First up I'll admit that I don't really know much about how the software in question works, so my opinion below is based on speculation.
Thinking a bit more about how this model could be implemented, there are fundamentally two components:
the software itself
the protocol used by the software to communicate policy to the network devices
Each of those two components provide an opportunity for attack.
Firstly, as I mentioned before, the software will have bugs in it, and those bugs may be exploitable, such that the software can be used to generate alternative, malicious commands or status messages that the network will obey.
Secondly, the protocol itself may be vulnerable to being spoofed. It may be enough for malware on the host PC to send carefully formed packets that again generate alternative, malicious commands or status messages that the network will obey.
A lot of effort could be put into "securing" the software, making it impervious to exploits. However, I'm sure most people would agree that the only bug free program that has ever existed has been "hello world", and even that relies on external libraries that can have vulnerabilities.
The communications protocol could be "secured" by using mechanisms such as HMACs, and public / private key authentication mechanisms. The protocol could probably be proven secure.
Unfortunately, security is a weakest link problem, so if the software can be exploited to generate "wrong" messages via a secure protocol, security has been compromised.
I think the more broader issue is that "users" shouldn't be trusted to "administer" security policy that they would be effected by. Running security software on the desktop PC that administers the users security policy breaks this rule. The users themselves may not do it directly, however, untrusted software they download or receive as an email payload might.
Hosts shouldn't trust the network to deliver data securely, as the consequences of secure delivery are most felt by the hosts (and therefore the users sitting behind them).
which really should be
Hosts shouldn't trust the network to deliver data securely, as the consequences of insecure delivery are most felt by the hosts (and therefore the users sitting behind them).
What happens if the CSA is compromised ? The network shouldn't trust the host, or any software running it it, to make network protection decisions that the network will blindly follow. This model implies that Cisco believe they can write perfectly secure and perfectly trustworthy software that operates on a perfectly insecure and perfectly untrustworthy OS such as Windows. I'd doubt they actually believe that.
In "Routing in the Internet", Christian Huitma, when describing the Internet architecture, describes why hosts shouldn't trust the network to perform reliable delivery. Hosts have more of an interest in reliable communication than the network as ultimately they will suffer the most if the network isn't as reliable as it says it is; therefore hosts should take the primary interest in ensuring the network delivers data reliably. That leads to absolute reliablity mechanisms in the network being redundant, as the hosts will implement them anyway. This is why TCP is an end-to-end protocol, why the IP header checksum only covers the IP header, and why the network layer in the Internet is only "best-effort".
In a later chapter, regarding QoS, he makes the point that the network shouldn't trust the hosts. The network should provide generally equal service to all its "customers" - the hosts that are attached to the edge of the network. Therefore, if one host is misbehaving, the network should penalise it. That is what the default queuing algorithm (Random Early Dectection) for the Internet does. Some details are in Recommendations on Queue Management and Congestion Avoidance in the Internet.
The same model applies to security. Security should be end-to-end when the host has the most interest in the consequences of lack of security. Hosts shouldn't trust the network to deliver data securely, as the consequences of secure delivery are most felt by the hosts (and therefore the users sitting behind them).
The network's security needs aren't quite the same as the hosts; the main thing the network has to secure is availability and the ability to continue to provide equal service to all its customers (the hosts.) Authentication in routing protocols, secure administration tools such as SNMPv3 and SSH, and traffic rate limiting mechanisms like RED are network security mechanisms that protect the network's service.
Security problems come about when attempts are made to implement host security in the network, and network security in the hosts. For example, a firewall's purpose is really to protect the hosts. The current location for most firewalls is inside the network. Unfortunately that doesn't fully extend the host protection a firewall provides up to the host itself. With the current model, it is easy enough to "unprotect" the host by inserting a device, for example a wireless access point, between the firewall and the host. The firewall may still protect the host from Internet based attackers, however it doesn't protect the host from war drivers. Ideally, a firewall should reside on the host itself, to protect the host from attacks from all (network) directions. Interestingly, that is happening already through evolution - most host OSes are coming with firewalls out of the box. Administration of firewall security policy is a problem with this model, due to the increased number of firewalls to now administer, however, mechanisms are being developed to apply distributed security policy. Distributed Firewalls by Steven M. Bellovin describes this model further.
I'd be pretty sure that the only reason they built the "Great Firewall of China" is because they could sell a lot of kit to do it, as well as establish a relationship and presence in China to sell a lot more kit in the future. If they didn't, probably one of their competitors would have.
Who demands Cisco continue to be a profitable company ? Who demands Cisco continue to provide ever increasing share value, on a trajectory similar to the past ? Who demands that Cisco never accept letting their competitor win a deal ? I'd suggest it is primarily the hard-nosed capitalists in the US, as they have the largest shareholdings in the company.
Arguably, China is becoming more and more a Communist country in name only - it is having to adopt capitalist systems to survive on the world stage. In the short term, there will be conflicts between communist beliefs (and the government who administer them) and capitalist systems they need to survive. The controlling of the Internet via the "Great Firewall of China" is an example.
I think China is on the "slippery slope" towards eventually becoming a Capitalist country. The Chinese government are letting companies become profit and growth/aquisition oriented, the next logical step is to let the citizens themselves adopt the same views. Isn't that what capitalism is fundamentally ?
While I'm not defending the issues listed on that page, Microsoft are directly responsible for the flaws in their software, as they wrote it, where as the products described on the Attrition site came to Cisco via acquisition (the ONS products came from Pirelli (I think the same company that make tires and very "interesting" calendars)), in times when security probably wasn't one of the checkpoints on the due diligence list.
The only "true" Cisco products are routers, IOS, and more recently the IOS that is on the CRS-1. The security record for IOS has been pretty resonable, when you consider that it has and will always be "exposed" to the Internet.
I do remember that X.400 was used, at least here in Australia. I remember a number of years ago seeing a business card with both an Internet email and X.400/X.500 email address on it, so I presume it was used by somebody at one stage.
IS-IS (routing protocol) is probably the most used ISO standard. All the big ISPs use it as their internal routing protocol, as in the past it was more stable than OSPF implementations, and has a few attractive adminstrative features that OSPF doesn't have (e.g., being able to renumber areas without disrupting the network, independent setting of hello (dropdead) timers for routers on a link.).
Will this allow me to actually swap which audio channels are output to which physical connectors?
Not sure. I might have misunderstood what you wanted to do, or rather didn't think enough about it. Just swapping volume around won't change the contents of the channels. However, those utilities might allow you to do something like that, and you could always ask about it on one of the ASLA user mailing lists. It may even be a feature that could be added, as I'd think your scenario would be starting to be common enough.
Just thinking of countries that don't or didn't have extradition treaties with the US. The Great Train Robbers went to Brazil, a Nazis after the second world war went to Agentina, and we always see law breakers running to Mexico in North American movies.
you can save the values of the various controls to file using the alsactl utility. You could then build a graphical widget that executed this utility that saved / loaded the different configurations you want. Somethink like Tk/Tcl could be used for the GUI part.
Another alternative might be to use the amixer utility. You could use a script to swap the volume values of the appropriate channels. eg, the script follows these steps (1) store the volume level of control 1, (2) store the volume level of control 2, (3) load the stored control 1 volume into control 2, (4) load the stored control 2 volume into control 1. Again, you could put a GUI wrapper around it to make it a mouse click.
However, some minor trivia. Apparently in the US it usually indicates that the Letter format paper in the Paper Cassette has run out and needs to be refilled. Here in Australia we used to see it for a different reason. We use A4 paper, which the printer knew was A4. From memory, if you installed Word without setting the region right, or, alternatively used the Default template, which I think defaulted to Letter format paper, you would get this message even if the paper cassette was full of paper - because it was full of A4 paper, not Letter ! This made it less obvious what this message meant, as you couldn't see an obvious reason why the printer didn't print. Fortunately, HP invented the "Continue" button, which made Letter jobs print to A4. Pressing "Continue" was such an easy thing to do that you never really bothered spending the time finding out what the real cause was, and just dismissed it as one of those weird "computer things" that happen ever now and again. Of course, if you did one day look at the paper settings and then set it to A4, the message never showed up. You never quite connected those two events together, so you never really knew how to properly fix it when it occured.
I can't make any specific PPC / big endian recommendations, as I don't have a big endian machine. However, I've played with Linphone and it worked alright. Another one I've come across recently is minisip, which looks pretty good, although I haven't tried it.
For some others to look at, try this Freshmeat search - sip
It's a pity that Skype doesn't comply with any. It's almost inevitable that they'll leverage for their own financial benefit their customer lockin at some point in the future, just like Microsoft do with their closed file formats.
Slashdot Mirror
I don't disagree with your sentiment.
First up I'll admit that I don't really know much about how the software in question works, so my opinion below is based on speculation.
Thinking a bit more about how this model could be implemented, there are fundamentally two components :
Each of those two components provide an opportunity for attack.
Firstly, as I mentioned before, the software will have bugs in it, and those bugs may be exploitable, such that the software can be used to generate alternative, malicious commands or status messages that the network will obey.
Secondly, the protocol itself may be vulnerable to being spoofed. It may be enough for malware on the host PC to send carefully formed packets that again generate alternative, malicious commands or status messages that the network will obey.
A lot of effort could be put into "securing" the software, making it impervious to exploits. However, I'm sure most people would agree that the only bug free program that has ever existed has been "hello world", and even that relies on external libraries that can have vulnerabilities.
The communications protocol could be "secured" by using mechanisms such as HMACs, and public / private key authentication mechanisms. The protocol could probably be proven secure.
Unfortunately, security is a weakest link problem, so if the software can be exploited to generate "wrong" messages via a secure protocol, security has been compromised.
I think the more broader issue is that "users" shouldn't be trusted to "administer" security policy that they would be effected by. Running security software on the desktop PC that administers the users security policy breaks this rule. The users themselves may not do it directly, however, untrusted software they download or receive as an email payload might.
Wire Cutters
I wrote
Hosts shouldn't trust the network to deliver data securely, as the consequences of secure delivery are most felt by the hosts (and therefore the users sitting behind them).
which really should be
Hosts shouldn't trust the network to deliver data securely, as the consequences of insecure delivery are most felt by the hosts (and therefore the users sitting behind them).
What happens if the CSA is compromised ? The network shouldn't trust the host, or any software running it it, to make network protection decisions that the network will blindly follow. This model implies that Cisco believe they can write perfectly secure and perfectly trustworthy software that operates on a perfectly insecure and perfectly untrustworthy OS such as Windows. I'd doubt they actually believe that.
I explain some more about the network security model I believe should be followed in this previous post - Hosts shouldn't trust the network; Network ...
shouldn't trust the hosts.
In "Routing in the Internet", Christian Huitma, when describing the Internet architecture, describes why hosts shouldn't trust the network to perform reliable delivery. Hosts have more of an interest in reliable communication than the network as ultimately they will suffer the most if the network isn't as reliable as it says it is; therefore hosts should take the primary interest in ensuring the network delivers data reliably. That leads to absolute reliablity mechanisms in the network being redundant, as the hosts will implement them anyway. This is why TCP is an end-to-end protocol, why the IP header checksum only covers the IP header, and why the network layer in the Internet is only "best-effort".
In a later chapter, regarding QoS, he makes the point that the network shouldn't trust the hosts. The network should provide generally equal service to all its "customers" - the hosts that are attached to the edge of the network. Therefore, if one host is misbehaving, the network should penalise it. That is what the default queuing algorithm (Random Early Dectection) for the Internet does. Some details are in Recommendations on Queue Management and Congestion Avoidance in the Internet.
The same model applies to security. Security should be end-to-end when the host has the most interest in the consequences of lack of security. Hosts shouldn't trust the network to deliver data securely, as the consequences of secure delivery are most felt by the hosts (and therefore the users sitting behind them).
The network's security needs aren't quite the same as the hosts; the main thing the network has to secure is availability and the ability to continue to provide equal service to all its customers (the hosts.) Authentication in routing protocols, secure administration tools such as SNMPv3 and SSH, and traffic rate limiting mechanisms like RED are network security mechanisms that protect the network's service.
Security problems come about when attempts are made to implement host security in the network, and network security in the hosts. For example, a firewall's purpose is really to protect the hosts. The current location for most firewalls is inside the network. Unfortunately that doesn't fully extend the host protection a firewall provides up to the host itself. With the current model, it is easy enough to "unprotect" the host by inserting a device, for example a wireless access point, between the firewall and the host. The firewall may still protect the host from Internet based attackers, however it doesn't protect the host from war drivers. Ideally, a firewall should reside on the host itself, to protect the host from attacks from all (network) directions. Interestingly, that is happening already through evolution - most host OSes are coming with firewalls out of the box. Administration of firewall security policy is a problem with this model, due to the increased number of firewalls to now administer, however, mechanisms are being developed to apply distributed security policy. Distributed Firewalls by Steven M. Bellovin describes this model further.
I'd be pretty sure that the only reason they built the "Great Firewall of China" is because they could sell a lot of kit to do it, as well as establish a relationship and presence in China to sell a lot more kit in the future. If they didn't, probably one of their competitors would have.
Who demands Cisco continue to be a profitable company ? Who demands Cisco continue to provide ever increasing share value, on a trajectory similar to the past ? Who demands that Cisco never accept letting their competitor win a deal ? I'd suggest it is primarily the hard-nosed capitalists in the US, as they have the largest shareholdings in the company.
Arguably, China is becoming more and more a Communist country in name only - it is having to adopt capitalist systems to survive on the world stage. In the short term, there will be conflicts between communist beliefs (and the government who administer them) and capitalist systems they need to survive. The controlling of the Internet via the "Great Firewall of China" is an example.
I think China is on the "slippery slope" towards eventually becoming a Capitalist country. The Chinese government are letting companies become profit and growth/aquisition oriented, the next logical step is to let the citizens themselves adopt the same views. Isn't that what capitalism is fundamentally ?
While I'm not defending the issues listed on that page, Microsoft are directly responsible for the flaws in their software, as they wrote it, where as the products described on the Attrition site came to Cisco via acquisition (the ONS products came from Pirelli (I think the same company that make tires and very "interesting" calendars)), in times when security probably wasn't one of the checkpoints on the due diligence list.
The only "true" Cisco products are routers, IOS, and more recently the IOS that is on the CRS-1. The security record for IOS has been pretty resonable, when you consider that it has and will always be "exposed" to the Internet.
is the place to go.
I do remember that X.400 was used, at least here in Australia. I remember a number of years ago seeing a business card with both an Internet email and X.400/X.500 email address on it, so I presume it was used by somebody at one stage.
IS-IS (routing protocol) is probably the most used ISO standard. All the big ISPs use it as their internal routing protocol, as in the past it was more stable than OSPF implementations, and has a few attractive adminstrative features that OSPF doesn't have (e.g., being able to renumber areas without disrupting the network, independent setting of hello (dropdead) timers for routers on a link.).
Will this allow me to actually swap which audio channels are output to which physical connectors?
Not sure. I might have misunderstood what you wanted to do, or rather didn't think enough about it. Just swapping volume around won't change the contents of the channels. However, those utilities might allow you to do something like that, and you could always ask about it on one of the ASLA user mailing lists. It may even be a feature that could be added, as I'd think your scenario would be starting to be common enough.
Just thinking of countries that don't or didn't have extradition treaties with the US. The Great Train Robbers went to Brazil, a Nazis after the second world war went to Agentina, and we always see law breakers running to Mexico in North American movies.
or rather, a bastardised, ocker version of it :-).
.to help you with your spelling. It is explicit or implicit .
I realise English could be your second language, you can use that as a reason to get even more sympathy from her.
you can save the values of the various controls to file using the alsactl utility. You could then build a graphical widget that executed this utility that saved / loaded the different configurations you want. Somethink like Tk/Tcl could be used for the GUI part.
Another alternative might be to use the amixer utility. You could use a script to swap the volume values of the appropriate channels. eg, the script follows these steps (1) store the volume level of control 1, (2) store the volume level of control 2, (3) load the stored control 1 volume into control 2, (4) load the stored control 2 volume into control 1. Again, you could put a GUI wrapper around it to make it a mouse click.
I should proof read more often !
Other contries to consider are Mexico and Argentina.
I didn't think there could be much room left for new invention in volume controls.
Have a browse around Direct Rendering Open Source Project for details of video cards with open source 3D drivers.
How much time would it take to port it over ?
I'm sure you probably knew that.
However, some minor trivia. Apparently in the US it usually indicates that the Letter format paper in the Paper Cassette has run out and needs to be refilled. Here in Australia we used to see it for a different reason. We use A4 paper, which the printer knew was A4. From memory, if you installed Word without setting the region right, or, alternatively used the Default template, which I think defaulted to Letter format paper, you would get this message even if the paper cassette was full of paper - because it was full of A4 paper, not Letter ! This made it less obvious what this message meant, as you couldn't see an obvious reason why the printer didn't print. Fortunately, HP invented the "Continue" button, which made Letter jobs print to A4. Pressing "Continue" was such an easy thing to do that you never really bothered spending the time finding out what the real cause was, and just dismissed it as one of those weird "computer things" that happen ever now and again. Of course, if you did one day look at the paper settings and then set it to A4, the message never showed up. You never quite connected those two events together, so you never really knew how to properly fix it when it occured.
The truth shall set you free.
SIP
You might want to watch out, unless you work for them, they'll want you thrown in jail.
It's not open source ... and doesn't use open VoIP standards such as SIP.
I can't make any specific PPC / big endian recommendations, as I don't have a big endian machine. However, I've played with Linphone and it worked alright. Another one I've come across recently is minisip, which looks pretty good, although I haven't tried it.
For some others to look at, try this Freshmeat search - sip
It's a pity that Skype doesn't comply with any. It's almost inevitable that they'll leverage for their own financial benefit their customer lockin at some point in the future, just like Microsoft do with their closed file formats.