Please enact a law requiring that each and every use of our SSN be verified by the assignee (by phone, in-person, etc) of the SSN. Force the credit-granting agencies to verify before granting credit in such a way that the verification could only be used one time, for a limited time frame, for a set amount of credit to extend. Write the law in such a way that the credit issuer and credit agency are responsible for any un-verified credit and not the holder of the SSN.
This will undoubtedly stir opposition amongst the credit-industry lobbyists, but please remember you work for us, not them. We expect adequate protection and this very simple process would provide just that.
For a good portion of my database backups that may or may not contain confidential information, I tar, compress and encrypt with gpg my backup data files before they get put into a directory archived by by our automated tape library. I don't have to trust who has the tapes, and who is going to carry them off-site during our next hurricane threat. I clocked gpg on a fairly modest Dell 2950 server at about 10 megabytes / second. If you need more, there are hardware-based accelerator cards available.
As a Texan I must say I would NEVER pay for my RIGHT to be on PUBLIC PROPERTY. I can see paying to bring my car along with and I have no problem with that, but to change people to be on the beach is an outrage.
Does that same argument apply to VMWare too then? (for their product that allows you to fully virtualize non-modified operating systems on non VT/SVM hardware)
It seems that VirtualBox.org's product, fully virtualizing a copy of XP on my non-VT machine under a linux host OS, totally runs circles around Xen even on VT hardware as far as performance is concerned. Integration into the host enviroment is also quite beautiful. Why is there seldom a mention of VirtualBox in this arena?
It looks to me like she had absolutely no control whatsoever of her class and was being walked over by her students. The suspension was well deserved, not just for the libel, but for the behavior in class. These little brats need to show some respect. I've had a boss in the distant past who was an asshole, and had I done the same to him I'm sure I'd of been fired pretty damn fast.
It looks like a firm in Germany already offers a AES-256 bit encrypted mobile and POTS phone, as well as a softphone. Although their hard phones aren't cheap, the softphone is free to give to your contacts. http://www.cryptophone.de They alse include source code for "full independent review" with their products.
Similarly, Phil Zimmermann, the creator of PGP has released his Zphone to make encrypted VoIP calls. Also, the Asterisk project offers an encrypted IAX channel.
One of the biggest problems with biometric authentication is the lack of ability to revoke a compromised biometric key. Sure you can revoke rights based on a fingerprint, but then you've no way to use it again. Lifting fingerprints with gelatin isn't really that hard. See http://www.schneier.com/crypto-gram-0205.html#5 for more information on the gummy-bear fingerprint reader bypass technique.
Personally, I think biometrics are great as a username equivalent, but should not be relied on for authentication. There is sound reason to have (1) something you have with (2) something you know in a good authentication system. The ability to revoke and re-generate either component is needed.
I sure the hell wouldn't want to be the poor tech who cuts that thing open. That's a really long haul for the DC current that runs the inline amplifiers. I bet it's in the tens of thousands of volt range. Tapping something like that wouldn't just be hard, it would be quite dangerous.
Uh, I'd pick choice 2. I'd decrypt the volume which would have a few files in it and otherwise appear mostly empty. There would be no way to detect or prove the existence (or non-existence) of another encrypted volume within the first volume. End of story...and yes, you'd have to lie if asked if there was another volume contained within, but it would also be a very safe lie to tell, assuming you don't have something stupid like external references to stuff in the inner volume.
Truecrypt leaves behind no sort of "signature" that would identify data as being a TC volume in the first place. It also initializes every volume with random data to begin with. There is simply nothing to look for. However, one would need to be careful with playlists and history files and the like that might point to mountpoints for the volumes. That might be a bit harder to explain in court.
Assuming you really do have something to hide, using an encrypted volume embedded within another encrypted volume could be very useful. TrueCrypt supports nested encrypted file systems and since TrueCrypt uses no headers to demarcate its volumes, it is not possible to determine if an additional volume is embedded within a TrueCrypt volume. In effect, it provides plausible deniability of the existence of a 2nd embedded volume if you're forced by court order to decrypt the main volume. (stick some Creative Commons licensed mp3 files in the main volume though, just to throw the RIAA the middle finger a little more.)
Better yet, support non-RIAA artists at sites like Magnitune. The quality of music I've found there is proof positive that the RIAA no longer has a legitimate purpose in the music industry.
Dude, $480...lets say I can manage %10. That's 48/12, or $4/month over the span of 3 months. We're talking about a $12 difference. If I expected a significant refund I'd of had a little more motivation.
Slashdot Mirror
Please enact a law requiring that each and every use of our SSN be verified by the assignee (by phone, in-person, etc) of the SSN. Force the credit-granting agencies to verify before granting credit in such a way that the verification could only be used one time, for a limited time frame, for a set amount of credit to extend. Write the law in such a way that the credit issuer and credit agency are responsible for any un-verified credit and not the holder of the SSN.
This will undoubtedly stir opposition amongst the credit-industry lobbyists, but please remember you work for us, not them. We expect adequate protection and this very simple process would provide just that.
Thank you for your time.
Michael S. Williamson
For a good portion of my database backups that may or may not contain confidential information, I tar, compress and encrypt with gpg my backup data files before they get put into a directory archived by by our automated tape library. I don't have to trust who has the tapes, and who is going to carry them off-site during our next hurricane threat. I clocked gpg on a fairly modest Dell 2950 server at about 10 megabytes / second. If you need more, there are hardware-based accelerator cards available.
To hell with anyone wanting to look at my payload.
As a Texan I must say I would NEVER pay for my RIGHT to be on PUBLIC PROPERTY. I can see paying to bring my car along with and I have no problem with that, but to change people to be on the beach is an outrage.
I thought the life of copyright was determined by the age of a sketch of some stupid mouse ears.
Does that same argument apply to VMWare too then? (for their product that allows you to fully virtualize non-modified operating systems on non VT/SVM hardware)
VirtualBox doesn't require any special hardware.
It seems that VirtualBox.org's product, fully virtualizing a copy of XP on my non-VT machine under a linux host OS, totally runs circles around Xen even on VT hardware as far as performance is concerned. Integration into the host enviroment is also quite beautiful. Why is there seldom a mention of VirtualBox in this arena?
sue Dell in small claims court. The click through EULA that mandates arbitration needs to be challenged anyway as is total bullshit.
Please, for the love of all that as good, don't point that thing at my nuts.
It looks to me like she had absolutely no control whatsoever of her class and was being walked over by her students. The suspension was well deserved, not just for the libel, but for the behavior in class. These little brats need to show some respect. I've had a boss in the distant past who was an asshole, and had I done the same to him I'm sure I'd of been fired pretty damn fast.
I always make it a point to erase that stupid mag stripe. I'm not gonna make a cop's job any easier.
http://www.fortbendnow.com.nyud.net:8080/news/2847 /chinese-community-rallies-behind-student-removed- from-clements-over-pc-game-map
Coral Cache DCN is supposed to be the anti-slashdot effect tool. Try the above hyperlink. It should get much faster after a few people hit it.
It looks like a firm in Germany already offers a AES-256 bit encrypted mobile and POTS phone, as well as a softphone. Although their hard phones aren't cheap, the softphone is free to give to your contacts. http://www.cryptophone.de They alse include source code for "full independent review" with their products.
Similarly, Phil Zimmermann, the creator of PGP has released his Zphone to make encrypted VoIP calls. Also, the Asterisk project offers an encrypted IAX channel.
One of the biggest problems with biometric authentication is the lack of ability to revoke a compromised biometric key. Sure you can revoke rights based on a fingerprint, but then you've no way to use it again. Lifting fingerprints with gelatin isn't really that hard. See http://www.schneier.com/crypto-gram-0205.html#5 for more information on the gummy-bear fingerprint reader bypass technique.
Personally, I think biometrics are great as a username equivalent, but should not be relied on for authentication. There is sound reason to have (1) something you have with (2) something you know in a good authentication system. The ability to revoke and re-generate either component is needed.
-Michael
I sure the hell wouldn't want to be the poor tech who cuts that thing open. That's a really long haul for the DC current that runs the inline amplifiers. I bet it's in the tens of thousands of volt range. Tapping something like that wouldn't just be hard, it would be quite dangerous.
puff puff pass
By the same definition you'd have to call a voip phone a server because it can answer an incoming call.
CoralCDN, the poor man's slashdot effect countermeasure.a spx?artno=4&pgno=0
http://www.techarp.com.nyud.net:8090/showarticle.
Mod parent up...I can't spell magnatune. It seems magnitune redirects to magnatune anyway, so I guess this is why I never noticed.
-Michael
Truecrypt leaves behind no sort of "signature" that would identify data as being a TC volume in the first place. It also initializes every volume with random data to begin with. There is simply nothing to look for. However, one would need to be careful with playlists and history files and the like that might point to mountpoints for the volumes. That might be a bit harder to explain in court.
Assuming you really do have something to hide, using an encrypted volume embedded within another encrypted volume could be very useful. TrueCrypt supports nested encrypted file systems and since TrueCrypt uses no headers to demarcate its volumes, it is not possible to determine if an additional volume is embedded within a TrueCrypt volume. In effect, it provides plausible deniability of the existence of a 2nd embedded volume if you're forced by court order to decrypt the main volume. (stick some Creative Commons licensed mp3 files in the main volume though, just to throw the RIAA the middle finger a little more.)
Better yet, support non-RIAA artists at sites like Magnitune. The quality of music I've found there is proof positive that the RIAA no longer has a legitimate purpose in the music industry.
My tips for installing TrueCrypt on Fedora Core 6.
Mix in some redundancy and use RAID-like computations to recover bad segments of tape. The pirate world has had this solved for quite some time.
Dude, $480...lets say I can manage %10. That's 48/12, or $4/month over the span of 3 months. We're talking about a $12 difference. If I expected a significant refund I'd of had a little more motivation.