As a college professor and computer security researcher, this tidbit certainly caught my eye. There is a growing awareness of computer security and many schools will push the content throughout the curriculum. See the ACM's Computer Science Curricula 2013 for content areas and possible implementations.
Looking at the article, the final paragraph explains some things:
CloudPassage, meanwhile, also is reaching out to universities: it announced today that it will offer free CloudPassage Halo security-as-a-service platform accounts to US computer science programs as well as instructional templates, tutorials, and support. “They can use our infrastructure and products as an illustration, to get some experience,” CloudPassage’s Thomas says.
So, a company I've never heard of issues a press release that they did a "study" (i.e., hired a consultant to look through college course catalogs) that there is a lack in "cybersecurity education" (without actually testing what graduates of those programs know). And look, they are prepared to donate their niche market tools to any school that is willing to use them in required training courses.
I hate being so cynical, but this just reads as a PR move to gain publicity for a tech company.
When i've used zipties, TSA has always left me a note saying they opened the bag. They also used a new zip tie to relock the baggage.(I keep a ziplock bag of zipties in the top compartment of my luggage.)
I've actually used a variation on this. I'll use a green ziptie to close the zipper on my luggage, but the bag of zipties that I have in the luggage are all red. I carry the green zipties in my carryon (along with nail clippers to help remove it if needed) so I can replace it as needed.
If the TSA opens it up, they'll either use no zipties or one of the red ones.
Completely agree. I was looking forward to an alternative to Facebook, but the early behavior from Google regarding account suspension and the lack of the ability to appeal that decision (unless you were a former Google employee with connections) killed it for me. I actually use my Google account for things. If my Facebook account disappeared, no problem. But if Google decided to drop me from Gmail and Google docs, well, that would have been a big problem. So now I never go into my Google+ account (except when they use deceptive links) for fear that they'll shut me out.
Where do we find mandatory ACLs or MLS policies in Mac OS X? Or are these systems not being deployed in security sensitive environments?
I don't believe that the MAC system in Mac OS X is intended to be user accessible. See page 23 of the Mac OS X Security Configuration document. You probably can access MAC permissions via the CLI, but it isn't supported.
You can also peruse the NSA/CSS Operating System Guidelines for various operating systems. I'll point out that the MS-Windows systems are supposed to be run in Specialized Security -- Limited Functionality mode which severely limits functionality (as the name implies) and MS recommends it only be used on systems where "compromise would cause the loss of life, the loss of very valuable information, or the loss of lots of money."
Computer science does have a lot to do with math but is it reasonable to expect 24 hours of math when 36 hours gets you a degree in math?
My physics degree (many years ago) required sufficient math to qualify for a math degree. In a similar vein, friends that were getting physics degrees did harder math than I had to for my Mathematics degree. I had to do more breadth than they did (abstract algebra, group theory, etc.) where they focused on fewer areas like DiffEqs, multi-variable calculus, and matrix mathematics and went much further in applying them.
It's pretty similar to the difference between a data structures course and writing a large project using multiple, complex data structures. The DS course might cover 10 different structures, but you'll only need 3 of them nested together for the complex structures in the employers project. CS deals with the breadth of topics, not just training you for a job.
Are you sure it's a good idea to let students execute arbitrary code on your unattended machine?
From a security standpoint, that generally would be a bad thing to do. However, there are a few simple things that can be done to minimize the problem. In addition to the sandboxing mentioned elsewhere, you can create a normal user account that is the "grader" account. The TA/Instructor copies the source into that account and then can run it and will have no more privs than the student did -- so any badness that happens could have happened by the student directly.
I mean, I know *I* would get ideas...
And that would simplify the grading of your assignments for the rest of the class immeasurably. You'd be out of the class with a failing grade and probably either suspended for the semester or expelled from school. Depending on the school's Acceptable Usage Policy (that sheet you didn't read when you got your account) and the level of crankiness of administrators, you'd have potential criminal charges brought up against you.
In his post above Dredd13 attempted to inflame the issue with the following statement:
So much, also, for high security installations
(where any connectivity, whatsoever, with the outside world is
verboten)... without the ability to connect to the clearinghouse
to "authenticate" the product key, they too will be unable to use
their license.
First, you should recall that the whole NSA_KEY issue revolved around a mechanism by which government agencies could avoid having to expose their security code to Microsoft for certification. I doubt MS would intentionally weaken their relationship with government. However, if one reads the last paragraph of the linked article you would have seen the following [emphasis mine]:
Microsoft plans to deliver WPA in all 32-bit versions of Whistler
except those sold to volume-licensing customers
and the so-called "Royalty OEM initial install images" provided to PC makers, said sources close to the company.
I'd be willing to say that the US Government would be a "volume-licensing customer" and this wouldn't be too much of an issue. In any case, it sounds like there will be a work-around. Personally, I expect that this will get the same sort of public attention as the Pentium chip IDs and RealPlayer ID issues; however, I am not willing to hazard a guess as to what Microsoft's response would be.
Anyway, gravity has been shown to propogate from a body at the speed of light.
If you happen to have a cite for this, I'm interested in seeing how this was demonstrated.
These supposed gravitons are, i believe, like photons and therefore "massless particles" with wavelike properties.
Fair enough. I'm pretty comfortable with the wave/particle duality of photons.
the point is that these "Wavicles" cannot be shielded
Aha! Now this is what I'd really like to see a demonstration of. "Wavicles" like photons are easily blocked with common items (see your standard camera). Other particles like neutrinos are much harder to block, but it is possible. What is special about gravitons that make them so they "cannot be shielded". That is the reason that I prefer the warpage of space-time over the particle theory (until I see evidence to the contrary).
I was under the impression that gravity was a product of an object having mass. Is the theory that massive objects bend space the accepted one?
While this is what I was taught, my discussions with various physics folks has led me to understand that the current model has graviton particles carry the force of gravity. They are simply undiscovered as yet.
The reason that was explained to me that the models would use a particle for a carrier is that otherwise when I destroy mass, I would create an instantenous change that could be measured elsewhere. I.e. a faster-than-light signal. Since the speed of light is still considered the maximal speed possible, there must be a particle that carries gravity.
Now I personally think that if it is a particle, then if you can somehow shield their passage, you could create an anti-gravity effect. If it isn't a particle, then it might be possible to have FTL signals.
Perhaps I don't understand what you are saying, but if you wanted a BSD to run on Sparc architecture that is open source you might want to consider OpenBSD or NetBSD.
I went through the 4.x to 5.x transitions for SunOS (and use both Linux and OpenBSD for research), so I know what you mean about the idiosyncracies.
Who cares what the sensors think? They can think what they like as far as I am concerned. You can't be sent to jail on the grounds that the computer thought you looked a bit shifty. The only cause to worry would be if people started being arrested and charged for 'acting in a suspicious manner'. No amount of technology could bring that about, it would require changes in the law.
This is the key point that needs to be grappled with and understood by society before widespread use of this technology occurs. You and I may understand that the system is fallible, but to those that are relying on it to identify suspects, that won't always be true. How many times have you heard "I'm sorry sir, but that's what the computer says" knowing that the computer is probably wrong? The sensors' opinion of you will certainly color the perceptions of the human monitors, making it more likely for them to assume your guilt despite evidence to the contrary.
If you follow that link, you'll find that whoever took the photo of the book (The British Library Board), has slapped a 1997 copyright on it. This in itself brings up an interesting question.
If I wrote a book, and marked it as "universal free distribution", could someone make a copy it, then copyright their copy, and possibly sue me for infringment?
Actually, I think you are misunderstanding the copyright that is being applied. The information in the book, and the way that the information is being presented in the book is subject to the "universal free distribution" clause. The photographer/artist's picture of the book is in itself intellectual property, hence the copyright.
IANAL, but it follows that you are using a copyrighted photograph (regardless of what the picture is) on your website without the owner's, then you are breaking the law. If you simply were taking the text from the photograph of a non-copyrighted book, and posting that up then you would not be violating the law (both from the "universal free distribution" clause and the expiry of the copyright itself).
The board is claiming copyright of an image, not the book. (see later in the thread for postings about translations.)
I use my PalmPilot to store many of my passwords. There are three apps that I know of that you can use:
Secret! - which is basically a password protected set of memo pages, but it also can do TAN and single use passwords.
SecureMemo - Similar to Secret! but each memo is encrypted seperately. I was already using Secret! when some of these types of things came out.
Strip - My current favorite. This is a password protected application that is designed for managing password info. It is a database of records with Username, Password, and Description fields. It can generate a random password of a requested length, and you can use it to send an account to another user (great for a sysadmin when creating people's accounts). Only big negative I've seen is that the password length has a length limit, so storing ssh and pgp passphrases may not fit.
All three of these store their data encrypted both on the pilot and on the backups. You could do something similar with a PGP or otherwise encrypted file on your computer, but I prefer the redundancy of having the data in two places. PalmPilot and backup machine (plus backups of the backup machine.:-)
Anyone else think it is ironic that the Kansas State Board of Education's mission (from their homepage http://www.ksbe.state.ks.us/) is:
Our mission is to prepare each person with the living, learning, and working skills and values necessary for caring, productive, and fulfilling participation in our
evolving, global society.
Slashdot Mirror
As a college professor and computer security researcher, this tidbit certainly caught my eye. There is a growing awareness of computer security and many schools will push the content throughout the curriculum. See the ACM's Computer Science Curricula 2013 for content areas and possible implementations.
Looking at the article, the final paragraph explains some things:
So, a company I've never heard of issues a press release that they did a "study" (i.e., hired a consultant to look through college course catalogs) that there is a lack in "cybersecurity education" (without actually testing what graduates of those programs know). And look, they are prepared to donate their niche market tools to any school that is willing to use them in required training courses.
I hate being so cynical, but this just reads as a PR move to gain publicity for a tech company.
When i've used zipties, TSA has always left me a note saying they opened the bag. They also used a new zip tie to relock the baggage.(I keep a ziplock bag of zipties in the top compartment of my luggage.)
I've actually used a variation on this. I'll use a green ziptie to close the zipper on my luggage, but the bag of zipties that I have in the luggage are all red. I carry the green zipties in my carryon (along with nail clippers to help remove it if needed) so I can replace it as needed. If the TSA opens it up, they'll either use no zipties or one of the red ones.
Completely agree. I was looking forward to an alternative to Facebook, but the early behavior from Google regarding account suspension and the lack of the ability to appeal that decision (unless you were a former Google employee with connections) killed it for me. I actually use my Google account for things. If my Facebook account disappeared, no problem. But if Google decided to drop me from Gmail and Google docs, well, that would have been a big problem. So now I never go into my Google+ account (except when they use deceptive links) for fear that they'll shut me out.
Where do we find mandatory ACLs or MLS policies in Mac OS X? Or are these systems not being deployed in security sensitive environments?
I don't believe that the MAC system in Mac OS X is intended to be user accessible. See page 23 of the Mac OS X Security Configuration document. You probably can access MAC permissions via the CLI, but it isn't supported.
You can also peruse the NSA/CSS Operating System Guidelines for various operating systems. I'll point out that the MS-Windows systems are supposed to be run in Specialized Security -- Limited Functionality mode which severely limits functionality (as the name implies) and MS recommends it only be used on systems where "compromise would cause the loss of life, the loss of very valuable information, or the loss of lots of money."
It's pretty similar to the difference between a data structures course and writing a large project using multiple, complex data structures. The DS course might cover 10 different structures, but you'll only need 3 of them nested together for the complex structures in the employers project. CS deals with the breadth of topics, not just training you for a job.
If you happen to have a cite for this, I'm interested in seeing how this was demonstrated.
These supposed gravitons are, i believe, like photons and therefore "massless particles" with wavelike properties.
Fair enough. I'm pretty comfortable with the wave/particle duality of photons.
the point is that these "Wavicles" cannot be shielded
Aha! Now this is what I'd really like to see a demonstration of. "Wavicles" like photons are easily blocked with common items (see your standard camera). Other particles like neutrinos are much harder to block, but it is possible. What is special about gravitons that make them so they "cannot be shielded". That is the reason that I prefer the warpage of space-time over the particle theory (until I see evidence to the contrary).
While this is what I was taught, my discussions with various physics folks has led me to understand that the current model has graviton particles carry the force of gravity. They are simply undiscovered as yet.
The reason that was explained to me that the models would use a particle for a carrier is that otherwise when I destroy mass, I would create an instantenous change that could be measured elsewhere. I.e. a faster-than-light signal. Since the speed of light is still considered the maximal speed possible, there must be a particle that carries gravity.
Now I personally think that if it is a particle, then if you can somehow shield their passage, you could create an anti-gravity effect. If it isn't a particle, then it might be possible to have FTL signals.
I went through the 4.x to 5.x transitions for SunOS (and use both Linux and OpenBSD for research), so I know what you mean about the idiosyncracies.
This is the key point that needs to be grappled with and understood by society before widespread use of this technology occurs. You and I may understand that the system is fallible, but to those that are relying on it to identify suspects, that won't always be true. How many times have you heard "I'm sorry sir, but that's what the computer says" knowing that the computer is probably wrong? The sensors' opinion of you will certainly color the perceptions of the human monitors, making it more likely for them to assume your guilt despite evidence to the contrary.
If I wrote a book, and marked it as "universal free distribution", could someone make a copy it, then copyright their copy, and possibly sue me for infringment?
Actually, I think you are misunderstanding the copyright that is being applied. The information in the book, and the way that the information is being presented in the book is subject to the "universal free distribution" clause. The photographer/artist's picture of the book is in itself intellectual property, hence the copyright.
IANAL, but it follows that you are using a copyrighted photograph (regardless of what the picture is) on your website without the owner's, then you are breaking the law. If you simply were taking the text from the photograph of a non-copyrighted book, and posting that up then you would not be violating the law (both from the "universal free distribution" clause and the expiry of the copyright itself).
The board is claiming copyright of an image, not the book. (see later in the thread for postings about translations.)
- Secret!
- Strip
I'm pretty sure that the SecureMemo is by CertiCom.- Secret! - which is basically a password protected set of memo pages, but it also can do TAN and single use passwords.
- SecureMemo - Similar to Secret! but each memo is encrypted seperately. I was already using Secret! when some of these types of things came out.
- Strip - My current favorite. This is a password protected application that is designed for managing password info. It is a database of records with Username, Password, and Description fields. It can generate a random password of a requested length, and you can use it to send an account to another user (great for a sysadmin when creating people's accounts). Only big negative I've seen is that the password length has a length limit, so storing ssh and pgp passphrases may not fit.
All three of these store their data encrypted both on the pilot and on the backups. You could do something similar with a PGP or otherwise encrypted file on your computer, but I prefer the redundancy of having the data in two places. PalmPilot and backup machine (plus backups of the backup machine.