Sorry, I fail at reading comprehension today, let me try that again.
Ok, so lets say you try to browse to https://mybank.com/ but there's a MitM intercepting your connection. When you first connect, the plugin should be able to get a fingerprint of the mybank.com cert. The plugin then asks the notary to verify that fingerprint. The notary connects to mybank.com and reports back the fingerprint. If they match, there's no MitB intercepting the secure communication (at least, not unless the MitB attacking from the network of mybank.com,) If they don't match, that means the two of you aren't seeing the same website, and something is *really* wrong.
Well gee, let me think.... then the plugin notices that the cert for the notary has changed, and knows there's a MitM, attack fails.
Poster below this this thread already pointed out how the system *does* fail however. MitM has to attack target website, as opposed to the user's net connection. That way, both the user and the notaries will get the MitM certs.
The notaries are already known, which mean the browser plugin already has their certs. This is the same idea as 'Trusted certificates", except it doesn't require the site your visiting to have their individual certs signed.
Question:, how I do I stop the comment bar from pinning itself on this page layout? The little down arrow clicky isn't there, and I can't find it's equivalent. (It's a small thing, but annoying like a sore tooth I can't stop poking at)
SPF will validate the Return-path header if there is one instead of the From: address.
Unfortunately, I don't know how to make either sendmail or postfix insert a return path when they forward an e-mail, but the easy work around is to install mail list software as your forwarder. You can create a mailing list as your incoming e-mail, with only 1 mail list member, (which is your g-mail account). Mail list software will automagically insert the appropriate return-path header that is needed in this case.
Not really, the client is able to tell that there a discrepenc in From and Sender: and notify the user appropriately...
Again, SPF was never to stop spam, just prevent domain forging.... btw, believe it not, the header you have to insert is Return Path: which means I have a solution for the OP
SPF stops phishing, and FROM forgery, not spamming, as the original poster already mentioned.
It's been a while since I read SPF specs, but there is a header you can add to the e-mail that identifies the sender domain of the forwarded e-mail, which will fix the SPF issue when you forward the mail from your server to gmail.. Unfortunately, a) I forget what the header is b) I have no clue how to configure sendmail so it inserts the header when it forward e-mails. I would be interested in these answers however.
I'll put my vote with Avast. I preferred AVG 7 because it was light weight and didn't nag for registration. But now AVG 8 has become bloated and is, in my books, adware that tries to trick users into buying full version, even though home use is 'supposed' to be free.
Avast has the annoying habit of requiring free users to re-register every year, but doesn't try to trick you into an upsale.
Other acting careers? YOu mean commercials? Amateur Stage Plays? Radio Announcements? Oh, wait, no, you must be thinking of the.1% who become hollywood stars?
Yeah, I think 100k is damn good for an actor.
Actually, I'm basing it on a quote provided in my comment, not to mention that Macrovision *already* has a fix, which someone else here already claims to be over a year old. And we also know that this has been a known "in the wild" exploit for 3 weeks before MS even bothered to release a security announcment, even though the fix already existed.
FTFA, the bug was fixed in Vista, becasue "Microsoft and Macrovision worked together during the development of Windows Vista RTM [release to manufacturing] to review the security of the Vista version of the driver."
Hackers only started exploiting this 3 weeks ago, but MS must have known about this for 6 months at least. Macrovision even offers an update for WinXP on their web site based on the same fix, but MS never pushed the update through their security update mechanism, and even now, isn't commiting to it.
So, to recap for those keeping score at home, you now have to download patches for Windows system files from Macrovision's website! MS bashers have a goldmine to work from here.
Google isn't about "getting you known",, google is about telling the user, (who initiated the search) which sites are already known.. If you want to get known, buy adwords like everyone else. Will probably cost you less than a consultant to come up with every changing google page optimization.
MS desktop responsive under load?? You must be kidding me!
I'll admit, MS desktop has *very* low latency at idle, and runs circles around Linux camp (with all those linked libraries linking all over the place) at starting up applications.. But as soon as you add cpu load to a Windows machine, everything goes to hell. Opening new windows, even just a file browser window, takes ages and is annoyingly slow. Everything becomes clunky and uneven. Linux (and, I think, just about everyone else) has been doing this far better for *years*. That was one of the first things I noticed when I first switched to Linux from Windows, how smoother my desktop was no matter what else I was doing in the background.).
The scheduler flamewar was exactly how linux achieves these technical improvements.. people who want to do even better and debate how to do it.. business as usual.
As bad form as it is to reply to myself... 10 seconds of research leads me to this.
Chalk me up as a GPL3 detractor. The license has no business dictating terms based on the usage of the product.. Either hardware lock is allowed or not.
Let me play devil's advocate. What if a company released a new compiler (probably based off an existing proprietary C compiler) and added/changed completely new language symantics. Then they could take any GPL software they like, modify it, and release the new version of the software with source code. The problem is, since they didn't release the compiler, no one could *ever* actually compile a new binary from the source!
That's exactly what Tivoization is trying to guard against. Only in this case, the hardware makers were using hardware hacks to make the code useless. Note that GPL3 doesn't dictate how you use the code. What it does say, if the binary you distribute, based on GPL code is singed (and that signature is required for the binary to function), then you have to include the key that it's signed with as the GPL source code! That's no different than GPL2 requiring you release all source and scripts needed to compile the source.
Of course it makes sense not to replace perfectly working, top of the line systems.. but where do you get this figure that Intel costs twice as much? Intel CPU's now cost *less* than equivalent performing AMD CPU's (Although, the figures kind of even out with all of AMD's recent price cuts.)
Guaranteed quality (you chose the encoding bitrate yourself on most of their albums).. Great search engine/catalogue navigation without having to worry about download speeds or what downloads finished..Basically, it was just a really convenient service. And since time *is* money, well worth the small charges they applied.
There was a quick process (basically, check I agree) you had to go through on allofmp3 site wherein they deactivated your allofmp3 login and activated the corresponding mp3sparks (with balance and bonus)
I'm guessing they'll move the remaining accounts in bulk now that allofmp3 is shutdown. I think the transfer was done piecemeal this way for the past several months to keep the existance of mp3sparks quiet for as long as possible.
If you do a regex search and replace in Open office and replace all contents of cells with themselves (search for.*, replace with &, or something like that) the contents of the cells will be reformated to whatever default you set for the columns. You can use it to change a column of numbers into a text field (to sort alphanumerically) or vice versa,, (if you have a spreadsheet that imported numbers as text and and you want to change them back into numbers)
This trick is even included in the help documentation.
Contrary to popular belief, Internet broadband is not limitless or even abundant. Companies that sell you 'unlimited' connections for $100 / month are grossly overselling,, it only works if the customers use, on avg. less than %10 of that. (This is why there is such a push to destroy net Neutrality, *someone* has to subsidize the underpriced connections now that more and more people are downloading GIGS per month.) Using bit-torrent to distribute paid-for material is grossly abusing an already broken system.. If this business model actually takes off, ISP's will have no choice but to scrap the unmetered Internet entirely,, (And really, I think, that might be best overall). Who then will be foolish enough to contribute bandwidth they are actually paying for to seed torrents that someone is is getting paid for?
Wikipedia should meter their bandwidth by country/region. They can then use the data to petition local federal governments/states/provinces to pay for their share. The funds could come from the 'library' budget.
Be that as it may, Amazon has no right to place unauthorized charges on Credit Cards. If they feel the transaction was in error, the can send the customer and invoice, and take the matter to court if they aren't happy with the response. They *cannot* just take money from your CC account on a whim. People will, and should, contend that charge, and Amazon with be in a deep pile of poo with the CC's.
Not that big a problem at all either. In the case of ubuntu, all you need is to compile one little library for DVD's (you can, of course, add a repository and install something like Easy Ubuntu or Automatix, I think, is the new flavor. But myself, I always found.configure && make && sudo make install was easier)
And as long as your using i386 Arch of Ubuntu, the windows Codecs are just as easy to download and install (look for Download's on Mplayer's site.), which works with Mplayer, Xine, and I think even VLC.
Click and Run will only be necessary for peeps who can't install *anything* unless it's "Click and Run", which Ubuntu can't do out of the box for fear of lawyers.
I don't understand how all this patent stuff works, and IANAL, but since the university researchers have already published their findings in a de facto medial journal (Cancer Cell), doesn't that count as..... prior art? I don't think anyone will be patenting this any time soon.
Slashdot Mirror
Sorry, I fail at reading comprehension today, let me try that again.
Ok, so lets say you try to browse to https://mybank.com/ but there's a MitM intercepting your connection. When you first connect, the plugin should be able to get a fingerprint of the mybank.com cert. The plugin then asks the notary to verify that fingerprint. The notary connects to mybank.com and reports back the fingerprint. If they match, there's no MitB intercepting the secure communication (at least, not unless the MitB attacking from the network of mybank.com,) If they don't match, that means the two of you aren't seeing the same website, and something is *really* wrong.
Well gee, let me think.... then the plugin notices that the cert for the notary has changed, and knows there's a MitM, attack fails.
Poster below this this thread already pointed out how the system *does* fail however. MitM has to attack target website, as opposed to the user's net connection. That way, both the user and the notaries will get the MitM certs.
The notaries are already known, which mean the browser plugin already has their certs. This is the same idea as 'Trusted certificates", except it doesn't require the site your visiting to have their individual certs signed.
Question:, how I do I stop the comment bar from pinning itself on this page layout? The little down arrow clicky isn't there, and I can't find it's equivalent. (It's a small thing, but annoying like a sore tooth I can't stop poking at)
SPF will validate the Return-path header if there is one instead of the From: address.
Unfortunately, I don't know how to make either sendmail or postfix insert a return path when they forward an e-mail, but the easy work around is to install mail list software as your forwarder. You can create a mailing list as your incoming e-mail, with only 1 mail list member, (which is your g-mail account). Mail list software will automagically insert the appropriate return-path header that is needed in this case.
Not really, the client is able to tell that there a discrepenc in From and Sender: and notify the user appropriately...
Again, SPF was never to stop spam, just prevent domain forging.... btw, believe it not, the header you have to insert is Return Path: which means I have a solution for the OP
SPF stops phishing, and FROM forgery, not spamming, as the original poster already mentioned.
It's been a while since I read SPF specs, but there is a header you can add to the e-mail that identifies the sender domain of the forwarded e-mail, which will fix the SPF issue when you forward the mail from your server to gmail.. Unfortunately, a) I forget what the header is b) I have no clue how to configure sendmail so it inserts the header when it forward e-mails. I would be interested in these answers however.
I'll put my vote with Avast. I preferred AVG 7 because it was light weight and didn't nag for registration. But now AVG 8 has become bloated and is, in my books, adware that tries to trick users into buying full version, even though home use is 'supposed' to be free.
Avast has the annoying habit of requiring free users to re-register every year, but doesn't try to trick you into an upsale.
Other acting careers? YOu mean commercials? Amateur Stage Plays? Radio Announcements? Oh, wait, no, you must be thinking of the .1% who become hollywood stars?
Yeah, I think 100k is damn good for an actor.
Actually, I'm basing it on a quote provided in my comment, not to mention that Macrovision *already* has a fix, which someone else here already claims to be over a year old. And we also know that this has been a known "in the wild" exploit for 3 weeks before MS even bothered to release a security announcment, even though the fix already existed.
Nothing indeed, pfeh. *Fail*
FTFA, the bug was fixed in Vista, becasue "Microsoft and Macrovision worked together during the development of Windows Vista RTM [release to manufacturing] to review the security of the Vista version of the driver."
Hackers only started exploiting this 3 weeks ago, but MS must have known about this for 6 months at least. Macrovision even offers an update for WinXP on their web site based on the same fix, but MS never pushed the update through their security update mechanism, and even now, isn't commiting to it.
So, to recap for those keeping score at home, you now have to download patches for Windows system files from Macrovision's website! MS bashers have a goldmine to work from here.
Google isn't about "getting you known",, google is about telling the user, (who initiated the search) which sites are already known.. If you want to get known, buy adwords like everyone else. Will probably cost you less than a consultant to come up with every changing google page optimization.
MS desktop responsive under load?? You must be kidding me!
I'll admit, MS desktop has *very* low latency at idle, and runs circles around Linux camp (with all those linked libraries linking all over the place) at starting up applications.. But as soon as you add cpu load to a Windows machine, everything goes to hell. Opening new windows, even just a file browser window, takes ages and is annoyingly slow. Everything becomes clunky and uneven. Linux (and, I think, just about everyone else) has been doing this far better for *years*. That was one of the first things I noticed when I first switched to Linux from Windows, how smoother my desktop was no matter what else I was doing in the background.).
The scheduler flamewar was exactly how linux achieves these technical improvements.. people who want to do even better and debate how to do it.. business as usual.
As bad form as it is to reply to myself... 10 seconds of research leads me to this. Chalk me up as a GPL3 detractor. The license has no business dictating terms based on the usage of the product.. Either hardware lock is allowed or not.
Yikes.... I'll have to re-read that part of the license carefully,, but if your interpretation is correct.... Bad FSF, no donut!
Let me play devil's advocate. What if a company released a new compiler (probably based off an existing proprietary C compiler) and added/changed completely new language symantics. Then they could take any GPL software they like, modify it, and release the new version of the software with source code. The problem is, since they didn't release the compiler, no one could *ever* actually compile a new binary from the source!
That's exactly what Tivoization is trying to guard against. Only in this case, the hardware makers were using hardware hacks to make the code useless. Note that GPL3 doesn't dictate how you use the code. What it does say, if the binary you distribute, based on GPL code is singed (and that signature is required for the binary to function), then you have to include the key that it's signed with as the GPL source code! That's no different than GPL2 requiring you release all source and scripts needed to compile the source.
Of course it makes sense not to replace perfectly working, top of the line systems.. but where do you get this figure that Intel costs twice as much? Intel CPU's now cost *less* than equivalent performing AMD CPU's (Although, the figures kind of even out with all of AMD's recent price cuts.)
Guaranteed quality (you chose the encoding bitrate yourself on most of their albums).. Great search engine/catalogue navigation without having to worry about download speeds or what downloads finished..Basically, it was just a really convenient service. And since time *is* money, well worth the small charges they applied.
There was a quick process (basically, check I agree) you had to go through on allofmp3 site wherein they deactivated your allofmp3 login and activated the corresponding mp3sparks (with balance and bonus)
I'm guessing they'll move the remaining accounts in bulk now that allofmp3 is shutdown. I think the transfer was done piecemeal this way for the past several months to keep the existance of mp3sparks quiet for as long as possible.
If you do a regex search and replace in Open office and replace all contents of cells with themselves (search for .*, replace with &, or something like that) the contents of the cells will be reformated to whatever default you set for the columns. You can use it to change a column of numbers into a text field (to sort alphanumerically) or vice versa,, (if you have a spreadsheet that imported numbers as text and and you want to change them back into numbers)
This trick is even included in the help documentation.
Contrary to popular belief, Internet broadband is not limitless or even abundant. Companies that sell you 'unlimited' connections for $100 / month are grossly overselling,, it only works if the customers use, on avg. less than %10 of that. (This is why there is such a push to destroy net Neutrality, *someone* has to subsidize the underpriced connections now that more and more people are downloading GIGS per month.) Using bit-torrent to distribute paid-for material is grossly abusing an already broken system.. If this business model actually takes off, ISP's will have no choice but to scrap the unmetered Internet entirely,, (And really, I think, that might be best overall). Who then will be foolish enough to contribute bandwidth they are actually paying for to seed torrents that someone is is getting paid for?
Wikipedia should meter their bandwidth by country/region. They can then use the data to petition local federal governments/states/provinces to pay for their share. The funds could come from the 'library' budget.
Be that as it may, Amazon has no right to place unauthorized charges on Credit Cards. If they feel the transaction was in error, the can send the customer and invoice, and take the matter to court if they aren't happy with the response. They *cannot* just take money from your CC account on a whim. People will, and should, contend that charge, and Amazon with be in a deep pile of poo with the CC's.
Not that big a problem at all either. In the case of ubuntu, all you need is to compile one little library for DVD's (you can, of course, add a repository and install something like Easy Ubuntu or Automatix, I think, is the new flavor. But myself, I always found .configure && make && sudo make install was easier)
And as long as your using i386 Arch of Ubuntu, the windows Codecs are just as easy to download and install (look for Download's on Mplayer's site.), which works with Mplayer, Xine, and I think even VLC.
Click and Run will only be necessary for peeps who can't install *anything* unless it's "Click and Run", which Ubuntu can't do out of the box for fear of lawyers.
I don't understand how all this patent stuff works, and IANAL, but since the university researchers have already published their findings in a de facto medial journal (Cancer Cell), doesn't that count as ..... prior art? I don't think anyone will be patenting this any time soon.