I thought StartSSL had shut down. When did it resume services? Google startssl resume only gives stories about the initial suspension, not the resumption.
It resumed operations a short while (a day or two?) after it shut down. I had some certs issued shortly after it came back online without any problems. Evidently the breach wasn't that serious (it didn't compromise any signing keys, nor were any certificates issued to the attackers).
Perhaps, but there's other factors to consider. For example, technology improves: I have a 1920x1080 22" LCD monitor or this computer. It is much more useful to me than an old 800x600 CRT or even my 19" 1280x1024 LCD monitor I purchased in 2003 (it's dimmed and gotten a bit yellow over the years).
In addition to improved technology, a lot of newer devices use considerably less resources to manufacture and operate. The electricity costs of running a CRT monitor or TV are much greater than that of an LCD monitor or TV of comparable size. I'm not sure about plasma, but I don't have such displays here.
Yes, there's a lot of e-waste and people should definitely waste less, but there are several compelling reasons to upgrade equipment over time.
The "porno scanners"? Give me a break. You are so scared that somebody is going to see your naked body? Big whoop. What are you ashamed of? This is getting ridiculous.
There is no need for airport security to strip-search all passengers at the checkpoint, whether or not that search is real (i.e. removal of clothing) or virtual (scanner to see beneath clothing). While I am not ashamed of my body, the need for security does not outweigh my right to privacy. Metal detector? No problem. Explosive sniffer? Tolerable. Virtual strip-searching and exposure to unknown doses of ionizing radiation? No.
My wife and I both opt-out of the scanners (or get in the metal detector line) on the few occasions that we fly. We don't cause a fuss, but we won't go through the scanners.
If the scanners must be used, they should be used only as an optional secondary screening in lieu of a pat-down or (in certain cases) strip-search.
Which, incidentally, is a key reason I refuse to deploy Chrome (apart from the fact that its UI is horribly non-standard, although Firefox is trying to catch up with it in that regard lately): it installs executable code into a user-writable location.
They also have the MSI installer (which I mentioned previously), which installs it to the ordinary Program Files directory so all users systemwide use the same version. It installs a system service that can automatically update Chrome, so individual users don't need admin rights. It also is configurable through Group Policy. This is incredibly useful.
Acrobat Reader (and, if I understand correctly, Acrobat Pro) can be set to update automatically. It requires admin rights to install, of course, but updates can be installed automatically so long as they're signed by the same certificate that signed the installed version. I wish it had easier centralized management, but it's still better than nothing.
Then again, I don't need to worry about it much anymore: my employment contract ran out on Thursday (end of the fiscal year), and I'm moving to Switzerland for grad school, so now it's up to the remaining staff to handle.
Heaven forbid I use an smtp server that's not my isp
Go for it. Just don't do it directly from a dynamically-assigned address. While doing so may be handy at times, it makes spamming incredibly easier. Blocking such addresses significantly reduces the scope of the problem.
There are plenty of non-ISP email providers that provide SMTP service (usually over port 587). I use several myself.
Firefox has a built-in upgrade system for Windows clients.
...and that requires administrator rights to apply those updates.
The relatively small academic department (~300 Windows PCs) my group supports uses Firefox, but still sends around a pair of undergrads once a month to apply the various updates that cannot be done remotely (we don't have an Active Directory yet and we should; it's on the list of things to do) like updating Firefox, Flash, Adobe Reader, Java, etc. Windows Updates are handled through WSUS, which is convenient. Although WSUS has the capability of handling some third-party software through local updates, we've run into some issues in testing that are delaying our deploying it more widely.
We're seriously considering switching to Chrome as the default browser, as it auto-updates without needing admin rights, includes Flash (which is also automatically updated) and a built-in PDF reader, and so on. It also includes an MSI version which makes installing over AD or WSUS much easier. It would save considerable amounts of time and effort.
It's really too bad that the WWVB isn't broadcast with a cryptographic signature so that the time signal can not be pirated; Thus allowing public clocks to be updated to a time signal that is verifiability correct. I can't believe anyone still trusts data that isn't cryptographically signed -- Oh well, live and learn.
Personally, I'd like to see some WWVB-style relays, for better signal strength in buildings and other areas that don't normally get good signal (particularly during the day).
I know that some places use CDMA radio receivers as a time source for NTP servers, as CDMA signals can penetrate buildings better than GPS and the WWVB signal (it's particularly useful when one can't get roof access) and CDMA spec requires time to be in sync with a very small error (10 microseconds, if I recall correctly, but I'm quite possibly incorrect). Considering how small CDMA radios are, one should be able to make tiny CDMA receivers that get the time sync code from the cellular network.
If your laptop power supply is anything like all the ones I've owned, it won't care. According to the label (and testing done while I travel), mine works just fine on nominally 50-60Hz mains power. I imagine it wouldn't really care if you went from 45-65Hz, though I suspect it might get a bit annoyed if you were to go to 400Hz or something extreme.
Most digital clocks use a quartz oscillator as their frequency source. The mains power is not directly used for timing.
The only mains-powered clocks I've seen that use the power frequency as their frequency source tend to be older ones. Perhaps there's some modern ones that use it, but I've not seen any.
Que some security pedant arguing that authentication from third party shysters like these is more important than having an encrypted connection.
Leaving aside the "shyster" bit, without some sort of third-party validation, how would you know that you've actually established a secure connection to the trusted party, rather than some MITM?
Google Mail, as an example, supports two-factor authentication (either with a smartphone app, a pre-printed list of one-time codes, or SMS messages to mobile phones). Enabling this feature makes it much more difficult for bad guys to compromise an account.
You might be interested in CrashPlan. Works on Windows, Linux, Mac OS X, and Solaris. After I had my laptop get stolen I had no problem restoring ~50 gigabytes of data.
It's not really a Dropbox-type service, but it is useful as a backup software/service.
Do you use Dropbox with Truecrypt volumes? If yes, how large are your encrypted images? Is it practical?
Yes. Several gigabytes. Yes.
I mean - if you change something in the image - Dropbox will have to upload the entire file... so I'm not sure this works well with big images.
Not true. They do block-level updates (or at least they have for some time; there was a time when they didn't support TrueCrypt volumes but they have for a while now). A single change in a TrueCrypt volume only affects the block in which the change took place (otherwise large images would be impractical if it had to re-encrypt the whole image for a single change). Dropbox detects this change and syncs only the changed block.
Have you seen the interface? No thanks, I'll stay with 2.8.x
Yes. I changed it to "Compact View" (which has conversations individually windowed and not part of the same window as the contact list) and turned off the display of profile pictures in the contact list (which makes it more compact). It's not any more obtrusive than previous versions.
Is your server configured properly to send both the server certificate *and* the intermediate certificate?
Some browsers are more tolerant of such misconfigurations, and may be able to acquire the appropriate intermediate through a separate channel (e.g. Chrome and IE on Windows can often get certs from Microsoft Update in the background), while others are less tolerant.
I'm not really interested in having interpersonal interactions with employees at, say, Blockbuster or Barnes & Noble. They don't know me, my interests, or have anywhere near enough information to make any sort of informed suggestions. Netflix, based on my ratings and viewing history, is considerably more helpful in its recommendations. It also has a far larger selection of material. If I'm interested in viewing something tonight, they have online streaming. If I prefer the disk (or that's all that's available), I can wait one day (as there's a local shipping facility).
My ears can't tell the difference between a 256kbps MP3 or AAC and CD quality audio. Maybe that's just me.
You're free to do as you please and be the customer of whichever shops you prefer, of course, but I for one have very little problem with Netflix (and similar services). There's still plenty of room for local bookstores, indie music shops, and niche markets, but for everyday things like Hollywood movies and big-label music, the big players like Netflix and Amazon can do a better job at a lower price.
Slashdot Mirror
I thought StartSSL had shut down. When did it resume services? Google startssl resume only gives stories about the initial suspension, not the resumption.
It resumed operations a short while (a day or two?) after it shut down. I had some certs issued shortly after it came back online without any problems. Evidently the breach wasn't that serious (it didn't compromise any signing keys, nor were any certificates issued to the attackers).
Perhaps, but there's other factors to consider. For example, technology improves: I have a 1920x1080 22" LCD monitor or this computer. It is much more useful to me than an old 800x600 CRT or even my 19" 1280x1024 LCD monitor I purchased in 2003 (it's dimmed and gotten a bit yellow over the years).
In addition to improved technology, a lot of newer devices use considerably less resources to manufacture and operate. The electricity costs of running a CRT monitor or TV are much greater than that of an LCD monitor or TV of comparable size. I'm not sure about plasma, but I don't have such displays here.
Yes, there's a lot of e-waste and people should definitely waste less, but there are several compelling reasons to upgrade equipment over time.
The Big Mac Index.
The Wikipedia article on the same subject goes into a bit more detail.
Why not export the CV as a PDF, which will then display the same on all systems?
The "porno scanners"? Give me a break. You are so scared that somebody is going to see your naked body? Big whoop. What are you ashamed of? This is getting ridiculous.
There is no need for airport security to strip-search all passengers at the checkpoint, whether or not that search is real (i.e. removal of clothing) or virtual (scanner to see beneath clothing). While I am not ashamed of my body, the need for security does not outweigh my right to privacy. Metal detector? No problem. Explosive sniffer? Tolerable. Virtual strip-searching and exposure to unknown doses of ionizing radiation? No.
My wife and I both opt-out of the scanners (or get in the metal detector line) on the few occasions that we fly. We don't cause a fuss, but we won't go through the scanners.
If the scanners must be used, they should be used only as an optional secondary screening in lieu of a pat-down or (in certain cases) strip-search.
Why not use WPA2-AES, rather than WPA-TKIP/AES? The latter has only the minimum strength of WPA-TKIP (which isn't terribly strong).
No sense in exposing your network needlessly.
Which, incidentally, is a key reason I refuse to deploy Chrome (apart from the fact that its UI is horribly non-standard, although Firefox is trying to catch up with it in that regard lately): it installs executable code into a user-writable location.
They also have the MSI installer (which I mentioned previously), which installs it to the ordinary Program Files directory so all users systemwide use the same version. It installs a system service that can automatically update Chrome, so individual users don't need admin rights. It also is configurable through Group Policy. This is incredibly useful.
Acrobat Reader (and, if I understand correctly, Acrobat Pro) can be set to update automatically. It requires admin rights to install, of course, but updates can be installed automatically so long as they're signed by the same certificate that signed the installed version. I wish it had easier centralized management, but it's still better than nothing.
Then again, I don't need to worry about it much anymore: my employment contract ran out on Thursday (end of the fiscal year), and I'm moving to Switzerland for grad school, so now it's up to the remaining staff to handle.
It can, but it's a hideous pain. Local Update Publisher is much easier (though still in development) and ties in with WSUS.
Gmail and LavaBit, to name but two.
Google's are even easier to remember: 8.8.8.8 and 4.4.4.4.
UltraDNS also offers an OpenDNS-like service with the IPs of 156.154.70.1 and 156.154.71.1 .
Heaven forbid I use an smtp server that's not my isp
Go for it. Just don't do it directly from a dynamically-assigned address. While doing so may be handy at times, it makes spamming incredibly easier. Blocking such addresses significantly reduces the scope of the problem.
There are plenty of non-ISP email providers that provide SMTP service (usually over port 587). I use several myself.
Firefox has a built-in upgrade system for Windows clients.
...and that requires administrator rights to apply those updates.
The relatively small academic department (~300 Windows PCs) my group supports uses Firefox, but still sends around a pair of undergrads once a month to apply the various updates that cannot be done remotely (we don't have an Active Directory yet and we should; it's on the list of things to do) like updating Firefox, Flash, Adobe Reader, Java, etc. Windows Updates are handled through WSUS, which is convenient. Although WSUS has the capability of handling some third-party software through local updates, we've run into some issues in testing that are delaying our deploying it more widely.
We're seriously considering switching to Chrome as the default browser, as it auto-updates without needing admin rights, includes Flash (which is also automatically updated) and a built-in PDF reader, and so on. It also includes an MSI version which makes installing over AD or WSUS much easier. It would save considerable amounts of time and effort.
My analog watch has a crystal oscillator that is used as a frequency source. The internals of the watch drive the watch hands with a very tiny motor.
I imagine a similar mechanism is used in mains-powered analog clocks, only with larger motors.
It's really too bad that the WWVB isn't broadcast with a cryptographic signature so that the time signal can not be pirated; Thus allowing public clocks to be updated to a time signal that is verifiability correct. I can't believe anyone still trusts data that isn't cryptographically signed -- Oh well, live and learn.
Personally, I'd like to see some WWVB-style relays, for better signal strength in buildings and other areas that don't normally get good signal (particularly during the day).
I know that some places use CDMA radio receivers as a time source for NTP servers, as CDMA signals can penetrate buildings better than GPS and the WWVB signal (it's particularly useful when one can't get roof access) and CDMA spec requires time to be in sync with a very small error (10 microseconds, if I recall correctly, but I'm quite possibly incorrect). Considering how small CDMA radios are, one should be able to make tiny CDMA receivers that get the time sync code from the cellular network.
If your laptop power supply is anything like all the ones I've owned, it won't care. According to the label (and testing done while I travel), mine works just fine on nominally 50-60Hz mains power. I imagine it wouldn't really care if you went from 45-65Hz, though I suspect it might get a bit annoyed if you were to go to 400Hz or something extreme.
Most digital clocks use a quartz oscillator as their frequency source. The mains power is not directly used for timing.
The only mains-powered clocks I've seen that use the power frequency as their frequency source tend to be older ones. Perhaps there's some modern ones that use it, but I've not seen any.
OCSP?
Que some security pedant arguing that authentication from third party shysters like these is more important than having an encrypted connection.
Leaving aside the "shyster" bit, without some sort of third-party validation, how would you know that you've actually established a secure connection to the trusted party, rather than some MITM?
Google Mail, as an example, supports two-factor authentication (either with a smartphone app, a pre-printed list of one-time codes, or SMS messages to mobile phones). Enabling this feature makes it much more difficult for bad guys to compromise an account.
Nice reference. That took me way, way back...
You might be interested in CrashPlan. Works on Windows, Linux, Mac OS X, and Solaris. After I had my laptop get stolen I had no problem restoring ~50 gigabytes of data.
It's not really a Dropbox-type service, but it is useful as a backup software/service.
Do you use Dropbox with Truecrypt volumes? If yes, how large are your encrypted images? Is it practical?
Yes. Several gigabytes. Yes.
I mean - if you change something in the image - Dropbox will have to upload the entire file... so I'm not sure this works well with big images.
Not true. They do block-level updates (or at least they have for some time; there was a time when they didn't support TrueCrypt volumes but they have for a while now). A single change in a TrueCrypt volume only affects the block in which the change took place (otherwise large images would be impractical if it had to re-encrypt the whole image for a single change). Dropbox detects this change and syncs only the changed block.
Have you seen the interface? No thanks, I'll stay with 2.8.x
Yes. I changed it to "Compact View" (which has conversations individually windowed and not part of the same window as the contact list) and turned off the display of profile pictures in the contact list (which makes it more compact). It's not any more obtrusive than previous versions.
Is your server configured properly to send both the server certificate *and* the intermediate certificate?
Some browsers are more tolerant of such misconfigurations, and may be able to acquire the appropriate intermediate through a separate channel (e.g. Chrome and IE on Windows can often get certs from Microsoft Update in the background), while others are less tolerant.
I'm not really interested in having interpersonal interactions with employees at, say, Blockbuster or Barnes & Noble. They don't know me, my interests, or have anywhere near enough information to make any sort of informed suggestions. Netflix, based on my ratings and viewing history, is considerably more helpful in its recommendations. It also has a far larger selection of material. If I'm interested in viewing something tonight, they have online streaming. If I prefer the disk (or that's all that's available), I can wait one day (as there's a local shipping facility).
My ears can't tell the difference between a 256kbps MP3 or AAC and CD quality audio. Maybe that's just me.
You're free to do as you please and be the customer of whichever shops you prefer, of course, but I for one have very little problem with Netflix (and similar services). There's still plenty of room for local bookstores, indie music shops, and niche markets, but for everyday things like Hollywood movies and big-label music, the big players like Netflix and Amazon can do a better job at a lower price.