Posting my status updates and photos into yet another company's database doesn't appeal in the slightest. Put aside for the moment that they could be bought up and have their privacy policy changed. The inevitable data breach will expose my data in the end. There's a lot of talk about how Facebook sells our data to third parties. But how about why they are keeping it for so long in the first place?
I imagine it would not be stored centrally but in the TPM where the TPM says yay or nae when presented with the image. In theory the TPM doesn't release the actual key even to the BIOS but rather just does the authentication. But who knows what kinds of attacks they can withstand when physically pulled off the mainboard.
I've seen cases recently where people crossing the border from one nation to another have been asked to enter their phone or laptop password for inspection. They are at this point free to refuse to divulge this information though there may be the obvious consequences. Using biometrics, would it not be possible for an attacker to simply force one to provide biometrics to unlock a device? What about other attacks such as a spouse unlocking a device using his/her partner's fingerprint while (s)he is asleep? I would think this would open up new security holes for the ones it fixes.
from www.pckeyboard.com - based on the IBM model M. You will not need a new keyboard again for a good many years. I prefer the buckling spring types but the silent ones have excellent travel as well.
Agree with parent here. I would add that as you are finished your first two years, you have jumped through the hoops which cause most people to drop. First year maths, stats etc. In years 3 and 4, things get much more interesting. Stick it out and you'll be a better programmer as a result. Yes, web developer == programmer.
This is not the fault of the currency. It is a fault of the exchange provider and the users of the currency really need to be careful in who they put their trust. I'm sorry but noone without a great deal of development experience should be writing a Bitcoin exchange or any other type of financial exchange exposed to the internet. The attackers got hold of the unencrypted wallet? Why would an exchange wallet ever be unencrypted? Why is there a single wallet in the first place? Why not have seperate wallets per user account encrypted with their own passphrase such that the site operator doesn't even have access? Maybe a master password override to decrypt but never stored online etc. Why is the wallet stored on the webserver in the first place? Why aren't funds transfered to offline storage on a regular basis? I could go on.
I am not sure how it works in the US, but here in Canada when a celco changes its terms, it allows the end user to cancel his contract without an ECF. That is, unless the celco agrees to honour the terms of the original contract as signed for its duration. So assuming the 2 year contract also says something to the effect of user agrees with the privacy policy, I would argue that makes the privacy policy part of the contract and is thus grounds for cancelation. Thoughts?
With the recent MTGox compromise, I've been looking at a better password system. It looks like one way to go is to use a program like password safe or keesafe to generate unique passwords per website. However, I'm curious as to how resistant these master files are to GPU attacks. GPUs basically sliced through the MTGox MD5 hashes like butter. How long would it take a higher-end distributed cluster to break a Password Safe master file? It's blowfish encrypted I believe.
I realize this article is coming from a corporate perspective but from a home user's perspective, I am really getting quite a lot from IPV6. I once had to poke holes in my firewall to get at internal machines on nonstandard ports when away from home. Now that they are IPV6 enabled,, I can address them directly. I can also access my Samba shares (ISP port blocking) and the SIP protocol works much better now that NAT is not involved.
The tunneling does add latency though so here's hoping the ISPs get native connectivity soon now.
Actually, DKIM can be used to guarantee a sender. We're using DKIM here with ADSP. That is: _adsp._domainkey TXT "DKIM=ALL" tells a receiver that all emails from our domains should be signed. Since the keys themselves are published in our DNS, a machine not under our control should not be able to send an email purporting to be from our domain.
I'm not sure but I would think that mechanism would make SPF irrelavent. Assuming antispam software actually checked the adsp dkim records.
That's the thing I don't understand about the whole Symbian open sourcing and the excitement around it. Unless I am off-base, it's not like a programmer will be able to pick up the Symbian codebase, make a modification, compile a new kernel and flash it into his phone. If that's the level of open-sourcing we're talking about here, disabling 'Symbian Signed' will be trivial. Is this geared more toward device manufacturers? IE. end-users and developers need not care?
I'm not a big fan of this one myself. Mainly
because the funds are withdrawn from Paypal
balance or chequing account. Paypal gets their
2%-3.5% from the merchant and I don't see any of
that. With a regular credit card, I can get 1%
cashback on the transaction as well as 30 days
interest free before I actually have to pay.
These vurtual cards unless offered directly by
the card issuer (I believe Amex does this) don't
offer the same consumer benefits.
Besides, if by chance an evil website logs my
cc number and distributes it through all the
underground channels, I'm not liable in any case
so where's the advantage?
A bit ot perhaps but I'm wondering how the
fellow can measure the average amount of time a
user spends on a site. If I visit a site by
clicking an add, his log shows 1 entry. The
referer of which should be google btw so
how he traces the ad display source is also a
mystery. If I read his pitch and navigate away
or simply close the site, that action isn't
logged. He only sees the initial hit so how can
the assumption be made of an average few second
visit?
Agreed, definitely not what I'd consider
silent. I built something recently for the
stereo cabinet that did actually need to be
silent. Was based on the Via Epia stuff, an
external power brick, PXE boots over the
network with an NFS root. That's the only way I
know of to build a silent HTPC presently. Afaik,
any pentium-m based system needs fan cooling
though I could be wrong.
Also worth a check-out is
Interactive Brokers. They're who I use and
the cheapest around afaik.
One strategy I've found does fairly well for
me in options is selling call and put spreads.
You need a bit of knowledge in statistics but
there's a wealth of information out there on how
to do it. I've never been big on long option
positions though. They seldom have worked for
me.
I realize this wouldn't be suitable for large companies but for my home
network, I just use a regular webhosting provider for system backups. I use
one-and-one which is $4.95/mo for 50gb of space, duplicity on the Linux side
which is able to gpg encrypt the volumes and incrementally backup the
systems, transfering the volumes over FTP to the webhost. The backup
directory is configured so as not to be publicly accessible but it's gpg
encrypted in any case.
I'm not a big fan of rsync backups. In the case of an accidental
deletion or worse, gradual FS corruption, the corrupt data gets transfered
over in the nightly rsync and your backups are useless. Same if a cracker
deletes content, those deletes hapilly spread to the rsync mirrors if not
caught before the scheduled run.
Well that's certainly possible. The card only
had something like 128mb of onboard ram where the
server had 2gb. However, I don't see how that
could be a major factor. If I do a random read
and that data is cached on the system, I get it
from cache regardless of whether I am using
softraid or hardware. Same for a write, it's
gonna use system ram for a bit and flush
it out when it's good and ready regardless of the
underlying hardware.. In otherwords, the raid
should still benefit from the 2gb of ram even in
a hardware raid configuration.
Afaik, raid5 is heavily dependant on a xor
algorithm. I know with Linux md, it has several
ways of doing it. It can use sse, sse2 etc. I'd
be interested in seeing results of the actual xor
thruput.
Because it's often slower to do so. We ran tests on a good Adaptec u320
raid controler about a year back and though cpu usage was good. We got much
better performance out of Linux softraid5. I would suspect this was because
the host cpu was faster than that on the controler.
Not to mention there is a huge cost savings in going with a softraid
solution.
One of the reasons we haven't been able to move to athlon64 is the lack
of Linux support on the nforce5 chipsets. In particular, SATA NCQ has never
worked and afaik, they required an NDA for the ATA developers to work on
this. I've also heard the ethernet has some issues. So let's hope these
chipsets open up a bit.
Intel's chipsets have excellent Linux support BTW from the open ahci SATA
to the e1000 ethernet drivers.
Slashdot Mirror
Posting my status updates and photos into yet another company's database doesn't appeal in the slightest. Put aside for the moment that they could be bought up and have their privacy policy changed. The inevitable data breach will expose my data in the end. There's a lot of talk about how Facebook sells our data to third parties. But how about why they are keeping it for so long in the first place?
CBP: "That's right folks. Store your data in the cloud because that is where it is most secure." Well played but no thanks.
I imagine it would not be stored centrally but in the TPM where the TPM says yay or nae when presented with the image. In theory the TPM doesn't release the actual key even to the BIOS but rather just does the authentication. But who knows what kinds of attacks they can withstand when physically pulled off the mainboard.
I've seen cases recently where people crossing the border from one nation to another have been asked to enter their phone or laptop password for inspection. They are at this point free to refuse to divulge this information though there may be the obvious consequences. Using biometrics, would it not be possible for an attacker to simply force one to provide biometrics to unlock a device? What about other attacks such as a spouse unlocking a device using his/her partner's fingerprint while (s)he is asleep? I would think this would open up new security holes for the ones it fixes.
from www.pckeyboard.com - based on the IBM model M. You will not need a new keyboard again for a good many years. I prefer the buckling spring types but the silent ones have excellent travel as well.
She should forfeit her compensation package as a consequence of her falsifying her application.
Agree with parent here. I would add that as you are finished your first two years, you have jumped through the hoops which cause most people to drop. First year maths, stats etc. In years 3 and 4, things get much more interesting. Stick it out and you'll be a better programmer as a result. Yes, web developer == programmer.
This is not the fault of the currency. It is a fault of the exchange provider and the users of the currency really need to be careful in who they put their trust.
I'm sorry but noone without a great deal of development experience should be writing a Bitcoin exchange or any other type of financial exchange exposed to the internet. The attackers got hold of the unencrypted wallet? Why would an exchange wallet ever be unencrypted? Why is there a single wallet in the first place? Why not have seperate wallets per user account encrypted with their own passphrase such that the site operator doesn't even have access? Maybe a master password override to decrypt but never stored online etc.
Why is the wallet stored on the webserver in the first place? Why aren't funds transfered to offline storage on a regular basis? I could go on.
I am not sure how it works in the US, but here in Canada when a celco changes its terms, it allows the end user to cancel his contract without an ECF. That is, unless the celco agrees to honour the terms of the original contract as signed for its duration. So assuming the 2 year contract also says something to the effect of user agrees with the privacy policy, I would argue that makes the privacy policy part of the contract and is thus grounds for cancelation. Thoughts?
I use the Netgear WNDR3700 which works quite well with OpenWRT. Having said that, really slashdot? Slow day?
Bitcoin currently has no passwords. If you get their wallet.dat, it's all over.
With the recent MTGox compromise, I've been looking at a better password system. It looks like one way to go is to use a program like password safe or keesafe to generate unique passwords per website. However, I'm curious as to how resistant these master files are to GPU attacks. GPUs basically sliced through the MTGox MD5 hashes like butter. How long would it take a higher-end distributed cluster to break a Password Safe master file? It's blowfish encrypted I believe.
I realize this article is coming from a corporate perspective but from a home user's perspective, I am really getting quite a lot from IPV6. I once had to poke holes in my firewall to get at internal machines on nonstandard ports when away from home. Now that they are IPV6 enabled,, I can address them directly. I can also access my Samba shares (ISP port blocking) and the SIP protocol works much better now that NAT is not involved.
The tunneling does add latency though so here's hoping the ISPs get native connectivity soon now.
Actually, DKIM can be used to guarantee a sender. We're using DKIM here with ADSP. That is:
_adsp._domainkey TXT "DKIM=ALL"
tells a receiver that all emails from our domains should be signed. Since the keys themselves are published in our DNS, a machine not under our control should not be able to send an email purporting to be from our domain.
I'm not sure but I would think that mechanism would make SPF irrelavent. Assuming antispam software actually checked the adsp dkim records.
That's the thing I don't understand about the whole Symbian open sourcing and the excitement around it. Unless I am off-base, it's not like a programmer will be able to pick up the Symbian codebase, make a modification, compile a new kernel and flash it into his phone. If that's the level of open-sourcing we're talking about here, disabling 'Symbian Signed' will be trivial. Is this geared more toward device manufacturers? IE. end-users and developers need not care?
I'm not a big fan of this one myself. Mainly because the funds are withdrawn from Paypal balance or chequing account. Paypal gets their 2%-3.5% from the merchant and I don't see any of that. With a regular credit card, I can get 1% cashback on the transaction as well as 30 days interest free before I actually have to pay. These vurtual cards unless offered directly by the card issuer (I believe Amex does this) don't offer the same consumer benefits.
Besides, if by chance an evil website logs my cc number and distributes it through all the underground channels, I'm not liable in any case so where's the advantage?
Though downloading may or may not be declining here in Canada, what do you think the chances are of them reducing or eliminating the blank media tax?
A bit ot perhaps but I'm wondering how the fellow can measure the average amount of time a user spends on a site. If I visit a site by clicking an add, his log shows 1 entry. The referer of which should be google btw so how he traces the ad display source is also a mystery. If I read his pitch and navigate away or simply close the site, that action isn't logged. He only sees the initial hit so how can the assumption be made of an average few second visit?
Agreed, definitely not what I'd consider silent. I built something recently for the stereo cabinet that did actually need to be silent. Was based on the Via Epia stuff, an external power brick, PXE boots over the network with an NFS root. That's the only way I know of to build a silent HTPC presently. Afaik, any pentium-m based system needs fan cooling though I could be wrong.
Also worth a check-out is Interactive Brokers. They're who I use and the cheapest around afaik.
One strategy I've found does fairly well for me in options is selling call and put spreads. You need a bit of knowledge in statistics but there's a wealth of information out there on how to do it. I've never been big on long option positions though. They seldom have worked for me.
I realize this wouldn't be suitable for large companies but for my home network, I just use a regular webhosting provider for system backups. I use one-and-one which is $4.95/mo for 50gb of space, duplicity on the Linux side which is able to gpg encrypt the volumes and incrementally backup the systems, transfering the volumes over FTP to the webhost. The backup directory is configured so as not to be publicly accessible but it's gpg encrypted in any case.
I'm not a big fan of rsync backups. In the case of an accidental deletion or worse, gradual FS corruption, the corrupt data gets transfered over in the nightly rsync and your backups are useless. Same if a cracker deletes content, those deletes hapilly spread to the rsync mirrors if not caught before the scheduled run.
Well that's certainly possible. The card only had something like 128mb of onboard ram where the server had 2gb. However, I don't see how that could be a major factor. If I do a random read and that data is cached on the system, I get it from cache regardless of whether I am using softraid or hardware. Same for a write, it's gonna use system ram for a bit and flush it out when it's good and ready regardless of the underlying hardware.. In otherwords, the raid should still benefit from the 2gb of ram even in a hardware raid configuration.
Afaik, raid5 is heavily dependant on a xor algorithm. I know with Linux md, it has several ways of doing it. It can use sse, sse2 etc. I'd be interested in seeing results of the actual xor thruput.
Because it's often slower to do so. We ran tests on a good Adaptec u320 raid controler about a year back and though cpu usage was good. We got much better performance out of Linux softraid5. I would suspect this was because the host cpu was faster than that on the controler.
Not to mention there is a huge cost savings in going with a softraid solution.
One of the reasons we haven't been able to move to athlon64 is the lack of Linux support on the nforce5 chipsets. In particular, SATA NCQ has never worked and afaik, they required an NDA for the ATA developers to work on this. I've also heard the ethernet has some issues. So let's hope these chipsets open up a bit.
Intel's chipsets have excellent Linux support BTW from the open ahci SATA to the e1000 ethernet drivers.