EAL 4 highest for any security product? I don't think so. Several smartcards IC's have EAL 5+ certification. EAL is highest for software products - and therefore entire systems - however.
Problem with these boxes is that you put them on your desk. Always a bad idea if you want low noise. My computer is too noisy, but at least it is removed so far I can just reach the DVD writer unit. If I had an external case, I would put the computer in a vented case and be done with it. Why I would want my computer next to me exept for the power button (keyboard, you got it right Apple) and the externals is beyond me.
Yeah, it is still IA-32, so this means: - it's compatible - it's fast - it supports more (important) instructions - larger address space - additional security feature - it's relatively inexpensive
So in my view there is little wrong with it. Too many processors claimed to be better, but were slower and more expensive instead - and that's what counts. The compilers will compile for it without too big a fuss, so what's your point?
If it can keep up with AMD on performance, power/heat requirements and compatibility is another matter, my vote still goes to AMD, especially since I suspect foul play by Microsoft on 64 bit support. Windows 64 bit will be released as soon as enough chips are available from Intel.
Actually, I think in the office building we've got like CAT6 cables. Maybe something to think about? Cables can be expensive though, so maybe you should go with the previous poster and just leave space.
Also, for the previous poster, here are some caps: AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV VWWXXYY ZZ I've doubled every letter just to be sure.
So knowledge and good common sense did it. Who would have guessed?
If you hear the stories of people going to watch what is going to happen, it makes you hair stand up. What's even creepier is the fact that you don't know if you would be one of them.
There was a (Dutch) couple on television that had the sense to run off to common ground. Most people they saw were either fixed in place or were going in the other direction (up and including the other Dutch, I might add).
Uh, I disagree. I would like something like that for my 10 person dormatory. If it would be easy to manage that would really be a huge plus. Obviously Novell thinks differently, unfortunately they want to make money out of it (in the long run), which is their right I guess.
Maybe RedHat will get more serious about it once they release the GPL'd version of iPlanet Directory Server./me shudders
If there is any reason why netscape went bust outside of the browser business, it's their horrible servers they tried to sell. They are pretty secure, which is a good thing, but they are very very hard to administrate (simply because they don't understand anything about user interfaces), and will therefore never take off. Unless they rewrite the entire front end that is.
Fuck up royally? That's funny, our commercialised monopolist in the Netherlands is called KPN, which stands/stood for Koninklijke PTT Nederland. Translation: ROYAL PTT Netherlands. They still control the telephone (landline) infrastructure for which you will have to pay 10 euro's a month regardless of your ISP or telephone provider.
Joe User could ask his neighbour instead. Now a slashdot user would probably never think of that because that would require him to leave his computer room / bedroom at his parents house.
The bootable CD idea is fine if it comes with the system, but it would require you to download the new hashes in advance (maybe using the same CD).
No, encryption is out of the question, since it would take enormous computing power to get a new key (see GIMPS). As for the known keys, these are obviously not available for use. A brute force attack would take 21 rounds to complete (on average).
Using a mersenne prime for the public exponent is no problem though. Both 3 and 7 are used quite a lot for this purpose, though 65537 is used most (and this is not a mersenne prime).
Um, he's 19 and he manages to get 13 convictions. If he would have stayed in jail the whole time, he probably would not get that many. Most criminals don't commit crimes in jail afaik. There is no need either, basic livelyhood is provided. Back in the real world, with nothing to do and noone to watch, drugs to be had, yes, that's another case entirely.
What about the ASN.1 library buffer overflow that broke things like SSL then? That broke every version of Windows, especially the ones that were cryptographically secure. I am sorry, but the current situation on Windows is not that secure. Linux can be hacked in the same manner of course, but the chance that this will be a root exploit is much smaller.
I agree on your stance on sql injection and winsock though.
The world is big, and obtaining a license from an author you might not even find is a hard thing to do. And that is for *one* author. Most OSS projects, especially the popular ones, have many authors. If it is GPL, it is impossible to get a license - you would have to get a license from *everyone*.
The company I work for is starting to play the OSS game more and more often, but using GPLed code is out of the question - *some* code should never be shared due to security reasons. So a GPL license pretty much does it for development on the entire system. Thank you GPL. Also, because someone wrote e.g. a base 64 encoder/decoder, should that mean that he/she should have access to an entire mail server implementation? I find that doubtfull.
Now the LGPL, Apache License, CPL, BSD, MIT, those are more to my liking, and I will choose one of these for my own projects. These will integrate *much* easier with other licenses as well.
Relying on sourceforge a bad idea? You can always move to another location, though moving the bug db etc. might be a pain. I don't think that sourceforge would be too keen to remove OSS projects later that they think are compliant now. They would have a righteous riot to say the least.
There are several assumptions that you make that are not that [] - Associated performance costs; for most (business related) applications, you don't give a darn. You want it well designed, but the difference in creating a thread? I don't think that would matter much (linux is very probably faster anyway). - About having a message loop and handlers; it seems to me that this is about an application that is written from the GUI down. If you cannot seperate your core logic from your GUI, there comes a time where you will be hit *big time*, such as when you are going to port your application. - As for the library that maps the windows calls to linux/posix ones: yes, that could be a good idea in some circumstances, but it might be much harder than you think. You will have an additional library to maintain, and if you expand your original program than you will probably have to expand the library within as well - in the end you'll have another wine.
Obviously if wine works, there might be little reason to bother, but Wine won't work always. A Win32 library for Linux IS wine, stop looking further. Sometimes you need to hack your app this way, for instance if you would want to make a Linux compatible library...not much fun to have a linux library implemented by a.dll.
What I was always told was that the weather will become more extreme. Besides that, if it is, say, the wettest year since they started measuring? What's so darn generic about that? What exactly is your point?
If you are using passphrases, intentionally mispel words. This would make it rather harder for someone to find your passphrase. Especially if you Mi5zp1e them enough. Don't go to far, because you might not remember them anymore.
Another trick is to have a really difficult password used as salt. Just put it in front of a simpler one every time. This would make dictionary attacks much harder.
If you just want to protect against network hacks, don't forget that they cannot see your desk, so using a piece of paper with the difficult first password would work wonders. It won't work against a determined thief, but most dictionary attacks won't be from determined thiefs. Beware of the cleaning lady though.
Slashdot Mirror
EAL 4 highest for any security product? I don't think so. Several smartcards IC's have EAL 5+ certification. EAL is highest for software products - and therefore entire systems - however.
Problem with these boxes is that you put them on your desk. Always a bad idea if you want low noise. My computer is too noisy, but at least it is removed so far I can just reach the DVD writer unit. If I had an external case, I would put the computer in a vented case and be done with it. Why I would want my computer next to me exept for the power button (keyboard, you got it right Apple) and the externals is beyond me.
Yeah, it is still IA-32, so this means:
- it's compatible
- it's fast
- it supports more (important) instructions
- larger address space
- additional security feature
- it's relatively inexpensive
So in my view there is little wrong with it. Too many processors claimed to be better, but were slower and more expensive instead - and that's what counts. The compilers will compile for it without too big a fuss, so what's your point?
If it can keep up with AMD on performance, power/heat requirements and compatibility is another matter, my vote still goes to AMD, especially since I suspect foul play by Microsoft on 64 bit support. Windows 64 bit will be released as soon as enough chips are available from Intel.
You could use a laser device to check how hot the tap is, you can get them quite cheap nowadays. They're digital as well :)
Actually, I think in the office building we've got like CAT6 cables. Maybe something to think about? Cables can be expensive though, so maybe you should go with the previous poster and just leave space.
V VWWXXYY ZZ
Also, for the previous poster, here are some caps:
AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUU
I've doubled every letter just to be sure.
Yes, I always look to schools as well for a great example about how good the support can get (not!). /sarcasm off
My brains "oops" center is located in a more southern and groinular region.
They've located it inside the brain, that does not tell anything about the location of the brain itself.
So knowledge and good common sense did it. Who would have guessed?
If you hear the stories of people going to watch what is going to happen, it makes you hair stand up. What's even creepier is the fact that you don't know if you would be one of them.
There was a (Dutch) couple on television that had the sense to run off to common ground. Most people they saw were either fixed in place or were going in the other direction (up and including the other Dutch, I might add).
But we are getting off-topic here.
Just because you are paranoid, doesn't mean that they aren't after you.
(From a fortune cookie)
Uh, I disagree. I would like something like that for my 10 person dormatory. If it would be easy to manage that would really be a huge plus. Obviously Novell thinks differently, unfortunately they want to make money out of it (in the long run), which is their right I guess.
Maybe RedHat will get more serious about it once they release the GPL'd version of iPlanet Directory Server. /me shudders
If there is any reason why netscape went bust outside of the browser business, it's their horrible servers they tried to sell. They are pretty secure, which is a good thing, but they are very very hard to administrate (simply because they don't understand anything about user interfaces), and will therefore never take off. Unless they rewrite the entire front end that is.
Fuck up royally? That's funny, our commercialised monopolist in the Netherlands is called KPN, which stands/stood for Koninklijke PTT Nederland. Translation: ROYAL PTT Netherlands. They still control the telephone (landline) infrastructure for which you will have to pay 10 euro's a month regardless of your ISP or telephone provider.
Joe User could ask his neighbour instead. Now a slashdot user would probably never think of that because that would require him to leave his computer room / bedroom at his parents house.
The bootable CD idea is fine if it comes with the system, but it would require you to download the new hashes in advance (maybe using the same CD).
No, encryption is out of the question, since it would take enormous computing power to get a new key (see GIMPS). As for the known keys, these are obviously not available for use. A brute force attack would take 21 rounds to complete (on average).
Using a mersenne prime for the public exponent is no problem though. Both 3 and 7 are used quite a lot for this purpose, though 65537 is used most (and this is not a mersenne prime).
That's correct. It farthest away from anywhere you can live in the UK, and as close to Dublin as you can get.
Um, he's 19 and he manages to get 13 convictions. If he would have stayed in jail the whole time, he probably would not get that many. Most criminals don't commit crimes in jail afaik. There is no need either, basic livelyhood is provided. Back in the real world, with nothing to do and noone to watch, drugs to be had, yes, that's another case entirely.
Ah, it only *looks* blue because of the light! Phew, that clears that up!
What about the ASN.1 library buffer overflow that broke things like SSL then? That broke every version of Windows, especially the ones that were cryptographically secure. I am sorry, but the current situation on Windows is not that secure. Linux can be hacked in the same manner of course, but the chance that this will be a root exploit is much smaller.
I agree on your stance on sql injection and winsock though.
The world is big, and obtaining a license from an author you might not even find is a hard thing to do. And that is for *one* author. Most OSS projects, especially the popular ones, have many authors. If it is GPL, it is impossible to get a license - you would have to get a license from *everyone*.
The company I work for is starting to play the OSS game more and more often, but using GPLed code is out of the question - *some* code should never be shared due to security reasons. So a GPL license pretty much does it for development on the entire system. Thank you GPL. Also, because someone wrote e.g. a base 64 encoder/decoder, should that mean that he/she should have access to an entire mail server implementation? I find that doubtfull.
Now the LGPL, Apache License, CPL, BSD, MIT, those are more to my liking, and I will choose one of these for my own projects. These will integrate *much* easier with other licenses as well.
Relying on sourceforge a bad idea? You can always move to another location, though moving the bug db etc. might be a pain. I don't think that sourceforge would be too keen to remove OSS projects later that they think are compliant now. They would have a righteous riot to say the least.
There are several assumptions that you make that are not that []
.dll.
- Associated performance costs; for most (business related) applications, you don't give a darn. You want it well designed, but the difference in creating a thread? I don't think that would matter much (linux is very probably faster anyway).
- About having a message loop and handlers; it seems to me that this is about an application that is written from the GUI down. If you cannot seperate your core logic from your GUI, there comes a time where you will be hit *big time*, such as when you are going to port your application.
- As for the library that maps the windows calls to linux/posix ones: yes, that could be a good idea in some circumstances, but it might be much harder than you think. You will have an additional library to maintain, and if you expand your original program than you will probably have to expand the library within as well - in the end you'll have another wine.
Obviously if wine works, there might be little reason to bother, but Wine won't work always. A Win32 library for Linux IS wine, stop looking further. Sometimes you need to hack your app this way, for instance if you would want to make a Linux compatible library...not much fun to have a linux library implemented by a
What I was always told was that the weather will become more extreme. Besides that, if it is, say, the wettest year since they started measuring? What's so darn generic about that? What exactly is your point?
Nice deviding line that, us liberals and the fundamentalists (that burn books, none the less). You _must_ live in America.
Silence!
If you are using passphrases, intentionally mispel words. This would make it rather harder for someone to find your passphrase. Especially if you Mi5zp1e them enough. Don't go to far, because you might not remember them anymore.
Another trick is to have a really difficult password used as salt. Just put it in front of a simpler one every time. This would make dictionary attacks much harder.
If you just want to protect against network hacks, don't forget that they cannot see your desk, so using a piece of paper with the difficult first password would work wonders. It won't work against a determined thief, but most dictionary attacks won't be from determined thiefs. Beware of the cleaning lady though.