I wouldn't want to trust just the secretary of the other org. However, with public keys (HTTPS, PGP, SSH, anything else similar), it's good for the information on "how to verify" the key to be widely disseminated. For example, the org could put its key fingerprint, and a screenshot of the same as used in common applications, on an indexable part of its HTTPS-protected public website. An individual could put his PGP key fingerprint on his (paper) business card, as fine-print on his resume or CV, and in his e-mail signature. The secretary should be able to say what the key is, and how to verify that.
Right now, GMail, YouTube and Maps are all mixed together (not necessarily 100%, probably possible to do IP filtering, but Google may be moving away from that)... take maps away and it's easier to block the other two.
On the Android platform, there are third-party, open-source apps available for encrypted voice and SMS. Those are just the ones I'm familiar with; there may be others.
Hibernation actually is a security hole. I'll ignore the kexec issue for now, but encrypted and checksummed hibernate images would be a good thing, and would be nice on a non-SecureBoot system as well. At a minumum, the hibernation image should carry a checksum of { the image data + the kernel that loaded it + relevant platform data }. That would at least prevent partially booting a suspend image with random corruption. Can SecureBoot also provide a secret key used only to encrypt the suspend image and decrypt it during boot? Or some additional data to feed into the checksum that securely identifies the platform? Or keep the suspend checksum in nonvolatile memory that can only be written to by a trusted operating system?
Basic "student" visa, yes. However, there are exceptions/special cases that allow work outside the school. One whole school in the SF bay area was shut down for visa fraud; see this article and this article.
... except that bona-fide work visas for random foreigners are pretty hard to come by. For many international students, a student visa is the only way to be in this country until they graduate, after which if their grades were good enough they have a shot at an H-1B or a sponsored visa. Then there are the schools that are diploma-mills whose main purpose is to allow their students to work in "practical training" as soon as possible...
Several of your arguments are either false these days, or not as bad (especially versus the alternatives) as you make them sound:
-take 30 seconds to a minute to load
This load-time is for the first applet in a browsing-session, not each one; and "30 seconds to a minute" is an outer figure, on a reasonably modern system it will be less. I've seen Flash-based games that took a long time to initialize, as well.
- fonts and widgets are not native and look weird
Actually, you can have native widgets, with the old AWT components; it's the (slightly newer, still around for a long time) Swing that looks the same on every platform. Whether it's "ugly" is a matter of opinion.
Now, it's true that some people never need to run applets, those who do don't do so every day, and some applets look like something from 1995 because they really were written in 1995, and still work; but the Java plugin is not totally going away any time soon, and I think it's still a good choice for applications with unusual UI requirements that need to run "in" a browser.
Applets aren't just games, either. From my current needs:
The GIS browser for the city I live in;
My employer's expense-submission program;
The VPN clients (from two different vendors) for systems I access for work
And that doesn't even include JNLP (Java Web Start) programs, which aren't the same "sandbox" but which also depend on Java platform security for their sandbox.
Except that the packet already has at least an 8-byte UDP header, a 20-byte IPv4 (or 40-byte IPv6) header, and a link-layer header of some sort. There's probably some sort of checksum and block padding within those 70 bytes (which may in fact include the UDP or TCP header as well).
Similarly, VNC tunneled over SSH doesn't use 1-byte and 2-byte packets. For a certain block-size for which I did calculations and watched some real-life traffic, actual packet payloads for the different relevant messages are as follows:
SSH CHANNEL_OPEN "direct_tcp": 92 bytes
KeyEvent (messagetype=4): 44 bytes
PointerEvent (messagetype=5): 28 bytes
ClientCutText: at least 44 bytes
Since there are only about 90 keys on my keyboard, that seems like a lot of wasted space per packet; but remember that just the TCP and IPv4 headers are 40 bytes, so it's only 51.2% of the IP data, and even less of the link-level data.
Had to dig a bit to find it (no link in article). The law itself just says that registered offenders have to provide Internet IDs as well as name and address, that the state may disclose them in certain cases, and that a certain subset of offenders may not access a certain subset of websites. How this translates into account closures is that the gaming companies, or whatever, consider the accounts to be in violation of their Terms of Service; for example, the Facebook ones specify:
You will not use Facebook if you are a convicted sex offender.
If someone doesn't like that, they need to sue Facebook; this particular law did not require Facebook to add it.
Strange thing is that both domains are anonymized now, makes it hard to tell who's who in this argument:
Domain ID:D160468854-LROR
Domain Name:CYANOGENMOD.ORG
Created On:21-Oct-2010 18:09:32 UTC
Last Updated On:01-Nov-2012 04:14:02 UTC
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Registrant Name:WhoisGuard Protected
Registrant Organization:WhoisGuard
Registrant Street1:11400 W. Olympic Blvd. Suite 200
Registrant City:Los Angeles
Registrant State/Province:CA
Registrant Postal Code:90064
Registrant Country:US
Registrant Phone:+1.6613102107
Registrant FAX:+1.6613102107
Registrant Email:f400f5cbeeb24eebbd31e75924334a65.protect@whoisguard.com
For bootstrapping and security, I imagine. If there's a cold outage, or an extended spike in network traffic, or a misconfiguration on a switch that blocks all network traffic for a few minutes, a few services will need to be working without depending on anything else when everything else is brought online. That might be master NTP, master DNS, master LDAP, or as stated monitoring (so you can see what actually went wrong in one place). And you could run all of them on one box, with two or three similar as backup, but the point of the question is that you don't need a 64-CPU SPARC box for those services even in a large datacenter; and even if you ran it on a 4-CPU x64 blade, that would be harder to find in the dark or with alarms going off than a standalone box.
It's not just this particular video, I'm sure there are a lot of other things the people rioting are upset about: general economic problems, lack of political voice / security in their own country, heavy red-tape for their countrymen who actually do want to study in the 1st world, creeping secularism in their country, scantily-clad tourists from the 1st world on their beaches. If said video hadn't been released recently, there are a lot of other things people could have protested in a riot.
Just like the Boston Tea Party wasn't about the price of tea alone, it was about taxes in general, and more beyond that about the right to self-government.
Actually, BYU has been coed since 1886 (or earlier?). I live in a college town (outside Utah), so a lot of families in the LDS congregation I attend have at least one parent in school; it seems like more of those are men, but in several families the wife is the one attending graduate school. And three of my siblings have graduated from BYU, so far, including my two sisters; my sisters both earned graduate degrees as well.
And apparently Ann Romney went to BYU, although French is admittedly not a "technical" subject.
Before doing so, you might want to do the following, just to be safe:
1. Download a copy of your data, keep it somewhere safe.
2. Announce on your wall that you will be deleting your facebook account permanently soon, and that anyone who wants to stay in touch needs to take note of alternate contact-info.
3. Make note of alternate contact-info for anyone you might want to stay in contact with; send them an FB message if nothing else
4. Attach alternate e-mail addresses to your account, so that you'll be deleting them all at once
5. Wait some time (a week? a month?)
Of course, none of this stops someone from creating an account purporting to be you, with a similar-sounding name, and a throwaway address at some web-mail provider that looks similar to yours. Keeping a FB account open doesn't do much to avoid it, either, except that someone who searches on your name get two hits and have to decide between them.
Counterexample: my wife found a box of DVDs of "1000 classic commercials" (mostly from the 1950s or earlier, many of them black-and-white) and bought it, I don't know where. Our 8-year-old son watches them sometimes for fun; it's a lot safer than what would be on a random TV channel. The ones that talk about products that don't exist, or make outlandish claims, are especially funny.
For a gaussian ("bell curve") distribution, all three are the same. For a lot of actual or plausible distributions, all three are fairly close to each other; though it's certainly possible to think up pathological cases where none of them is useful.
"Please supply citations for the quantitative data and analysis that led to your claim that; "pseudoscientific" health courses are undermining the international credibility of Australia’s universities.
"Your article's references in the Medical Journal of Australia neither support nor contradict your claim, they indicate no causal link between the international credibility of Australian universities and the offering or otherwise of alternative health courses."
Forget earthquakes. On a typical sunny day the Zocalo is filled with Aztec ceremonial dancers stomping, peddlers selling imported Korean and Chinese goods, and hundreds or even thousands of tourists. I hope they're planning to use glass block rather than traditional "windows"; and will even that stand up to all the foot and hand-cart traffic?
On the other hand, sewage / drainage isn't as big a problem there as it would be in a coastal city. Mexico City is at an altitude of 7,900 feet, and a couple centuries ago they drained the lake-bed by digging tunnels along the lowest nearby mountain-pass.
... and Visio 2k10, at work. Everything else I use is supported (or originally for) Linux: Lotus Notes, Lotus Symphony, Rational, Oracle SQL Developer, Oracle SQL*Plus, WebSphere, emacs, gimp, xfig (I have Cygwin installed). PuTTY is a little bit easier to configure with funny fonts/colors/scrollback per host than xterm, but that's what programs like Gnome Terminal are for.
At home, my kids use Windows ME to play some games, but everything else is Linux, and my kids play games on that too. Family finances, personal e-mail, genealogy... all on Linux. In the past we've had Windows XP and Windows 2k3 server, but not currently.
There are some border cases where things are apparently not supported as well; for instance I haven't been able to share a webcam using Skype (at home) on Linux, and SameTime for Linux apparently doesn't currently do desktop sharing. On the other hand, a lot of stuff is faster on Linux on the same hardware; boot time on my wife's laptop went from over a minute to just a few seconds (sometimes tens of seconds) by wiping it and installing Ubuntu.
If you can do that, more power to you. In my case, I need the Java plugin for a number of core work functions:
The corporate expense-reporting application
The desktop/webcam/slide-sharing portion of the corporate standard audio/video-conferencing platform
The corporate standard e-learning platform (which was used to deliver "data security and privacy" training 4Q last year)
The download-assistant at the internal site where I obtain official copies of our software products (customers use a different interface to the same site, with the same Java applet to download "images")
The drag-and-drop-to-upload function of one of our document-management products
My employer is a Java licensee, we have our own VM, I would hope that makes our Java plugin less vulnerable.
I might be able to get away with disabling the Acrobat plugin, but I need some sort of PDF viewer because a lot of the documents I have to read are only available to me in PDF. I might be able to get away with disabling Flash, although other divisions' salesmen have been publishing some videos they want me to watch on YouTube, and the old version of a system I'm helping write a replacement for uses Flash on its front page. (You didn't mention QuickTime, but the above-mentioned audio-video-conferencing platform exports recorded conferences as either QuickTime or Windows Media, which means I need a player for at least one of those formats.)
I guess I could run a pluginless browser (say Konqueror?) in a low-privilege account in a VM, or on a remote server, and use only that to access third-party vendor and customer websites... but Java was supposed to solve the "running code in a browser" problem when it first came out, right?
Really this is a black mark for Oracle, even though they didn't write the MySQL database: they've been owners of that website for over a year now, and they were selling "unbreakable Linux" way before that; what kind of system-administration process is in place that allows an unknown party root access to one of a company's high-profile front pages?
On the other hand, to make the analogy more detailed: "Someone broke into the factory (or farm, or dairy) within the past month. We've shut down the factory while we check for contamination. We believe the production process itself is tamper-proof, but we're verifying everything just to be sure." Food with an expiration date before (one month ago + normal shelf lifetime) is still safe to use in any case; so anyone currently running a supported commercial distro (think RHEL) or the stable version of a community distro (think Debian) shouldn't need to worry right now.
So you probably won't read this because you posted "anonymous", but if you're encouraging someone to be "serious" please get your facts straight...
Joseph Smith never set foot in Utah, or anywhere within 1,000 miles of its modern borders. He was shot by a masked, "anonymous" lynch-mob in summer 1844; at that time he was serving as the democratically elected mayor of the city of Nauvoo, with about 10,000 residents in it; wagons didn't start rolling across the Mississippi River westward until about February 1846.
Actually, the first question on the referendum is basically "how important would this feature be?" If you are eligible to vote and you are against the feature, you can certainly vote "0" on that item, "?" on the rest, and include any specific comments in the free-text field at the end. Enough "0" votes and the board may decide to postpone or rethink the feature.
Slashdot Mirror
I wouldn't want to trust just the secretary of the other org. However, with public keys (HTTPS, PGP, SSH, anything else similar), it's good for the information on "how to verify" the key to be widely disseminated. For example, the org could put its key fingerprint, and a screenshot of the same as used in common applications, on an indexable part of its HTTPS-protected public website. An individual could put his PGP key fingerprint on his (paper) business card, as fine-print on his resume or CV, and in his e-mail signature. The secretary should be able to say what the key is, and how to verify that.
Right now, GMail, YouTube and Maps are all mixed together (not necessarily 100%, probably possible to do IP filtering, but Google may be moving away from that) ... take maps away and it's easier to block the other two.
On the Android platform, there are third-party, open-source apps available for encrypted voice and SMS. Those are just the ones I'm familiar with; there may be others.
... rnfvre guna qvttvat hc gur pbqr V cebonoyl qvq jevgr ng bar gvzr ...
Hibernation actually is a security hole. I'll ignore the kexec issue for now, but encrypted and checksummed hibernate images would be a good thing, and would be nice on a non-SecureBoot system as well. At a minumum, the hibernation image should carry a checksum of { the image data + the kernel that loaded it + relevant platform data }. That would at least prevent partially booting a suspend image with random corruption. Can SecureBoot also provide a secret key used only to encrypt the suspend image and decrypt it during boot? Or some additional data to feed into the checksum that securely identifies the platform? Or keep the suspend checksum in nonvolatile memory that can only be written to by a trusted operating system?
Basic "student" visa, yes. However, there are exceptions/special cases that allow work outside the school. One whole school in the SF bay area was shut down for visa fraud; see this article and this article.
... except that bona-fide work visas for random foreigners are pretty hard to come by. For many international students, a student visa is the only way to be in this country until they graduate, after which if their grades were good enough they have a shot at an H-1B or a sponsored visa. Then there are the schools that are diploma-mills whose main purpose is to allow their students to work in "practical training" as soon as possible...
This load-time is for the first applet in a browsing-session, not each one; and "30 seconds to a minute" is an outer figure, on a reasonably modern system it will be less. I've seen Flash-based games that took a long time to initialize, as well.
Actually, you can have native widgets, with the old AWT components; it's the (slightly newer, still around for a long time) Swing that looks the same on every platform. Whether it's "ugly" is a matter of opinion.
Now, it's true that some people never need to run applets, those who do don't do so every day, and some applets look like something from 1995 because they really were written in 1995, and still work; but the Java plugin is not totally going away any time soon, and I think it's still a good choice for applications with unusual UI requirements that need to run "in" a browser.
Applets aren't just games, either. From my current needs:
And that doesn't even include JNLP (Java Web Start) programs, which aren't the same "sandbox" but which also depend on Java platform security for their sandbox.
Except that the packet already has at least an 8-byte UDP header, a 20-byte IPv4 (or 40-byte IPv6) header, and a link-layer header of some sort. There's probably some sort of checksum and block padding within those 70 bytes (which may in fact include the UDP or TCP header as well).
Similarly, VNC tunneled over SSH doesn't use 1-byte and 2-byte packets. For a certain block-size for which I did calculations and watched some real-life traffic, actual packet payloads for the different relevant messages are as follows:
Since there are only about 90 keys on my keyboard, that seems like a lot of wasted space per packet; but remember that just the TCP and IPv4 headers are 40 bytes, so it's only 51.2% of the IP data, and even less of the link-level data.
If someone doesn't like that, they need to sue Facebook; this particular law did not require Facebook to add it.
Strange thing is that both domains are anonymized now, makes it hard to tell who's who in this argument:
Domain Name:CYANOGENMOD.ORG
Created On:21-Oct-2010 18:09:32 UTC
Last Updated On:01-Nov-2012 04:14:02 UTC
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Registrant Name:WhoisGuard Protected
Registrant Organization:WhoisGuard
Registrant Street1:11400 W. Olympic Blvd. Suite 200
Registrant City:Los Angeles
Registrant State/Province:CA
Registrant Postal Code:90064
Registrant Country:US
Registrant Phone:+1.6613102107
Registrant FAX:+1.6613102107
Registrant Email:f400f5cbeeb24eebbd31e75924334a65.protect@whoisguard.com
versus
Administrative Contact:
Contact Privacy Inc. Customer 0121602432, cyanogenmod.com@contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA
+1.4165385457
For bootstrapping and security, I imagine. If there's a cold outage, or an extended spike in network traffic, or a misconfiguration on a switch that blocks all network traffic for a few minutes, a few services will need to be working without depending on anything else when everything else is brought online. That might be master NTP, master DNS, master LDAP, or as stated monitoring (so you can see what actually went wrong in one place). And you could run all of them on one box, with two or three similar as backup, but the point of the question is that you don't need a 64-CPU SPARC box for those services even in a large datacenter; and even if you ran it on a 4-CPU x64 blade, that would be harder to find in the dark or with alarms going off than a standalone box.
Just like the Boston Tea Party wasn't about the price of tea alone, it was about taxes in general, and more beyond that about the right to self-government.
And apparently Ann Romney went to BYU, although French is admittedly not a "technical" subject.
FAQ "What do I have to do to permanently eliminate my account?"
Before doing so, you might want to do the following, just to be safe:
Of course, none of this stops someone from creating an account purporting to be you, with a similar-sounding name, and a throwaway address at some web-mail provider that looks similar to yours. Keeping a FB account open doesn't do much to avoid it, either, except that someone who searches on your name get two hits and have to decide between them.
Counterexample: my wife found a box of DVDs of "1000 classic commercials" (mostly from the 1950s or earlier, many of them black-and-white) and bought it, I don't know where. Our 8-year-old son watches them sometimes for fun; it's a lot safer than what would be on a random TV channel. The ones that talk about products that don't exist, or make outlandish claims, are especially funny.
For a gaussian ("bell curve") distribution, all three are the same. For a lot of actual or plausible distributions, all three are fairly close to each other; though it's certainly possible to think up pathological cases where none of them is useful.
Footnote ... link to said 1942 Census Indexing start-page and blog.
Interesting comment on the article:
Forget earthquakes. On a typical sunny day the Zocalo is filled with Aztec ceremonial dancers stomping, peddlers selling imported Korean and Chinese goods, and hundreds or even thousands of tourists. I hope they're planning to use glass block rather than traditional "windows"; and will even that stand up to all the foot and hand-cart traffic?
On the other hand, sewage / drainage isn't as big a problem there as it would be in a coastal city. Mexico City is at an altitude of 7,900 feet, and a couple centuries ago they drained the lake-bed by digging tunnels along the lowest nearby mountain-pass.
At home, my kids use Windows ME to play some games, but everything else is Linux, and my kids play games on that too. Family finances, personal e-mail, genealogy ... all on Linux. In the past we've had Windows XP and Windows 2k3 server, but not currently.
There are some border cases where things are apparently not supported as well; for instance I haven't been able to share a webcam using Skype (at home) on Linux, and SameTime for Linux apparently doesn't currently do desktop sharing. On the other hand, a lot of stuff is faster on Linux on the same hardware; boot time on my wife's laptop went from over a minute to just a few seconds (sometimes tens of seconds) by wiping it and installing Ubuntu.
My employer is a Java licensee, we have our own VM, I would hope that makes our Java plugin less vulnerable.
I might be able to get away with disabling the Acrobat plugin, but I need some sort of PDF viewer because a lot of the documents I have to read are only available to me in PDF. I might be able to get away with disabling Flash, although other divisions' salesmen have been publishing some videos they want me to watch on YouTube, and the old version of a system I'm helping write a replacement for uses Flash on its front page. (You didn't mention QuickTime, but the above-mentioned audio-video-conferencing platform exports recorded conferences as either QuickTime or Windows Media, which means I need a player for at least one of those formats.)
I guess I could run a pluginless browser (say Konqueror?) in a low-privilege account in a VM, or on a remote server, and use only that to access third-party vendor and customer websites... but Java was supposed to solve the "running code in a browser" problem when it first came out, right?
Really this is a black mark for Oracle, even though they didn't write the MySQL database: they've been owners of that website for over a year now, and they were selling "unbreakable Linux" way before that; what kind of system-administration process is in place that allows an unknown party root access to one of a company's high-profile front pages?
On the other hand, to make the analogy more detailed: "Someone broke into the factory (or farm, or dairy) within the past month. We've shut down the factory while we check for contamination. We believe the production process itself is tamper-proof, but we're verifying everything just to be sure." Food with an expiration date before (one month ago + normal shelf lifetime) is still safe to use in any case; so anyone currently running a supported commercial distro (think RHEL) or the stable version of a community distro (think Debian) shouldn't need to worry right now.
So you probably won't read this because you posted "anonymous", but if you're encouraging someone to be "serious" please get your facts straight...
Joseph Smith never set foot in Utah, or anywhere within 1,000 miles of its modern borders. He was shot by a masked, "anonymous" lynch-mob in summer 1844; at that time he was serving as the democratically elected mayor of the city of Nauvoo, with about 10,000 residents in it; wagons didn't start rolling across the Mississippi River westward until about February 1846.
Actually, the first question on the referendum is basically "how important would this feature be?" If you are eligible to vote and you are against the feature, you can certainly vote "0" on that item, "?" on the rest, and include any specific comments in the free-text field at the end. Enough "0" votes and the board may decide to postpone or rethink the feature.