if you sign and encrypt emails, you don't have to verify the keys, that's done automatically:
John Smith wants to send Jane Doe an email, so he looks up her public key at an online key repositoy.
He uses her public key to encrypt the email and his private key to sign it.
She receives the email and decrypts it with her private key, validating his signature using John's public key she looked up in the key repository. If her public key (used by John to encrypt the email) had been spoofed in the repository, she wouldn't be able to decrypt the email with her private key.
You're almost right, but you're wrong about the lack of need for verification. The fact that she can decrypt the email which was encrypted with her public key obtained from a keyserver simply means she is in possession of the corresponding private key, not that she really is [the right] "Jane Doe"... you might be beginning a correspondence with a spook. To verify that she is the person she is supposed to be (and not some Black Ops team MITM'ing her), the public keys must be verified, either by exchanging them in person in the first place, or by reading out key fingerprints over the phone if you would recognise her voice.
If John and Jane both get each other's public keys from a repository, and fail to verify them, then both keys may be bogus keys uploaded by MITM Bad Guys. This was well described by Phil Zimmerman in the original PGP 2.x User Manual
This is the other part of the PGP web-of-trust concept that most geeks I know don't quite get. When I countersign your key, I'm signing it to say that you really are the person you say you are (or rather "this key really does belong to the person it claims to belong to"), and NOT you are a person who can be trusted. So I must NOT countersign your key unless/until I'm really sure it's your key - which needs the key verification step to have been performed.
Unfortunately, most IT people I know who've ever been persuaded to try PGP just merrily get busy countersigning all the public keys they acquire, whether or not they've verified them. It doesn't help that some PGP email client software insists that you only use 3rd party public keys you're certain of, and won't let you pick an unverified key - so users will often just sign the 3rd party key to say they're certain of it so they can click 'Send' on the email.
Relatedly, I often suspect my colleagues don't even read the question you get asked when signing a key, which says "How strongly do you believe this person knows how to use PGP properly ?"
It is actually quite tricky to use PGP carefully enough to gain the full web-of-trust benefit - although I agree you can do what many folks do, and just ignore all that key-signing stuff, and wing it:)
I tend to look at your statement as part of a big problem with Americans. You can rationalize any number of clearly unethical or immoral situations by either stating, "...it's not illegal..." or "...XXXXXX does the same thing
It's not specifically Americans - it's capitalism (or "unhealthy love of money"). The problem with Americans (generalising like mad here of course) is that they sure do like the ostensible benefits of capitalism, and often fail to see the consequent drawbacks, but the same problem affects (infects) many other western countries these days.
I remember years ago watching an interview with the chairman of Rio Tinto Zinc (RTZ), in which he was being given a hard time about how RTZ was digging up aboriginal sacred burial grounds to look for uranium. His reply, with an apparently straight face, was "What we are doing is not illegal, and as chairman my responsibility is to my shareholders to deliver the maximum profit possible".
He simply couldn't see the immorality (or at least amorality) of the company's actions - or if he could then he simply didn't care, so long as the profit was good
Capitalism doesn't do morality - it just does money. Transcending this is an evolutionary step that must be made if humanity is to have any future.
ISTR Paris Hilton's phone's password turned out to be just the name of her dog, or something equally stupid... which wouldn't require hacking, just a lucky guess.
As most of us here understand, mobile voicemail hacking just requires brute-forcing a PIN - 4 digits in the case of UK cellphones... or just 2 digits in the case of my home ansafone:-)
So there isn't much security on a cellphone's voicemail to criticise in the first place.
Thanks very much !.... Now downloading... (please don't hurt me Midway)
PS: I'm gonna be really surprised if it turns out nobody has ever implemented a native-mode clone or look-a-lot-alike...[thinks]... hmm, a project for me maybe
Sorry to hijack the topic like this, but availability of an audience of evident fans of the genre is too good an opportunity to miss, so.... does anyone here know of a good implementation of Space Invaders for the PC (Linux or Windows would do) ?.... one with reasonably faithful reproduction of the original action, graphics and sounds (it doesn't actually have to say "Taito" at the top tho'). I'd even pay:)
Is Tbird 3.x end of life like FF4? I can still see some 3.1.11 versions for some languages, but English is 5.0 only, and it doesn't seem that anything has 3.1.12 or 3.2
As I recall, early versions of Trumpet Winsock (2.x ?) were a bit scrappy in look'n'feel and offered just a SLIP connection over a serial port, while later versions (3.x ?) were considerably smartened up and widened the protocol choice to include a rather nice implementation of PPP. The arrival of this PPP improved the ballgame no end. I think it even had a useful tracing facility.
To complement this Trumpet also sported a capable dialer with a scripting "language", and a few sample scripts for different scenarios. Usually, you scraped online using a cobbled version of one of the samples, and then if you hunted around online you could find more comprehensive pre-written scripts tailored for the various well-known ISPs.
To my shame I confess I never registered any version of Trumpet, though I subsequently did register a few other shareware items... WinPost PostIt notes, Bloat filesystem manager, Novagraph Chartist, and WinQVT VT220 emulator - all Win3.1 apps.... ah, happy days:-)
> Depends on your definition of better. Some of us would prefer a simpler lifestyle.
+1
There's nothing wrong with what he said. Many of us think a simpler lifestyle - lower-consumption-level, "low footprint" if you will - is the only sensible way forward. Of course, as a good geek I hope and expect that access to a global Internet will be a feasible part of such a lifestyle. Yes, much of modern electronic equipment is currently made from irreplaceable fossil hydrocarbons, but we can do better than that, can't we ?
Your post articulates the argument perfectly (and is well-mannered and polite to boot), such that I can't see how the Moz Devs could possibly respond unfavourably.
Unless... perhaps they think you're a lone weirdo.... so here's my "me too". Maybe it would help get the message across if everybody who wants the status bar back where it used to be (as an option if need be) piles in here and says so.
You, Sir, are my hero of the day. I'd read this article with interest (having suffered battery death crap like all the rest of us here), but gave up in despair trying to watch that video.
As a long-time Noscript user, I wondered whether Brightcove might be involved in all the script nonsense, but their name never appears in the Noscript whitelist candidate menu.
Your link however, works perfectly - Brightcove appears in the right-click menu, along with ScienceMag - and that's it.
Well... yes... but KDE4 did carry on being a fiasco for rather a long time, which has freaked a lot of people out. It's only just reaching a decent state around about now (V4.4.5 / V4.5) - which has been unfortunate - and many of its users consider the many allegedly release-quality previous V4.x versions have been only beta-grade... and should have been flagged as such.
Distros which included it did so largely in response to user demand, which itself occurred because users were given the impression the beta phase (labelled V3.9.x) was now over, and that "V4" meant "usable for serious purposes".
It's all water under the bridge now, but many users got bitten, and many people think the move was a mistake.
Well yes.... leaving aside those people who have a psychological problem with needles, the sting of a vaccination needle is hardly much of a discomfort. I mean... surely most folks have felt much worse pain than a stupid vaccination needle at some point in their lives. It doesn't really hurt. And I can tell you I became really quite a big fan of acupuncture needle effect a while ago:)
> You can get a Sansa Clip for $30.00.
[...]
>> So, just because something's obsolete on the cutting edge,
>> doesn't mean hordes of people aren't still using it.
>
> Of course, but there's no reason they couldn't be using
> something better
My 8Gb Sansa Clip+ (which cost £40.00 in the UK about 5 months ago) certainly is nice, and as you say it handles FLACC and OGG media (which is why I bought it).... but its non-replaceable internal battery only lasts about 6 hours between recharges [1]. That alone means its not much use to me in the car. I'd be constantly failing to remember I hadn't charged it recently until too late, and then I'd break my hand hitting the dashboard in frustration. No thanks - CDRs are good for me.
And another thing - the CDRs cost pennies, so it doesn't matter if a scumbag breaks into the car and steals them - unlike the MP3 player. Remembering to put the MP3 player in my pocket every time I get out the car just makes me a mugging target. Perhaps you live in a lovely safe country area with no scumbag population ?
[1] It's my first MP3 player... The guy in the shop said "There's no way of replacing the battery - when the battery dies you just throw the old player away and buy a new one", and looked mystified when I complained on environmental grounds. I'm not impressed by this - I do not consider such an approach as representing good technology
> their site looks like 1990s took a trip to the future and vomited
I echo my sibling's comment in that I have no problem at all with the website's style - I'd far rather have a simplistic straightforward HTML-driven site than some stupid Javascript-redirect-driven graphic-design student project. This is really important for security-related software distribution sites where it's necessary to be absolutely sure where your downloads are coming from.
The site does however have some problems with organisation of content - e.g. it'd be nice if they followed some more de-facto site-structure conventions like having a "Downloads" link to a page which provides the source tarballs, and states explicitly that there are no binaries available... and maybe even provides links to the more common Linux distro repositories where binaries may be found, even places where (gasp) Windows binaries can be found.... like http://www.stunnel.org/download/binaries.html (the place I always used to go to get my Windows OpenSSL binaries, but which seems a little unmaintained these days).... or http://www.slproweb.com/products/Win32OpenSSL.html (which is a lot more up to date, and professionally organised).
There is an openssl.org page with info about Win32 binaries: http://www.openssl.org/related/binaries.html (which links to the www.slproweb.com site) but it's not easy to find (IMHO).
And then there's the awful documentation, as many others have mentioned. I'd offer to help out with that if I was half-way crypto-competent enough to do so.
But the site's retro style is fine... the use of colours is restful on the eyes, and avoids use of the stupid 2-point flyspec fonts so beloved of those whose eyes are much younger than mine and who aren't worrying about damaging them:)
> The older K8 family processors go as "Athlon 64 x2" with a 4 digit > part number. The newer K10 family, derived from the higher performance > Phenoms, go by "Athlon II x2" with three digit part numbers
Thank you thank you thank you........ In my own recent purchasing researches, that single point has been confusing the hell out of me. You, sir, have given a nice, clear and succinct summary - now why can't AMD do that ?
> The advanced network technology... being developed by... DARPA.. will include
> support for features like 32 levels of network traffic prioritization that will
> let data with a higher priority will be handled more expeditiously than traffic
> with a lower priority
We were doing this in 1980 with the ICL VME mainframe operating system using their proprietary comms protocol "ICLC03", which prioritised traffic according to which of 6 different categories the relevant device was defined to be in. That's how we could support a cluster of 16 dumb terminals and half a dozen printers down one 9.6Kbps line without all the terminals stopping dead every time somebody printed something.
I hardly think the technique can be described as "advanced"... "common sense" maybe. I've always wondered why TCP-IP doesn't include such a feature.
(Sorry - ICL died such a horrible death that I can't find a link on this modern intarweb thingie to anything usefully describing VME operating system features such as its ICLC03 protocol - but I assure you it's well described in technical manuals in various ring binders in my spare room.)
> Only a fool would configure public-facing DNS servers as masters
While I must agree with your basic assertion here [if not BIND's:-)], something that is often disregarded by non-security folks is that security threats can arise from within the organisation...
It only takes one malicious employee to bring in an attack tool from outside - I haven't seen any exploit PoC code for this, but such a tool might consist of 100 lines of C and a C compiler.
My Large American Multinational employer has a similar scheme.... and every 6 months or so the scheme's administrators send out a company-wide rah-rah email talking up the scheme, its benefits for the company, and the m-o-n-e-y an employee will get for dreaming up a patent.
I just ignore them every time, cos it's i-m-m-o-r-a-l, and amounts to sickening bribery in an attempt to get you to participate in their thought-crime, and it isn't even clever - here's one my employer successfully filed : "A method for remotely administrating a computer by installing a web-server implementing a web form into which the sysadmin enters the commands to be executed using the web browser on her workstation"...... oh please.
"If [your country legitimises software patents], you will pay dearly. [The] software industry will fall victim to unscrupulous extortioners. A cartel of large corporations will crush smaller competitors. Consequently, we will all pay more money for less good and less secure software. You personally, your household, your company, your government, all of us."
I urge you to ignore these parasitic crooks in future, and refrain from taking their money. You'll feel better about yourself if you do.
Good question. The only explanation I've been able to find is this brief comment at the Kerneltrap Wikipedia page:
"The site is operated by Jeremy Andrews. As of November 2008, Jeremy has stopped updating the site due to a lack of time."
which cites this page as its source. There, Jeremy is stating he will resume updates when he's not so overloaded, and various people are trying to get him to let some volunteers help out.
Not very highly featured, but still streets ahead of Notepad - zipfile < 50Kb,.exe < 100Kb with no installation required ! Outstanding if you just want something more bearable and less brain-dead than Notepad. I install it everywhere I don't need a more fully-fledged programmer's editor.
It hasn't been changed since 2005, but doesn't really need it - not for my purposes anyway. Has little touches like making hyperlinks within the text content hot (clickable).
Why all these exploits now with applications that have been around for over seven years ?
It's generally reckoned to be a result of the actual base operating system becoming finally, belatedly, somewhat secure..... [ouch.. don't all hit me at once.. okay, okay - "heavily scrutinized and as patched as a patchwork quilt"]... so by comparison it's now easier to target (i.e. find holes in) the application set that 90% of Windows users have installed. People didn't bother very much even looking for holes in Office before now, it was just so easy to find them in Windows itself. That's what I've read, anyway
Note there's no let up in the stream of Internet Explorer holes and patches - that's still just as big a p-o-s as ever - but the RPC-DCOM bug-of-the-month supply seems to have dried up for now.
> Bestcrypt is probably only solution supporting Linux AND Windows
Wrong - as mentioned by several other posters there is an excellent free open-source encrypted drive product available for Windows - Truecrypt, http://www.truecrypt.org/ - which now has a Linux version available (since V4.0), offering the ability to access the same encrypted drive from both environments.
Slashdot Mirror
if you sign and encrypt emails, you don't have to verify the keys, that's done automatically:
John Smith wants to send Jane Doe an email, so he looks up her public key at an online key repositoy.
He uses her public key to encrypt the email and his private key to sign it.
She receives the email and decrypts it with her private key, validating his signature using John's public key she looked up in the key repository. If her public key (used by John to encrypt the email) had been spoofed in the repository, she wouldn't be able to decrypt the email with her private key.
You're almost right, but you're wrong about the lack of need for verification. The fact that she can decrypt the email which was encrypted with her public key obtained from a keyserver simply means she is in possession of the corresponding private key, not that she really is [the right] "Jane Doe" ... you might be beginning a correspondence with a spook. To verify that she is the person she is supposed to be (and not some Black Ops team MITM'ing her), the public keys must be verified, either by exchanging them in person in the first place, or by reading out key fingerprints over the phone if you would recognise her voice.
If John and Jane both get each other's public keys from a repository, and fail to verify them, then both keys may be bogus keys uploaded by MITM Bad Guys. This was well described by Phil Zimmerman in the original PGP 2.x User Manual
This is the other part of the PGP web-of-trust concept that most geeks I know don't quite get. When I countersign your key, I'm signing it to say that you really are the person you say you are (or rather "this key really does belong to the person it claims to belong to"), and NOT you are a person who can be trusted. So I must NOT countersign your key unless/until I'm really sure it's your key - which needs the key verification step to have been performed.
Unfortunately, most IT people I know who've ever been persuaded to try PGP just merrily get busy countersigning all the public keys they acquire, whether or not they've verified them. It doesn't help that some PGP email client software insists that you only use 3rd party public keys you're certain of, and won't let you pick an unverified key - so users will often just sign the 3rd party key to say they're certain of it so they can click 'Send' on the email.
Relatedly, I often suspect my colleagues don't even read the question you get asked when signing a key, which says "How strongly do you believe this person knows how to use PGP properly ?"
It is actually quite tricky to use PGP carefully enough to gain the full web-of-trust benefit - although I agree you can do what many folks do, and just ignore all that key-signing stuff, and wing it :)
Sigh ...
I tend to look at your statement as part of a big problem with Americans. You can rationalize any number of clearly unethical or immoral situations by either stating, "...it's not illegal..." or "...XXXXXX does the same thing
It's not specifically Americans - it's capitalism (or "unhealthy love of money"). The problem with Americans (generalising like mad here of course) is that they sure do like the ostensible benefits of capitalism, and often fail to see the consequent drawbacks, but the same problem affects (infects) many other western countries these days.
I remember years ago watching an interview with the chairman of Rio Tinto Zinc (RTZ), in which he was being given a hard time about how RTZ was digging up aboriginal sacred burial grounds to look for uranium. His reply, with an apparently straight face, was "What we are doing is not illegal, and as chairman my responsibility is to my shareholders to deliver the maximum profit possible".
He simply couldn't see the immorality (or at least amorality) of the company's actions - or if he could then he simply didn't care, so long as the profit was good
Capitalism doesn't do morality - it just does money. Transcending this is an evolutionary step that must be made if humanity is to have any future.
ISTR Paris Hilton's phone's password turned out to be just the name of her dog, or something equally stupid ... which wouldn't require hacking, just a lucky guess.
As most of us here understand, mobile voicemail hacking just requires brute-forcing a PIN - 4 digits in the case of UK cellphones ... or just 2 digits in the case of my home ansafone :-)
So there isn't much security on a cellphone's voicemail to criticise in the first place.
Thanks very much ! .... Now downloading ... (please don't hurt me Midway)
PS: I'm gonna be really surprised if it turns out nobody has ever implemented a native-mode clone or look-a-lot-alike ...[thinks] ... hmm, a project for me maybe
Sorry to hijack the topic like this, but availability of an audience of evident fans of the genre is too good an opportunity to miss, so .... does anyone here know of a good implementation of Space Invaders for the PC (Linux or Windows would do) ? .... one with reasonably faithful reproduction of the original action, graphics and sounds (it doesn't actually have to say "Taito" at the top tho'). I'd even pay :)
Cheers
Is Tbird 3.x end of life like FF4? I can still see some 3.1.11 versions for some languages, but English is 5.0 only, and it doesn't seem that anything has 3.1.12 or 3.2
You can get some of the older releases here : ... there's 3.1.11 and 3.3a3 but no 3.2)
http://releases.mozilla.org/pub/mozilla.org/thunderbird/releases/
(most of the major releases anyway
As I recall, early versions of Trumpet Winsock (2.x ?) were a bit scrappy in look'n'feel and offered just a SLIP connection over a serial port, while later versions (3.x ?) were considerably smartened up and widened the protocol choice to include a rather nice implementation of PPP. The arrival of this PPP improved the ballgame no end. I think it even had a useful tracing facility.
To complement this Trumpet also sported a capable dialer with a scripting "language", and a few sample scripts for different scenarios. Usually, you scraped online using a cobbled version of one of the samples, and then if you hunted around online you could find more comprehensive pre-written scripts tailored for the various well-known ISPs.
To my shame I confess I never registered any version of Trumpet, though I subsequently did register a few other shareware items ... WinPost PostIt notes, Bloat filesystem manager, Novagraph Chartist, and WinQVT VT220 emulator - all Win3.1 apps .... ah, happy days :-)
Sorry Peter ... I owe you beer and pizza.
> Depends on your definition of better. Some of us would prefer a simpler lifestyle.
+1
There's nothing wrong with what he said. Many of us think a simpler lifestyle - lower-consumption-level, "low footprint" if you will - is the only sensible way forward. Of course, as a good geek I hope and expect that access to a global Internet will be a feasible part of such a lifestyle. Yes, much of modern electronic equipment is currently made from irreplaceable fossil hydrocarbons, but we can do better than that, can't we ?
Your post articulates the argument perfectly (and is well-mannered and polite to boot), such that I can't see how the Moz Devs could possibly respond unfavourably.
Unless ... perhaps they think you're a lone weirdo .... so here's my "me too". Maybe it would help get the message across if everybody who wants the status bar back where it used to be (as an option if need be) piles in here and says so.
So come on, status bar fans ....
You, Sir, are my hero of the day. I'd read this article with interest (having suffered battery death crap like all the rest of us here), but gave up in despair trying to watch that video.
As a long-time Noscript user, I wondered whether Brightcove might be involved in all the script nonsense, but their name never appears in the Noscript whitelist candidate menu.
Your link however, works perfectly - Brightcove appears in the right-click menu, along with ScienceMag - and that's it.
Hey, ScienceMag .... sort it out :-/
Well ... yes ... but KDE4 did carry on being a fiasco for rather a long time, which has freaked a lot of people out. It's only just reaching a decent state around about now (V4.4.5 / V4.5) - which has been unfortunate - and many of its users consider the many allegedly release-quality previous V4.x versions have been only beta-grade ... and should have been flagged as such.
Distros which included it did so largely in response to user demand, which itself occurred because users were given the impression the beta phase (labelled V3.9.x) was now over, and that "V4" meant "usable for serious purposes".
It's all water under the bridge now, but many users got bitten, and many people think the move was a mistake.
Well yes .... leaving aside those people who have a psychological problem with needles, the sting of a vaccination needle is hardly much of a discomfort. I mean ... surely most folks have felt much worse pain than a stupid vaccination needle at some point in their lives. It doesn't really hurt. And I can tell you I became really quite a big fan of acupuncture needle effect a while ago :)
> You can get a Sansa Clip for $30.00.
[...]
>> So, just because something's obsolete on the cutting edge,
>> doesn't mean hordes of people aren't still using it.
>
> Of course, but there's no reason they couldn't be using
> something better
My 8Gb Sansa Clip+ (which cost £40.00 in the UK about 5 months ago) certainly is nice, and as you say it handles FLACC and OGG media (which is why I bought it) .... but its non-replaceable internal battery only lasts about 6 hours between recharges [1]. That alone means its not much use to me in the car. I'd be constantly failing to remember I hadn't charged it recently until too late, and then I'd break my hand hitting the dashboard in frustration. No thanks - CDRs are good for me.
And another thing - the CDRs cost pennies, so it doesn't matter if a scumbag breaks into the car and steals them - unlike the MP3 player. Remembering to put the MP3 player in my pocket every time I get out the car just makes me a mugging target. Perhaps you live in a lovely safe country area with no scumbag population ?
[1] It's my first MP3 player ... The guy in the shop said "There's no way of replacing the battery - when the battery dies you just throw the old player away and buy a new one", and looked mystified when I complained on environmental grounds. I'm not impressed by this - I do not consider such an approach as representing good technology
I echo my sibling's comment in that I have no problem at all with the website's style - I'd far rather have a simplistic straightforward HTML-driven site than some stupid Javascript-redirect-driven graphic-design student project. This is really important for security-related software distribution sites where it's necessary to be absolutely sure where your downloads are coming from.
The site does however have some problems with organisation of content - e.g. it'd be nice if they followed some more de-facto site-structure conventions like having a "Downloads" link to a page which provides the source tarballs, and states explicitly that there are no binaries available ... and maybe even provides links to the more common Linux distro repositories where binaries may be found, even places where (gasp) Windows binaries can be found .... like http://www.stunnel.org/download/binaries.html (the place I always used to go to get my Windows OpenSSL binaries, but which seems a little unmaintained these days) .... or http://www.slproweb.com/products/Win32OpenSSL.html (which is a lot more up to date, and professionally organised).
There is an openssl.org page with info about Win32 binaries :
http://www.openssl.org/related/binaries.html
(which links to the www.slproweb.com site) but it's not easy to find (IMHO).
And then there's the awful documentation, as many others have mentioned. I'd offer to help out with that if I was half-way crypto-competent enough to do so.
But the site's retro style is fine ... the use of colours is restful on the eyes, and avoids use of the stupid 2-point flyspec fonts so beloved of those whose eyes are much younger than mine and who aren't worrying about damaging them :)
> The older K8 family processors go as "Athlon 64 x2" with a 4 digit
........ In my own recent purchasing researches, that single point has been confusing the hell out of me. You, sir, have given a nice, clear and succinct summary - now why can't AMD do that ?
> part number. The newer K10 family, derived from the higher performance
> Phenoms, go by "Athlon II x2" with three digit part numbers
Thank you thank you thank you
> The advanced network technology ... being developed by ... DARPA .. will include
> support for features like 32 levels of network traffic prioritization that will
> let data with a higher priority will be handled more expeditiously than traffic
> with a lower priority
Hahahahahahahahahahaaaaaaa .... "advanced technology" ?
We were doing this in 1980 with the ICL VME mainframe operating system using their proprietary comms protocol "ICLC03", which prioritised traffic according to which of 6 different categories the relevant device was defined to be in. That's how we could support a cluster of 16 dumb terminals and half a dozen printers down one 9.6Kbps line without all the terminals stopping dead every time somebody printed something.
I hardly think the technique can be described as "advanced" ... "common sense" maybe. I've always wondered why TCP-IP doesn't include such a feature.
(Sorry - ICL died such a horrible death that I can't find a link on this modern intarweb thingie to anything usefully describing VME operating system features such as its ICLC03 protocol - but I assure you it's well described in technical manuals in various ring binders in my spare room.)
> Only a fool would configure public-facing DNS servers as masters
While I must agree with your basic assertion here [if not BIND's :-)], something that is often disregarded by non-security folks is that security threats can arise from within the organisation ...
It only takes one malicious employee to bring in an attack tool from outside - I haven't seen any exploit PoC code for this, but such a tool might consist of 100 lines of C and a C compiler.
My Large American Multinational employer has a similar scheme .... and every 6 months or so the scheme's administrators send out a company-wide rah-rah email talking up the scheme, its benefits for the company, and the m-o-n-e-y an employee will get for dreaming up a patent.
I just ignore them every time, cos it's i-m-m-o-r-a-l, and amounts to sickening bribery in an attempt to get you to participate in their thought-crime, and it isn't even clever - here's one my employer successfully filed : "A method for remotely administrating a computer by installing a web-server implementing a web form into which the sysadmin enters the commands to be executed using the web browser on her workstation" ...... oh please.
Propaganda :
http://www.softwarepatents.co.uk/intro/no_software_patents.html
http://www.nosoftwarepatents.com/en/m/intro/index.html
Paraphrasing the second link slightly :
I urge you to ignore these parasitic crooks in future, and refrain from taking their money. You'll feel better about yourself if you do.
> what ever happened to http://kerneltrap.org/ ?
Good question. The only explanation I've been able to find is this brief comment at the Kerneltrap Wikipedia page :
which cites this page as its source. There, Jeremy is stating he will resume updates when he's not so overloaded, and various people are trying to get him to let some volunteers help out.
I commend to you "Metapad" by Alexander Davidson : http://www.liquidninja.com/metapad/
Not very highly featured, but still streets ahead of Notepad - zipfile < 50Kb, .exe < 100Kb with no installation required ! Outstanding if you just want something more bearable and less brain-dead than Notepad. I install it everywhere I don't need a more fully-fledged programmer's editor.
It hasn't been changed since 2005, but doesn't really need it - not for my purposes anyway. Has little touches like making hyperlinks within the text content hot (clickable).
http://www.microsoft.com/technet/security/Bulletin /MS06-058.mspx
n /MS06-059.mspx
http://www.microsoft.com/technet/security/Bulleti
It's generally reckoned to be a result of the actual base operating system becoming finally, belatedly, somewhat secure ..... [ouch .. don't all hit me at once .. okay, okay - "heavily scrutinized and as patched as a patchwork quilt"] ... so by comparison it's now easier to target (i.e. find holes in) the application set that 90% of Windows users have installed. People didn't bother very much even looking for holes in Office before now, it was just so easy to find them in Windows itself. That's what I've read, anyway
Note there's no let up in the stream of Internet Explorer holes and patches - that's still just as big a p-o-s as ever - but the RPC-DCOM bug-of-the-month supply seems to have dried up for now.
Wrong - as mentioned by several other posters there is an excellent free open-source encrypted drive product available for Windows - Truecrypt, http://www.truecrypt.org/ - which now has a Linux version available (since V4.0), offering the ability to access the same encrypted drive from both environments.
Forget Bestcrypt.
OMG - you mean .. when I tested all that code I wrote between 1973 and 2000 I was doing something *different* from all you guys ?!
Why didn't someone tell me I was doing it wrong ?
(Seriously, WTF does that sentence even mean ?)
Yes they did - at least they did for me - they're on the same front page as I write this.
That's some pretty dismal editing :(