That's not going to work too well against large rainbow tables.. Who brute forces with the availability of rainbow tables now?
Rainbow tables only work if:
A) No salt is used (or the salt is the same for all hashed passwords)
B) You can get ahold of the salt.
I'd imagine that means that rainbow tables are typically used for priveledge escalation attacks (use a low-security account to get in and swipe the hash table). Although Yahoo!'s login screens calculate the hash on the client-side (I think I remember them doing that in JavaScript) which means you could sniff the password hash off of the wire.
Varying the salt by user (i.e. tacking on the user's ID along with a unique salt value for the application) makes rainbow tables a lot less useful.
You won't find the MP3, even though I linked to all their MP3s on my (Google indexed) blog September of last year.
If Google thinks your website (or section of the site) is a blog, they don't index it in their primary index. Instead, you'll have to go to "Blog Search" on a second page at Google's site.
(I suspect that Google looks for an RSS/Atom feed file to make the determination.)
This isn't 1995 anymore. Mac OS X has changed Apple's demographics quite substantially. Most computer geeks wouldn't touch the classic Mac OS with a 10 foot pole. Now half of the CS professors and students that I know own a Mac, solely because of OS X.
I'd be willing to switch now (I find Parallels to be an interesting solution and I like the dual-core Mac laptops) except for 2 things:
1) I don't care for the keyboard on the MacBook. I was setting up a 13" MacBook on Friday and the keyboard just isn't quite right for extended use. My Tecra 9100 and the ThinkPad keyboards are much nicer. (I don't use external keyboards or mice, so keyboard feel is very important.)
2) No mouse pointer in the middle of the keyboard like is found on the Thinkpads or the Toshiba Tecra line. For a keyboard-centric user that little pointer is just enough mouse to do the job 99% of the time without having to take my fingers off of the home row. It lets me click on wayward dialog buttons or for drag-n-drop of the occasional item.
Since I still need to use a laptop as my day-to-day machine those two desires are a deal breaker for me to switch to a Mac. I'm not interested in replacing my dedicated game PC for a Mac and am leery about switching my video editing / development box over to a Mac.
I HATE IT when people say "Well, I'm sure that NSA could crack any cipher, their so secrative and so cool!" NO THEY COULDN'T. No one can crack a 256 bit AES with a correct implementation (and a good key). It's just not doable. I refer you to an earlier post of mine, where I got really pissed and did a few calculations. You cannot crack 256 bit AES. It's. Not. Possible.
Well, no they couldn't for brute force attacks on the key.
But that's not the only attack vector out there for AES (or other block ciphers). My copy of Practical Cryptography is buried at the moment, but it gives a very good list of the various methods of attacking ciphers. Along with a run-down of the AES finalists and where things might be weak.
There's some arguments to be made that 128bit AES is only good for about 20-30 years and that you need to use 256bit AES to be more sure of keeping secret stuff secret for 50-60 years. (Again, the first few chapters of Practical Cryptography cover this choice.)
Besides, as you noted, most attacks focus on breaking the implementation or using social engineering / wiretaps / keystroke logging / spyware to simply steal the passphrase or key as it's being entered / accessed. No need to break the algorithm (or brute force) at all if you can get the key some other way.
Of course, that also ignores the possibility Microsoft miss their ship date and your SA expires before the new software's released - then you've just paid for nothing... sorry, 'support'.
Quite a few companies got burned by SA in the past few years. Pretty sure BusinessWeek covered it, or at least there were mentions in the press. There was a big push back around 2001/2002 where Microsoft was encouraging everyone to switch to SA-style purchase agreements in order to evenly spread software costs across multiple years. With the advantage that when Microsoft came out with the next version, you'd automatically be able to upgrade. And, of course, Microsoft would be ensured of a predictable revenue stream.
Our sales rep tried to push it on us. Fortunately, we ran the numbers and told them to take a hike. That and we don't run a single-OS network anyway (we use 4 different OSs on the desktops and 3 different OSs on the servers) so supporting multiple environments isn't an issue. No need to upgrade older machines lockstep with newer machines.
4-5 years later and I'm still laughing because SA would've gained us *zip* in terms of free upgrades by the time the 3-year term ran out.
In conclusion, I would say that when comparing only the processors, Woodcrest is superior to Opteron in many aspects (such as instruction throughput), and Opteron beats Woodcrest in other aspects (such as memory accesses). But when comparing a whole Woodcrest-based system versus an Opteron-based system, other factors come into play (such as price and scalibility), which make Opteron superior to Woodcrest in a lot of cases.
That's been my take on it. The newer Intel processors have closed the gap (within spitting difference) so unless you're really concerned about the minor differences, go with whatever floats your boat. For laptop systems, I'm quite happy with Core Duo. For desktop systems, AMD64. For workstations and servers, Opteron dual-core systems (sometimes dual-CPU).
Now I might start to consider the Woodcrest Xeons for workstations / servers. All depends on motherboard availability, memory pricing, and whether the boards perform well under Linux. There's also the issue of "the devil you know". I'm familiar with the flaws / drawbacks of AMD systems under Linux and switching over to Intel would require me to spend time researching.
(The same argument could be made for someone that is familiar with the Intel solutions and hesitates to switch to AMD.)
That MobileArmor's DataArmor page is *very* light on details. No details other then claiming "FIPS 140-2" certification and allusions that it uses AES. What block encryption mode are they using on the hard drives?
Not to mention zero pricing information on the web page.
And the real question is: Why wasn't all these measures mandatory before? Did noone thought of the potential problem of a user going home with his laptop before?
- Because encryption is a black art (and a dirty word) to a lot of people. I've had people tell me that they don't want to own books on crypto or have crypto software on-hand because it will make them look like they have something (evil / illegal) to hide. Makes me sad as a patriot...
- Because it's easier to keep your head in the sand regarding security threats then to take action? After all, if something happens you can use the "ignorance" defense and get off with a slap on the wrist.
- Because key management is hard? As in, difficult to implement correctly.
- Because on-the-fly encryption imposes a performance hit on the laptop? This is finally getting to the point where it's not as much of an obstacle as it used to be. AES encryption on notebook CPUs in the last few years can easily keep up with the hard drive without using up all of the CPU power (the drive is the bottleneck, not the encryption by the CPU). But it still cuts down on battery life.
CLASSIFIED CPU's should be at least 3 feet from UNCLASSIFIED CPU's - Cooties?
Makes it easier to see if there are any cables strung between the two computers.
Also makes it more obvious if someone is taking something out of the one machine to attach to the unclassified machine (such as storage media). Assuming that someone is watching (or that there is surveilance footage being archived).
(Both hurdles are bypassible with a little sleight-of-hand. Newer wireless protocols such as Bluetooth, WiFi, IR make things even more difficult. But it at least raises the bar a little bit)
Skip Truecrypt, encrypt your data in a small volume and attach it as a file to who you want to send it to... in fact, encrypt whole harddrives or create files that can be mounted as virtual harddrives.
Except that using TC doesn't solve your problem of how to transmit the passphrase in a secure manner. (Using TC as a file-transfer medium is no different then using encrypted ZIP files or self-encrypted RAR files, except that TC probably has fewer security holes... maybe. Although TC-encrypted disks do make a good backup method and heavy-duty data moving. You just have to figure out how to transmit / store the passphrase securely.)
Different technologies for solving different problems.
It needs to be integrated end to end in sendmail or whatever other mail transport servers
That's not really a good fit for PGP/GPG, instead you need to look at IPSec which is designed for securing transport links. PGP/GPG is designed to protect messages (or individual files), not data streams.
Again, different encryption techniques solve different problems.
I'd suggest reading up on past issues of CRYPTO-GRAM and RISKS. Or looking at books like Practical Cryptography and Secrets and Lies.
This is what is know as a "movie plot" something far more likely to happen in fiction being portrayed as a real world risk.
Hmmm, fellow reader of CRYPTO-GRAM? (Or did that idea of movie-plot threats start somewhere else?)
(CRYPTO-GRAM is always a good place to read about security systems that protect against movie-plot threats but leave the barn door wide open to more mundane and common threats.)
Personally I prefer Java Servlets, with perl a second place, then python, then bash, then C, then php.
Right now I'm trying to figure out how to migrate away from IIS (we're debating what language / configuration we're going to go with...) which is VBScript. I've got Perl books, java books, maybe even some PHP books.
I know that I'm not entirely comfortable with a move from VBScript to PHP (even though they're about equal in capabilities), plus there's the immaturity of PHP. Perl seems likely due to its maturity and I don't think I'll have a problem groking it. (I know C, C++, REXX, VB, FORTRAN, PASCAL, with exposure to half a dozen other application languages.)
But where do you start with Java Servlets? (JSP?) I know, it's a lazy question, but why JSP instead of perl?
Yep, we use it on our Win2003 file server at work. It has numerous limitations. See if I can remember the salient points (apologies for inaccuracies but it's been a year since we configured it):
- You have to schedule when the snapshots occur. Because you're versioning the entire file system. We schedule ours for 7am and noon.
- Have to use a WinXP (maybe Win2000) machine to get to the older revisions. Win9x or non-MS O/Ss need not apply.
- There's a limit of 64 shadow copies at any point in time, even if you would've had disk space to allow for more. So with 2 snaps per day, you get 32 days of history... more if you don't snapshot on the weekends.
All that being said, we've turned it on. Figure it might save us from loading the backup tapes and restoring if the user screws up an individual file. It doesn't seem to cause enough of a load (for our office) but I don't know that we've ever used it either to recover files.
Would you care to comment on the quality of your $20 player? Is it bug free? Does it need to be jiggled? Does it produce images that even approach film's clarity?
You missed the chance to remind the troll that the first DVD players were $500-$600. (I think I paid a bit over $300 for my first one.)
$500 for a first generation, early-adopter, gotta-have-the-latest-shiny isn't a bad price point. It's not worth it to me (value) but folks with more disposable income (or less sense) then the rest of us probably think it's a good deal.
I dunno, I'd consider $10/mo for 30 accounts (JTL) plus web space with POP/IMAP access in addition to the webmail client to be pretty cheap. Or the Small Business package at A2 which is only $8/mo for web space, IMAP/POP3/SMTP. Or FuseMail which is a little more expensive but has a nicer web interface.
Heck, one of the A2 plans is only $3/mo.
Some hosting companies even thrown in spam/virus filtering for free.
Generally speaking, most home users could get by with a backup window of a week (or even a month). Which makes it practical to use removable or detachable hard drives rotated to an offsite location (office, friend/family's house, bank vault).
Get a good Firewire/USB drive enclosure like the BYTECC ME-835U2F, stick whatever sized drive in it that you want. Alternately, get a 5.25" enclosure like the ME-340U2F and stick DRW115 drive caddies in (with a small bit of drilling).
Encrypt the drive with TrueCrypt, mount it, use it as a backup target (SecondCopy, XCOPY, whatever floats your boat). Rotate through 2+ units and make sure they get offsite regularly.
It's a bit more work then network storage, but a lot cheaper and you have better control over who is storing your data. And the TrueCrypt encryption makes it easier to leave that backup drive in a less secure location.
42 minutes is a long time to try to keep the write buffer full, especially at the transfer rates we're talking about here.
Not really anymore. Most modern disks can easily sustain transfer rates of 20-30MB/s (or higher). I've seen rates as high as 40MB/s when copying large files from one disk to another. (Other folks say they see even higher rates.)
I almost consider data rates of only 10MB/s to be slow... (and 2.5MB/s feels downright pokey).
$1000 price tag is not unreasonable. I'm half tempted to pick one up for myself at that price (the $4k price range was completely out-of-reach). But I'll probably wait for them to drop to around $300.
$19-$25 for the media isn't bad. I got started with DVD-R back when the disks were still a few dollars each. I expect that the media prices will drop to the $8-$10 range in about a year (if it follows the same curve as DVD media did).
Yeah, that's the settings I use as well. 1MB block size for a DVD-R, or whatever block size gives me around 300 recovery blocks that will fill the space remaining. I just make sure that I'm always at a multiple of 2048 bytes.
On a very full disk (4.3GB) I'll go with a block size as small as 1/4 MB (256KB).
Still wish Peter would find the time to work on PAR3 which is going to be much faster at creating parity data (but less deterministic).
People exist who actually use DVD-RAM? I mean it has some advantages such as hardware verification of written data and the ability to be used similar to how a HD is used but because it is not highly supported and is pricey why not just buy an actual hard disk?
It may start to become more common... some inexpensive DVD recordable drives are starting to include DVD-RAM compatibility. The disks are still a bit pricey ($10 each?) which may keep DVD-RAM as a niche market.
Same here, I publish a very restricted SPF record for my personal domains and a more relaxed one for the work domains. Some of the work domains have very strict options though (since they're used by more technical users).
As long as you control the mail servers for your domain, why not publish SPF records? (Note that SPF is about anti-forgery, not anti-spam.)
Slashdot Mirror
That doesn't solve the problem of nonrevocability.
Revocability is an authorization problem. Passwords along with biometrics and physical tokens are authentication tools.
Authentication - proving you are who you say you are
Authorization - determining whether you are allowed to access what you are trying to access
If I want to revoke your access, I do it at the authorization level.
That's not going to work too well against large rainbow tables.. Who brute forces with the availability of rainbow tables now?
Rainbow tables only work if:
A) No salt is used (or the salt is the same for all hashed passwords)
B) You can get ahold of the salt.
I'd imagine that means that rainbow tables are typically used for priveledge escalation attacks (use a low-security account to get in and swipe the hash table). Although Yahoo!'s login screens calculate the hash on the client-side (I think I remember them doing that in JavaScript) which means you could sniff the password hash off of the wire.
Varying the salt by user (i.e. tacking on the user's ID along with a unique salt value for the application) makes rainbow tables a lot less useful.
You won't find the MP3, even though I linked to all their MP3s on my (Google indexed) blog September of last year.
If Google thinks your website (or section of the site) is a blog, they don't index it in their primary index. Instead, you'll have to go to "Blog Search" on a second page at Google's site.
(I suspect that Google looks for an RSS/Atom feed file to make the determination.)
This isn't 1995 anymore. Mac OS X has changed Apple's demographics quite substantially. Most computer geeks wouldn't touch the classic Mac OS with a 10 foot pole. Now half of the CS professors and students that I know own a Mac, solely because of OS X.
I'd be willing to switch now (I find Parallels to be an interesting solution and I like the dual-core Mac laptops) except for 2 things:
1) I don't care for the keyboard on the MacBook. I was setting up a 13" MacBook on Friday and the keyboard just isn't quite right for extended use. My Tecra 9100 and the ThinkPad keyboards are much nicer. (I don't use external keyboards or mice, so keyboard feel is very important.)
2) No mouse pointer in the middle of the keyboard like is found on the Thinkpads or the Toshiba Tecra line. For a keyboard-centric user that little pointer is just enough mouse to do the job 99% of the time without having to take my fingers off of the home row. It lets me click on wayward dialog buttons or for drag-n-drop of the occasional item.
Since I still need to use a laptop as my day-to-day machine those two desires are a deal breaker for me to switch to a Mac. I'm not interested in replacing my dedicated game PC for a Mac and am leery about switching my video editing / development box over to a Mac.
I HATE IT when people say "Well, I'm sure that NSA could crack any cipher, their so secrative and so cool!" NO THEY COULDN'T. No one can crack a 256 bit AES with a correct implementation (and a good key). It's just not doable. I refer you to an earlier post of mine, where I got really pissed and did a few calculations. You cannot crack 256 bit AES. It's. Not. Possible.
Well, no they couldn't for brute force attacks on the key.
But that's not the only attack vector out there for AES (or other block ciphers). My copy of Practical Cryptography is buried at the moment, but it gives a very good list of the various methods of attacking ciphers. Along with a run-down of the AES finalists and where things might be weak.
There's some arguments to be made that 128bit AES is only good for about 20-30 years and that you need to use 256bit AES to be more sure of keeping secret stuff secret for 50-60 years. (Again, the first few chapters of Practical Cryptography cover this choice.)
Besides, as you noted, most attacks focus on breaking the implementation or using social engineering / wiretaps / keystroke logging / spyware to simply steal the passphrase or key as it's being entered / accessed. No need to break the algorithm (or brute force) at all if you can get the key some other way.
C:\> copy CON thesis.txt
Why not use...
A:\> copy CON prn
Of course, that also ignores the possibility Microsoft miss their ship date and your SA expires before the new software's released - then you've just paid for nothing... sorry, 'support'.
Quite a few companies got burned by SA in the past few years. Pretty sure BusinessWeek covered it, or at least there were mentions in the press. There was a big push back around 2001/2002 where Microsoft was encouraging everyone to switch to SA-style purchase agreements in order to evenly spread software costs across multiple years. With the advantage that when Microsoft came out with the next version, you'd automatically be able to upgrade. And, of course, Microsoft would be ensured of a predictable revenue stream.
Our sales rep tried to push it on us. Fortunately, we ran the numbers and told them to take a hike. That and we don't run a single-OS network anyway (we use 4 different OSs on the desktops and 3 different OSs on the servers) so supporting multiple environments isn't an issue. No need to upgrade older machines lockstep with newer machines.
4-5 years later and I'm still laughing because SA would've gained us *zip* in terms of free upgrades by the time the 3-year term ran out.
In conclusion, I would say that when comparing only the processors, Woodcrest is superior to Opteron in many aspects (such as instruction throughput), and Opteron beats Woodcrest in other aspects (such as memory accesses). But when comparing a whole Woodcrest-based system versus an Opteron-based system, other factors come into play (such as price and scalibility), which make Opteron superior to Woodcrest in a lot of cases.
That's been my take on it. The newer Intel processors have closed the gap (within spitting difference) so unless you're really concerned about the minor differences, go with whatever floats your boat. For laptop systems, I'm quite happy with Core Duo. For desktop systems, AMD64. For workstations and servers, Opteron dual-core systems (sometimes dual-CPU).
Now I might start to consider the Woodcrest Xeons for workstations / servers. All depends on motherboard availability, memory pricing, and whether the boards perform well under Linux. There's also the issue of "the devil you know". I'm familiar with the flaws / drawbacks of AMD systems under Linux and switching over to Intel would require me to spend time researching.
(The same argument could be made for someone that is familiar with the Intel solutions and hesitates to switch to AMD.)
That MobileArmor's DataArmor page is *very* light on details. No details other then claiming "FIPS 140-2" certification and allusions that it uses AES. What block encryption mode are they using on the hard drives?
Not to mention zero pricing information on the web page.
I only know of a handful of whole-disk encryption products that support encrypting the operating system disk:
- PGP sells a corporate level product called "PGP Whole Disk Encryption".
- SecureStar sells DriveCrypt Plus Pack
What else is out there that is trustworthy? (Heck, do we even trust that there aren't any weaknesses / or back doors in PGP or DCPP?)
And the real question is: Why wasn't all these measures mandatory before? Did noone thought of the potential problem of a user going home with his laptop before?
- Because encryption is a black art (and a dirty word) to a lot of people. I've had people tell me that they don't want to own books on crypto or have crypto software on-hand because it will make them look like they have something (evil / illegal) to hide. Makes me sad as a patriot...
- Because it's easier to keep your head in the sand regarding security threats then to take action? After all, if something happens you can use the "ignorance" defense and get off with a slap on the wrist.
- Because key management is hard? As in, difficult to implement correctly.
- Because on-the-fly encryption imposes a performance hit on the laptop? This is finally getting to the point where it's not as much of an obstacle as it used to be. AES encryption on notebook CPUs in the last few years can easily keep up with the hard drive without using up all of the CPU power (the drive is the bottleneck, not the encryption by the CPU). But it still cuts down on battery life.
CLASSIFIED CPU's should be at least 3 feet from UNCLASSIFIED CPU's - Cooties?
Makes it easier to see if there are any cables strung between the two computers. Also makes it more obvious if someone is taking something out of the one machine to attach to the unclassified machine (such as storage media). Assuming that someone is watching (or that there is surveilance footage being archived).
(Both hurdles are bypassible with a little sleight-of-hand. Newer wireless protocols such as Bluetooth, WiFi, IR make things even more difficult. But it at least raises the bar a little bit)
Skip Truecrypt, encrypt your data in a small volume and attach it as a file to who you want to send it to... in fact, encrypt whole harddrives or create files that can be mounted as virtual harddrives.
Except that using TC doesn't solve your problem of how to transmit the passphrase in a secure manner. (Using TC as a file-transfer medium is no different then using encrypted ZIP files or self-encrypted RAR files, except that TC probably has fewer security holes... maybe. Although TC-encrypted disks do make a good backup method and heavy-duty data moving. You just have to figure out how to transmit / store the passphrase securely.)
Different technologies for solving different problems.
It needs to be integrated end to end in sendmail or whatever other mail transport servers
That's not really a good fit for PGP/GPG, instead you need to look at IPSec which is designed for securing transport links. PGP/GPG is designed to protect messages (or individual files), not data streams.
Again, different encryption techniques solve different problems.
I'd suggest reading up on past issues of CRYPTO-GRAM and RISKS. Or looking at books like Practical Cryptography and Secrets and Lies.
This is what is know as a "movie plot" something far more likely to happen in fiction being portrayed as a real world risk.
Hmmm, fellow reader of CRYPTO-GRAM? (Or did that idea of movie-plot threats start somewhere else?)
(CRYPTO-GRAM is always a good place to read about security systems that protect against movie-plot threats but leave the barn door wide open to more mundane and common threats.)
Personally I prefer Java Servlets, with perl a second place, then python, then bash, then C, then php.
Right now I'm trying to figure out how to migrate away from IIS (we're debating what language / configuration we're going to go with...) which is VBScript. I've got Perl books, java books, maybe even some PHP books.
I know that I'm not entirely comfortable with a move from VBScript to PHP (even though they're about equal in capabilities), plus there's the immaturity of PHP. Perl seems likely due to its maturity and I don't think I'll have a problem groking it. (I know C, C++, REXX, VB, FORTRAN, PASCAL, with exposure to half a dozen other application languages.)
But where do you start with Java Servlets? (JSP?) I know, it's a lazy question, but why JSP instead of perl?
Google: "volume shadow copy".
Yep, we use it on our Win2003 file server at work. It has numerous limitations. See if I can remember the salient points (apologies for inaccuracies but it's been a year since we configured it):
- You have to schedule when the snapshots occur. Because you're versioning the entire file system. We schedule ours for 7am and noon.
- Have to use a WinXP (maybe Win2000) machine to get to the older revisions. Win9x or non-MS O/Ss need not apply.
- There's a limit of 64 shadow copies at any point in time, even if you would've had disk space to allow for more. So with 2 snaps per day, you get 32 days of history... more if you don't snapshot on the weekends.
All that being said, we've turned it on. Figure it might save us from loading the backup tapes and restoring if the user screws up an individual file. It doesn't seem to cause enough of a load (for our office) but I don't know that we've ever used it either to recover files.
Would you care to comment on the quality of your $20 player? Is it bug free? Does it need to be jiggled? Does it produce images that even approach film's clarity?
You missed the chance to remind the troll that the first DVD players were $500-$600. (I think I paid a bit over $300 for my first one.)
$500 for a first generation, early-adopter, gotta-have-the-latest-shiny isn't a bad price point. It's not worth it to me (value) but folks with more disposable income (or less sense) then the rest of us probably think it's a good deal.
I dunno, I'd consider $10/mo for 30 accounts (JTL) plus web space with POP/IMAP access in addition to the webmail client to be pretty cheap. Or the Small Business package at A2 which is only $8/mo for web space, IMAP/POP3/SMTP. Or FuseMail which is a little more expensive but has a nicer web interface.
Heck, one of the A2 plans is only $3/mo.
Some hosting companies even thrown in spam/virus filtering for free.
Generally speaking, most home users could get by with a backup window of a week (or even a month). Which makes it practical to use removable or detachable hard drives rotated to an offsite location (office, friend/family's house, bank vault).
Get a good Firewire/USB drive enclosure like the BYTECC ME-835U2F, stick whatever sized drive in it that you want. Alternately, get a 5.25" enclosure like the ME-340U2F and stick DRW115 drive caddies in (with a small bit of drilling).
Encrypt the drive with TrueCrypt, mount it, use it as a backup target (SecondCopy, XCOPY, whatever floats your boat). Rotate through 2+ units and make sure they get offsite regularly.
It's a bit more work then network storage, but a lot cheaper and you have better control over who is storing your data. And the TrueCrypt encryption makes it easier to leave that backup drive in a less secure location.
42 minutes is a long time to try to keep the write buffer full, especially at the transfer rates we're talking about here.
Not really anymore. Most modern disks can easily sustain transfer rates of 20-30MB/s (or higher). I've seen rates as high as 40MB/s when copying large files from one disk to another. (Other folks say they see even higher rates.)
I almost consider data rates of only 10MB/s to be slow... (and 2.5MB/s feels downright pokey).
$1000 price tag is not unreasonable. I'm half tempted to pick one up for myself at that price (the $4k price range was completely out-of-reach). But I'll probably wait for them to drop to around $300.
$19-$25 for the media isn't bad. I got started with DVD-R back when the disks were still a few dollars each. I expect that the media prices will drop to the $8-$10 range in about a year (if it follows the same curve as DVD media did).
Yeah, that's the settings I use as well. 1MB block size for a DVD-R, or whatever block size gives me around 300 recovery blocks that will fill the space remaining. I just make sure that I'm always at a multiple of 2048 bytes.
On a very full disk (4.3GB) I'll go with a block size as small as 1/4 MB (256KB).
Still wish Peter would find the time to work on PAR3 which is going to be much faster at creating parity data (but less deterministic).
People exist who actually use DVD-RAM? I mean it has some advantages such as hardware verification of written data and the ability to be used similar to how a HD is used but because it is not highly supported and is pricey why not just buy an actual hard disk?
It may start to become more common... some inexpensive DVD recordable drives are starting to include DVD-RAM compatibility. The disks are still a bit pricey ($10 each?) which may keep DVD-RAM as a niche market.
I'm amused by DomainKeys... all of the spam that slips through into my Yahoo! mailbox is validated by DomainKeys.
Same here, I publish a very restricted SPF record for my personal domains and a more relaxed one for the work domains. Some of the work domains have very strict options though (since they're used by more technical users).
As long as you control the mail servers for your domain, why not publish SPF records? (Note that SPF is about anti-forgery, not anti-spam.)