on in your head. But if you just delete your cookies daily, no bastards can track you around the net and you will still be able to use sites that maintain state with cookies. Better yet, just write a little script that edits your cookies file and removes all of the sites that you haven't approved every time you login...
I have been using Linux (on and off) for a couple of years now and have been wondering the same thing. I decided to dive in and ordered FreeBSD from CheapBytes. I have to say that I was fairly impressed, but the fun wasn't over yet. After getting FreeBSD going on my desktop, and getting most of my Hardware going (haven't got my ppp up yet) i decided to check out openbsd and put on the Dell Inspiron 7000 that i'm using now. I downloaded OpenBSD yesterday and burnt a CD of it this afternoon. I was installing it up into a minute ago when I got lost on using openbsd's fdisk implementation. Well, I'm off to track down some OpenBSD install tips. Later, and Happy BSDing
You don't have a very good chance of getting all of your clients to ditch windows in order to switch to Linux. Your probably right. Even if the alternative is better, they won't do it... They, like so many people are affraid of change. But there is something you can do! PERL! Ditch your old dos sessions and switch to perl. Setup a MySQL engine and apache+mod_perl at each client site and rewrite your app in pure perl... Don't even use the apache api, just straight cgi perl with apache::register... It will be smooth, fast, and stable! What are your waiting for? You should be hacking out some perl code right now! ;) Later - and good Luck
I did notice that the actual patent talked about using an HTML document. Wouldn't that mean that you could use a bunch of javascript print statement to actually create the document?
Is the purpose of enhancments in communication to allow us to reach the pinacle of stupidity at an accelerating rate?
I hope somebody gets a patent on SPAM!
Somebody who has a lot of cash to dangle under the nose of a Congre$ men up for reelection, realizes that because their because they have failed to keep up with the continually changing world, they are quickly going to become obsolete! By paying some congress member (in the form of campaign contributions) they are able to infringe upon the rights of the people, in order to keep themselves in power.
Two things to think about:
Is it actually possible for a government to give you, the citizen, rights?
How long are we going to allow our rights to be stripped from us without standing up and creating a revolution!
I got into the whole BBS just as it was on the way out so I didn't get a chance to piss away 1000's of hours playing telnet adventures. The fact that I started out on the dark side of the OS world also made me think that text was boring. Since those early, misled days I have learned to love using a text interface, though using the web with lynx still isn't nearly as fun as with netscape... Anyways, for the past few months I have been searching for some cool text based adventure games that I could play locally (no multi-player necessary to make this kid happy). I want(ed) some games that use very little resources so that I that I have something to do while I'm waiting for something to compile. I have a fairly fast machine but I just don't want to have X sucking up any of my resources while I'm compiling something. I'm not creative enough to design a game in Hugo, but I can't wait to play some... In my search I came across adventure++ which looks like Hugo's old grandpa. Also, I found nethack, but have been unsuccessful at compiling it... Nethack sounds like exactally what I'm looking for, a text based local adventure game. I can't wait until somebody manages to build a little tetris game into vim...