Backpacking, definitely. There's a program called Summits On The Air (SOTA) where people hike up hills or mountains to activate them for contacts. Living in Colorado, there are plenty of those around! I figure it's good exercise and also allows me to play with things like portable/emergency operation, solar charging, mobile antennas, you name it, and get some exercise too which I very much need!
Anyway, thanks for the tips, all - I should have thrown the 897 in there along with the other two, as it does look nice and I have always liked Yaesu hardware. I'll likely start with an 897 and then consider adding an 817 at some point.
You can do that with any number of wifi products, no amateur license needed - in fact, you'll almost certainly run afoul of the FCC quite quickly using amateur frequencies for general Internet traffic. The quickest thing to note is that you can't do anything relating to work for money using amateur frequencies.
Look at somebody like Ubiquiti Networks for some very good solutions that don't require an amateur license.
Note, though, that most ISPs won't take kindly to this, as it's very likely to break their terms of service for end-user connections.
Hilariously, I quickly started enjoying making longer-distance contacts on 10 meters and wanted to be able to talk on the repeaters on that band using FM - so I passed my General exam and the 5 WPM code test not long after anyway.
I need to get my Advanced one of these days - now that it's just a test and doesn't require 13 WPM code, there's not much excuse anymore for not getting it done!
No doubt! A couple of weekends ago I heard 10 meters was up again, so thought I'd play. I have a Radio Shack HTX-100 10-meter radio I think I paid about $200 for way back in the day, a PVC-encased balun I bought for maybe $20, some speaker wire, some feedline and a power supply. Total was maybe $400 a long time ago.
Anyway, strung the dipole between two badminton net supports, fired it up, and was talking to Canada, Europe, and all over the east coast from the central US. My 12-year-old thought it was pretty darn cool.
Next step is I want to get something portable like an FT-857 or 817 and do some mountaintopping. Good times!
Don't forget the old tried-and-true Firewire attack as well. It's real and I've demonstrated it using a Linux laptop attached to a Windows machine via Firewire.
Apparently it still works quite well for Windows 7 as well.
On Linux you can blacklist the OHCI modules, which means your Firewire ports never come up and won't talk to anything. On Windows, not so much. One iPod with Firewire and enough time to dump some kernel memory is all it takes if your system's running and physically available to me. I can also immediately unlock the screen to get straight in.
My story goes back a bit further, I think. In 1985-6, I was a senior in High School and already a massive computer geek. My senior year school day consisted of a math class, an English class, and the rest of the day was spent in the computer lab. We mostly played on TRS-80 Model 4's but also enjoyed running a DEC PDP-8 which had 2K of core memory, two 512K drum drives the size of refrigerators, a Teletype printer console, and a bunch of whirring DECtape drives. Unfortunately it didn't run Unix, it ran RSTS/8. Unix had to wait a couple of years for accounts on VAXen and Sequent boxes.
Anyway, I'd already pounded through BASIC, Fortran and Pascal as well as Z-80 Assembler, so the computer teacher was pretty much done. A friend and I pitched the idea of working together on a self-study course in C and got approval, so a good amount of that lab time was spent with just about the only book on C there was back then - the "K&R C Book" called "The C Programming Language". To this day, I consider learning C to be my real, proper introduction to the world of computing, and I'm still here almost exactly 25 years later.
I still have that copy of the book, and inside it are all the printouts of my HS programming time including the C programs I loved writing the best. Once a year or so I look them over again to remember simpler times when "hacking" meant writing some neat C or assembly code that was as small and/or powerful as possible.
Thanks, Dennis (and Brian!), it's been a good trip so far. Rest in peace.
This isn't related to an intermediate CA issue, is it?
For example, Entrust, as part of the switch to 2048-bit certs, starting using an Entrust L1C chain authority - and we've had to load that L1C intermediate certificate onto servers to get them to recognize the certs that Entrust issued. Until you load them, the UI is not terribly helpful - the certificate chain tab doesn't show the missing L1C certificate.
Back in the early days of APRS (Automatic Position Reporting System?), the ham radio community was happily mounting GPS trackers in their cars and sending their position out for convenient viewing on APRS screens. It was fun.
Then Steve Dimse came along and started getting these position reports from the Internet to APRS gateways, making them available on a Java applet for anyone to see, and archiving them. People were more than a little bit unhappy at the time, but I think the consensus that was finally reached was "If you have a problem with that, turn off your tracker!".
I think the same applies here. The info is public, you should know it's public, so if you don't want it to be public, don't send it out.
Get real, that's tantamount to saying Novell screwed SCO over with the APA - which is utter crap.
SCO knew exactly what they were getting at the time, which WAS NOT the copyrights, because they didn't have the money to buy them. Why would they agree to pay 5% back to Novell if they were buying the copyrights outright?
would be why you keep the important stuff on one machine, crypto the heck out of it, and shut it off when you're not around. Take it all you want, losers, is it important enough for the NSA to waste time crunching on it awhile?
I get the same thing here at my company in IT security - lower-level store managers across the country who (supposedly) decide that one of their employees is loafing off too much and want their Web history for the past week or so. Or maybe they just want to know, how can I tell?
Of course, we don't use proxy authentication so it's insanely hard and time-consuming to even find that data with a degree of certainty, but even if I can, no way am I giving that up to somebody who I don't even know is definitely that person's manager.
We finally decided enough was enough, and now we categorically refuse to provide any information whatsoever unless an actual investigation incident is created with Human Resources, and only Human Resources can make the request. Problem solved on that one!
Another great one: a few years ago I helped on a worldwide Active Directory deployment for a company made up of many sub-companies. Anyway, this bunch of Battlin' Business Units distrusted one another so much that they actually paid our consulting company to be the only entity with Enterprise Admin credentials - of THEIR own AD forest! So I've somewhat been in this situation, and believe me, we also specified very carefully how that credential would be turned over and to who. Luckily this company didn't press the issue at all.
Re:I think M$ wins, Not Wins, but still wins.
on
Novell Wins vs. SCO
·
· Score: 1
Didn't help them a whole lot with my company - the whole place, other than desktop support systems (Active Directory and Exchange and OCS, mostly) is run on Red Hat Enterprise servers. A LOT of them. In the several hundreds. With IBM Power database backends running Oracle.
And me? Typing this on my Ubuntu laptop sitting at my desk. Loving life! Now if I could just get away with rolling it out company-wide, my security job would be a heck of a lot easier.
And now I'm off to make sure the latest $@!$@!^&$ critical IE hole gets plugged in a timely fashion...
Not bloody likely, unless all the interest in Unix goes to someone else they don't own... And what other reason is there to do anything with Novell other than grind them in the dust?
What part of "convicted monopolist" is hard to understand?
The other day I bought a new TV, and the total came to about $2K. The nice salesguy told me to go ahead and use my bank account debit card, even though I had wisely brought my checkbook.
He tries to run it, it fails and tells him to call the bank. The bank automated line says no and refuses to transfer him to a person, which he says it usually does.
So instead, I write a check, he scans it and gives it back to me, and it goes through just fine, no phone call at all.
Obviously there are some other things that will have to be put in place to ditch the checks, but it can't happen soon enough for me - that's the first check I've written in over three years and it was a pain to write.
I'm not an Apple fanboi, but I will say: the problem is not that the iPhone doesn't support Flash, the problem is that Flash, as a proprietary overlay to the open Web, even exists.
I spend most of my time on my desktop using NoScript to actively BLOCK Flash, and grudgingly allow it to run when I have no other alternative to get the information I need. Flash support on a mobile phone without the means to easily block it via a permissions structure is an absolute battery and usability nightmare waiting to happen.
I did a project like this - it required an offline root CA that stored its keys in a HSM (Hardware Security Module) infrastructure that ran into the $60,000+ range and required multiple-party control via "M of N" smartcards issued to multiple staff members. Same for the online issuing CA, it couldn't even be started without multiple people with multiple smartcards.
It also required development, acceptance and auditing of a Certificate Practice Statement (CPS) for both the offline root CA and the online issuing CA. Yearly auditing by an outside party.
And then, for all that trouble, you still pay a per-cert fee to the signing authority for the certs you issue.
Hardly "trivial" - try months of consulting time and a budget of $150k plus per-cert and auditing fees ongoing.
Until a couple of years ago, I was a consultant for a large three-letter firm (not IBM) that got a project to implement an internal certificate authority that would be trusted by external partners, in support of email encryption.
Some other projects came up that I needed to do and we started searching for someone else within this 20,000+ employee technology company that could do the project and had at least some familiarity with PKI issues.
There was noone.
Couple that with the fact that we were getting the CA signed by an internal division of the company with a globally-trusted root CA, and that division had precisely two employees. To run a public root CA.
I've been in IT for over 15 years, and I think the number of people I've met in that time who see PKI as anything other than a magical black box can be counted on one hand with fingers left over.
Back in the mid-90's, we used to use this with our ISDN customers who wanted to have their own email domains, but didn't want to pay for always-on ISDN. So we set up mail servers for them that would bring up the ISDN link, issue an ETRN command to our mail server, wait while the mail got sent, then shut the link back down. Worked great.
It's licensed and available on the Droid, which I assume means it's in Android 2.0?
I recently got a Droid demo unit to check out security-wise for use by our company, though, and have to say that it's nowhere near ready for corporate use. Our Exchange server policies require a numeric lock code to be implemented - but the Droid happily let me set up a profile to our server and didn't require use of the cruddy "connect the dots" that is the only thing the phone supports.
No encryption support at all. If your company requires it, it won't allow you to set up syncing.
It showed up as two devices in my "mobile devices" entry, and when I initiated a remote wipe, it happily left all my email intact on the phone, didn't wipe, and just stopped syncing.
There's a bug report filed with Google that had well over 1200 responses, last I checked, saying they can't and won't touch Android until this stuff is implemented. We made the same decision.
Shame, because I liked the hardware and the OS quite a bit, and noticed lots more useful free apps than are available on the iPhone. I'd definitely use one if it had proper enterprise security features implemented.
Slashdot Mirror
Backpacking, definitely. There's a program called Summits On The Air (SOTA) where people hike up hills or mountains to activate them for contacts. Living in Colorado, there are plenty of those around! I figure it's good exercise and also allows me to play with things like portable/emergency operation, solar charging, mobile antennas, you name it, and get some exercise too which I very much need!
Anyway, thanks for the tips, all - I should have thrown the 897 in there along with the other two, as it does look nice and I have always liked Yaesu hardware. I'll likely start with an 897 and then consider adding an 817 at some point.
You can do that with any number of wifi products, no amateur license needed - in fact, you'll almost certainly run afoul of the FCC quite quickly using amateur frequencies for general Internet traffic. The quickest thing to note is that you can't do anything relating to work for money using amateur frequencies.
Look at somebody like Ubiquiti Networks for some very good solutions that don't require an amateur license.
Note, though, that most ISPs won't take kindly to this, as it's very likely to break their terms of service for end-user connections.
Which is why I started out in 1993.
Hilariously, I quickly started enjoying making longer-distance contacts on 10 meters and wanted to be able to talk on the repeaters on that band using FM - so I passed my General exam and the 5 WPM code test not long after anyway.
I need to get my Advanced one of these days - now that it's just a test and doesn't require 13 WPM code, there's not much excuse anymore for not getting it done!
No doubt! A couple of weekends ago I heard 10 meters was up again, so thought I'd play. I have a Radio Shack HTX-100 10-meter radio I think I paid about $200 for way back in the day, a PVC-encased balun I bought for maybe $20, some speaker wire, some feedline and a power supply. Total was maybe $400 a long time ago.
Anyway, strung the dipole between two badminton net supports, fired it up, and was talking to Canada, Europe, and all over the east coast from the central US. My 12-year-old thought it was pretty darn cool.
Next step is I want to get something portable like an FT-857 or 817 and do some mountaintopping. Good times!
Don't forget the old tried-and-true Firewire attack as well. It's real and I've demonstrated it using a Linux laptop attached to a Windows machine via Firewire.
Apparently it still works quite well for Windows 7 as well.
On Linux you can blacklist the OHCI modules, which means your Firewire ports never come up and won't talk to anything. On Windows, not so much. One iPod with Firewire and enough time to dump some kernel memory is all it takes if your system's running and physically available to me. I can also immediately unlock the screen to get straight in.
Some have exhaust ports as well!
Use the force, anonymous Air Force pilot...
Discovered two boxes running Warp on my network today, still being used in a mission-critical capacity.
So yeah, good luck getting rid of XP!
My story goes back a bit further, I think. In 1985-6, I was a senior in High School and already a massive computer geek. My senior year school day consisted of a math class, an English class, and the rest of the day was spent in the computer lab. We mostly played on TRS-80 Model 4's but also enjoyed running a DEC PDP-8 which had 2K of core memory, two 512K drum drives the size of refrigerators, a Teletype printer console, and a bunch of whirring DECtape drives. Unfortunately it didn't run Unix, it ran RSTS/8. Unix had to wait a couple of years for accounts on VAXen and Sequent boxes.
Anyway, I'd already pounded through BASIC, Fortran and Pascal as well as Z-80 Assembler, so the computer teacher was pretty much done. A friend and I pitched the idea of working together on a self-study course in C and got approval, so a good amount of that lab time was spent with just about the only book on C there was back then - the "K&R C Book" called "The C Programming Language". To this day, I consider learning C to be my real, proper introduction to the world of computing, and I'm still here almost exactly 25 years later.
I still have that copy of the book, and inside it are all the printouts of my HS programming time including the C programs I loved writing the best. Once a year or so I look them over again to remember simpler times when "hacking" meant writing some neat C or assembly code that was as small and/or powerful as possible.
Thanks, Dennis (and Brian!), it's been a good trip so far. Rest in peace.
This isn't related to an intermediate CA issue, is it?
For example, Entrust, as part of the switch to 2048-bit certs, starting using an Entrust L1C chain authority - and we've had to load that L1C intermediate certificate onto servers to get them to recognize the certs that Entrust issued. Until you load them, the UI is not terribly helpful - the certificate chain tab doesn't show the missing L1C certificate.
Back in the early days of APRS (Automatic Position Reporting System?), the ham radio community was happily mounting GPS trackers in their cars and sending their position out for convenient viewing on APRS screens. It was fun.
Then Steve Dimse came along and started getting these position reports from the Internet to APRS gateways, making them available on a Java applet for anyone to see, and archiving them. People were more than a little bit unhappy at the time, but I think the consensus that was finally reached was "If you have a problem with that, turn off your tracker!".
I think the same applies here. The info is public, you should know it's public, so if you don't want it to be public, don't send it out.
Get real, that's tantamount to saying Novell screwed SCO over with the APA - which is utter crap.
SCO knew exactly what they were getting at the time, which WAS NOT the copyrights, because they didn't have the money to buy them. Why would they agree to pay 5% back to Novell if they were buying the copyrights outright?
The Nazgul still have their counterclaims alive in the IBM-SCO case. That could be the double-tap.
This is really just a clever cross-promotion by NBC for The Office, right?
I keep expecting Michael Scott to pop up somewhere.
would be why you keep the important stuff on one machine, crypto the heck out of it, and shut it off when you're not around. Take it all you want, losers, is it important enough for the NSA to waste time crunching on it awhile?
Full disk crypto FTW!
I get the same thing here at my company in IT security - lower-level store managers across the country who (supposedly) decide that one of their employees is loafing off too much and want their Web history for the past week or so. Or maybe they just want to know, how can I tell?
Of course, we don't use proxy authentication so it's insanely hard and time-consuming to even find that data with a degree of certainty, but even if I can, no way am I giving that up to somebody who I don't even know is definitely that person's manager.
We finally decided enough was enough, and now we categorically refuse to provide any information whatsoever unless an actual investigation incident is created with Human Resources, and only Human Resources can make the request. Problem solved on that one!
Another great one: a few years ago I helped on a worldwide Active Directory deployment for a company made up of many sub-companies. Anyway, this bunch of Battlin' Business Units distrusted one another so much that they actually paid our consulting company to be the only entity with Enterprise Admin credentials - of THEIR own AD forest! So I've somewhat been in this situation, and believe me, we also specified very carefully how that credential would be turned over and to who. Luckily this company didn't press the issue at all.
Didn't help them a whole lot with my company - the whole place, other than desktop support systems (Active Directory and Exchange and OCS, mostly) is run on Red Hat Enterprise servers. A LOT of them. In the several hundreds. With IBM Power database backends running Oracle.
And me? Typing this on my Ubuntu laptop sitting at my desk. Loving life! Now if I could just get away with rolling it out company-wide, my security job would be a heck of a lot easier.
And now I'm off to make sure the latest $@!$@!^&$ critical IE hole gets plugged in a timely fashion...
Not bloody likely, unless all the interest in Unix goes to someone else they don't own... And what other reason is there to do anything with Novell other than grind them in the dust?
What part of "convicted monopolist" is hard to understand?
"finds a way to remove Darl's vocal cords"?
There are several ways to do that which are quite well known. It's a testament to our community that no-one has implemented any.
Darl? Is that you?
You say that, and I'd agree, BUT...
The other day I bought a new TV, and the total came to about $2K. The nice salesguy told me to go ahead and use my bank account debit card, even though I had wisely brought my checkbook.
He tries to run it, it fails and tells him to call the bank. The bank automated line says no and refuses to transfer him to a person, which he says it usually does.
So instead, I write a check, he scans it and gives it back to me, and it goes through just fine, no phone call at all.
Obviously there are some other things that will have to be put in place to ditch the checks, but it can't happen soon enough for me - that's the first check I've written in over three years and it was a pain to write.
I'm not an Apple fanboi, but I will say: the problem is not that the iPhone doesn't support Flash, the problem is that Flash, as a proprietary overlay to the open Web, even exists.
I spend most of my time on my desktop using NoScript to actively BLOCK Flash, and grudgingly allow it to run when I have no other alternative to get the information I need. Flash support on a mobile phone without the means to easily block it via a permissions structure is an absolute battery and usability nightmare waiting to happen.
Trivial? You've obviously never done it.
I did a project like this - it required an offline root CA that stored its keys in a HSM (Hardware Security Module) infrastructure that ran into the $60,000+ range and required multiple-party control via "M of N" smartcards issued to multiple staff members. Same for the online issuing CA, it couldn't even be started without multiple people with multiple smartcards.
It also required development, acceptance and auditing of a Certificate Practice Statement (CPS) for both the offline root CA and the online issuing CA. Yearly auditing by an outside party.
And then, for all that trouble, you still pay a per-cert fee to the signing authority for the certs you issue.
Hardly "trivial" - try months of consulting time and a budget of $150k plus per-cert and auditing fees ongoing.
Until a couple of years ago, I was a consultant for a large three-letter firm (not IBM) that got a project to implement an internal certificate authority that would be trusted by external partners, in support of email encryption.
Some other projects came up that I needed to do and we started searching for someone else within this 20,000+ employee technology company that could do the project and had at least some familiarity with PKI issues.
There was noone.
Couple that with the fact that we were getting the CA signed by an internal division of the company with a globally-trusted root CA, and that division had precisely two employees. To run a public root CA.
I've been in IT for over 15 years, and I think the number of people I've met in that time who see PKI as anything other than a magical black box can be counted on one hand with fingers left over.
Actually the command is ETRN.
Back in the mid-90's, we used to use this with our ISDN customers who wanted to have their own email domains, but didn't want to pay for always-on ISDN. So we set up mail servers for them that would bring up the ISDN link, issue an ETRN command to our mail server, wait while the mail got sent, then shut the link back down. Worked great.
It's licensed and available on the Droid, which I assume means it's in Android 2.0?
I recently got a Droid demo unit to check out security-wise for use by our company, though, and have to say that it's nowhere near ready for corporate use. Our Exchange server policies require a numeric lock code to be implemented - but the Droid happily let me set up a profile to our server and didn't require use of the cruddy "connect the dots" that is the only thing the phone supports.
No encryption support at all. If your company requires it, it won't allow you to set up syncing.
It showed up as two devices in my "mobile devices" entry, and when I initiated a remote wipe, it happily left all my email intact on the phone, didn't wipe, and just stopped syncing.
There's a bug report filed with Google that had well over 1200 responses, last I checked, saying they can't and won't touch Android until this stuff is implemented. We made the same decision.
Shame, because I liked the hardware and the OS quite a bit, and noticed lots more useful free apps than are available on the iPhone. I'd definitely use one if it had proper enterprise security features implemented.