Yet neither Verisign or Thawte do any kind of
security auditing on the sites they 'Certify'
so it's really just a scam. A Verisign brand
certificate might make some sense if along with
that came the knowledge that Verisign did some
kind of security audit to verify that the data
you send secure stays secure afterward, but they
don't.
Btw, it is entirely possible for any SSL
site to make their own certificates, signed by themselves. I've done it for years.
While some may argue that skipping a third party
signature verification on an SSL certificate is
a bad idea, I suggest it's a very good one.
I don't need to verify that this key is from
this company when I've already done that to some
degree by the simple fact that I'm already at
their website and getting the certificate from their website. Some people may start yelling about
site impersonation at this point, but there
is a reason the credit card industry would rather
absorb the costs of credit card fraud rather
than persue every single case to the end.
It's cheaper to just let some incidents slide.
If someone did succesfully masquerade as a known
(read "trusted") site and you accepted their certificate and sent them sensitive information,
and if they then abused that information to
run up your credit card bill, you wouldn't be
responsible for more than $50 of it, so what's
the point? Consumers don't really need to fear
online fraud the way some have suggested.
In essence, the 'root CA' 'feature' is really
just a way to artificially control the issuance
of SSL certificates , and to impose the need
for a third party to sign these certificates
to prevent an evil dialogue box from popping
up and frightening away a potential purchase.
I'd like to see the W3 consortium address this
issue by putting forth a standard for web browsers to accept all SSL Certificates
sans third party verification signatures.
They are not needed for most SSL transactions.
I'm patenting the perceptual processes in your brain. From now on, the perception of pleasure
will be regulated by me available to you, the
end user for a marginal fee. The perception of
pain shall remain largely free, except to those
individuals for whom it acts as a form of pleasure. Your perception of perceiving that
you are being manipulated shall be annulled
thus maintaining your illusion of clear
perception. Dogma's and religions pertaining
to perception (in particular Dianetics) shall
be persecuted as infringing upon my patents.
In particular, the idea of 'clear' proposed by
Dianetics shall henceforth be reffered to as
'fogged' to avoid litigation. The process of
self perception is still largely undocumented,
but rest assured as soon as it's encoding algorithm is reverse engineered, it too shall be
patented by us.
That was brilliant. I laughed very hard indeed. I don't like people who tell me what I think, and that's precisely what this entire book attempts to do. It attempts to tell me that I am afraid of risk, that I want to sit in my armchair and direct missiles from afar into foreign nations. Nothing could be further from the truth. I beleive I speak for every american when I say I want to run recklessley into the feild of battle, the stench of blood and napalm all around, and I want to run my sword through my opponents guts and spine and dance in his intestines. This book is bunch of shite and this person is so out of touch with "America" it's not funny. Burn this book, and burn the author while we're at it. AOCrowley, AKA Antichrist, The I'm back.
Forget SUV's. Tractor trailors must go! We don't need deliveries in this country, we can get by without a shipment infrastructure. And I side with you in hoping gas prices climb to 2 or 3 dollars a gallon! That would also mean fuel oil prices and deisil prices and plastics and about a million related products would also go through the roof. Think of all those morons freezing to death in northern states this winter! That's so COOL. Not to mention the price of a plane ride back to wherever you come from costing 10 times what it does now. I'm so with you on this one.
"Everyone already knows that their distribution is just other's work with minimal changes".
This statement shows a lack of real world experience with unix period. Solaris and HP/UX share many commands in common, there is even the notion that there is a certain amount of basic compatability between these two flavors of Unix, but in practice a simple shell script written for one might fail on the other due to differances in
1. TREE LAYOUT 2. DEFAULT FILE PERMISSIONS 3. COMMAND VERSIONS (i.e. UCB "ps" versus SysV "ps") 4. COMMAND OUTPUT FORMAT DIFFERANCES a. Solaris "top" does not output exactly what linux "top" does. b. HP/UX ifconfig does not behave the same as linux 'ifconfig' or Solaris 'ifconfig'.
What if one linux distribution decides to conform even more to the Solaris spec than redhat by including a sysv version of ps and placing it first in the default system wide path in/etc/profile? Then on this distribution, a shell script written to parse the output fields of a/bin/ps command will fail if it is expecting UCB 'ps' field arrangement.
A distribution is a work of art. Every file must have correct permissions, and all the possible security risks have to be located and expunged.
The amount of man hours that goes into compiling and packaging each (admittedly and hopefully publicly available) package and all the other details of a well thought out distribution is enormous and definately comparable to a major coding project like gcc or X server itself. Then, in the case of a really GOOD distrubution, there are those pesky little details like compiling syslog to not listen on port 514 by default, compiling the shadow suite to use PAM auth, making sure telnetd doesn't actually export LD_LIBRARY_PRELOAD into the environment, etc. I have tons of experience with downloading the source distributions of packages and adding options like SSL or PAM. The occasion when these recompiles go without totally blowing up in my face is few and far between.
If I wasn't an experienced coder able to comb through make files and study source code for mistakes , I wouldn't be able to get half the free packages I download to work at all. Course, I do run a version of slackware from 1994 so that could explain some of these problems but shall I go on? You take for granted that these distributions (Debian, Caldera, SuSe, Redhat, Slackware) exist but you havn't really thought about what it would mean to create your own without taking someone elses as a starting point. Consider Mandrake (and don't hesitate to correct me if I'm wrong here), which I'm of the impression is a superb linux distribution from the point of view of security, but what is it really? It's RedHat tweaked by an expert (?). So let's get it straight, a distribution is not merely "just others work with minimal changes" , it's tens of thousands of man-hours at hundreds of dollars per hour and frankly, I'd like to see some of that money in my pocket. {GRIN}
************************************************ ******************************** Bear Stearns is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction, customer account or account activity contained in this communication. ************************************************ ********************************
I'm glad to see mp3.com suing the RIAA. It's not like the RIAA's suit doesn't reek of anti competitive practices to any red blooded American which leads me to say that theoretically one could refer to any organization that behaves like the RIAA as un-American (with all that implies).
The music industry only came to exist in it's present form in the 50's and 60's , and has long sat atop the pinnacle of decision of what music get's publicized and what doesn't. How many of us own material released by artists on small independant labels? I would venture to say all of us. Imagine if the powers of this monopoly could prevent the distribution of anything in vinyl or CD format that wasn't authorized by them or their constituents?
When vinyl was phased out in favor of CD's, the average price of an album was hiked by over 100%. This could only have happened because of the monopolistic power of the RIAA and the recording industry in general. Presently, CD's cost less to manufacture than vinyl, yet still cost more. The RIAA's cheif contention is that mp3.com's service of digitizing media content for sale on partner sites and then offering you immediate download of your new purchase interferes with their ability to leverage that market to their own advantage and ultimately come to dominate and control that market, using non standard encoding formats (ie. Windows Media) that are unsupported by anything but trial proven software monopoly Microsofts products. I think this is a pretty transparent case here folks. It's a run for the money, a lawsuit filed by the RIAA against mp3.com simply because mp3.com beat them (the collective record industry conglomerate formed by the RIAA's members) to the punch by providing immediate download of purchase contents. Yes, mp3's enable pirating. A gun enables shooting someone. We still hold the gun owner responsible for the actions taken with the gun because it's sensible. Those who use mp3's to pirate material are pirates. One can pirate material in a number of ways, including Microsofts windows media format. Obviously, mp3.com demonstrates legitimate use for the format. It isn't about just finding mp3.com innocent of criminal behavior, but finding the RIAA guilty of anti competitive and un american practices by filing harrasing lawsuits and engaging in defamatory statements and imposing adequate punishment upon them. We need to send a strong message to corporate america that monopolies will not be tolerated, otherwise we can toss out the phrase 'free trade and competition' and simply be 'capitalists' in the derogatory sense of the word. I love america. If you love america you will burn the RIAA at the stake.:)
I also work with Checkpoint on Sun, and I'd rather see the Checkpoint GUI ported to linux, but using the existing kernel firewall code. For high volume commercial applications, it's starting to look like dedicated PIX hardware is the answer only because checkpoint has a 50,000 connection limit. Do we know what the connection limit in Linuxs native firewall is?
that the url for where I can buy this game online was not included here. It smacks of anti religious bulldinky. If this was an announcement for the latest version of Halflife or Diablo the url would be here. I don't care at all for this guys comments about wrong and right, I WANT MY VIOLENCE. I am sincerely looking forward to becoming a highest echelon demon in the ranks of Lucifers angels, and am deeply saddened to see such outrageuous anti religious bullcrap allowed on this website. I think God is the greatest product ever invented. So is Satan. Where is the URL so I can get to smacking angels ?
Eric wrote: > Also, note that linux can swap to a file, as well as to a raw partition. However, swapping to a partition is faster, and preferable.
You sure about that? Seems to me it will only be faster if the partition is on a seperate physical disk. Why would mounting a partition make the swap file faster than mounting a file?
> You should have enough swap space to hold applications that you aren't currently using, but huge amounts aren't useful (unless you have an application that likes to map large amounts of Virtual Memory, but doesn't actually use it)
Under Linux, mapped virtual memory will never occupy swap or anything else unless an access with a page fault occurs.
Slashdot Mirror
Yet neither Verisign or Thawte do any kind of
security auditing on the sites they 'Certify'
so it's really just a scam. A Verisign brand
certificate might make some sense if along with
that came the knowledge that Verisign did some
kind of security audit to verify that the data
you send secure stays secure afterward, but they
don't.
Btw, it is entirely possible for any SSL
site to make their own certificates, signed by themselves. I've done it for years.
While some may argue that skipping a third party
signature verification on an SSL certificate is
a bad idea, I suggest it's a very good one.
I don't need to verify that this key is from
this company when I've already done that to some
degree by the simple fact that I'm already at
their website and getting the certificate from their website. Some people may start yelling about
site impersonation at this point, but there
is a reason the credit card industry would rather
absorb the costs of credit card fraud rather
than persue every single case to the end.
It's cheaper to just let some incidents slide.
If someone did succesfully masquerade as a known
(read "trusted") site and you accepted their certificate and sent them sensitive information,
and if they then abused that information to
run up your credit card bill, you wouldn't be
responsible for more than $50 of it, so what's
the point? Consumers don't really need to fear
online fraud the way some have suggested.
In essence, the 'root CA' 'feature' is really
just a way to artificially control the issuance
of SSL certificates , and to impose the need
for a third party to sign these certificates
to prevent an evil dialogue box from popping
up and frightening away a potential purchase.
I'd like to see the W3 consortium address this
issue by putting forth a standard for web browsers to accept all SSL Certificates
sans third party verification signatures.
They are not needed for most SSL transactions.
I'm patenting the perceptual processes in your brain. From now on, the perception of pleasure
will be regulated by me available to you, the
end user for a marginal fee. The perception of
pain shall remain largely free, except to those
individuals for whom it acts as a form of pleasure. Your perception of perceiving that
you are being manipulated shall be annulled
thus maintaining your illusion of clear
perception. Dogma's and religions pertaining
to perception (in particular Dianetics) shall
be persecuted as infringing upon my patents.
In particular, the idea of 'clear' proposed by
Dianetics shall henceforth be reffered to as
'fogged' to avoid litigation. The process of
self perception is still largely undocumented,
but rest assured as soon as it's encoding algorithm is reverse engineered, it too shall be
patented by us.
That was brilliant. I laughed very hard indeed. I don't like people who tell me what I think, and that's precisely what this entire book attempts to do. It attempts to tell me that I am afraid of risk, that I want to sit in my armchair and direct missiles from afar into foreign nations. Nothing could be further from the truth. I beleive I speak for every american when I say I want to run recklessley into the feild of battle, the stench of blood and napalm all around, and I want to run my sword through my opponents guts and spine and dance in his intestines. This book is bunch of shite and this person is so out of touch with "America" it's not funny. Burn this book, and burn the author while we're at it. AOCrowley, AKA Antichrist, The I'm back.
Forget SUV's. Tractor trailors must go!
We don't need deliveries in this country, we can
get by without a shipment infrastructure.
And I side with you in hoping gas prices climb to 2 or 3 dollars a gallon! That would also mean
fuel oil prices and deisil prices and plastics and about a million related products would also go through the roof. Think of all those morons freezing to death in northern states this winter!
That's so COOL. Not to mention the price of a plane ride back to wherever you come from costing
10 times what it does now. I'm so with you on this one.
"Everyone already knows that their distribution is just other's work with minimal changes".
This statement shows a lack of real world experience with unix period. Solaris and HP/UX share many commands in common, there is even the notion that there is a certain amount of basic compatability between these two flavors of Unix,
but in practice a simple shell script written for one might fail on the other due to differances in
What if one linux distribution decides to conform
even more to the Solaris spec than redhat by
including a sysv version of ps and placing it first in the default system wide path in
UCB 'ps' field arrangement.
A distribution is a work of art. Every file must
have correct permissions, and all the possible security risks have to be located and expunged.
The amount of man hours that goes into compiling and packaging each (admittedly and hopefully publicly available) package and all the other details of a well thought out distribution is enormous and definately comparable to a major coding project like gcc or X server itself. Then, in the case of a really GOOD distrubution, there are those pesky little details like compiling syslog to not listen on port 514 by default, compiling the shadow suite to use PAM auth, making sure telnetd doesn't actually export LD_LIBRARY_PRELOAD into the environment, etc. I have tons of experience with downloading the source distributions of packages and adding options like SSL or PAM. The occasion when these recompiles go without totally blowing up in my face is few and far between.
If I wasn't an experienced coder able to comb through make files and study source code for mistakes , I wouldn't be able to get half the free packages I download to work at all. Course, I do run a version of slackware from 1994 so that could explain some of these problems but shall I go on? You take for granted that these distributions (Debian, Caldera, SuSe, Redhat, Slackware) exist but you havn't really thought about what it would mean to create your own
without taking someone elses as a starting point.
Consider Mandrake (and don't hesitate to correct me if I'm wrong here), which I'm of the impression is a superb linux distribution from the point of view of security, but what is it really? It's RedHat tweaked by an expert (?). So let's get it straight, a distribution is not merely "just others work with minimal changes" , it's tens of thousands of man-hours
at hundreds of dollars per hour and frankly, I'd like to see some of that money in my pocket. {GRIN}
1n 5l4ckw4r3 0.99pl4
h0h0h0
I'm glad to see mp3.com suing the RIAA. It's not like the RIAA's suit doesn't reek of anti competitive practices to any red blooded American which leads me to say that theoretically one could refer to any organization that behaves like the RIAA as un-American (with all that implies).
The music industry only came to exist in it's present form in the 50's and 60's , and has long sat atop the pinnacle of decision of what music get's publicized and what doesn't. How many of us own material released by artists on small independant labels? I would venture to say all of us. Imagine if the powers of this monopoly could prevent the distribution of anything in vinyl or CD format that wasn't authorized by them or their constituents?
When vinyl was phased out in favor of CD's, the average price of an album was hiked by over 100%.
This could only have happened because of the monopolistic power of the RIAA and the recording industry in general. Presently, CD's cost less to manufacture than vinyl, yet still cost more. The RIAA's cheif contention is that mp3.com's service of digitizing media content for sale on partner sites and then offering you immediate download of your new purchase interferes with their ability to leverage that market to their own advantage and ultimately come to dominate and control that market, using non standard encoding formats (ie. Windows Media)
that are unsupported by anything but trial proven
software monopoly Microsofts products. I think this is a pretty transparent case here folks.
It's a run for the money, a lawsuit filed by the
RIAA against mp3.com simply because mp3.com beat them (the collective record industry conglomerate formed by the RIAA's members) to the punch by providing immediate download of purchase contents.
Yes, mp3's enable pirating. A gun enables shooting someone. We still hold the gun owner responsible for the actions taken with the gun
because it's sensible. Those who use mp3's to pirate material are pirates. One can pirate material in a number of ways, including Microsofts
windows media format. Obviously, mp3.com demonstrates legitimate use for the format.
It isn't about just finding mp3.com innocent of
criminal behavior, but finding the RIAA guilty of anti competitive and un american practices by filing harrasing lawsuits and engaging in defamatory statements and imposing adequate punishment upon them. We need to send a strong message to corporate america that
monopolies will not be tolerated, otherwise we can toss out the phrase 'free trade and competition' and simply be 'capitalists' in the derogatory sense of the word. I love america.
If you love america you will burn the RIAA
at the stake.
In fact, much like our sense of humour, we don't even exist.
I also work with Checkpoint on Sun, and I'd rather see the Checkpoint GUI ported to linux, but using the existing kernel firewall code. For high volume
commercial applications, it's starting to look like dedicated PIX hardware is the answer only because checkpoint has a 50,000 connection limit.
Do we know what the connection limit in Linuxs native firewall is?
that the url for where I can buy this game online
was not included here. It smacks of anti religious bulldinky. If this was an announcement
for the latest version of Halflife or Diablo
the url would be here. I don't care at all for
this guys comments about wrong and right, I WANT
MY VIOLENCE. I am sincerely looking forward to becoming a highest echelon demon in the ranks of
Lucifers angels, and am deeply saddened to see
such outrageuous anti religious bullcrap allowed on this website. I think God is the greatest
product ever invented. So is Satan.
Where is the URL so I can get to smacking angels ?
Sincerely yours,
AO Crowley
Eric wrote:
> Also, note that linux can swap to a file, as well as to a raw partition. However, swapping to a partition is faster, and preferable.
You sure about that? Seems to me it will only be
faster if the partition is on a seperate physical
disk. Why would mounting a partition make the swap file faster than mounting a file?
> You should have enough swap space to hold applications that
you aren't currently using, but huge amounts aren't useful (unless you have an application that likes to map large amounts of Virtual Memory,
but doesn't actually use it)
Under Linux, mapped virtual memory will never occupy swap or anything else unless an access
with a page fault occurs.