There are definitely still tools to let you dial directly, but I do not think many will let you select to automatically mute certain audio sources.
Googling for freeware modem dialler shows up a bunch of apps that might suit you.
Scarily, I think Vista might actually handle this better - it allows per-application muting very easily, so you could switch between your entertainment and the phone call with a click, but really you seem to want something automated.
The reason he didn't ask your suggested question is simply because that is not what he wants to know.
He is asking what software is required to route the internal modem's POTS audio to the speakers and mic. Most decent modems used to come with the necessary dialler software, however it is rapdidly disappearing.
He is NOT asking for external hardware to manage the relative levels of the PC audio and a separate POTS system.
Yes, I was trying to think up a way of producing a sliding scale without locking it to specific technologies.
I suspect a system where the user can assign a numerical level based upon settings chosen within their account, plus a system of tags for what have become pretty standard security methods so the site can insist on a minimum level of authentication.
As your OpenID provider knows which site is requesting your identity, all of this can be performed on the OpenID provider's side.
So maybe options for each site wishing to authenticate are present in your account to specift the following.
Whether the site can: Anonymously, but uniquely identify me. See my real e-mail address. See a chosen e-mail address for this site. See my home address.
Required level of security to log into this site as me: Persistent Cookie PIN Password1 (straight PW) Password2 (straight PW + letters from memorable data) SecurID SmartCard / Private key
The provider could also add additional authentication methods, eg checking your IP address, but there is most likely not a need to expose these as something the authenticating site would require beyond the above.
I did wonder if the anonymous indentification is possible through some system of creating a unique "fake" OpenID dynamically from the identity of the site requesting access.
I think you're right here, that this should be about managing the security habits of the average luser. I feel it WOULD be much nicer for all of us to have a strong cryptographic smartcard, which we plug in wherever we are, can use as a private key, can use for digital signing, and that's just used for all our authentication.
The downside is you end up with this meatspace object which if lost or stolen, must be as scary as losing your bank cards and ID.
Yes this is the issue though - that in the "ideal" situation of everything moving to supporting OpenID, you will almost always be signed in, which is where I see a looming security issue.
I would like to run around being able to use the single OpenID, yet in a secure manner.
If, as you say, each of my banks has to provide me a different SecurID token, we are back to square one of having one sign-on per site, defeating the object of a single identity and sign-on.
I would really like there to be different levels of how "signed-in" you are, and me be able to set on the site how "signed-in" I must be for the account to be accepted.
For example, just a persistent cookie might be enough to allow "level 1" authentication, which means I can see my Google homepage.
My password might be needed for "level 2" allowing my into my webmail.
A SecurID token or smartcard and password could get me "level 3" allowing me to do online banking with my OpenID.
With the current state of affairs though, I think we can but dream...
I was thinking it would be nice to have a two-factor OpenID authentication provider, which might alleviate this, but only to a limited extent. I gather Verisign already do this if you use them as your provider(!) with a SecurID-ish token.
I am my own OpenID provider, which scarily means that if my web hosting gets hacked, irrespective of what authentcation I use, the hacker can impersonate me. So as you say, it does make a very tempting target with a single point of failure.
Yes, clearly diverting an entire connection worth of traffic *for each target user* seems a lot more painful than screwing with as a few ISP DNS servers to redirect all users of the target site to the evil site.
The way I see it, part of the point of the vulnerability is it is possible to poison it WITHOUT the co-operation of the point you are attacking, so in the case of dodgy surveillance, there is no legal papertrail.
You probably want to check how asymmetric crypto actually works.
The private keys are not visible on the wire, so once you receive the signed response, you can veryify that the answer is coming from where you hope it is. To modify the response, the attacker requires access to the private keys.
The point of DNSSEC is to prevent Bob's site masquerading as Alice's trusted site without your knowledge.
SSL (and so by extension SSH and HTTPS) attempt to solve this problem by verifying the identity of the other site, which is why we should always use it for trusted transactions.
Indeed, they can crack my key. However, if they want to divert an entire site's traffic for all users, it means they have a large number of keys to break in very little time.
With the existing infrastructure, they can do it across the board without having to spend money on cracking every key.
In the current situation, doing it to everyone is not a significantly larger problem that doing it to an individual.
That's what the Open Server Root Network is for, to prevent those "above us" from being able to apply politics to the DNS infrastructure, primarily the fear of ICANN being under the control of the US Government.
Not to be paranoid, but the argument of "no-one can do this" is often weak in the light of it being governments or intelligence agencies who are trying to mess with your internet access.
Is he scared of his government?
Or concerned about what his government may be doing to others in the world?
The problem is not necessarily on the "some attacker half way across the world on another AS", but may be much closer to home.
Not to state the obvious, but possibly a secure DNS system?
Although, it has been mentioned that there are a number of competing similar commercial solutions available from the big routing / switching manufacturers. However then you would expect them to want to delay DNSSec as much as possible.
That is different - that's just advertising and silliness off the way the wildcard matching works for WHOIS.
The issue is when you can force the target to resolve blah.google.com to poison www.google.com and then include a glue response for www. in with the blah. response which is then accepted because the domains match at to the right of that level.
Yes, I agree - reading the article the resolver should only allow responses which are necessary glue for the provided response through and drop all other RRs.
There are a couple of JavaScript compilers which target the JVM, eg Mozilla's Rhino. It is quite a common way of compiling for a cross platform target.
Glad you brought this up - I only dropped into this thread to point out the rather excellent Valve Hardware Survey.
The fact it is self-selecting does make it a shade biassed towards the high-end, but it is amusing to see the sheer amount of laptop hardware out there with Steam installed.
It is always funny to smirk at the glacial pace of Vista migration too.
Part of the serious difference is related to the fact I mainly play Infantry Only these days.
The downside to IO is that often you are getting sniped without being able to see where from. In this situation, being able to hear whether the sniper is above you and often exactly where they are is a massive advantage. It's enough that I have been accused of cheating a lot more since getting X-Fi.
The other main situation where it helps which I can tell the difference between software and EAX is you hear boats and helicopters MUCH earlier, and can hear where they are coming from, and often going to.
You also hear footsteps near you when you enemies are about to run around the corner in front of you whilst capturing flags.
As you rightly say though, you do have the added bonus of a lot more channels, which definitely is part of why you hear vehicles and players coming from much further away, especially the snipers and support guns which are so lethal in IO.
It's not the low / high / extreme sound quality setting which makes the difference, it is the Hardware Sound / EAX checkbox.
Yes, I thought this for a few years until discovering Battlefield 2. It took about 3 months for me to get quick enough to be competitive again, so I think you can actually regain these skills. Admittedly, BF2 is strategy heavy too though, so it is possible to compensate to for slow reactions to some extent.
Real twitch games like Unreal Tournament 3 and Quake 3 are still a little beyond my reactions.
I have found recent racing games are excellent for older gaming - my clan has gamers up to 60 years old. We have all enjoyed a good blast on Race Driver GRID lately, it's pretty accessible to everyone and achieves a great balance of realism and arcade play.
Slashdot Mirror
So what is it you play then?
Maybe Endless Online? Or a MUD/MUSH?
Or something new and exciting I haven't played?*
* Hoping it's this one!
Amen!
It's just a keyfile without any of the cryptographic advantages.
Once one site / attacker has the "password", ie the file hash, they all have it. Unlike public key crypto, where you get to keep your private key!
There are definitely still tools to let you dial directly, but I do not think many will let you select to automatically mute certain audio sources.
Googling for freeware modem dialler shows up a bunch of apps that might suit you.
Scarily, I think Vista might actually handle this better - it allows per-application muting very easily, so you could switch between your entertainment and the phone call with a click, but really you seem to want something automated.
I'm just sorry I cannot remember the name of any of the pieces of software!
They all used be unbranded OEM tools that came with your modem, in the days where modems were external boxes plugged into your serial port.
The reason he didn't ask your suggested question is simply because that is not what he wants to know.
He is asking what software is required to route the internal modem's POTS audio to the speakers and mic.
Most decent modems used to come with the necessary dialler software, however it is rapdidly disappearing.
He is NOT asking for external hardware to manage the relative levels of the PC audio and a separate POTS system.
I believe the whole point of the TPM chip is that it performs the checking before we gain control.
If the checks pass, the TPM key is then "available" for that boot.
If the checks fail, the TPM key is locked away.
I wholeheartedly agree with the "why would you want to run Vista" comment though!
For me, the only reason is PC gaming, but manufacturer support is currently still good for XP, and the DX9 vs DX10 difference is small.
Come DX11, things may change, but that's ages away.
Does one of the more popular Vista cracks not rely on booting Grub4Dos to load a bit of code to patch the kernel after boot?
I am thinking this will be affect the crack.
Before anyone says it, no, I am not running a pirate version of Vista, so I cannot check. In fact... not running any version of Vista, joy!
Yeah, the think they are realising it is not the time to be isolationist.
Does a leopard every change its spots?
So, in a great repeat of history, how long before we see the "embrace and extend" policy make a quick return?
Yes, I was trying to think up a way of producing a sliding scale without locking it to specific technologies.
I suspect a system where the user can assign a numerical level based upon settings chosen within their account, plus a system of tags for what have become pretty standard security methods so the site can insist on a minimum level of authentication.
As your OpenID provider knows which site is requesting your identity, all of this can be performed on the OpenID provider's side.
So maybe options for each site wishing to authenticate are present in your account to specift the following.
Whether the site can:
Anonymously, but uniquely identify me.
See my real e-mail address.
See a chosen e-mail address for this site.
See my home address.
Required level of security to log into this site as me:
Persistent Cookie
PIN
Password1 (straight PW)
Password2 (straight PW + letters from memorable data)
SecurID
SmartCard / Private key
The provider could also add additional authentication methods, eg checking your IP address, but there is most likely not a need to expose these as something the authenticating site would require beyond the above.
I did wonder if the anonymous indentification is possible through some system of creating a unique "fake" OpenID dynamically from the identity of the site requesting access.
I think you're right here, that this should be about managing the security habits of the average luser. I feel it WOULD be much nicer for all of us to have a strong cryptographic smartcard, which we plug in wherever we are, can use as a private key, can use for digital signing, and that's just used for all our authentication.
The downside is you end up with this meatspace object which if lost or stolen, must be as scary as losing your bank cards and ID.
Yes this is the issue though - that in the "ideal" situation of everything moving to supporting OpenID, you will almost always be signed in, which is where I see a looming security issue.
I would like to run around being able to use the single OpenID, yet in a secure manner.
If, as you say, each of my banks has to provide me a different SecurID token, we are back to square one of having one sign-on per site, defeating the object of a single identity and sign-on.
I would really like there to be different levels of how "signed-in" you are, and me be able to set on the site how "signed-in" I must be for the account to be accepted.
For example, just a persistent cookie might be enough to allow "level 1" authentication, which means I can see my Google homepage.
My password might be needed for "level 2" allowing my into my webmail.
A SecurID token or smartcard and password could get me "level 3" allowing me to do online banking with my OpenID.
With the current state of affairs though, I think we can but dream...
I was thinking it would be nice to have a two-factor OpenID authentication provider, which might alleviate this, but only to a limited extent.
I gather Verisign already do this if you use them as your provider(!) with a SecurID-ish token.
I am my own OpenID provider, which scarily means that if my web hosting gets hacked, irrespective of what authentcation I use, the hacker can impersonate me. So as you say, it does make a very tempting target with a single point of failure.
Yes, clearly diverting an entire connection worth of traffic *for each target user* seems a lot more painful than screwing with as a few ISP DNS servers to redirect all users of the target site to the evil site.
The way I see it, part of the point of the vulnerability is it is possible to poison it WITHOUT the co-operation of the point you are attacking, so in the case of dodgy surveillance, there is no legal papertrail.
You probably want to check how asymmetric crypto actually works.
The private keys are not visible on the wire, so once you receive the signed response, you can veryify that the answer is coming from where you hope it is. To modify the response, the attacker requires access to the private keys.
The point of DNSSEC is to prevent Bob's site masquerading as Alice's trusted site without your knowledge.
SSL (and so by extension SSH and HTTPS) attempt to solve this problem by verifying the identity of the other site, which is why we should always use it for trusted transactions.
Indeed, they can crack my key. However, if they want to divert an entire site's traffic for all users, it means they have a large number of keys to break in very little time. With the existing infrastructure, they can do it across the board without having to spend money on cracking every key. In the current situation, doing it to everyone is not a significantly larger problem that doing it to an individual.
That's what the Open Server Root Network is for, to prevent those "above us" from being able to apply politics to the DNS infrastructure, primarily the fear of ICANN being under the control of the US Government.
Not to be paranoid, but the argument of "no-one can do this" is often weak in the light of it being governments or intelligence agencies who are trying to mess with your internet access.
Is he scared of his government?
Or concerned about what his government may be doing to others in the world?
The problem is not necessarily on the "some attacker half way across the world on another AS", but may be much closer to home.
Not to state the obvious, but possibly a secure DNS system?
Although, it has been mentioned that there are a number of competing similar commercial solutions available from the big routing / switching manufacturers. However then you would expect them to want to delay DNSSec as much as possible.
That is different - that's just advertising and silliness off the way the wildcard matching works for WHOIS.
The issue is when you can force the target to resolve blah.google.com to poison www.google.com and then include a glue response for www. in with the blah. response which is then accepted because the domains match at to the right of that level.
Yes, I agree - reading the article the resolver should only allow responses which are necessary glue for the provided response through and drop all other RRs.
There are a couple of JavaScript compilers which target the JVM, eg Mozilla's Rhino. It is quite a common way of compiling for a cross platform target.
Glad you brought this up - I only dropped into this thread to point out the rather excellent Valve Hardware Survey.
The fact it is self-selecting does make it a shade biassed towards the high-end, but it is amusing to see the sheer amount of laptop hardware out there with Steam installed.
It is always funny to smirk at the glacial pace of Vista migration too.
Part of the serious difference is related to the fact I mainly play Infantry Only these days.
The downside to IO is that often you are getting sniped without being able to see where from. In this situation, being able to hear whether the sniper is above you and often exactly where they are is a massive advantage. It's enough that I have been accused of cheating a lot more since getting X-Fi.
The other main situation where it helps which I can tell the difference between software and EAX is you hear boats and helicopters MUCH earlier, and can hear where they are coming from, and often going to.
You also hear footsteps near you when you enemies are about to run around the corner in front of you whilst capturing flags.
As you rightly say though, you do have the added bonus of a lot more channels, which definitely is part of why you hear vehicles and players coming from much further away, especially the snipers and support guns which are so lethal in IO.
It's not the low / high / extreme sound quality setting which makes the difference, it is the Hardware Sound / EAX checkbox.
Yes, I thought this for a few years until discovering Battlefield 2. It took about 3 months for me to get quick enough to be competitive again, so I think you can actually regain these skills.
Admittedly, BF2 is strategy heavy too though, so it is possible to compensate to for slow reactions to some extent.
Real twitch games like Unreal Tournament 3 and Quake 3 are still a little beyond my reactions.
I have found recent racing games are excellent for older gaming - my clan has gamers up to 60 years old. We have all enjoyed a good blast on Race Driver GRID lately, it's pretty accessible to everyone and achieves a great balance of realism and arcade play.