This is what I'd do. Make a table of valid portknock sequences along with a 'used' bit. Since its a type of one time pad, I'll of course have to carry a table of these portknock sequences around. When I use a portknock, the server upon seeing a valid portknock, marks it as used, and I also mark it as used in my portable portknock table. For a slightly extra bit of security in my portable table (in case it somehow was compromised), I add a password that gets mixed with the one time portknock sequence and this is calculated at the server also.
I used to use one time passwords with a telnet thing, but that needed programmatic access to the authorization file, a rare but possible failed login would force the reuse of a password, but I figured that it would cut down a good bit on casual attempts because as much as I used it, I never had a connection fail between the login and the password reset. I didn't mind the slight chance of this, cause my boss used to just telnet in with the theory that nobody cared about our system.
I really like a OTP if another secured channel is available, because it doesn't require much real cryptographical knowledge and the theory is pretty trivial, so I feel pretty safe compared to the number of regular exploits that happen in software anyways.
what gets me is that mastercard can't find lawyers who know about the exceptions for parody, so naturally if they can't afford knowledgeable lawyers, i'm not going to trust them with my financial matters.
Look at all the victimless crimes that are made illegal on strictly moral grounds. I'll offer my suspicion that the nanny state isn't all together a liberal idea.
Going to a BSD was a great move on Apples part. Remember, BSD folks love to have their work "siphoned" off, thats why they use the BSD license. Why should Apple have to reinvent the wheel?
You could send some people an email with a button embossed with the most deadly looking skull and crossbone icon that flashes the words DON'T CLICK OR I WILL EAT YOUR COMPUTER and its been my experience that button is going to get clicked anyways.
As most folk are aware, much of the angst over the internet concern the legality of information transported. Evils such as illegal pornography, intellectual property theft and subversion of governmental authority has turned the utopian potential of this worldwide communications medium into a virtual freakshow of perversion, criminal activity and anarchism. Here I'll discuss what could help with this situation.
Revert router operation to the government.
Much of the problems of the internet concern the lack of uniformity in law among the various nations of the world. Having wide open international routing acts as a "free pass" for information that would otherwise violate national laws. Theres no reason that all of a country's communications with other nations should not pass through a national routing infrastructure.
Countries with "information treaties" could elect to apply routing table entries to permit some degree of free information exchange without the overhead of packet approval beyond basic encryption detection.
Outlaw encryption
Once each country nationalizes its router infrastructure, these installations will act as the "customs" of the internet. As in physical customs, items crossing borders need to be inspected to prevent the import/export of contraband and other harmful stuff. As there is no way to perform an inspection of information in encrypted content, investigations should immediately commence upon the discovery of encrypted content. Obviously, encrypted content needs to be detected, so much work will need to be invested into determining file type and validity. Any obfuscated content will have its source and destination id's logged and be queued for investigation.
Obtain electronic visas for international transport of information, and electronic local ids for all other packets
As mentioned above, content will need to be inspected to prohibit transport of contraband information. This will obviously create a significant computational workload on the national router infrastructure, so a user needs to have a preapproved electronic "visa" that will authenticate his session and packets that will be presented to the national routers for inspection. To even have your packets reach the routers, you'll need an electronic visa, consider this an application to do international commerce.
For local / interstate traffic, a simple tag on each packet containing for instance the SSN of the logged in user should suffice for tracking and billing purposes for offsetting the overhead of packet / content inspection and filtering.
Disable direct access to public addresses and related tcp/ip functions.
Obviously many technical "geek" types have forseen the day when governments would want to control what information traverses the international networks, and have invented catchy phrases like "the internet routes around censorship", and this implies that underground efforts would produce covert means of international information transfer. If the network interfaces can be sealed, nonhackable units operated by licensed ISPs, much of the work can be done here and packets leaving the home or business will actually be encapsulated in "shipping packets" with routing information concealed from the user. Think of it as a national VPN with the network visible to the user determined by security rating, usage history, government determined "trustability" factor and the previously mentioned virtual visa.
These sealed "network interfaces" would be virtually unhackable, for instance, when is the last time you whipped up a custom version of a pentium chip in your garage?
Now, if there is no routing function available to the users of the internet, any legitimate blocking of objectionable information can't be "routed" around. The internet will quicky settle into a nicely regulated thoroughfare for the legal and ethical transfer of information, instead of the spam-infested criminal haven it is now.
Slashdot Mirror
I used to use one time passwords with a telnet thing, but that needed programmatic access to the authorization file, a rare but possible failed login would force the reuse of a password, but I figured that it would cut down a good bit on casual attempts because as much as I used it, I never had a connection fail between the login and the password reset. I didn't mind the slight chance of this, cause my boss used to just telnet in with the theory that nobody cared about our system.
I really like a OTP if another secured channel is available, because it doesn't require much real cryptographical knowledge and the theory is pretty trivial, so I feel pretty safe compared to the number of regular exploits that happen in software anyways.
what gets me is that mastercard can't find lawyers who know about the exceptions for parody, so naturally if they can't afford knowledgeable lawyers, i'm not going to trust them with my financial matters.
VNC is not allowed on Windows XP according to Microsoft.
Heywood Jablowi
Look at all the victimless crimes that are made illegal on strictly moral grounds. I'll offer my suspicion that the nanny state isn't all together a liberal idea.
Of course, they've always carried the same risk, but now NASA can't pretend the risks aren't there.
Going to a BSD was a great move on Apples part. Remember, BSD folks love to have their work "siphoned" off, thats why they use the BSD license. Why should Apple have to reinvent the wheel?
However, I like your optimistic tone.
Still I'm pretty surprised that its already 2004 and the nets still pretty open. Whats to stop industry from rolling something like this out?
Much of the problems of the internet concern the lack of uniformity in law among the various nations of the world. Having wide open international routing acts as a "free pass" for information that would otherwise violate national laws. Theres no reason that all of a country's communications with other nations should not pass through a national routing infrastructure.
Countries with "information treaties" could elect to apply routing table entries to permit some degree of free information exchange without the overhead of packet approval beyond basic encryption detection.
Once each country nationalizes its router infrastructure, these installations will act as the "customs" of the internet. As in physical customs, items crossing borders need to be inspected to prevent the import/export of contraband and other harmful stuff. As there is no way to perform an inspection of information in encrypted content, investigations should immediately commence upon the discovery of encrypted content. Obviously, encrypted content needs to be detected, so much work will need to be invested into determining file type and validity. Any obfuscated content will have its source and destination id's logged and be queued for investigation.
As mentioned above, content will need to be inspected to prohibit transport of contraband information. This will obviously create a significant computational workload on the national router infrastructure, so a user needs to have a preapproved electronic "visa" that will authenticate his session and packets that will be presented to the national routers for inspection. To even have your packets reach the routers, you'll need an electronic visa, consider this an application to do international commerce.
For local / interstate traffic, a simple tag on each packet containing for instance the SSN of the logged in user should suffice for tracking and billing purposes for offsetting the overhead of packet / content inspection and filtering.
Obviously many technical "geek" types have forseen the day when governments would want to control what information traverses the international networks, and have invented catchy phrases like "the internet routes around censorship", and this implies that underground efforts would produce covert means of international information transfer. If the network interfaces can be sealed, nonhackable units operated by licensed ISPs, much of the work can be done here and packets leaving the home or business will actually be encapsulated in "shipping packets" with routing information concealed from the user. Think of it as a national VPN with the network visible to the user determined by security rating, usage history, government determined "trustability" factor and the previously mentioned virtual visa.
These sealed "network interfaces" would be virtually unhackable, for instance, when is the last time you whipped up a custom version of a pentium chip in your garage?
Now, if there is no routing function available to the users of the internet, any legitimate blocking of objectionable information can't be "routed" around. The internet will quicky settle into a nicely regulated thoroughfare for the legal and ethical transfer of information, instead of the spam-infested criminal haven it is now.