I've already bought two of these locks. In Providence, RI, I waited at the
baggage screener to see if they were going to check my baggage. The
screener asked me to unlock the cases. I said that they were supposed to be
able to open this lock. She said that she didn't know how. So much for
communication to their employees. At least, the lock companies will send
you a new product if the screeners cut open the lock (that's if you get the
cut lock back).
One concern I've had with the current state of ID cards is that nobody seems to know what's acceptable. For example, is my school ID acceptable? No? It's a state school... does that make it count?
As an experiment, whenever I fly I try to use a non-standard ID card. It was issued by the federal government (not a state government), so technically it should be legal. It is accepted about 80% of the time. The disturbing part, though, is that I can guarantee that they're accepting it in order to cover their own shame at not recognizing it. In fact, usually the conversation is something like:
ID, please? [I show my ID] No, we need a government-issued ID card.
That *is* a government-issued ID card.
Really?
Yes.
Oh, okay. Go ahead.
Make sure that the guards won't confiscate the small diagonal cutters from your carry-on before you do this,
Good point. We recently returned from family vacation to $HOT_PLACE back to home in $COLD_PLACE. Our jackets were cable-tied in our suitcases. And those cables are damn near impossible to get off. (We asked a cop to shoot it off, but he politely declined.)
They list it as a 35/90GB drive. The fine print says the 90 assumes 2.6:1 compression, which is certainly a bit unreasonable. Heck, most tape drive companies are happy they can get away with advertising 2:1 compression, since reality is often only 1.5:1. I note that they also define 1GB to be 1e9 bytes, though I've given up that argument in favor of GiB.
There are occasional cases of a "bad patch" -- one that crashes machines, etc. I've seen a few over the years.
Now consider what happens when *everyone* installs at the same time. No chance for the vendor to get feedback and pull the patch. Somehow this seems risky....
DC to Moscow would definitely require some type of relay system since this technology is direct line of site and the curvature of the earth prevent direct line of site over large distances.
Well, not exactly... it can go through a fiber optic cable. But it would be much nicer to use a satellite as the relay, of course. Much harder to accidentally (or intentionally) break.
You seem concerned about a MITM attack by the insertion of an extra relay. That is not the problem here, as that would be a link-level attack. The *only* viable attack on QCrypto is at an endpoint. So, it's not a question of whether they can insert an extra relay, but of whether they can compromise an existing one.
It's been a few years since I've thought about QCrypto, but what you're proposing is an extension to the intended use.
The "standard" use of these devices is for point-to-point communication. Put one end in the White House and the other in the Pentagon (about 40km away) and you have a communications channel that can not be sniffed without detection. So far, so good.
But this doesn't scale well. Talking from DC to Moscow would probably require some sort of relay system, just as a relay system would be required if we wanted to have this enter people's homes (otherwise you'd need direct fiber connections between you and everyone you ever want to talk to). So now the relays need to be "trusted", and the possibility of a MITM attack is introduced.
As you have discovered, QC protects the security of the link, not the endpoints, relays, etc.
Even if you have a $5000 gigE switch and a PC that can handle it, what are you going to talk to, your cable modem? The only place gigabit ethernet makes sense is when you are aggregating traffic from multiple computers to a centralized server or set of servers, and are using applications that actually require that kind of bandwidth. Even if you want to move that much data around, and have a way to do it (hint - neither scp nor samba can talk that fast), the best benefit you'll see is about double the performance you get with 100.
GigE is also useful in beowolfs, if you can't afford Myrinet.
Could you explain why scp/samba can't talk at GigE speeds? I've got a box that can spew data out at gigabit rates (network benchmarks like iperf confirm this) but I can't get samba/ftp faster than about 15MB/s. Yet the CPU load is low. Trying to figure out why, and if there's a fix.
When I was that age, if you asked me how to spell my name I would respond "D A M I A N Return" (Commodore PET user since before I can remember). And I learned how to count because you had to fast-forward the tape so-many-seconds to reach a certain game (TRS 80 model 100). Now maybe if she was programming....
One case I solved was when a client couldn't talk to the server. Ran snoop (a packet sniffer that comes with IRIX) to see what the network traffic looked like. Turned out the client was being DoSed by multicast traffic. Stopped the box spewing the multicast, and everything was fixed. Not sure how I would've figured that out without the sniffer.
I could give dozens of other examples, but others have already done that. Let's just say I'm sort of a sniffer zealot. Any time I'm seeing network strangeness, a sniffer is the first tool I reach for.
Just try to use the keyboard more. Don't copy/paste with a mouse, use y and p (in vi, of course).
Also, I agree with another poster that a large part of the problem is because of that silly numeric keypad wasting 6" of space past the right side of my keyboard. Might be worth finding a keyboard without that (course, they're really useful when typing numbers, but that's another matter).
I also suspect that a lot of extra effort is put into pressing , since it's so far away. I've actually adapted into pressing ^H by habit. But that doesn't always work: brings up browser history, etc. Also, if you accidentally type rm -rf / and mean to hit ^H but miss and hit ^J....
I'd wager there are more than a few college scholarships naively defined as being for African Americans, when they really mean blacks.
I went to a private high school, where they had one of those silly racist scholarships. Amusingly, it was given to a white kid who had grown up in S. Africa.
Whoever thought this was new has obviously never heard of encaps. Basically the same idea, but it's been around for about 5 years longer. Look at www.encap.org for starters. (I'm not going to write a lot since nobody will read this anyway.)
It's kinda depressing to see how much money goes into this. Don't people have anything better to spend their money on? Or couldn't they just donate it to their local school system, scout troop, or charity?
Before anyone says that campaigns cost money, keep in mind that all funds donated to the loser were completely wasted. In a sense, the Dems have a tough start, since their money is spread over multiple candidates. "Oops."
We'd have Linux e-mail viruses in a minute if the popular e-mail clients added support for automatic execution of attachments.
You know, I'm getting kinda tired of hearing this obviously false argument all the time. People are going through all the effort to type in a.zip password and then run an executable inside it. Where do you get off saying that's any more difficult than doing a chmod +x?
Re:Uhhh... They're Picking on the UC Regents...
on
SCO Aims For The Feds
·
· Score: 1
Interesting.... I guess that would explain why they're not going after various other national labs that have beowulfclusters.
Biologically, it makes more sense to kill men than women. It only takes one (very lucky) guy to impregnate a hundred women a year. You can repopulate your country that way. Doesn't work so well the other way around.
Personally, though, I'm all for drafting women. Anything that can lower my own chances of being sent off to die.
The above comment is intelligent and makes sense, and should not be moderated as a troll. I'd guess that, like me, the author is a particle physicist. (Not too many other slashdotters know about the MSSM doublet Higgs.)
"May have been seen" and "evidence for" is a long shot from "discovered". Here's how it goes:
less than 3 sigma deviation from background: ignored
3-5 sigma deviation: evidence for
5+ sigma deviation: discovery
At 9% chance he's wrong, it sounds like he's at around 2 sigma. Which is pretty much ignored by the scientific community. Which is why the LEP was shut down to make way for the LHC.
The virus companies better hurry the heck up and come up with a solution. (Looks like ClamAV and Sophos have already done so.)
Have they? Last I checked, ClamAV had just given up on the password-protected zips. Or are you referring to blocking all password-protected zips, not just infected ones?
I've been considering implementing ClamAV on our mailserver (sendmail for 800+ users), since procmail filtering is proving to be less than effective with the latest wave of viruses. But I have two concerns to resolve first:
How do virus definitions get into the database? Yes, they depend on community support. But what stops someone from submitting a fake virus signature that will block legitimate email?
There's the disturbing use of strcpy and strcat in the ClamAV source code. I don't like running software that uses such constructs as root.
Any information on these two issues would be greatly appreciated.
Slashdot Mirror
I've already bought two of these locks. In Providence, RI, I waited at the baggage screener to see if they were going to check my baggage. The screener asked me to unlock the cases. I said that they were supposed to be able to open this lock. She said that she didn't know how. So much for communication to their employees. At least, the lock companies will send you a new product if the screeners cut open the lock (that's if you get the cut lock back).
As an experiment, whenever I fly I try to use a non-standard ID card. It was issued by the federal government (not a state government), so technically it should be legal. It is accepted about 80% of the time. The disturbing part, though, is that I can guarantee that they're accepting it in order to cover their own shame at not recognizing it. In fact, usually the conversation is something like:
Good point. We recently returned from family vacation to $HOT_PLACE back to home in $COLD_PLACE. Our jackets were cable-tied in our suitcases. And those cables are damn near impossible to get off. (We asked a cop to shoot it off, but he politely declined.)
Yeah, yeah, I know. CPU-hour doesn't mean wall-clock time. Still, too funny to not say.
They list it as a 35/90GB drive. The fine print says the 90 assumes 2.6:1 compression, which is certainly a bit unreasonable. Heck, most tape drive companies are happy they can get away with advertising 2:1 compression, since reality is often only 1.5:1. I note that they also define 1GB to be 1e9 bytes, though I've given up that argument in favor of GiB.
Now consider what happens when *everyone* installs at the same time. No chance for the vendor to get feedback and pull the patch. Somehow this seems risky....
Well, not exactly... it can go through a fiber optic cable. But it would be much nicer to use a satellite as the relay, of course. Much harder to accidentally (or intentionally) break.
You seem concerned about a MITM attack by the insertion of an extra relay. That is not the problem here, as that would be a link-level attack. The *only* viable attack on QCrypto is at an endpoint. So, it's not a question of whether they can insert an extra relay, but of whether they can compromise an existing one.
The "standard" use of these devices is for point-to-point communication. Put one end in the White House and the other in the Pentagon (about 40km away) and you have a communications channel that can not be sniffed without detection. So far, so good.
But this doesn't scale well. Talking from DC to Moscow would probably require some sort of relay system, just as a relay system would be required if we wanted to have this enter people's homes (otherwise you'd need direct fiber connections between you and everyone you ever want to talk to). So now the relays need to be "trusted", and the possibility of a MITM attack is introduced.
As you have discovered, QC protects the security of the link, not the endpoints, relays, etc.
Disclaimer: IAAPP (I *am* a particle physicist)
GigE is also useful in beowolfs, if you can't afford Myrinet.
Could you explain why scp/samba can't talk at GigE speeds? I've got a box that can spew data out at gigabit rates (network benchmarks like iperf confirm this) but I can't get samba/ftp faster than about 15MB/s. Yet the CPU load is low. Trying to figure out why, and if there's a fix.
When I was that age, if you asked me how to spell my name I would respond "D A M I A N Return" (Commodore PET user since before I can remember). And I learned how to count because you had to fast-forward the tape so-many-seconds to reach a certain game (TRS 80 model 100). Now maybe if she was programming....
I could give dozens of other examples, but others have already done that. Let's just say I'm sort of a sniffer zealot. Any time I'm seeing network strangeness, a sniffer is the first tool I reach for.
Sorry, forgot I was writing in HTML.
Also, I agree with another poster that a large part of the problem is because of that silly numeric keypad wasting 6" of space past the right side of my keyboard. Might be worth finding a keyboard without that (course, they're really useful when typing numbers, but that's another matter).
I also suspect that a lot of extra effort is put into pressing , since it's so far away. I've actually adapted into pressing ^H by habit. But that doesn't always work: brings up browser history, etc. Also, if you accidentally type rm -rf / and mean to hit ^H but miss and hit ^J....
I went to a private high school, where they had one of those silly racist scholarships. Amusingly, it was given to a white kid who had grown up in S. Africa.
Whoever thought this was new has obviously never heard of encaps. Basically the same idea, but it's been around for about 5 years longer. Look at www.encap.org for starters. (I'm not going to write a lot since nobody will read this anyway.)
Before anyone says that campaigns cost money, keep in mind that all funds donated to the loser were completely wasted. In a sense, the Dems have a tough start, since their money is spread over multiple candidates. "Oops."
You know, I'm getting kinda tired of hearing this obviously false argument all the time. People are going through all the effort to type in a .zip password and then run an executable inside it. Where do you get off saying that's any more difficult than doing a chmod +x?
Interesting.... I guess that would explain why they're not going after various other national labs that have beowulf clusters.
Personally, though, I'm all for drafting women. Anything that can lower my own chances of being sent off to die.
The above comment is intelligent and makes sense, and should not be moderated as a troll. I'd guess that, like me, the author is a particle physicist. (Not too many other slashdotters know about the MSSM doublet Higgs.)
And yes, they really did invent it. Honest. See, for example, this link if you don't believe me.
- less than 3 sigma deviation from background: ignored
- 3-5 sigma deviation: evidence for
- 5+ sigma deviation: discovery
At 9% chance he's wrong, it sounds like he's at around 2 sigma. Which is pretty much ignored by the scientific community. Which is why the LEP was shut down to make way for the LHC.Have they? Last I checked, ClamAV had just given up on the password-protected zips. Or are you referring to blocking all password-protected zips, not just infected ones?
- How do virus definitions get into the database? Yes, they depend on community support. But what stops someone from submitting a fake virus signature that will block legitimate email?
- There's the disturbing use of strcpy and strcat in the ClamAV source code. I don't like running software that uses such constructs as root.
Any information on these two issues would be greatly appreciated.