You have a good point. There would be the potential for loss of metadata, equations in spreadsheets, audio, etc. My thought was that a PDF or another standard would only require a single tool to render documents in 200 years but storing the original probably should be a requirement.
Given all the convenient archival problems, every executive branch email should be archived as a PDF and digitally signed and time stamped by a secure server with the private key in protected hardware. The archive needs to be outside of the executive branch.
I also like the e61 but I don't think the 3G works in the USA (just Europe). I wish it was easier to setup the phone's VPN software without being forced to use a Nokia VPN gateway. It would be even better if the VPN certificates were locked in a miniSD smart card to make it difficult to copy when the phone is searched. I haven't found the appropriate smart card Symbian software. There are also good dictionary/translation packages available for the phone.
Ding Dong: I'm sorry but your doorbell chime license has expired. It will now only announce every 10th visitor. To renew you license, please go to.... DOMAIN NOT FOUND.
Warning: Your access credentials have expired since your property taxes are -32767 days overdue.
In the past, when I tested electronics at high altitudes, we ventilated the test chamber for a while after bringing it back to sea level. You never know what noxious substance might outgas from equipment.
I'm not sure encryption will help. The service providers can block services by port, block by traffic pattern, and probably memory dump your session key. Open phone software might help if the encryption was moved to a smart card. Does anyone know where I can get a mini sc smart card with Symbian OS VPN support?
I also would like cars that just keep working and better public transportation. On the other hand, an automated vehicle would sure be a blessing for handicapped people that spend half of their income just having someone drive them to a job.
It might be better to just blow the hatch and bailout at a reasonable altitude. I spent some time practicing getting out of the shuttle. Tossing a raft out a window was fun while I was in a hanger but I wouldn't want to try that in the ocean.
I suspect that this rotten practice won't stop until everyone uses ssl or a major corporation finds a competitor's ad on their web page. It might be called tortious interference.
I believe that the failure of a critical system will more likely be due to a problem with DRM. Probably a failure in some licensing server. Already, I can't believe how many applications phone home for no good reason. Every application need to be in it's own sandbox with very limited access to other applications and data. "Trust no one" is the right model.
Re:How does a SSL MITM attack work?
on
Spying On Tor
·
· Score: 1
A self-signed certificate may not be require if real signing was coerced. Browsers probably should complain if a non-expired certificate changes from a prior connection. Who believes that the major certificate authorities haven't been forced to give up their private keys?
1) Reinforcement can be added to walls. Make a sandwich of OSB | sheet Aluminum | OSB | galvanized steel | OSB. The layers will make it difficult to use a chain saw or an abrasive blade. Glue and screw the sandwich.
2) Add an alarm loop between the layers for added protection.
Disasters come in many forms. Having more than one center is probably more important than extreme security at one site.
The sites should be separated by physical distance and political jurisdictions. Data lost isn't limited to physical problems. It can come in the form of a legal scavenger hunt. Both can put you out of business.
The Fermi Paradox is probably dominated by alien physiology. Can all forms of mental illness be cured? If not, it's probably just a matter of time before someone cooks up a lethal bug in a DNA-omatic or crashes a space ship at 0.99 C when learning to Parallel Park.
To survive, technology will need to be idiot proof or you will end up with babies playing with hand grenades that blow up the solar system.
I purchased two unlocked Nokia E61 phones so I could get wifi. I had to purchase them through an importer in the USA at a substantial price. AT&T doesn't give me a discount even though they never subsidize anything. What's worse is trying to get technical support with a phone problem. One beeps multiple times apparently when the phone is pinged. US Nokia: we don't support the E61 since it isn't sold here. UK Nokia: We can't answer your email since you are in the US,...
The root cause is the carriers define the phone and the customers don't get any say in the matter. We need open standards just like what was forced on the industry for POTS service.
Most central offices have well designed backup power so a total loss of service is unlikely if your copper goes to the office. Unfortunately, many subscribers are served by remotes that only have small battery racks. Some have more than one phase, which helps since outages frequently hit only one phase. After that, you can only hope someone will wander by and connect a generator to top off the batteries often enough.
A while back, my area lost two phases due to lightning blowing a cable under a bridge. The cable TV company actually had people in the neighborhood with small generators to power distribution nodes. A big truck even showed up to power a lift station before the tank over flowed. Some things are more important than phone calls:-)
Better yet, generate the keys on a smart card so that the private key can't be extracted or exported by code on your computer. Do you really trust your OS? With a smart card, the signing occurs on the card and not in your computer. This improves the system security at a much lower cost than doing the signing in a special crypto hardware module.
I use a Cryptoflex card for ssh. A public key can be safely placed on other computers and I have access whenever the smart card is inserted in my local USB reader. An OS with spyware can still listen but it can't get into remote computers when the card is in my pocket.
What magic is required to get the cable company to route your PA or PI address block between the boundary router and your access point? Everyone I talked to didn't know what I was talking about or wouldn't call back.
The cable companies drop people for having servers and I can only imagine what they think about a customer announcing prefixes.
I have a friend that can see where cable trucks park yet he has a T1 because cable isn't available in the business park. You must be very lucky or you selected locations based on access.
My T1 failures have been infrequent: Batteries ran out on telco remote, red caps were ignored and someone took a pair in common space MDF, 66 block with green stuff growing, telco pulled wrong smart jack, blown protectors, and OCX problems between telco and ISP. I would guess the outages are 10 times higher with DSL.
I have also encountered DSL modems that lockup and require a power cycle. I wrote a script that tries to fetch several web pages. Multiple failures over a period of time will cause an snmp set that toggles the power strip for the DSL modem. This seems to help a little.
Most of my DSL failures seem to be related to some type of PPoE authentication failure. I'm guessing that it's a link failure between a telco router and a non-telco ISP. There probably is little or no redundancy in this area.
I like TrueCrypt but having crypto tools marks you as a criminal in some localities. It would be nice if the desktop icon could be changed to something a little innocuous like a PDF or modem dialer.
Maybe DNSSEC should only be deployed on tamper resistant hardware that doesn't allow for private key extraction. The key pair is generated internally and nobody can give up the key even if asked. A threshold code spread among multiple administrators, in different countries, could be required for any necessary updates. The administration could even be done through a trust that has dead man and duress procedures much like some tax and lawsuit protection schemes. It's sad that this might be necessary.
Slashdot Mirror
You have a good point. There would be the potential for loss of metadata, equations in spreadsheets, audio, etc. My thought was that a PDF or another standard would only require a single tool to render documents in 200 years but storing the original probably should be a requirement.
Given all the convenient archival problems, every executive branch email should be archived as a PDF and digitally signed and time stamped by a secure server with the private key in protected hardware. The archive needs to be outside of the executive branch.
I also like the e61 but I don't think the 3G works in the USA (just Europe). I wish it was easier to setup the phone's VPN software without being forced to use a Nokia VPN gateway. It would be even better if the VPN certificates were locked in a miniSD smart card to make it difficult to copy when the phone is searched. I haven't found the appropriate smart card Symbian software. There are also good dictionary/translation packages available for the phone.
6. Use a print server so the client (and their drivers) can't talk directly to the printer.
5. Make sure your firewall blocks all external packets to or from your printers.
This may also eliminate potential security problems.
Ding Dong: I'm sorry but your doorbell chime license has expired. It will now only announce every 10th visitor. To renew you license, please go to .... DOMAIN NOT FOUND.
Warning: Your access credentials have expired since your property taxes are -32767 days overdue.
In the past, when I tested electronics at high altitudes, we ventilated the test chamber for a while after bringing it back to sea level. You never know what noxious substance might outgas from equipment.
I'm not sure encryption will help. The service providers can block services by port, block by traffic pattern, and probably memory dump your session key. Open phone software might help if the encryption was moved to a smart card. Does anyone know where I can get a mini sc smart card with Symbian OS VPN support?
I also would like cars that just keep working and better public transportation. On the other hand, an automated vehicle would sure be a blessing for handicapped people that spend half of their income just having someone drive them to a job.
It might be better to just blow the hatch and bailout at a reasonable altitude. I spent some time practicing getting out of the shuttle. Tossing a raft out a window was fun while I was in a hanger but I wouldn't want to try that in the ocean.
I suspect that this rotten practice won't stop until everyone uses ssl or a major corporation finds a competitor's ad on their web page. It might be called tortious interference.
I believe that the failure of a critical system will more likely be due to a problem with DRM. Probably a failure in some licensing server. Already, I can't believe how many applications phone home for no good reason. Every application need to be in it's own sandbox with very limited access to other applications and data. "Trust no one" is the right model.
A self-signed certificate may not be require if real signing was coerced. Browsers probably should complain if a non-expired certificate changes from a prior connection. Who believes that the major certificate authorities haven't been forced to give up their private keys?
1) Reinforcement can be added to walls. Make a sandwich of OSB | sheet Aluminum | OSB | galvanized steel | OSB. The layers will make it difficult to use a chain saw or an abrasive blade. Glue and screw the sandwich.
2) Add an alarm loop between the layers for added protection.
3) Lock the servers to the racks.
4) Have a good alarm company.
This package is nice but does it email the picture to your spouse/parents if it detects a bump?
Disasters come in many forms. Having more than one center is probably more important than extreme security at one site.
The sites should be separated by physical distance and political jurisdictions. Data lost isn't limited to physical problems. It can come in the form of a legal scavenger hunt. Both can put you out of business.
Publish the sha256 check sum in a newspaper ad.
The Fermi Paradox is probably dominated by alien physiology. Can all forms of mental illness be cured? If not, it's probably just a matter of time before someone cooks up a lethal bug in a DNA-omatic or crashes a space ship at 0.99 C when learning to Parallel Park.
To survive, technology will need to be idiot proof or you will end up with babies playing with hand grenades that blow up the solar system.
I purchased two unlocked Nokia E61 phones so I could get wifi. I had to purchase them through an importer in the USA at a substantial price. AT&T doesn't give me a discount even though they never subsidize anything. What's worse is trying to get technical support with a phone problem. One beeps multiple times apparently when the phone is pinged. US Nokia: we don't support the E61 since it isn't sold here. UK Nokia: We can't answer your email since you are in the US, ...
The root cause is the carriers define the phone and the customers don't get any say in the matter. We need open standards just like what was forced on the industry for POTS service.
Most central offices have well designed backup power so a total loss of service is unlikely if your copper goes to the office. Unfortunately, many subscribers are served by remotes that only have small battery racks. Some have more than one phase, which helps since outages frequently hit only one phase. After that, you can only hope someone will wander by and connect a generator to top off the batteries often enough.
:-)
A while back, my area lost two phases due to lightning blowing a cable under a bridge. The cable TV company actually had people in the neighborhood with small generators to power distribution nodes. A big truck even showed up to power a lift station before the tank over flowed. Some things are more important than phone calls
This will probably result in mandatory 2-way cable boxes. It will probably pass since it will create more records that can be inspected and sold.
Better yet, generate the keys on a smart card so that the private key can't be extracted or exported by code on your computer. Do you really trust your OS? With a smart card, the signing occurs on the card and not in your computer. This improves the system security at a much lower cost than doing the signing in a special crypto hardware module.
I use a Cryptoflex card for ssh. A public key can be safely placed on other computers and I have access whenever the smart card is inserted in my local USB reader. An OS with spyware can still listen but it can't get into remote computers when the card is in my pocket.
What magic is required to get the cable company to route your PA or PI address block between the boundary router and your access point? Everyone I talked to didn't know what I was talking about or wouldn't call back.
The cable companies drop people for having servers and I can only imagine what they think about a customer announcing prefixes.
I have a friend that can see where cable trucks park yet he has a T1 because cable isn't available in the business park. You must be very lucky or you selected locations based on access.
My T1 failures have been infrequent: Batteries ran out on telco remote, red caps were ignored and someone took a pair in common space MDF, 66 block with green stuff growing, telco pulled wrong smart jack, blown protectors, and OCX problems between telco and ISP. I would guess the outages are 10 times higher with DSL.
I have also encountered DSL modems that lockup and require a power cycle. I wrote a script that tries to fetch several web pages. Multiple failures over a period of time will cause an snmp set that toggles the power strip for the DSL modem. This seems to help a little.
Most of my DSL failures seem to be related to some type of PPoE authentication failure. I'm guessing that it's a link failure between a telco router and a non-telco ISP. There probably is little or no redundancy in this area.
I like TrueCrypt but having crypto tools marks you as a criminal in some localities. It would be nice if the desktop icon could be changed to something a little innocuous like a PDF or modem dialer.
Maybe DNSSEC should only be deployed on tamper resistant hardware that doesn't allow for private key extraction. The key pair is generated internally and nobody can give up the key even if asked. A threshold code spread among multiple administrators, in different countries, could be required for any necessary updates. The administration could even be done through a trust that has dead man and duress procedures much like some tax and lawsuit protection schemes. It's sad that this might be necessary.