Google seems to be a bit picky on supported ciphers. At the moment, they only allow the following:
AES256-SHA, DES-CBC3-SHA, AES128-SHA, RC4-SHA, RC4-MD5
Tested using the online tool.
As far as i figured it out, the test only includes OpenSSL ciphers.
So there could still be a few more...
The EU law doesn't affect small companies or personal mail servers anyway.
At least Germany and Austria "implemented" (or in case of Austria: is about to implement) the law like this.
However, monitoring mail servers / smart hosts of the few bigger access and mail providers will cover most messages.
The bigger problem is the amount if data and its handling.
Ubuntu download:
Go to ubuntu.com, follow the download link.
Time: ~10 Seconds.
Windows XP download:
Go to the torrent site of your choice, find still active tracker with some seeds or at least one distributed copy. Wait.... Wait...
Time: >>10 Seconds.
DNS already provides a great API using the Master-Slave mechanism.
In detail:
Set up a nameserver of your choice. This might by pdns with ldap backend or anything with mysql backend. Do not waste a thought about performance, it won't have a lot of traffic.
Then search for some good slave nameserver providers. They are often called "secondary", but this should not be mixed up.
In theory:
Master: Authoritative namesevrer (your private one)
Slave: Nameserver that refresh based on your SOA record
In contrast to:
primary: Your first nameserver (should be mentioned in the SOA record too)
secondary: Nameserver 2-..
A nice setup for easy management would be like that:
EveryDNS, XName.org, twisted4life,... provide "secondary" nameservers in the meaning of slaves.
Sign up at at least two of these and restrict your private nameserver / firewall rules to only allow your slaves.
That's it. Manage your zones locally with any script you want, the slaves will come to get it (or if they support notify, your master pushes it out). Your master doesn't get a single connect by the users, you don't have the traffic and availability of the master is not really that important (it has to serve ~4 clients, depending on your SOA refresh about 30 requests a day..).
The NS records in your zone don't mention your private server, your registry doesn't have to know of it's existence either.
Drawback: Not all "secondary" (in the meaning of slave again) providers support all DNS record types. Some strip out TXT, some do not serve SRV even if your zone contains some.
Search the web for "hidden master DNS" for further information.
Virtualization does a good job when it comes to separation of dev-environment and risky things like web browsing & communications. All you need is a common clipboard - but that's a feature of VMWare as well as in Parallels and others. divide et impera;)
Using a Live CD for checking is a good idea too.
And if you happen to use FreeBSD, use SecureLevels. At daily work, there is no reason why any user or process should be allowed to change anything on the kernel or core binaries. Maintenance is maintenance, not normal use. It is a common failure to try doing it at the same time - and it's the duty of balancing to make this possible. That's the point where virtualization has the benefit to save some hardware;)
I am using RadeonHD for ~4-5 Months now and it works like a charm für my X1400. XRandR 1.2 is supported, its auto-detection for dualhead resolutions works better then fglrx/catalyst for me, most things seem to as they are going the "right for Xorg" way.
At the moment, it only lacks two things for me:
* accelerated AND zoomed video/DVD output
* power management
Compared to fglrx, I'm glad they delivered the specs (and AFAIK some consulting for the devs) and not their changing codebase. Fglrx had a moving year...
And the efforts at RadeonHD are pretty promising so far.
While I can't agree with GP, your proposed solutions aren't really that great too. CGI is a performance killer (not talking about fastCGI, but there he'd need to restart anyway) and dl() shouldn't be used in webapps - or even can's be used in upcoming versions of PHP
But he can compile new modules as shared objects (either via main configure --[with|enable]-lib=shared[,path] or stand-alone using phpize) and load them via php.ini.
A simple restart of his HTTPd, that's all. Just a few seconds of (standalone-setup) downtime with the only risk of finding an entry in his php_log complaining about a non-working addition he didn't rely on for his old scripts.
PHP has it's faults, some by design, some by maintenance, some lie in it's ease of use and others in it's history. But bashing it for being inflexible while one of the main origins of it's problems is the exact opposite...
"Try giving a Linux disk to my grandmother and see how "user friendly" she thinks it is."
My grandmother is ~80 years old and uses Debian stable. It fits her needs - or better - she fits the computer's needs.
She needs her PC for
Browsing the net (mostly sites recommended by her favorite senior-TV shows) -> Firefox... *sorry* IceSomething
Communication with her friends and overseas family members via E-Mail -> KMail
Printing recipes and E-Government stuff
Gaming, mostly card games
In a way my granny is a lot more platform-independent than I am. She doesn't care if it's called C: or/, has no interest in new features of new versions... IMHO the main reason for grannies Debian stable;)
About a year with Windows XP led to a bigger amount of "family support cases", now it's the second year with Debian and it just runs - but ok, she doesn't have to dist-upgrade on her own, just the updates. But she wouldn't install a new version of Windows on her own either.
But you'll never know if your granny likes it until she tries it for herself.
i use vmware since version 4.0 and it always worked as expected. the one thing i don't like about it is sealing with any-any patches. we build and deploy our own linux kernels and therefore, we have to recompile the vmware modules.
this wouldn't be the problem, if only vmnet or any other vmware module wouldn't need to be patched to avoid freezes. sometimes we had to alter the build perl scripts because it does not take the gcc from the environment but searches it for itself (and that diesn't have to be the version our kernel was compiled with). a better update system or maybe distribution integration (commercial branch) would be much better.
i know it's another kind of virtualization and maybe a bit off-topc, but since they are availeable, i love solaris 10 zones - if another virtual solaris box is all you need (haven't tried linux in zones yet and wouldn't use it in production systems), it's almost perfect.
you got the point. imho the headline is misleading. real-time is like iso-certification. it just says that things / time stay the same, but it has no qualitative meaning weather it's good / fast or not;)
in vienna and some other cities in austria, they introduced a similar service in 2003 based on sms. it's very useful and sends reminder sms 10 minutes before a needed extension.
if i remember correctly, microsoft's windows services for unix contain pdksh or some kind of a korn shell.
in comparison, i prefered zsh for windows othe bash from cygwin, but if the structure of your userland does not refrect parts of the operating system (/proc,/etc, unix sockets,...) a text shell is limited.
i prefer text shells too and the passing of objects plus indirect api access seems like a huge work around of crippled design to me, but it fits the windows way and could be more useful than a text-centric shell.
better than shaved wookies and ewoks.
but i always knew that the final scene in episode IV with lots of small ships trying to penetrate the large sphere want to tell me someting.
damn, i'll miss the please date me, urgently modding option more than ever.
reasons for missing mac/linux support?
on
In2TV Goes Public
·
· Score: 1
after having read tfa and the source it provides for the information about "windows xp only", i don't really feel informed about any reason.
it needs media player 10. but why? because of DRM? copying / recording restrictions? soecial features, codecs? just missing interest in supporting different platforms?
i got to run drm'ed streams using cxoffice plugin in firefox/linux, any chances for me?
tfa mentions some of the reasons for compiling packages, but it's rather incomplete. in my case, in order of frequency:
updates for packages that fit at least one of the other reasons
i need a customized version (statically linked extensions, different bindings or dependencies, configure,... feature x only availeable as patch)
i need a binary that acts as similar as possible as on another unix system where i configured and built it the same way
i want it in its own dependency tree to be able to run and update the server's main issue daemons without write permissions on/usr and/bin or without implications on maintenance connectivity (like the way i use solaris 10 zones)
there is no package for this software
support contract for a commercial third party product claims only to support vanilla version xy
i needed to fix something (mainly security, information disclosures and segfaults)
the pre-built binary or it's source does not fit our policies
there is no current package
we hit overcautious or useless built-in hard limits
i don't trust the environment and need a sane binary, verified and compiled on another system with certain dependencies
it's too slow
imho it's not always an optional decision if rolling your own would be better, in some cases you don't have a choice. but i do not want to have gcc (/similar) installed on production systems.
graz has been the cultural capital of europe back in 2003. since then, new media arts activities in and around graz are quite impressive.
besides, the current saturation of austria's cell phone market is above 83%, mobilkom austria has a market share of ~41%. i think this provides a good situation for researchers.
... but the girls and the styrian beer are good reasons anyway.
a high security company should not rely on the security of a single software product, but have processes how to handle flaws that may arise. software has bugs. if the base of your security concept implies that all software you run has not a single bug, you're not a high security company anyway.
Slashdot Mirror
Google seems to be a bit picky on supported ciphers. At the moment, they only allow the following:
AES256-SHA, DES-CBC3-SHA, AES128-SHA, RC4-SHA, RC4-MD5
Tested using the online tool.
As far as i figured it out, the test only includes OpenSSL ciphers. So there could still be a few more...
The EU law doesn't affect small companies or personal mail servers anyway.
At least Germany and Austria "implemented" (or in case of Austria: is about to implement) the law like this.
However, monitoring mail servers / smart hosts of the few bigger access and mail providers will cover most messages.
The bigger problem is the amount if data and its handling.
Ubuntu download:
Go to ubuntu.com, follow the download link.
Time: ~10 Seconds.
Windows XP download:
Go to the torrent site of your choice, find still active tracker with some seeds or at least one distributed copy. Wait.... Wait...
Time: >>10 Seconds.
quod est demonstrandum.
oh... wait...
... and stopped by a time machine toilet.
DNS already provides a great API using the Master-Slave mechanism.
In detail:
Set up a nameserver of your choice. This might by pdns with ldap backend or anything with mysql backend. Do not waste a thought about performance, it won't have a lot of traffic.
Then search for some good slave nameserver providers. They are often called "secondary", but this should not be mixed up.
In theory:
Master: Authoritative namesevrer (your private one)
Slave: Nameserver that refresh based on your SOA record
In contrast to:
primary: Your first nameserver (should be mentioned in the SOA record too)
secondary: Nameserver 2-..
A nice setup for easy management would be like that:
(hidden) Master -> [ (primary) Slave | (secondary) Slave ]
EveryDNS, XName.org, twisted4life,... provide "secondary" nameservers in the meaning of slaves.
Sign up at at least two of these and restrict your private nameserver / firewall rules to only allow your slaves.
That's it. Manage your zones locally with any script you want, the slaves will come to get it (or if they support notify, your master pushes it out). Your master doesn't get a single connect by the users, you don't have the traffic and availability of the master is not really that important (it has to serve ~4 clients, depending on your SOA refresh about 30 requests a day..). The NS records in your zone don't mention your private server, your registry doesn't have to know of it's existence either.
Drawback: Not all "secondary" (in the meaning of slave again) providers support all DNS record types. Some strip out TXT, some do not serve SRV even if your zone contains some.
Search the web for "hidden master DNS" for further information.
Virtualization does a good job when it comes to separation of dev-environment and risky things like web browsing & communications. ;)
;)
All you need is a common clipboard - but that's a feature of VMWare as well as in Parallels and others.
divide et impera
Using a Live CD for checking is a good idea too.
And if you happen to use FreeBSD, use SecureLevels. At daily work, there is no reason why any user or process should be allowed to change anything on the kernel or core binaries. Maintenance is maintenance, not normal use. It is a common failure to try doing it at the same time - and it's the duty of balancing to make this possible.
That's the point where virtualization has the benefit to save some hardware
At the moment, it only lacks two things for me:
Compared to fglrx, I'm glad they delivered the specs (and AFAIK some consulting for the devs) and not their changing codebase. Fglrx had a moving year...
And the efforts at RadeonHD are pretty promising so far.
After a full scan, then they locked Hyperion until the huge transaction is processed. Later on, they'll send a rule based optimizer.
While I can't agree with GP, your proposed solutions aren't really that great too. CGI is a performance killer (not talking about fastCGI, but there he'd need to restart anyway) and dl() shouldn't be used in webapps - or even can's be used in upcoming versions of PHP
But he can compile new modules as shared objects (either via main configure --[with|enable]-lib=shared[,path] or stand-alone using phpize) and load them via php.ini.
A simple restart of his HTTPd, that's all. Just a few seconds of (standalone-setup) downtime with the only risk of finding an entry in his php_log complaining about a non-working addition he didn't rely on for his old scripts.
PHP has it's faults, some by design, some by maintenance, some lie in it's ease of use and others in it's history. But bashing it for being inflexible while one of the main origins of it's problems is the exact opposite...
My grandmother is ~80 years old and uses Debian stable. It fits her needs - or better - she fits the computer's needs.
She needs her PC for
In a way my granny is a lot more platform-independent than I am. She doesn't care if it's called C: or
About a year with Windows XP led to a bigger amount of "family support cases", now it's the second year with Debian and it just runs - but ok, she doesn't have to dist-upgrade on her own, just the updates. But she wouldn't install a new version of Windows on her own either.
But you'll never know if your granny likes it until she tries it for herself.
i use vmware since version 4.0 and it always worked as expected. the one thing i don't like about it is sealing with any-any patches. we build and deploy our own linux kernels and therefore, we have to recompile the vmware modules.
this wouldn't be the problem, if only vmnet or any other vmware module wouldn't need to be patched to avoid freezes. sometimes we had to alter the build perl scripts because it does not take the gcc from the environment but searches it for itself (and that diesn't have to be the version our kernel was compiled with). a better update system or maybe distribution integration (commercial branch) would be much better.
i know it's another kind of virtualization and maybe a bit off-topc, but since they are availeable, i love solaris 10 zones - if another virtual solaris box is all you need (haven't tried linux in zones yet and wouldn't use it in production systems), it's almost perfect.
you got the point. imho the headline is misleading. real-time is like iso-certification. it just says that things / time stay the same, but it has no qualitative meaning weather it's good / fast or not ;)
so google's the next visionary creator of electric vehicles?
maybe wpa-radius is what you're looking for.
btw: disabling SSID broadcast is rather useless. while connected, your beacons contain the unencrypted (E)SSID anyway.
#3 was upgraded from 10240 to 12208 CPUs in 2006, but it already was on the list in november 2005...
in vienna and some other cities in austria, they introduced a similar service in 2003 based on sms. it's very useful and sends reminder sms 10 minutes before a needed extension.
german site (google translation)
the difference between troll and funny is not always obvious, some redundant posts meant something completely different. sure it does.
if you mean christian science and the misinterpretation of written word... welcome back to.... how old is the bible?
if i remember correctly, microsoft's windows services for unix contain pdksh or some kind of a korn shell.
/etc, unix sockets,...) a text shell is limited.
in comparison, i prefered zsh for windows othe bash from cygwin, but if the structure of your userland does not refrect parts of the operating system (/proc,
i prefer text shells too and the passing of objects plus indirect api access seems like a huge work around of crippled design to me, but it fits the windows way and could be more useful than a text-centric shell.
better than shaved wookies and ewoks.
but i always knew that the final scene in episode IV with lots of small ships trying to penetrate the large sphere want to tell me someting.
damn, i'll miss the please date me, urgently modding option more than ever.
after having read tfa and the source it provides for the information about "windows xp only", i don't really feel informed about any reason.
it needs media player 10. but why? because of DRM? copying / recording restrictions? soecial features, codecs? just missing interest in supporting different platforms?
i got to run drm'ed streams using cxoffice plugin in firefox/linux, any chances for me?
tfa mentions some of the reasons for compiling packages, but it's rather incomplete. in my case, in order of frequency:
imho it's not always an optional decision if rolling your own would be better, in some cases you don't have a choice. but i do not want to have gcc (/similar) installed on production systems.
at least, there's an interesting relationship: http://www.gnu.org/software/hurd/hurd-l4.html
graz has been the cultural capital of europe back in 2003. since then, new media arts activities in and around graz are quite impressive.
besides, the current saturation of austria's cell phone market is above 83%, mobilkom austria has a market share of ~41%. i think this provides a good situation for researchers.
... but the girls and the styrian beer are good reasons anyway.
a high security company should not rely on the security of a single software product, but have processes how to handle flaws that may arise. software has bugs. if the base of your security concept implies that all software you run has not a single bug, you're not a high security company anyway.