When we moved into our house, the fridge and stove were so nasty we refused to even try to clean them. I went out and bought new. I took the old ones to the curb with no signs. Gone in 2 hours.
I just had another thought. All of these people seem to have no trouble learning to memorize and use all that crappy texting/im slang. They know what wtfbbq means, how hard is it to learn the 'haxor' for those passwords?
I understand your point, but unfortunately because of the way truecrypt works, the password can only be set by an admin users, so either, everyone has to call IT and set their password, or we have to program a function to allow them to do that.
The only other option is to pay for software to do full disk encryption. So there are lots of trade offs. Although in terms of brute forcing, the idea is that they stole the laptop and are trying to brute force it. So there really isn't anything we do to stop them from trying all they want.
So far we have not had any complaints from most of our users. We did have a few and they have been given the option to bring the laptop to us and have us set the password to whatever they want (providing it meets our password guidelines).
We do not enforce any kind of password rotation on the full disk encryption, however we do force password rotations on our network. I believe currently we force password rotation with no duplicates every 90 days. It is a pain for me because I like patterned passwords and it always takes me a week or so to get used to the new pattern.
Actually the password generator I wrote makes 'speakable' password. These tend to be much easier to remember. so instead of 7yg$rt0 you get something like qB3r7! (ie qbert! short for the sake of the conversation).
We do allow them to set their own password if the really throw a fit, but it has to conform to our password policy (min 8 characters mixed). We figure that is enough security for us.
We did a testing rollout with our IT department first and then picked our worst users for a second test. Once we were sure they had no issues, we rolled out to everyone. If truecrypt supported usb key + password authentication for full disk encryption we would probably implement that on our 'high risk' systems.
Most of our systems are not high risk, they contain no 'dangerous' information such as student information. We decided to encrypt everything simply to get all of our users used to the idea of full disk and usb stick (all usb sticks are also to use truecrypt) encryption. We want to engrain this into the culture so that when someone does have a job where sensitive data might be transported on a notebook (say our CFO) they are already used to the idea.
After reviewing the costs of most commercial software for a mid size deployment we decided we could hack it out with truecrypt. I wrote a small database application that stores the recovery iso and the password for each machine (in case IT needs to get into the machine). So far truecrypt has worked great and is easy to install, we just drop an image then start the encryption process. Then we supply the end users with the password needed to unlock their machines (dynamically generated). We don't have to worry about them changing the password because they are not administrators on their computers.
Now if we can just figure out how to prevent them from keeping the password written on a sticky note.
I worked in the health care software industry for about 7 years. HIPAA is so poorly written you can really interpret it to be as lax or as strict as you want.
At one major software company we would frequently print out screen shots of actually patients health records to send to programs to point out bugs. These would hang around the office, be attached to support calls that anyone who cared to look could find, including remote user/password for every doctors office that used our software.
But it was all ok, cause we signed a agreement saying we would respect hipaa, which was never even explained.
why not, that was what sun told us about solaris 9. They said there is not an automatic patch for solaris 9, but to update to solaris 10 or install our own version.
Do you take it in the butt as well? Not the whole thing, but just the tip.
Just kidding, I totally agree with you. I tend to drink just for the enjoyment of drinking. However my friends drink to get drunk, sometimes I find myself in a spot of binge drinking trouble.
To them I am sure it is reasonable to keep it until they have access to your data. So if you encrypt it, and do not give the key, they are probably going to hold you in jail until you do, and if not then they are going to hold the notebook until they can crack it (aka, you never get it back)
Are you sure about that, In my area we have a few cell phone companies, but in the places I need to travel to (out in the countryside) there is only one company with any service.
I have tried ATT, tmobile, sprint, etc. None of them functioned where I work, except for one....
Verizon.
I hate verizon's phone choices, I hate their restrictions, etc. But I simply do not have a choice.
I'm sure there are places where the same is true about att.
I've played nwn mods that destroyed the original campaign, made by one guy in his spare time.
Graphics do not make a game, creativity, controls and story make a game. It is possible to make great games that look like they come out of the nintendo era.
I'm assuming your being sarcastic, but I want to post to be sure.
I totally understand all that. I was actually asking for tools/programs that would allow me to have full disk encryption on my mac. We already have full disk encryption on my windows machine via truecrypt (it does full disk encryption on windows) and on my linux box via lvm encryption (thanks ubuntu for making that so easy!).
What I need is one for mac (as you pointed out, filevault is not full disk encryption.)
BTW full disk encryption via truecrypt is very awesome imho. It works fast and painlessly and allows you to have a hidden install of windows (for plausible deniability). It is also free which makes it the most affordable solution for a single user (who probably has xp and does not want to pay for a vista upgrade).
Not that it can't be themed, but to me the default kde 4 and 4.1 screenshots I've seen are just down right ugly. I much prefer the look of gnome and even kde 3.5
Which brings up a question I've had for a while but not had the energy to investigate. All of the notebooks we use where I work are encrypted with full disk encryption. Are there any good applications for doing the same on my personal macbook?
Currently I use truecrypt to create volumes to store all my personal information, but I would love full disk encryption.
My experience with companys that try to steal data has been laughable. The best the last guy could get was that we gave him a sheet of blank paper and a empty cardbord box.
He claimed he could use this to steal more data. We are a community college, if someone comes in asking for a sheet of paper, I feel we would be rude not to give it to them.
He also took issue with my office being unlocked. Of course my notebook is full disk encrypted and always on my person so the most he could of stole was my monitor after he unscrewed it from the arm it is attached to. He didn't even find my silly 'master password list' I invented and left in my top drawer.
I did indeed upgrade my hard drive in my mbp, it was a pain in the ass. Nowhere near as simple as my dell. I would not call it user serviceable, unlike replacing the ram, if you do not know exactly what you are doing you can really fuck up your mbp.
Only in the macbook can you easily service the ram and hard drive. In the macbook pro the only 'user' serviceable part is the ram. The reality of taking apart a macbook pro is out of the reach of most users.
Indeed, I finally got around to checking. The firefox application is owned by my user account and not by root in the/Applications directory. It seems VLC and a few other apps are also like this.
Again, how is it your business to decide who I should want as customers? If I exclude my market, then I will go out of business.
There are companies out there right now that exclude me from their market. For example I hate teen pop music, so I am not the target market for disney. Handicap people are a target market. If I make it accessible, that means I want their business, if I don't then it means I don't want it. But I should not be required to.
Perhaps, sense I already knew everyone was going to make that argument, you should realize that none of you have thought this though from a business perspective.
If I was a reseller to businesses I probably would not have a store front. I would have salesmen that I would send out. So bulk purchases are not a issue. Secondly, how many disabled people are going to buy my product as gifts? Is that profit greater then the cost of building a handicap accessible walkway to my business? If I make one handicap modification, I've opened the door to lawsuits if I do not cater to every handicap need. So now I have to take in that cost.
The bottom line is it should be MY decision on which customers I wish to target, not the government. So lets take this to a crazy extreme. If I owned a bar and did not want to serve blacks, that should be my right. Sure it is racist, but that should be my right. I own the property, I should choose how it is run. Now I personally would not go to a racist bar, but I would not begrudge the right.
Here is another example, my county has banned smoking in bars. How is that their right? As a non-smoker, I choose to go to non-smoking restaurants and stay out of bars for that reason (I don't like smoke.) However, I feel it is NOT my right to tell people who bought property and pay taxes that they must restrict a legal action on their property. Simply because it inconveniences some people (non-smokers) to go there. IF the non-smokers were such a market, they they would be catered to. Obviously they are not a market or there would be smoke free bars without laws being made.
I guess I'm saying let the free market do what it does best. Forcing the hand of business is a bad thing.
I'm not sure what your site required. I use jquery for 'normal' websites. For internal applications however I have been using the extjs toolkit and loving it.
Slashdot Mirror
When we moved into our house, the fridge and stove were so nasty we refused to even try to clean them. I went out and bought new. I took the old ones to the curb with no signs. Gone in 2 hours.
So you don't have the tools to do your job, yet are expected to do your job?
Sucks to be you.
I just had another thought. All of these people seem to have no trouble learning to memorize and use all that crappy texting/im slang. They know what wtfbbq means, how hard is it to learn the 'haxor' for those passwords?
Gotta love selective learning.
I understand your point, but unfortunately because of the way truecrypt works, the password can only be set by an admin users, so either, everyone has to call IT and set their password, or we have to program a function to allow them to do that.
The only other option is to pay for software to do full disk encryption. So there are lots of trade offs. Although in terms of brute forcing, the idea is that they stole the laptop and are trying to brute force it. So there really isn't anything we do to stop them from trying all they want.
So far we have not had any complaints from most of our users. We did have a few and they have been given the option to bring the laptop to us and have us set the password to whatever they want (providing it meets our password guidelines).
We do not enforce any kind of password rotation on the full disk encryption, however we do force password rotations on our network. I believe currently we force password rotation with no duplicates every 90 days. It is a pain for me because I like patterned passwords and it always takes me a week or so to get used to the new pattern.
Actually the password generator I wrote makes 'speakable' password. These tend to be much easier to remember. so instead of 7yg$rt0 you get something like qB3r7! (ie qbert! short for the sake of the conversation).
We do allow them to set their own password if the really throw a fit, but it has to conform to our password policy (min 8 characters mixed). We figure that is enough security for us.
We did a testing rollout with our IT department first and then picked our worst users for a second test. Once we were sure they had no issues, we rolled out to everyone. If truecrypt supported usb key + password authentication for full disk encryption we would probably implement that on our 'high risk' systems.
Most of our systems are not high risk, they contain no 'dangerous' information such as student information. We decided to encrypt everything simply to get all of our users used to the idea of full disk and usb stick (all usb sticks are also to use truecrypt) encryption. We want to engrain this into the culture so that when someone does have a job where sensitive data might be transported on a notebook (say our CFO) they are already used to the idea.
After reviewing the costs of most commercial software for a mid size deployment we decided we could hack it out with truecrypt. I wrote a small database application that stores the recovery iso and the password for each machine (in case IT needs to get into the machine). So far truecrypt has worked great and is easy to install, we just drop an image then start the encryption process. Then we supply the end users with the password needed to unlock their machines (dynamically generated). We don't have to worry about them changing the password because they are not administrators on their computers.
Now if we can just figure out how to prevent them from keeping the password written on a sticky note.
I worked in the health care software industry for about 7 years. HIPAA is so poorly written you can really interpret it to be as lax or as strict as you want.
At one major software company we would frequently print out screen shots of actually patients health records to send to programs to point out bugs. These would hang around the office, be attached to support calls that anyone who cared to look could find, including remote user/password for every doctors office that used our software.
But it was all ok, cause we signed a agreement saying we would respect hipaa, which was never even explained.
why not, that was what sun told us about solaris 9. They said there is not an automatic patch for solaris 9, but to update to solaris 10 or install our own version.
Do you take it in the butt as well? Not the whole thing, but just the tip.
Just kidding, I totally agree with you. I tend to drink just for the enjoyment of drinking. However my friends drink to get drunk, sometimes I find myself in a spot of binge drinking trouble.
mod this up!!!
This is how things should work.
I don't see how this is a troll
To them I am sure it is reasonable to keep it until they have access to your data. So if you encrypt it, and do not give the key, they are probably going to hold you in jail until you do, and if not then they are going to hold the notebook until they can crack it (aka, you never get it back)
Are you sure about that, In my area we have a few cell phone companies, but in the places I need to travel to (out in the countryside) there is only one company with any service.
I have tried ATT, tmobile, sprint, etc. None of them functioned where I work, except for one....
Verizon.
I hate verizon's phone choices, I hate their restrictions, etc. But I simply do not have a choice.
I'm sure there are places where the same is true about att.
I've played nwn mods that destroyed the original campaign, made by one guy in his spare time.
Graphics do not make a game, creativity, controls and story make a game. It is possible to make great games that look like they come out of the nintendo era.
I'm assuming your being sarcastic, but I want to post to be sure.
I totally understand all that. I was actually asking for tools/programs that would allow me to have full disk encryption on my mac. We already have full disk encryption on my windows machine via truecrypt (it does full disk encryption on windows) and on my linux box via lvm encryption (thanks ubuntu for making that so easy!).
What I need is one for mac (as you pointed out, filevault is not full disk encryption.)
BTW full disk encryption via truecrypt is very awesome imho. It works fast and painlessly and allows you to have a hidden install of windows (for plausible deniability). It is also free which makes it the most affordable solution for a single user (who probably has xp and does not want to pay for a vista upgrade).
Not that it can't be themed, but to me the default kde 4 and 4.1 screenshots I've seen are just down right ugly. I much prefer the look of gnome and even kde 3.5
Which brings up a question I've had for a while but not had the energy to investigate. All of the notebooks we use where I work are encrypted with full disk encryption. Are there any good applications for doing the same on my personal macbook?
Currently I use truecrypt to create volumes to store all my personal information, but I would love full disk encryption.
My experience with companys that try to steal data has been laughable. The best the last guy could get was that we gave him a sheet of blank paper and a empty cardbord box.
He claimed he could use this to steal more data. We are a community college, if someone comes in asking for a sheet of paper, I feel we would be rude not to give it to them.
He also took issue with my office being unlocked. Of course my notebook is full disk encrypted and always on my person so the most he could of stole was my monitor after he unscrewed it from the arm it is attached to. He didn't even find my silly 'master password list' I invented and left in my top drawer.
Personally, I was in favor of turning the entire TV spectrum into a public wifi service and streaming tv shows over it.
I did indeed upgrade my hard drive in my mbp, it was a pain in the ass. Nowhere near as simple as my dell. I would not call it user serviceable, unlike replacing the ram, if you do not know exactly what you are doing you can really fuck up your mbp.
Only in the macbook can you easily service the ram and hard drive. In the macbook pro the only 'user' serviceable part is the ram. The reality of taking apart a macbook pro is out of the reach of most users.
Indeed, I finally got around to checking. The firefox application is owned by my user account and not by root in the /Applications directory. It seems VLC and a few other apps are also like this.
Again, how is it your business to decide who I should want as customers? If I exclude my market, then I will go out of business.
There are companies out there right now that exclude me from their market. For example I hate teen pop music, so I am not the target market for disney. Handicap people are a target market. If I make it accessible, that means I want their business, if I don't then it means I don't want it. But I should not be required to.
Perhaps, sense I already knew everyone was going to make that argument, you should realize that none of you have thought this though from a business perspective.
If I was a reseller to businesses I probably would not have a store front. I would have salesmen that I would send out. So bulk purchases are not a issue. Secondly, how many disabled people are going to buy my product as gifts? Is that profit greater then the cost of building a handicap accessible walkway to my business? If I make one handicap modification, I've opened the door to lawsuits if I do not cater to every handicap need. So now I have to take in that cost.
The bottom line is it should be MY decision on which customers I wish to target, not the government. So lets take this to a crazy extreme. If I owned a bar and did not want to serve blacks, that should be my right. Sure it is racist, but that should be my right. I own the property, I should choose how it is run. Now I personally would not go to a racist bar, but I would not begrudge the right.
Here is another example, my county has banned smoking in bars. How is that their right? As a non-smoker, I choose to go to non-smoking restaurants and stay out of bars for that reason (I don't like smoke.) However, I feel it is NOT my right to tell people who bought property and pay taxes that they must restrict a legal action on their property. Simply because it inconveniences some people (non-smokers) to go there. IF the non-smokers were such a market, they they would be catered to. Obviously they are not a market or there would be smoke free bars without laws being made.
I guess I'm saying let the free market do what it does best. Forcing the hand of business is a bad thing.
I'm not sure what your site required. I use jquery for 'normal' websites. For internal applications however I have been using the extjs toolkit and loving it.