Many banks use multiple layers of security for data traversing WAN links: - the WAN link itself is supposedly secure and encrypted intrinsically by the provider - vpns run over the wan links. All traffic runs over these vpns - data is forbidden from being sent in clear, even though it's running over a vpn. ssh et al are used to secure data that traverses
The advantage of layering is: - if one layer of security fails by accident, the data is not necessarily compromised - if one layer of security fails by design or intrusion, the data is not necessarily compromised - no one person or group has the power to access the data from everyone, ie segregation of responsibility, ie the network team can, yes, get access to all network data, but it's all mandatorily encrypted by the application teams anyway....
Application teams can obviously see all their own data unencrypted, but they cannot see the data from other teams, since each team has encrypted their own data.
Now... moving onto the cloud. There is as far as I can see it very little room for layering: - all data is available in ram in an unencrypted form
- an attacker with access to the physical vm host can read arbitrary data from the ram of executing guests - the network adapter of the virtual host is bridged directly in many cases to the public internet, but even when it is connected to a cloud-provided vpn, or uses its own vpn set up by the guest's company, the number of layers is significantly smaller than a server safely tucked away in a secure data center somewhere behind multiple layers of firewalls, dmzs, enterprise intrusion detection devices and so on... - the block storage itself (EBS for example) is just a few steps away from a potential attacker: yes, EBS is in theory wiped to zero by Amazon, and yes one can run encryption over the top of the EBS, but still, that is only two layers. What if the wipe gets turned off one day without the guest company knowing? What if the guest's SA forgets to encrypt the volume for some reason?
I imagine that none of these problems are insurmountable, but one can see why large corporations would be reticent to move their sensitive servers, or even not so sensitive servers, onto publically available cloud servers?
Yeah, you can do something similar in debian too, at least you can put that in the/etc/network/interfaces file with a very similar syntax.
However, if you want to do anything other than connect to wpa, say: connect to a legacy wep system, or connect to an open wifi point, then that works less well.
Also, using wpa_supplicant directly is portable across other linux distributions, such as Redhat, whereas using the/etc/network/interfaces file is not.
You can do that using wpa_supplicant. It's less scary than it sounds. Get rid of the existing wpa_supplicant process from/usr/share/dbus-1/services, then run:
wpa_supplicant -D wext -i ra0 -c/etc/wpa_supplicant/wpa_supplicant.conf... where ra0 is your wifi interface, and wext is invariant.
Add your networks to wpa_supplicant.conf ('man wpa_supplicant.conf').
I basically don't bother providing non-Windows support any more. It's not that I don't want to, but if I spend all my time using Ubuntu, I know all the little 'gotchas' and workarounds to get wifi in Ubuntu working, so when someone comes to me with Windows with a broken wifi, I just kind of click around, turn the wifi on and off -> no clues.
Put in a Live Ubuntu usb key -> wifi works.
Show them the internet works just fine with my 'magic usb key'. Pull it out, walk away:-P
Or put it this way: my girlfriend uses Ubuntu on her pc, and she's just fine with it. It has an internet browser (firefox), can watch videos (vlc; flash plugin), can handle javascript, and she can read pdf files (evince) and read/write word documents (openoffice).
I kind of think this is how linux will end up in the hands of 'ordinary users': because if they want to count on the support of their geek friend they might find it much easier to get such help if they're running something that their geek friend is happy to support for free.
I felt BAG's post was pretty insightful to be honest. I feel that one could argue that the entire Facebook interface is a type of programming language in some ways. Not Turing complete admittedly. You can argue semantics over what is an isn't a programming language. My feeling is: if you can communicate to the computer something that you want done, and it does it, whatever the semantics that's a pretty cool thing to happen. Can Facebook users communicate what they want to do to Facebook? They seem to do quite well at that I feel. Does Facebook do roughly what they want as a result? Sometimes;-) but more seriously: yes, I feel that Facebook does exactly what people want.
The 'figuring out what people want' can be implicit in the design of the programming language, and I think that fits in fairly closely I feel to what BAG was saying in his post?
Wow, I never knew about sshfs before. It's *awesome*! Nice info GP, and thanks for highlighting this for me, parent, since I didnt actually read the GP to the end;-) Wicked.
Well, if you get enough people making theories, some of them are going to get it right, by pure chance, but... how will the leaders choose which people to believe?
Why is the parent modded as 'troll'? Seriously, opensource is great, I contribute to lots of it, but end user-friendly communities they are not... I know i'm risking taking karma loss myself, but...
Sorry, I know you believe what you just wrote, but I... well... I have a few doubts over this;-)
Looking at the issue of generating power, there are several choices available, and coal is one of those, but so also is nuclear, wind and solar. They're more expensive, and any tiny amount more expensive than oil means they wont be used right now, but they're not *massively* more expensive, its not like ten times or even a hundred times, it's like, well here is one view of coal vs nuclear which evalutes it as 30 dollars per megawatt hour instead of 29.1...
Next, you discussed distribution of power, specifically I felt you feel that using coal to generate power means that it's no longer possible to power machinery on farms, or to power transport.
... I'm going to stop this list, because it looks like spam;-)
It seems reasonable to suppose that if we wished to, we could make electrically powered farm machinery too. Sure, there may be issues, like disposing of old batteries, but they are not I feel insurmountable issues, and I feel they are not issues that will push our civilisation back to the dawn of the 1900s are you are proposing...
It's only needed for 16-bit programs in Wine. You can modify the value by editing/etc/sysctl.d/wine.sysctl.conf, changing the vm.mmap_min_addr from 0 to 65536, then running/etc/init.d/procps restart. Note : your mileage may vary. Use at your own risk. Etc...
Yes, and ultimately intelligent computers will actually improve spam detection, since they will be able to analyse, understand, posts sufficiently to check whether they are reasoned posts relevant to the thread, or spam about pharmaceutical enhancements.
We used to use bcc for mass emails, with a note at the bottom to inform users that they had been put in bcc to avoid the problems associated with reply to all.
Pretty simple solution, worked really well, zero additional hardware/software etc required.
Only certain departments (secretary of department heads typically) had the ability to create mass emails, so training was easy.
Could it make sense to hide some arbitrary data (string of random letters lets say), on a secured network, and give authorisation for anyone anywhere to attack this network, attempt to obtain the letters?
First one to get the letters gets USD500 000; with an extra USD500 000 if they can describe how it was done sufficiently for other people to be able to reproduce these steps. (So, half a million for succeeding, half a million for communicating how they succeeded).
Slashdot Mirror
Many banks use multiple layers of security for data traversing WAN links:
- the WAN link itself is supposedly secure and encrypted intrinsically by the provider
- vpns run over the wan links. All traffic runs over these vpns
- data is forbidden from being sent in clear, even though it's running over a vpn. ssh et al are used to secure data that traverses
The advantage of layering is:
- if one layer of security fails by accident, the data is not necessarily compromised
- if one layer of security fails by design or intrusion, the data is not necessarily compromised
- no one person or group has the power to access the data from everyone, ie segregation of responsibility, ie the network team can, yes, get access to all network data, but it's all mandatorily encrypted by the application teams anyway....
Application teams can obviously see all their own data unencrypted, but they cannot see the data from other teams, since each team has encrypted their own data.
Now... moving onto the cloud. There is as far as I can see it very little room for layering:
- all data is available in ram in an unencrypted form
- an attacker with access to the physical vm host can read arbitrary data from the ram of executing guests
- the network adapter of the virtual host is bridged directly in many cases to the public internet, but even when it is connected to a cloud-provided vpn, or uses its own vpn set up by the guest's company, the number of layers is significantly smaller than a server safely tucked away in a secure data center somewhere behind multiple layers of firewalls, dmzs, enterprise intrusion detection devices and so on...
- the block storage itself (EBS for example) is just a few steps away from a potential attacker: yes, EBS is in theory wiped to zero by Amazon, and yes one can run encryption over the top of the EBS, but still, that is only two layers. What if the wipe gets turned off one day without the guest company knowing? What if the guest's SA forgets to encrypt the volume for some reason?
I imagine that none of these problems are insurmountable, but one can see why large corporations would be reticent to move their sensitive servers, or even not so sensitive servers, onto publically available cloud servers?
that could make quite a good book!
Yeah, you can do something similar in debian too, at least you can put that in the /etc/network/interfaces file with a very similar syntax.
However, if you want to do anything other than connect to wpa, say: connect to a legacy wep system, or connect to an open wifi point, then that works less well.
Also, using wpa_supplicant directly is portable across other linux distributions, such as Redhat, whereas using the /etc/network/interfaces file is not.
> There's also a ton of helium. It is not really surprising that these common elements might be found, in combination, in large quantities.
I don't think you'll find helium combining with anything much ;-) I think you meant 'hydrogen' :-P
You can do that using wpa_supplicant. It's less scary than it sounds. Get rid of the existing wpa_supplicant process from /usr/share/dbus-1/services, then run:
wpa_supplicant -D wext -i ra0 -c /etc/wpa_supplicant/wpa_supplicant.conf ... where ra0 is your wifi interface, and wext is invariant.
Add your networks to wpa_supplicant.conf ('man wpa_supplicant.conf').
You can control it and see what it's doing using:
wpa_cli -i ra0 status
I do agree with you though. Here are my thoughs on commandline vs gnome: Windows vs linux 'everything in linux can be scripted -> not really'
I basically don't bother providing non-Windows support any more. It's not that I don't want to, but if I spend all my time using Ubuntu, I know all the little 'gotchas' and workarounds to get wifi in Ubuntu working, so when someone comes to me with Windows with a broken wifi, I just kind of click around, turn the wifi on and off -> no clues.
Put in a Live Ubuntu usb key -> wifi works.
Show them the internet works just fine with my 'magic usb key'. Pull it out, walk away :-P
Or put it this way: my girlfriend uses Ubuntu on her pc, and she's just fine with it. It has an internet browser (firefox), can watch videos (vlc; flash plugin), can handle javascript, and she can read pdf files (evince) and read/write word documents (openoffice).
I kind of think this is how linux will end up in the hands of 'ordinary users': because if they want to count on the support of their geek friend they might find it much easier to get such help if they're running something that their geek friend is happy to support for free.
I felt BAG's post was pretty insightful to be honest. I feel that one could argue that the entire Facebook interface is a type of programming language in some ways. Not Turing complete admittedly. You can argue semantics over what is an isn't a programming language. My feeling is: if you can communicate to the computer something that you want done, and it does it, whatever the semantics that's a pretty cool thing to happen. Can Facebook users communicate what they want to do to Facebook? They seem to do quite well at that I feel. Does Facebook do roughly what they want as a result? Sometimes ;-) but more seriously: yes, I feel that Facebook does exactly what people want.
The 'figuring out what people want' can be implicit in the design of the programming language, and I think that fits in fairly closely I feel to what BAG was saying in his post?
Wow, I never knew about sshfs before. It's *awesome*! Nice info GP, and thanks for highlighting this for me, parent, since I didnt actually read the GP to the end ;-) Wicked.
Well, if you get enough people making theories, some of them are going to get it right, by pure chance, but... how will the leaders choose which people to believe?
It would be too easy. It's run by nerds like us remember? Would you do something the easy way if there was a clever way of doing it instead :-P
Why is the parent modded as 'troll'? Seriously, opensource is great, I contribute to lots of it, but end user-friendly communities they are not... I know i'm risking taking karma loss myself, but ...
Never mind, try again tomorrow. All the best articles come twice!
Looking at the issue of generating power, there are several choices available, and coal is one of those, but so also is nuclear, wind and solar. They're more expensive, and any tiny amount more expensive than oil means they wont be used right now, but they're not *massively* more expensive, its not like ten times or even a hundred times, it's like, well here is one view of coal vs nuclear which evalutes it as 30 dollars per megawatt hour instead of 29.1 ...
Next, you discussed distribution of power, specifically I felt you feel that using coal to generate power means that it's no longer possible to power machinery on farms, or to power transport.
Even today, we have electric powered:
It seems reasonable to suppose that if we wished to, we could make electrically powered farm machinery too. Sure, there may be issues, like disposing of old batteries, but they are not I feel insurmountable issues, and I feel they are not issues that will push our civilisation back to the dawn of the 1900s are you are proposing...
It's only needed for 16-bit programs in Wine. You can modify the value by editing /etc/sysctl.d/wine.sysctl.conf, changing the vm.mmap_min_addr from 0 to 65536, then running /etc/init.d/procps restart. Note : your mileage may vary. Use at your own risk. Etc...
Yeah, to fix this, edit /etc/sysctl.d/wine.sysctl.conf, and replace:
vm.mmap_min_addr = 0
with:
vm.mmap_min_addr = 65536
... then run /etc/init.d/procps restart to reinitialize this value
Yeah, imagine a web-site where you could just ... search ... for things. Who'd ever use such a thing? It'd never make any money!
640k should be enough for anyone!
Some books on the subject:
Yes, and ultimately intelligent computers will actually improve spam detection, since they will be able to analyse, understand, posts sufficiently to check whether they are reasoned posts relevant to the thread, or spam about pharmaceutical enhancements.
We used to use bcc for mass emails, with a note at the bottom to inform users that they had been put in bcc to avoid the problems associated with reply to all.
Pretty simple solution, worked really well, zero additional hardware/software etc required.
Only certain departments (secretary of department heads typically) had the ability to create mass emails, so training was easy.
Slashdotted in 1...2...3....
Yeah, I did the same thing at work, sent bunches of mails to "foo", via Lotus Gateway. Turned out there was a "Huang Foo" who got them all :-D
50GB should be more than enough for anyone!
The GPL is a license to use, copy, distribute, and modify a particular set of code.
...but you can release new code without granting the gpl license on the new code.
You can't retroactively say "oh that's no longer gpl! stop using it!"
Could it make sense to hide some arbitrary data (string of random letters lets say), on a secured network, and give authorisation for anyone anywhere to attack this network, attempt to obtain the letters?
First one to get the letters gets USD500 000; with an extra USD500 000 if they can describe how it was done sufficiently for other people to be able to reproduce these steps. (So, half a million for succeeding, half a million for communicating how they succeeded).