As an end-user of OO.o, I really don't care either way as long as the functionality is there.
As a network administrator, I have something against java. A JRE means more software to install and mantain, and it also tends to be a memory hog. Most things related to java (tomcat comes to my mind) do not play ball with certain security features (such as priviledge dropping).
To me as an admin, JRE is just more headaches.
As a power user, JRE is software whose only function is to run software. Considering I have a hardware solution for that (my own PC), it is basically software without "function" (as discussed earlier in the thread.
Now, having a JRE for a programmer makes sense. It allows you to program once and use everywhere. Except it is not really like that, because every S.O. has little details that are important (COM1 vs./dev/ttyS0). Even with abstraction layers (more overhead) some details are eventually noted (before you flame me, those problems are subtler than/dev/ttySx issues, I couldn't describe them correctly, I'm not a programmer, but I've been seing things in java "made for linux" or "made for windows" at work).
The problem, I think is that most people in the java community have adopted a silly idea that java is meant to be run on a JVM, when the reality is that java (the language) is just one of a lot of languages. Because of that, almost nobody cares to implement a java compiler (I know about gcj, that's why I said "almost"), and almost everybody is depending on a JVM (Sun's or someone else's).
If the java people settled on "portability when it's needed" instead of "portability at all costs", we would probably have at least a reference java compiler and OO.o could be then downloaded in binary form, thus making the fact that some parts are written in java a non-issue.
Well, we already import scientists from all over the world because our students either aren't interested, aren't motivated, or aren't good enough. (A little of both, in my experience.) Sure, the creationists are doing their part to ensure that Cobb County, Georgia never produces any Nobel laureates, but I'd argue that the state of public science education in general is a much worse problem than a few uneducated hicks trying to teach the Bible in biology class.
I think that the recent state of affairs in the USA is threatening those "imports". Lots of people wouln't go to work to the USA because of those authoritarian laws you've been passing after 9/11. I (CS student) won't go in a long time because the way you treat everyone as individuals (this guilty-by-default approach, where you fingerprint tourists and pass opressing laws) or as a group (you piss on the international community, as in "I have more weapons, so I do as I please").
Think the reactions of the scientific community on the current DMCA (or any law like DMCA) related lawsuits that are used to suppress research. How would a scientist react after seeing what happened to (for example) Dmitry Sklyarov.
Something has changed RECENTLY that makes lots of people not to want to go to the USA. Even if it were true that things were always the same, now it is evident that the USA is not a nice and friendly place to be.
Those platters are great as mirrors. At work we use some of them to peek into the machines in the server room to look for failures or for IDing chipsets.
The magnets that are part of the head control mechanism are great for securing things to metal surfaces (they are really strong).
Also, one of the admins used the rings to tighten a ceiling fan or something like that.
I've actually made the heretical argument about password security that you should write your password down (though of course some place smarter than the monitor).
Personally, if the system (the administrator himself or a password generator if the administrator must not know it) assigned their user's passwords (random, length directly related to sensitivity) and they were kept in their wallets the situation would be better than now.
That would be the ideal case. In the real world, a manager would just say that "it's very inconvenient" to have a standard seecurity level. How do you tell your PHB that he cannot connect to your LAN when he can easily oveerride your decision?
Until administrators (or security officers if available) have the final say on security policy, your "make a security standard" idea is pointless. I have been ordered many times to override what would be an attempt of setting a standard because some bigwig has a minor inconvenience doing something.
I'm an admin, and within our department we run a tight ship, only to find something stupid being done somewhere else, where we cannot correct it.
That said, an interesting use of old CPUs. I wouldn't think that they would be hot enough, but I guess it makes sense.
Not all of them were THAT hot. I owned a cyrix 6x86 a few years ago (1996 or 1997) and it was so hot that you would get burned if you touched the heatsink. One day I traded it for a equally spec'd pentium and it was so cool that I ran it for several weeks without the heatsink fan (it broke, so I took the fan and left the metal) without failing once.
That's how 'free internet' worked here in Ireland; more correctly called 'no subscription internet' where you were instead charged the cost of a normal local call, and the ISP got a cut for terminating the call.
That's exactly the same in Argentina. In fact, there's lots of companies that do that (seeting up an ISP and collecting fees from the telcos).
The list includes companies usually not related to ISPs, like tv stations and (I think) railroads.
I've got 5 of those ISP listed, and that without bothering to find them (just copy the data whenever I see them on a billboard).
Assuming your headmouse does what a mouse can do, I'd say Balance of Power would be perfect. It's not a real time game, can be easily controlled by mouse and requires LOTS of thinking (and bluffing).
I'd say that making sure the government communications are secure is part of the NSA's job.
They usually screen the ciphers to be used so they are secure enough (like DES and AES).
Also SELinux (although it started as a semi-independent project) seems to show that security is indeed part of its task. They made SELinux to make a point about the need for mandatory controls, and to make others adopt MAC, enhancing security in the process.
They probably develop ciphers and hardware for government use, too. Although I have no data on that, it is known that GCHQ (the british counterpart of the NSA) worked on public key encryption taking a security point of view (instead of an attacker's POV), that can be seen on J. H. Ellis' paper (PDF link). Nice reading material BTW. Very easy to understand even for nontechnical people and IMHO very insightful.
Something like that happened in my university's central library.
Back in the nineties, they had computers there for the people to browse. One day they decided that they wanted to restrict the software being run there. The only allowed browser was IE (and remember, that was in the middle of the browser wars). The made the mistake of using W95 and a system like the one used in the parent poster lab, in a place where computer science is taught.
I guess that a big percentage of the CS students (myself included) messed all the time with those machines, just because they could.
Those machines were cracked within hours and netscape put in place as a default a few days later, not by an admin (my method was using the fact that IE is also a shell, to get access to c:\). Truly "death by 1000 paper cuts".
About those fake login screens. A few years ago when I was in secondary school, we had individual unix accounts, but all students except a few ones had to share a novell one. A first year student (female, by the way), got her own individual novell account (and some prestige, of course) by doing exactly that. She coded a fake unix login specifically designed to trick some classmates that always did the same thing on the server.
Weird days, when by hacking (but not damaging) the system you could get prestige instead of getting you banned.
At the moment, any user of Windows (legal or illegal) can MANUALLY find the system administrator patches easily on Microsoft's website.
SURPRISE, SURPRISE!
Not anymore. Last week I tried to download the new NAT-T patch (see Q818043) for ipsec and the ONLY place I could find (and I looked a lot) was via windows update catalog. To use such catalog, I had to fire up IE and run some sort of activex program.
At least it downloaded the fscking patch and can now apply it as I want, but unless someone with a legitimate copy downloads it first from windows update, you're screwed.
I wouldn't be surprised if they move all the patches to this monstruosity in a few months (if someone knows the correct ftp site where I can find the WU patches, please post a reply (tried to follow the download links, but the files have a hash appended to it, so direct linking is pretty out of reach).
If the only people you need to receive e-mail from are people in your social circle, then you don't need encryption to get rid of spam. Just use a whitelist -- much easier.
OTOH, if you need to receive e-mail from people you don't know, then neither method works: you can't demand that they use PKI, and you can't use a whitelist.
That's true, but if you mostly receive mail from people in your social circle, strong authentication (like PGP signatures) can be used to separate mail into the "check right now" and "whenever I have free time" classes.
You still get to check all of them (without counting on the spam filter), but you know that your important mail can be checked real fast without spam mixed in between. And if the person outside the social circle gets the idea that legitimate signed messages get processed faster, you would be adding pressure for him to switch to string authentication too.
PS: you could also add a blacklist of PITA people that gets blacklisted immediately (based on strong authentication), and treat incorrectly signed mail as "whenever I have time" (or drop/bounce if you're strict and/or a tin foil freak (no offense intended, just wanted to explain the level of paranoia)).
Nice thing, but I think they are not doing things right.
Looking at those diagrams they show, it appears that they provide is a "replacement" for S/MIME or OpenPGP, when IMHO they should have built on top of one of them.
The main advantage of OpenPGP or S/MIME is not the ease of use, it's the fact that both standards (and the most important implementations) have been extensively reviewed for flaws. That cannot be said for their "new" system.
As for ease of use, I use enigmail (openPGP) and once configured it's pretty easy to use, although it does not retrieve keys automatically.
I would have preferred a key retrival system (properly documented, of course) capable of retrieving keys for use in enigmail (I guess something that reads the recipient address and get the keys from the keyserver), rather that a completely new crypto program.
I wouldn't consider using it right now because it's new and mostly untested. Let's see what happens when they release the code and is analyzed (I'd love to see Bruce Schneier's reaction in crypto-gram).
Who knows, maybe it's good or maybe it's snake oil, but right now I have one of the best publicly available crypto in the world. Why would I want to switch?
I was thinking exactly the same thing as you, I remembered airpwn.
This is even worse that an "evil twin" mentioned on the BBC because the airpwn guys did not set up a new AP, they messed with the data being transmitted to the real AP.
Now you know why you should use authentication (or encryption if you think you need it) when putting data on the air.
There's something really funny about that reasoning. Even considering points 1-6 as true, point 7 is false.
By the way, whenever I'm speaking about god, it's always within the scope of this proof. I don't care about all that stuff, except if it somehow messes my life.
1) Effects have causes 2) No effect can cause itself 3) Every effect, therefore is caused by something other than itself 4) A causal chain cannot stretch back infinitely in time 5) There must, therefore be a First Cause that, itself, had no preceding cause 6) God uniquely answers the cosmological question by being the Uncaused First Cause 7) God, therefore, exists and created all that is.
Let's assume that there has to be a "first" effect ("god").
Here it can only be inferred that god existed at that first moment. What if one of the effects created is its destruction (like a bootstrapping program that removes itself from memory when it has launched the next stage). There is nothing saying it cannot happen.
Therefore, the only known fact (within this exercise) is that god existed at the "initial time".
I cannot prove that god exists or not, but it is true that point 7 is false, since it claims that god exists (and there is a possibility that it doesn't).
I cannot deny that it created all that is, but within this exercise no other known properties can be proven (except he is the cause of something at "initial time"). Nobody shoud be able to claim he's right about god (since nothing else is known about him, in this exercise of course).
It was fun doing that. Imagine what would happen if someone prayed and received an ICMP host unreacheable as answer?
By the way, if you are going to post saying that "I cannot know that god doesn't exist, therefore it exists" or something like that, don't bother. That's a fallacy.
IANAL but I've checked the terms of service in yahoo mail's server and I think yahoo is doing the right thing.
Assuming those terms did not change because of this mess, J. Ellsworth should have read this paragraph:
No Right of Survivorship and Non-Transferability. You agree that your Yahoo! account is non-transferable and any rights to your Yahoo! I.D. or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.
It should be logical to assume that he did not want that mail to be revealed to the public (he wouldn't have chosen yahoo mail if that was the case).
If he did want his mail to be disclosed, he should have had some sort of escrow account (that's one of the things the cc header is for anyway).
The interesting thing is that the family is in a tight spot right now. If they do not prove him dead, they have no right to access his account. His father is definitely committing some sort of crime if he's hacking his account. If they prove he's dead by presenting a death certificate, yahoo could immediately block the account and erase the mail, and that would be ok (if they have not done yet, it is pretty evident he is dead now).
I haven't though of that, but I wouldn't want anybody messing with certain things (like my mail or my private key) when I die, especially if I can easily set up some escrow system in advance (like he should have done if he really wanted his folks to access his mail, after all he wasn't going to a picnic, and he knew it).
Yes, I'm being really blunt, but diplomacy is not one of my strong points (and it's too damn hot in here, so I'm not in my best mood).
Do you really need the mobility that 802.11 gives you?
Although the parent post was meant to be a joke, there's some wisdom in there. If you do not need that mobility, you might want to shut down the antennae and use your box as a normal switch/router/whatever.
Keep in mind that multiple fixed locations DO NOT mean mobility (for example, you could just wire your bathroom if you use your net while sitting on the porcelain throne;-) ).
Me, I still use 10 Mbps 802.3 (even one segment is 10base2!), it suits me fine, and don't have to worry about someone messing with my net (yes, I know, tempest, bla, bla. But snooping on 802.11 is easier, after all you're broadcasting your data (encrypted or not)).
In my case all my computers are close together in "the core", so it's a logical choice. If I needed access somewhere else, I would consider throwing a wire, though.
I do that thing on a macro scale, why have mobile net access (over cell phone, wifi or whatever), if I have access at home, at work and anywhere else somebody can give me access (or buy some cheap), and if I don't I can just store and forward when I'm wired.
Slashdot Mirror
As a network administrator, I have something against java. A JRE means more software to install and mantain, and it also tends to be a memory hog. Most things related to java (tomcat comes to my mind) do not play ball with certain security features (such as priviledge dropping).
To me as an admin, JRE is just more headaches.
As a power user, JRE is software whose only function is to run software. Considering I have a hardware solution for that (my own PC), it is basically software without "function" (as discussed earlier in the thread.
Now, having a JRE for a programmer makes sense. It allows you to program once and use everywhere. Except it is not really like that, because every S.O. has little details that are important (COM1 vs.
The problem, I think is that most people in the java community have adopted a silly idea that java is meant to be run on a JVM, when the reality is that java (the language) is just one of a lot of languages. Because of that, almost nobody cares to implement a java compiler (I know about gcj, that's why I said "almost"), and almost everybody is depending on a JVM (Sun's or someone else's).
If the java people settled on "portability when it's needed" instead of "portability at all costs", we would probably have at least a reference java compiler and OO.o could be then downloaded in binary form, thus making the fact that some parts are written in java a non-issue.
I think that the recent state of affairs in the USA is threatening those "imports". Lots of people wouln't go to work to the USA because of those authoritarian laws you've been passing after 9/11. I (CS student) won't go in a long time because the way you treat everyone as individuals (this guilty-by-default approach, where you fingerprint tourists and pass opressing laws) or as a group (you piss on the international community, as in "I have more weapons, so I do as I please").
Think the reactions of the scientific community on the current DMCA (or any law like DMCA) related lawsuits that are used to suppress research. How would a scientist react after seeing what happened to (for example) Dmitry Sklyarov.
Something has changed RECENTLY that makes lots of people not to want to go to the USA. Even if it were true that things were always the same, now it is evident that the USA is not a nice and friendly place to be.
Those platters are great as mirrors. At work we use some of them to peek into the machines in the server room to look for failures or for IDing chipsets.
The magnets that are part of the head control mechanism are great for securing things to metal surfaces (they are really strong).
Also, one of the admins used the rings to tighten a ceiling fan or something like that.
You're not the only one saying that. Bruce Scheier seems to agree with you.
Personally, if the system (the administrator himself or a password generator if the administrator must not know it) assigned their user's passwords (random, length directly related to sensitivity) and they were kept in their wallets the situation would be better than now.
That would be the ideal case. In the real world, a manager would just say that "it's very inconvenient" to have a standard seecurity level. How do you tell your PHB that he cannot connect to your LAN when he can easily oveerride your decision?
Until administrators (or security officers if available) have the final say on security policy, your "make a security standard" idea is pointless. I have been ordered many times to override what would be an attempt of setting a standard because some bigwig has a minor inconvenience doing something.
I'm an admin, and within our department we run a tight ship, only to find something stupid being done somewhere else, where we cannot correct it.
My solution to ads is like carpet bombing.
I keep adblock running. Whenever I find an annoying ad, I ban the whole domain (a la http://*.doubleclick.net).
With most of the big advertisers banned, ads are down to a minimum.
I started to do this mostly because this intellitext freak that turn sites into advertising minefields.
No tracking scripts either with that technique.
Hey! You, the slashdotter whose S.O. is a scientist: make a funny post here!
Not all of them were THAT hot. I owned a cyrix 6x86 a few years ago (1996 or 1997) and it was so hot that you would get burned if you touched the heatsink. One day I traded it for a equally spec'd pentium and it was so cool that I ran it for several weeks without the heatsink fan (it broke, so I took the fan and left the metal) without failing once.
That's exactly the same in Argentina. In fact, there's lots of companies that do that (seeting up an ISP and collecting fees from the telcos).
The list includes companies usually not related to ISPs, like tv stations and (I think) railroads.
I've got 5 of those ISP listed, and that without bothering to find them (just copy the data whenever I see them on a billboard).
Assuming your headmouse does what a mouse can do, I'd say Balance of Power would be perfect. It's not a real time game, can be easily controlled by mouse and requires LOTS of thinking (and bluffing).
I'd say that making sure the government communications are secure is part of the NSA's job.
They usually screen the ciphers to be used so they are secure enough (like DES and AES).
Also SELinux (although it started as a semi-independent project) seems to show that security is indeed part of its task. They made SELinux to make a point about the need for mandatory controls, and to make others adopt MAC, enhancing security in the process.
They probably develop ciphers and hardware for government use, too. Although I have no data on that, it is known that GCHQ (the british counterpart of the NSA) worked on public key encryption taking a security point of view (instead of an attacker's POV), that can be seen on J. H. Ellis' paper (PDF link). Nice reading material BTW. Very easy to understand even for nontechnical people and IMHO very insightful.
Something like that happened in my university's central library.
Back in the nineties, they had computers there for the people to browse. One day they decided that they wanted to restrict the software being run there. The only allowed browser was IE (and remember, that was in the middle of the browser wars). The made the mistake of using W95 and a system like the one used in the parent poster lab, in a place where computer science is taught.
I guess that a big percentage of the CS students (myself included) messed all the time with those machines, just because they could.
Those machines were cracked within hours and netscape put in place as a default a few days later, not by an admin (my method was using the fact that IE is also a shell, to get access to c:\). Truly "death by 1000 paper cuts".
About those fake login screens.
A few years ago when I was in secondary school, we had individual unix accounts, but all students except a few ones had to share a novell one. A first year student (female, by the way), got her own individual novell account (and some prestige, of course) by doing exactly that. She coded a fake unix login specifically designed to trick some classmates that always did the same thing on the server.
Weird days, when by hacking (but not damaging) the system you could get prestige instead of getting you banned.
SURPRISE, SURPRISE!
Not anymore. Last week I tried to download the new NAT-T patch (see Q818043) for ipsec and the ONLY place I could find (and I looked a lot) was via windows update catalog. To use such catalog, I had to fire up IE and run some sort of activex program.
At least it downloaded the fscking patch and can now apply it as I want, but unless someone with a legitimate copy downloads it first from windows update, you're screwed.
I wouldn't be surprised if they move all the patches to this monstruosity in a few months (if someone knows the correct ftp site where I can find the WU patches, please post a reply (tried to follow the download links, but the files have a hash appended to it, so direct linking is pretty out of reach).
Except that the calculations got messed up two million years before that moment when the B-Ark from Golgafrincham crash landed on earth.
(And you know the rest, let's not spoil it for the people that didn't read the trilogy)
Please mod that AC up.
He's right, and shows it in a very creative way.
That's true, but if you mostly receive mail from people in your social circle, strong authentication (like PGP signatures) can be used to separate mail into the "check right now" and "whenever I have free time" classes.
You still get to check all of them (without counting on the spam filter), but you know that your important mail can be checked real fast without spam mixed in between. And if the person outside the social circle gets the idea that legitimate signed messages get processed faster, you would be adding pressure for him to switch to string authentication too.
PS: you could also add a blacklist of PITA people that gets blacklisted immediately (based on strong authentication), and treat incorrectly signed mail as "whenever I have time" (or drop/bounce if you're strict and/or a tin foil freak (no offense intended, just wanted to explain the level of paranoia)).
Nice thing, but I think they are not doing things right.
Looking at those diagrams they show, it appears that they provide is a "replacement" for S/MIME or OpenPGP, when IMHO they should have built on top of one of them.
The main advantage of OpenPGP or S/MIME is not the ease of use, it's the fact that both standards (and the most important implementations) have been extensively reviewed for flaws. That cannot be said for their "new" system.
As for ease of use, I use enigmail (openPGP) and once configured it's pretty easy to use, although it does not retrieve keys automatically.
I would have preferred a key retrival system (properly documented, of course) capable of retrieving keys for use in enigmail (I guess something that reads the recipient address and get the keys from the keyserver), rather that a completely new crypto program.
I wouldn't consider using it right now because it's new and mostly untested. Let's see what happens when they release the code and is analyzed (I'd love to see Bruce Schneier's reaction in crypto-gram).
Who knows, maybe it's good or maybe it's snake oil, but right now I have one of the best publicly available crypto in the world. Why would I want to switch?
I was thinking exactly the same thing as you, I remembered airpwn.
This is even worse that an "evil twin" mentioned on the BBC because the airpwn guys did not set up a new AP, they messed with the data being transmitted to the real AP.
Now you know why you should use authentication (or encryption if you think you need it) when putting data on the air.
PS: check the pictures
By the way, whenever I'm speaking about god, it's always within the scope of this proof. I don't care about all that stuff, except if it somehow messes my life.
Let's assume that there has to be a "first" effect ("god").
Here it can only be inferred that god existed at that first moment. What if one of the effects created is its destruction (like a bootstrapping program that removes itself from memory when it has launched the next stage). There is nothing saying it cannot happen.
Therefore, the only known fact (within this exercise) is that god existed at the "initial time".
I cannot prove that god exists or not, but it is true that point 7 is false, since it claims that god exists (and there is a possibility that it doesn't).
I cannot deny that it created all that is, but within this exercise no other known properties can be proven (except he is the cause of something at "initial time"). Nobody shoud be able to claim he's right about god (since nothing else is known about him, in this exercise of course).
It was fun doing that. Imagine what would happen if someone prayed and received an ICMP host unreacheable as answer?
By the way, if you are going to post saying that "I cannot know that god doesn't exist, therefore it exists" or something like that, don't bother. That's a fallacy.
IANAL but I've checked the terms of service in yahoo mail's server and I think yahoo is doing the right thing.
Assuming those terms did not change because of this mess, J. Ellsworth should have read this paragraph:
No Right of Survivorship and Non-Transferability. You agree that your Yahoo! account is non-transferable and any rights to your Yahoo! I.D. or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.
It should be logical to assume that he did not want that mail to be revealed to the public (he wouldn't have chosen yahoo mail if that was the case).
If he did want his mail to be disclosed, he should have had some sort of escrow account (that's one of the things the cc header is for anyway).
The interesting thing is that the family is in a tight spot right now. If they do not prove him dead, they have no right to access his account. His father is definitely committing some sort of crime if he's hacking his account. If they prove he's dead by presenting a death certificate, yahoo could immediately block the account and erase the mail, and that would be ok (if they have not done yet, it is pretty evident he is dead now).
I haven't though of that, but I wouldn't want anybody messing with certain things (like my mail or my private key) when I die, especially if I can easily set up some escrow system in advance (like he should have done if he really wanted his folks to access his mail, after all he wasn't going to a picnic, and he knew it).
Yes, I'm being really blunt, but diplomacy is not one of my strong points (and it's too damn hot in here, so I'm not in my best mood).
I'm really using Ethernet II frames.
Makes no difference to the wiring, though.
I'm glad you checked (haven't thought about checking the webpage, I should have known better).
./ some innocent guy's mailbox.
It gives you some peace of mind knowing that we're not
Seriously....
;-) ).
Do you really need the mobility that 802.11 gives you?
Although the parent post was meant to be a joke, there's some wisdom in there. If you do not need that mobility, you might want to shut down the antennae and use your box as a normal switch/router/whatever.
Keep in mind that multiple fixed locations DO NOT mean mobility (for example, you could just wire your bathroom if you use your net while sitting on the porcelain throne
Me, I still use 10 Mbps 802.3 (even one segment is 10base2!), it suits me fine, and don't have to worry about someone messing with my net (yes, I know, tempest, bla, bla. But snooping on 802.11 is easier, after all you're broadcasting your data (encrypted or not)).
In my case all my computers are close together in "the core", so it's a logical choice. If I needed access somewhere else, I would consider throwing a wire, though.
I do that thing on a macro scale, why have mobile net access (over cell phone, wifi or whatever), if I have access at home, at work and anywhere else somebody can give me access (or buy some cheap), and if I don't I can just store and forward when I'm wired.
I've been googling around, and I've found that the address given by the parent post is listed as an automobile dealership.
Check it out, it's the fifth on the right column
Could someone check that?