Well, I can tell you that my agency uses fully-encrypted hard drives on laptops. If you have a "work-only" home-office PC, it has to be fully encrypted as well and has to meet the same standards that the laptops would. All connections to the office are via VPN (and the VPN software is very careful to shut down all other network adapters, which means I have to log off of the VPN before I can print to the shared printer at my house).
Thumb drives and floppy drives are completely disallowed as well.
Lessons were learned from the fiascoes of recent years.
I've got one of those on my desk right now. So far, it has a few kinks (in theory, you can set up e-mail notification for specific events like a hard drive failure (among others), but I've never been able to get it to work). Fortunately, if you have a disk fail, the front panel light switches from blue to orange, so there is a secondary notification. By and large, though, as far as NAS RAID 1 via SMB, it just works. I just wish it were easier to get Appletalk up and running on it.
Note: Do NOT, under any circumstances, try to RAID 1 a set of disks that are formatted ext3. Bad Things(tm) will happen. The latest firmwares won't even let you try.
The upshot of this is that on Mac, you get by far the best looking Swing implementation of any Java platform.
It could also well be that SUN decided they didn't want to put the effort in and Apple should be commended for sticking with Java and doing a very good job releasing their VM. (Which I suspect is mostly SUN sources, with Apple AWT/Swing)
Despite 6 not being available, I don't mind. I also get paid to write Java, which means I can't use 6 anyway as most clients aren't ready for it...
Yep, and they've got that com.apple.* hierarchy that controls display of menus in the menu bar instead of in the application window, and so forth. You're right: those are up-sides to having Apple control releases on Mac OS. I just wish they would apply a little more effort in keeping their Java client current.
And you're also right in that not much out there requires Java 6 at this point anyway. I'm not doing anything that requires it, and the jump from 5 to 6 wasn't nearly the jump from 4 to 5. Sub-pixel rendering in Swing doesn't make near the difference for me that Generics support in Java 5 did.
To be honest, I don't know. My Java development on Apple is hobby level, and I haven't been able to convince the spouse that spring for a subscription for ADC was going to get her shareware database app written more quickly. I get paid to do it on Windows.
It would be wonderful if it worked that way. However, Apple has decided that they (not Sun) will be the source of Java for Mac boxes. This moderately irritates me in that I'm a Java developer, and would like to be able to test with Java 6. So, to do so, I have to keep a copy of Parallels and Ubuntu around.
Strange. But beautiful.
My mother-in-law is a dog breeder. For the first litter her kennel ever bred (two dogs and two bitches), the dogs were named Charm, and Strange, while the bitches were Truth and Beauty.
I originally wasn't going to reply to this, but I'll bite. The flipside of encryption is verification. By definition, if someone else (like your ISP) is issuing you a key that will be used by your computer/router/smoke signal generator, a government can attempt to use the fact that packets were encrypted by that key to say that it was exactly you (or your system) that generated the traffic. Using this in some form of legal proceeding would presumably give a much smaller degree of plausible deniability than just showing that specific traffic originated at IP xxx.xxx.xxx.xxx.
As far as your question
how will the Big Brother find out just what was the subversive text?
I'm assuming that you realize that traffic has to be decrypted and used somewhere. Like, say, on YouTube where a student records a video of other students being beaten by police and posts that video. Now, all of a sudden, if YouTube (or anyone else in the chain) keeps track of the RSA Public Key associated with the X.509 certificate being used to encrypt the traffic, then suddenly China can go to YouTube (or even one of their backbone routers), get that RSA Public Key, and hit up every ISP in the country for the identity of individual for whom that certificate was generated.
And then our poor friend in China is up the creek. Here in the States, it wouldn't be too different (it would presumably involve the use of an NSL to all of the ISPs, but with recent news, it looks like even that would be optional).
Now, I use encryption. I have a GPG key that I can (and do) use to sign any outgoing e-mail that I want to be able to authenticate as being from me. However, if I don't want to sign something, I don't have to do so. And I am in control of that key. Nobody else can take that key and generate traffic that purports to be from me.
You may want to go back and take a look at some of the key escrow ideas that the U.S. Federal government was pushing a couple of years ago when the use of PGP first became widespread if you need any more clues as to what would probably happen to your SSH keys.
Of course, it nobody will object to it unless they're a child pornographer or a terrorist. And since you're the one that came up with the idea, I guess you'll get the Lavrentiy Pavlovich Beria award for promoting free speech on the internet.
Why certainly. I'm sure that dissidents in China and Russian (and heck, even the red-stater's here in the good ole' USA) would greatly appreciate an ISP provide Big Brother with a tool that can easily be used to determine who posted what subversive text.
One of the nicest things about the Internet is the anonymity it provides.
I did some quick browsing through Microsoft's web site, but unfortunately, they seem to have some... issues with my non-use of IE.:) Anyway, if I'm not too mistaken, there are only two (or at the most three) major versions of windows that are supported. Vista and XP are supported, and I vaguely remember that 2K has been sunsetted already. So, if we consider 2K, there are three major versions of Windows to support. For SQL server, there is SQL Server 2K and 2K5. Same with Exchange Server.
The question would be with Office: I have no idea how far back their support of Office goes on the Microsoft update site.
And, again, my original point is that the parent was wrong: updates of this nature CAN be performed without sending any info to Microsoft's web site. One of your siblings noted that device driver updates weren't particularly linkable to a person. To be honest, neither are computer make and model. It is when they start tying that all to a GUID that I start to see ulterior motives. And, whether they store that GUID locally or on their servers makes no difference.
True. But, generally, having an individual piece of hardware is nowhere near as personally identifiable as a combination of machine make, model, GUID and so forth. Anyway, you're missing the point. I was merely refuting parent's comment that this information was required for the service, and it isn't.
Define "freakin' huge". Depending on how they wished to encode it, I'd put a guess in at a document around 150-200k or so. I'll go so far as to say 500k tops. That may be an extra 10 seconds on my DSL line. Compared how long it took that stinkin' ActiveX control to initialize in IE, even an extra minute or two would get lost in the underflow.
Um, no. None of this needs to be sent back to Microsoft to determine which updates need to be downloaded. The local Windows Update control should download a list of all available patches, make the comparisons locally, and then download only the needed patches. They have no need to know what my computer make, model, shoe (and/or bra) size is.
Which is one of the reasons that this is being written on a brand spanking new MacBook Pro
Just think, if they buried them, we'd be able to run a loop of copper around them. Free power for life, or at least until the power company noticed an odd drop in the current on my run.
Well, a buddy of mine down the road observed Elvis and a bunch of little green dudes landing a flying saucer and making a bunch of circles in the neighbor's wheat field a couple of weeks ago. That doesn't even come close to making it a verifiable fact.
Yes, I read the article, and just saying that Apple has the "legal right" to implement the API doesn't necessarily mean that they would be able to do it effectively. As others (including myself) have pointed out, due to the cross-development agreement that IBM had with Microsoft for OS/2, they had rights equivalent to what Cringely is saying that Apple enjoyed with Microsoft until 2002.
And the only way IBM was ever able to get Windows to work even halfway correctly was to package an entire Windows 3.1 distribution into the operating system.
I was really amused at the way he mentioned "the Windows API" like it was half a dozen export functions from some 3rd party dll. If he'd ever gone to MSDN (or had installed any version of Visual Studio with the appropriate documentation), he'd know that attempting simply to implement enough of the core Win32 API to be useful would be virtually impossible. This isn't even counting some of the add-on systems like COM and Direct X. And it's not counting the fact that this implementation would not need to be "documentation compatible", but bug-for-bug compatible with its Windows counterpart.
There have been at least three projects that I know of (Wine, OS/2 Warp 4, and ReactOS) that have tried to do implementations of the Win32 API. OS/2s implementation never truly got off the ground (and was neither able to run native Win32 code, nor was it even reasonably complete). Wine and ReactOS have both been fighting a Sisyphean battle with Microsoft throughout the life of their projects.
Then, you need to add in the fact that Apple has historically been very jealous of their user experience. I don't expect that Apple would ever release something like this unless and until it was impossible to distinguish a Win32 application from a native app.
Don't get me wrong: I'd love to see it (it would provide justification that I could use on the spouse for upgrading our G4 MiniMac). I just think that Cringely needs to put down crack pipe and slowly back away.
Well, define equipment. Most larger hospitals are going to electronic medical records. Say that the computers by each bed in the Urgent Care area or in the ICU that are used to review patient medical records are infected and go down. Suddenly, the clinicians no longer have the ability to see the patients'
current medications
allergies
and someone dies due to a medication problem.
It sounds like they got lucky this time, but this is first-order scary.
You see, this is just a sneaky plan by NASA to ensure that they get their manned mission to Mars. We send all the copper to Mars. Then, when we run out, we HAVE to send a manned mission to bring it all home.
Most of my time in my Linux desktop these days is spent in Eclipse. The last time I tried KDE, it did an 'ungood' job of interpreting the UI hints provided by not only Eclipse but all the other GTK apps I was running.
Right now, I need Eclipse a LOT more than I need KDE. So, when someone ports SWT to QT, I'll probably be the first one to switch. Until then, I'll be in Gnome.
You are correct. And I'll admit I was curious when I read the Barnes and Noble review that the the book concerns the use of private keys instead of public. I'll withhold judgement on that until I've read the book (it's the first book I've seen reviewed on/. that I've actually considered buying), but I'd be interested to see how the author plans on effectively securing the private keys to the various portions of the database.
I'll still stand by my statement that it should be possible to present a technical solution in a book that is robust, secure, understandable, and usable by a professional-level developer, though.
Using your example, it is indeed entirely possible to use Blowfish to encrypt all the data in a table. But, if you do it in a naieve way, the protection afforded by the (perfectly good choice of) primitive will be reduced or lost entirely.
I can see your point. However, the level of expertise required to implement security at this level doesn't rise to the level of expertise required to implement a completely new crytographic algorithm (while, to me, it looked like the original poster was implying that implementing even this level of security should only be done by crypto experts). Opinions may differ, but I think that this is within the scope of a book provided the reader of the book has some level of education as a programmer already.
In my opinion, if you don't have some knowlege of security (and how to write secure code in your language of choice), you probably shouldn't be a (professional) programmer to begin with.
Slashdot Mirror
Thumb drives and floppy drives are completely disallowed as well.
Lessons were learned from the fiascoes of recent years.
I've got one of those on my desk right now. So far, it has a few kinks (in theory, you can set up e-mail notification for specific events like a hard drive failure (among others), but I've never been able to get it to work). Fortunately, if you have a disk fail, the front panel light switches from blue to orange, so there is a secondary notification. By and large, though, as far as NAS RAID 1 via SMB, it just works. I just wish it were easier to get Appletalk up and running on it.
Note: Do NOT, under any circumstances, try to RAID 1 a set of disks that are formatted ext3. Bad Things(tm) will happen. The latest firmwares won't even let you try.
Thanks for the info: I hadn't realized that the preview was available in the freebie ADC membership. I'll have to go check that out!
It could also well be that SUN decided they didn't want to put the effort in and Apple should be commended for sticking with Java and doing a very good job releasing their VM. (Which I suspect is mostly SUN sources, with Apple AWT/Swing)
Despite 6 not being available, I don't mind. I also get paid to write Java, which means I can't use 6 anyway as most clients aren't ready for it...
Yep, and they've got that com.apple.* hierarchy that controls display of menus in the menu bar instead of in the application window, and so forth. You're right: those are up-sides to having Apple control releases on Mac OS. I just wish they would apply a little more effort in keeping their Java client current.
And you're also right in that not much out there requires Java 6 at this point anyway. I'm not doing anything that requires it, and the jump from 5 to 6 wasn't nearly the jump from 4 to 5. Sub-pixel rendering in Swing doesn't make near the difference for me that Generics support in Java 5 did.
I feel so unclean.
It would be wonderful if it worked that way. However, Apple has decided that they (not Sun) will be the source of Java for Mac boxes. This moderately irritates me in that I'm a Java developer, and would like to be able to test with Java 6. So, to do so, I have to keep a copy of Parallels and Ubuntu around.
Strange. But beautiful. My mother-in-law is a dog breeder. For the first litter her kennel ever bred (two dogs and two bitches), the dogs were named Charm, and Strange, while the bitches were Truth and Beauty.
As far as your question
how will the Big Brother find out just what was the subversive text?I'm assuming that you realize that traffic has to be decrypted and used somewhere. Like, say, on YouTube where a student records a video of other students being beaten by police and posts that video. Now, all of a sudden, if YouTube (or anyone else in the chain) keeps track of the RSA Public Key associated with the X.509 certificate being used to encrypt the traffic, then suddenly China can go to YouTube (or even one of their backbone routers), get that RSA Public Key, and hit up every ISP in the country for the identity of individual for whom that certificate was generated.
And then our poor friend in China is up the creek. Here in the States, it wouldn't be too different (it would presumably involve the use of an NSL to all of the ISPs, but with recent news, it looks like even that would be optional).
Now, I use encryption. I have a GPG key that I can (and do) use to sign any outgoing e-mail that I want to be able to authenticate as being from me. However, if I don't want to sign something, I don't have to do so. And I am in control of that key. Nobody else can take that key and generate traffic that purports to be from me.
You may want to go back and take a look at some of the key escrow ideas that the U.S. Federal government was pushing a couple of years ago when the use of PGP first became widespread if you need any more clues as to what would probably happen to your SSH keys.
Of course, it nobody will object to it unless they're a child pornographer or a terrorist. And since you're the one that came up with the idea, I guess you'll get the Lavrentiy Pavlovich Beria award for promoting free speech on the internet.
Glad to see you know how to fix the Internet.
Wrong. I've got one in my wallet right now, ant it is, in fact, a MasterCard.
One of the nicest things about the Internet is the anonymity it provides.
I did some quick browsing through Microsoft's web site, but unfortunately, they seem to have some... issues with my non-use of IE. :) Anyway, if I'm not too mistaken, there are only two (or at the most three) major versions of windows that are supported. Vista and XP are supported, and I vaguely remember that 2K has been sunsetted already. So, if we consider 2K, there are three major versions of Windows to support. For SQL server, there is SQL Server 2K and 2K5. Same with Exchange Server.
The question would be with Office: I have no idea how far back their support of Office goes on the Microsoft update site.
And, again, my original point is that the parent was wrong: updates of this nature CAN be performed without sending any info to Microsoft's web site. One of your siblings noted that device driver updates weren't particularly linkable to a person. To be honest, neither are computer make and model. It is when they start tying that all to a GUID that I start to see ulterior motives. And, whether they store that GUID locally or on their servers makes no difference.
True. But, generally, having an individual piece of hardware is nowhere near as personally identifiable as a combination of machine make, model, GUID and so forth. Anyway, you're missing the point. I was merely refuting parent's comment that this information was required for the service, and it isn't.
Define "freakin' huge". Depending on how they wished to encode it, I'd put a guess in at a document around 150-200k or so. I'll go so far as to say 500k tops. That may be an extra 10 seconds on my DSL line. Compared how long it took that stinkin' ActiveX control to initialize in IE, even an extra minute or two would get lost in the underflow.
Um, no. None of this needs to be sent back to Microsoft to determine which updates need to be downloaded. The local Windows Update control should download a list of all available patches, make the comparisons locally, and then download only the needed patches. They have no need to know what my computer make, model, shoe (and/or bra) size is. Which is one of the reasons that this is being written on a brand spanking new MacBook Pro
Well, I can dream.
Yes, I read the article, and just saying that Apple has the "legal right" to implement the API doesn't necessarily mean that they would be able to do it effectively. As others (including myself) have pointed out, due to the cross-development agreement that IBM had with Microsoft for OS/2, they had rights equivalent to what Cringely is saying that Apple enjoyed with Microsoft until 2002.
And the only way IBM was ever able to get Windows to work even halfway correctly was to package an entire Windows 3.1 distribution into the operating system.
There have been at least three projects that I know of (Wine, OS/2 Warp 4, and ReactOS) that have tried to do implementations of the Win32 API. OS/2s implementation never truly got off the ground (and was neither able to run native Win32 code, nor was it even reasonably complete). Wine and ReactOS have both been fighting a Sisyphean battle with Microsoft throughout the life of their projects.
Then, you need to add in the fact that Apple has historically been very jealous of their user experience. I don't expect that Apple would ever release something like this unless and until it was impossible to distinguish a Win32 application from a native app.
Don't get me wrong: I'd love to see it (it would provide justification that I could use on the spouse for upgrading our G4 MiniMac). I just think that Cringely needs to put down crack pipe and slowly back away.
Well, we do manufacture very nice bombs, but we've been giving those away for free.
and someone dies due to a medication problem.
It sounds like they got lucky this time, but this is first-order scary.
man shred(1)
Jill (face flushing): But I couldn't resist.. It was one of the new quad Opteron machines!
Enrique: So, you're saying you're only staying with me for the servers???
Jill: Please, Enrique. Can you forgive me? (general tears break out)
Tune in next week when Jill finds a new use for the neon tubes in Gary's gaming machine.
Nope.. Somehow, I think that this is just one of those things from which nothing good can come.
You see, this is just a sneaky plan by NASA to ensure that they get their manned mission to Mars. We send all the copper to Mars. Then, when we run out, we HAVE to send a manned mission to bring it all home.
Right now, I need Eclipse a LOT more than I need KDE. So, when someone ports SWT to QT, I'll probably be the first one to switch. Until then, I'll be in Gnome.
I'll still stand by my statement that it should be possible to present a technical solution in a book that is robust, secure, understandable, and usable by a professional-level developer, though.
I can see your point. However, the level of expertise required to implement security at this level doesn't rise to the level of expertise required to implement a completely new crytographic algorithm (while, to me, it looked like the original poster was implying that implementing even this level of security should only be done by crypto experts). Opinions may differ, but I think that this is within the scope of a book provided the reader of the book has some level of education as a programmer already.
In my opinion, if you don't have some knowlege of security (and how to write secure code in your language of choice), you probably shouldn't be a (professional) programmer to begin with.