I don't see why you couldn't provide a similar service where you could make the site's self-signed CA cert available before signing into the SSL-encrypted part of the site.
Well, the problem here is that to securely distribute the CA's public key requires either a trusted network, which could be a company intranet (but for large networks or medium to high security applications isn't secure enough) or sneakernet (delivered by hand). You've apparently chosen one of the above, and it works well for your use.
However, distributing a CA's public key across the internet so that the recipient knows it's really your key is difficult. The way to do that is use PKI, aka a Trusted Third Party, like Verisign, that has signed your cert or CA.
While prefetching data can be done using a single core, your post in this context gives me a cool idea.
Who needs branch prediction when you could just have 2 cores running a thread? Send each one executing instructions without a break in the pipeline and sync the wrong core to the correct one once you know the result. You'd still have to wait for results before any store operations, but you should probably know the branch result by then anyway.
They should have allowed secure communication without certificates . ... The problem is that a prerequisite to secure communication the way our current encryption works in an Internet setting is authentication of who you are talking to. Otherwise you don't have end-to-end encryption, which is effectively clear-text communication.
The authentication comes from the PKI certificates. An encrypted channel is then built upon that trust.
the danger of an RFID tag in your wallet being randomly sniffed is almost nothing. . . . [they] have an extremely limited range - a couple inches Actually, the range depends almost entirely on the antenna and power of the reader, not the card. You can do a lot more than a couple inches (though the reader will be directional and may need to be aimed).
It's not until you start working with battery-powered active transmitters (highway EZ-Pass boxes for the fast toll lanes, etc) where there would be a realistic security risk Another example of what I just said, in Atlanta the toll passes are now just the inductive-powered cards, thin paper you stick on your windshield. No card-side power and it's read >70mph. Quite like how someone could read your credit card while you pass by on the interstate.
Was there any adjustments to the graphics in DooM? I seem to remember settings "High" and "Low". And maybe the ability to have the nose-mounted gun either move around with walking or keep it still. I wouldn't be surprised if I just made that up, though, it was a while ago.
The other option is why bother? Quite right. Let's do some security analysis.
Attack vector: Someone sitting in your shop, who has already paid for coffee. Not remote. Target compromised: Allows net access, you don't get to charge the guy. No data loss, no availability loss. Required knowledge: HTTP and an iPhone number. Barrier could go down with further public exploits. Public exploit: Yes, though limited to the geek crowd. And they had to assume this would be true, or they are pretty bad at this.
For what you're looking at, I think a user-agent string is the kind of security you're looking for when deploying this. There are some scenarios where you would need to escalate security, but IMO not required yet.
The mode is meaningless? Well, when it's based on arbitrary ranges, yes. It's pretty meaningless. Especially when we haven't decided that this is some kind of normal distribution.
I bet these autonomous vehicles perform really well in the mountains Yeah, I can tell you the Florida one isn't exactly designed for roads that change altitude more than a couple feet. Not that it would die, but it would have a host of problems. I'd imagine that the other teams are testing in parking lots, too. So UF wouldn't be the only one with problems in the mountains.
Relying on content scanning to prevent an exploit to reach an exploitable system is a pretty bad idea, much better to fix the system than the extra layer of defense on the outside. And while this seems good in theory, it is quite possibly the case that the content scanning system has additional logging and reporting functionality that could prove useful either during the attack if preventative actions can be performed by other security products, or it could be extremely useful in a forensic analysis of what has happened and what systems are suspected to be infected by something. Basically, running good code on a machine is helpful in keeping that machine running, but the security industry has had to take a different approach for obvious reasons (there's lots of bad code). So the security they provide is quite different than just stopping an attack at a vulnerability every time. And this exploit avoids that detection and everything that comes along with "security".
1. Get extra ballots. 2. Fill them out for your employer/candidate. 3. Stuff them into ballot box. 4. ??? 5. Profit!
And if you don't think that this is actually done, well I'll just point out that here the "Profit!" line actually works as long as you can get away with it.
Same thing for me. And bookmarks were broken. I thought I'd lost them, but when I couldn't make any new ones I realized that it just wasn't doing the bookmark thing at all. Running the install a second time cleared up some things for me.
Also got an error about not having a function in js3250.dll at one point. Reminds me very much of the pre-RC1 releases. Remember those that didn't really handle upgrades without an uninstall and install (and even that was buggy).
No. It gets easier to use as it matures. Not that it makes the acronyms go away. They're just easier to ignore and have things work correctly.
Advancement makes it harder to use. Think of how your mom doesn't fly an airplane (though if she does I'll give up my disagreement right now). The space shuttle is advanced technology, or was at least recently. A refrigerator, car, of phone is a mature technology.
for a college class? Nonsense! And these BOOKS I have to buy should be free too!
Not only is this cheaper than the book for the class, but it's not required. And probably has more useful information.
In data structures we used the department head's book. And *gasp* people make money on books! And the way I understand it, it's not that shady since they've been trying to get more of the department to Java and it's one of the few good data structures with Java examples books.
I've spent money on far worse. Accounts on systems that grade your homework and we only used it twice. Physics departments seem to love those IR remotes that allow for live graded quiz questions, and I've seen "upgrades" that make the old ones not work so that they sell new ones instead of allowing students to buy/sell used. Really, it's funny that someone that seems to be trying to do something good is getting picked on here, when far crazier things are going on.
However, in almost every instance what Microsoft has actually done is patented a specific method or system of performing X.
That specific method here is "on a computer." This is exactly the type of patent that slashdot people get up in arms about. The patent application requests that they be the only ones allowed to conjugate verbs on a computer.
Though, I for one [to welcome] our new language [to own] overlords. (btw, way to go article submitter. you've made something dull into something interesting.)
Facebook has a feature where you can schedule an event and invite your friends. The college student's version of Outlook meeting requests. People that are going can see who else is going, though it now announces all that data to those people's entire 'social network' whether they requested it or not. This was done retroactively, as well, suddenly making very public knowledge of past occurances. This feed thing is showing me lists of friends that went to recent events. Here's a quote from that page:
"6 of your friends are attending Queer Television Awards 2006: LGBTQ Welcome Assembly."
I can click that link and it quickly tells me who those people are. Needless to say, I'm disturbed! All I do is log in, and it's showing me pictures that people have recently uploaded from the crazy parties they were at over the weekend. Sure they put them online so they didn't assume any privacy, but why the hell am I shown this? A lot of these people are just people I've met around campus and they can be my 'facebook friend', and I would otherwise be respecting a certain level of privacy if these things weren't put on my main page by facebook.
Maybe I'm disturbed because it makes me feel like a stalker?
This is funny, because as someone who has worked for ISS (Internet Security Systems) and frequently reads Slashdot, I've found several articles confusing when people write about/the/ ISS (Space Station) and I think, "Wait, what the hell are we doing?" So I welcome you all to my world of ambiguousness, which won't exist much longer now that it's been bought...
Do you realize that files have a concept of "owner", as well as a creation date, and that when you authenticate against the domain, a DC logs that?
I believe the idea would be to use someone else's workstation. Have the autorun drop the files without making any visible signs of doing anything. Hell, you could probably do this while talking to the person, just ask if you can charge the ipod while you talk (try it, people are agreeable most of the time). Alternatively you could find an unlocked workstation, but what's the fun in that?
See how easy that was? And note how the large role ipods now play in our lives contributed to the success of this trick.
this amazing new system actually sends off harmful radiation, giving you and your family the experience of what it actually must have been like at Black Mesa.
I'll write another perl script they can check their script against. You enter a search string, and I return 999 links to websites, which means I obviously have an almost infinite database of webpages indexed. And the compression is really amazing too, it all fits into this perl script and CSV of 999 links.
"ENCRYPTION- A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."
Which in my first glance at this means that VoIP can be encrypted, though if the carrier handles too much of the private key generation, which would be necessary for any non-technical user, the carrier must keep the key for law enforcement use. (I'm thinking that a standalone VoIP phone would need a factory generated key on EEPROM, though software VoIP could use your average PC to generate a key itself.) But then again I'm not even sure if this applies to VoIP since this isn't exactly a service I'm currently familiar with. I'll note though that this is the only place "encryption" came up in a search of the law itself, so there's not much more to look at than the above quote. However, what the FBI and FCC have done in regulations may be a totally different matter. Can anyone clear this up more or is it just a regulatory mess?
Slashdot Mirror
I don't see why you couldn't provide a similar service where you could make the site's self-signed CA cert available before signing into the SSL-encrypted part of the site.
Well, the problem here is that to securely distribute the CA's public key requires either a trusted network, which could be a company intranet (but for large networks or medium to high security applications isn't secure enough) or sneakernet (delivered by hand). You've apparently chosen one of the above, and it works well for your use.
However, distributing a CA's public key across the internet so that the recipient knows it's really your key is difficult. The way to do that is use PKI, aka a Trusted Third Party, like Verisign, that has signed your cert or CA.
While prefetching data can be done using a single core, your post in this context gives me a cool idea.
Who needs branch prediction when you could just have 2 cores running a thread? Send each one executing instructions without a break in the pipeline and sync the wrong core to the correct one once you know the result. You'd still have to wait for results before any store operations, but you should probably know the branch result by then anyway.
The authentication comes from the PKI certificates. An encrypted channel is then built upon that trust.
Attack vector: Someone sitting in your shop, who has already paid for coffee. Not remote.
Target compromised: Allows net access, you don't get to charge the guy. No data loss, no availability loss.
Required knowledge: HTTP and an iPhone number. Barrier could go down with further public exploits.
Public exploit: Yes, though limited to the geek crowd. And they had to assume this would be true, or they are pretty bad at this.
For what you're looking at, I think a user-agent string is the kind of security you're looking for when deploying this. There are some scenarios where you would need to escalate security, but IMO not required yet.
I remember when the California governor was in a movie where he was a robot driving around town. I think this means we'll be alright.
Yes, congrats to those 35 teams that get to compete with the Gators!
GO GATORS!!!
I'm not working on the team anymore (graduated), but my name's still on CIMAR's website!
Since when is Lawrence Lessig introduced on Slashdot simply as "a law professor"?
Big in the "Free Culture" movement and writer of the phrase "code is law". Slashdotters should recognize this name.
Queue the legos/lego/lego(tm) bricks holy wars.
If you don't have any, it doesn't really matter, now does it?
1. Get extra ballots.
2. Fill them out for your employer/candidate.
3. Stuff them into ballot box.
4. ???
5. Profit!
And if you don't think that this is actually done, well I'll just point out that here the "Profit!" line actually works as long as you can get away with it.
Same thing for me. And bookmarks were broken. I thought I'd lost them, but when I couldn't make any new ones I realized that it just wasn't doing the bookmark thing at all. Running the install a second time cleared up some things for me.
Also got an error about not having a function in js3250.dll at one point. Reminds me very much of the pre-RC1 releases. Remember those that didn't really handle upgrades without an uninstall and install (and even that was buggy).
Oh well, maybe we'll see 2.1 next week.
No. It gets easier to use as it matures. Not that it makes the acronyms go away. They're just easier to ignore and have things work correctly.
Advancement makes it harder to use. Think of how your mom doesn't fly an airplane (though if she does I'll give up my disagreement right now). The space shuttle is advanced technology, or was at least recently. A refrigerator, car, of phone is a mature technology.
for a college class? Nonsense! And these BOOKS I have to buy should be free too!
Not only is this cheaper than the book for the class, but it's not required. And probably has more useful information.
In data structures we used the department head's book. And *gasp* people make money on books! And the way I understand it, it's not that shady since they've been trying to get more of the department to Java and it's one of the few good data structures with Java examples books.
I've spent money on far worse. Accounts on systems that grade your homework and we only used it twice. Physics departments seem to love those IR remotes that allow for live graded quiz questions, and I've seen "upgrades" that make the old ones not work so that they sell new ones instead of allowing students to buy/sell used. Really, it's funny that someone that seems to be trying to do something good is getting picked on here, when far crazier things are going on.
That specific method here is "on a computer." This is exactly the type of patent that slashdot people get up in arms about. The patent application requests that they be the only ones allowed to conjugate verbs on a computer.
Though, I for one [to welcome] our new language [to own] overlords. (btw, way to go article submitter. you've made something dull into something interesting.)
Facebook has a feature where you can schedule an event and invite your friends. The college student's version of Outlook meeting requests. People that are going can see who else is going, though it now announces all that data to those people's entire 'social network' whether they requested it or not. This was done retroactively, as well, suddenly making very public knowledge of past occurances. This feed thing is showing me lists of friends that went to recent events. Here's a quote from that page:
"6 of your friends are attending Queer Television Awards 2006: LGBTQ Welcome Assembly."
I can click that link and it quickly tells me who those people are. Needless to say, I'm disturbed! All I do is log in, and it's showing me pictures that people have recently uploaded from the crazy parties they were at over the weekend. Sure they put them online so they didn't assume any privacy, but why the hell am I shown this? A lot of these people are just people I've met around campus and they can be my 'facebook friend', and I would otherwise be respecting a certain level of privacy if these things weren't put on my main page by facebook.
Maybe I'm disturbed because it makes me feel like a stalker?
This is funny, because as someone who has worked for ISS (Internet Security Systems) and frequently reads Slashdot, I've found several articles confusing when people write about /the/ ISS (Space Station) and I think, "Wait, what the hell are we doing?" So I welcome you all to my world of ambiguousness, which won't exist much longer now that it's been bought...
I could just sit in front of my computer all day making huge lists of ways to sell things.
"A method of using a computer to list a huge number of ways to sell things..."
I am way ahead of you.
Do you realize that files have a concept of "owner", as well as a creation date, and that when you authenticate against the domain, a DC logs that?
I believe the idea would be to use someone else's workstation. Have the autorun drop the files without making any visible signs of doing anything. Hell, you could probably do this while talking to the person, just ask if you can charge the ipod while you talk (try it, people are agreeable most of the time). Alternatively you could find an unlocked workstation, but what's the fun in that?
See how easy that was? And note how the large role ipods now play in our lives contributed to the success of this trick.
this amazing new system actually sends off harmful radiation, giving you and your family the experience of what it actually must have been like at Black Mesa.
I'll write another perl script they can check their script against. You enter a search string, and I return 999 links to websites, which means I obviously have an almost infinite database of webpages indexed. And the compression is really amazing too, it all fits into this perl script and CSV of 999 links.
CALEA says:
"ENCRYPTION- A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."
Which in my first glance at this means that VoIP can be encrypted, though if the carrier handles too much of the private key generation, which would be necessary for any non-technical user, the carrier must keep the key for law enforcement use. (I'm thinking that a standalone VoIP phone would need a factory generated key on EEPROM, though software VoIP could use your average PC to generate a key itself.) But then again I'm not even sure if this applies to VoIP since this isn't exactly a service I'm currently familiar with. I'll note though that this is the only place "encryption" came up in a search of the law itself, so there's not much more to look at than the above quote. However, what the FBI and FCC have done in regulations may be a totally different matter. Can anyone clear this up more or is it just a regulatory mess?