I really hate to say it, but I think Active Directory is most definitely the way to go. No other directory systems allows for as simple administration of a large number of windows computers, your windows clients will "Just Work" with it, and it isn't difficult to make windows boxes, wikis, etc authenticate against it (I've had to do this many times...).
Active directory lets you access it via LDAP which a lot of software packages understand (a note here, structure the LDAP binds such that the username is in the form of SAMACCOUNTNAME@WINDOWSDOMAINFQDN, this has worked almost every time for me).
The free version of Likewise Open will make it very easy for the linux boxes themselves to authenticate against AD without having to mess with any pam conf yourself, and if you pay them money you can even deploy GP's to linux boxes (disclaimer, I've never tried this part).
In sum, while I hate to say it, you can make almost any client solution work with AD either directly or via LDAP or Kerberos, and it's the best possible solution for windows client management, so I'd go with that.
Performing this command and then scanning the resulting file with "File Investigator" results in the file being detected as a headerless encrypted data file.
Whoever pointed out that they simply identify any randomly filled binary file of a size of a multiple of 512bytes is correct.
TrueCrypt doesn't use ECB mode, hasn't for some time, etc etc etc. Stop freaking out every time someone claims to have broken it.
Author said he wanted only the home directory (I'm assuming you mean %USERPROFILE%) encrypted.
While TrueCrypt can natively encrypt the entire drive, there is an addon available to perform only encryption on your "Documents and Settings\Username" folder.
The enhancement is available at http://tcgina.t35.com/
Of course, truecrypt is available at www.truecrypt.org
Even though I use truecrypt for the entire drive, I separately use TCGINA so that I can have a portable encrypted container of just my user profile, so that I have a compact way to transport my documents, program settings, etc.
This is an extremely good way to teach. This method also makes it extremely easy to teach synchronization too (tell two kids to go modify the value pointed to by their label at the same time, and have that value on the chalkboard). You can give your students a better understanding of pointers, memory, and threading than most students have in a single class without showing them a line of code.
Another solution is to use Truecrypt to protect the contents of the drive. Then, the day you leave, send your hard drive back to yourself via overnight mail. Then if they ask for the contents of your laptop, you're incapable of giving it to them, but you're no less secure. You are however out of your data for a day or two.
You could create a filter for them that would automatically delete all email that doesn't contain a that is well-known to your family/those who would email them.
Typically I don't refer to setting up a "secure" LAMP server as optimization, so I'll list a couple of the technologies I use for both scenarios. One of the below posts mentioned that the biggest deal is the insecure application code you may be running -- this is very true.
Security stuff--For this, I use mod_security (apache module) to chroot the directory in which apache works to/chroot/apache. This way, in case an app breaks it is at least limited to this portion of the directory tree. Chrooting made easy really.
Permissions -- once inside the chroot make sure you know everywhere that the web server has permission to write data, and keep these locations to a minimum. If an app is vulnerable, hopefully it won't be able to replace application code in itself and/or elsewhere.
Some speedup stuff:
Eaccelerator -- look it up, install it, it works great and speeds up php execution substantially.
MySQL query cache - look it up, turn it on, it helps a lot.
Ramdisk -- This goes with both optimization and security -- a lot of popular webapps use Smarty or a similar technology to create and then compile templates for code/data that is displayed. These apps need write access to whatever directory is used to store their compiled templates. I have an entry for a ramdrive in/etc/fstab that mounts a ramdrive inside of apache's chroot and then symlink all of those temporary directories there -- that way the compiled templates are both quickly accessed and I minimize the number of places apache can write data.
These are just a couple of the things I use to speed up and secure my server, some people may have more or less or disagree with how I do things, but at least you have a couple more topics to research:)
Until you actually let someone authenticate to your site using OpenID, you're not really helping anything. You're just spreading BS about how open you are when you're really just supporting further centralization around yourself. Until the big names start acting as Relying Parties, I don't wanna hear about it.
Yet another reason why I like OpenID so much. Once you push the actual mechanism for authentication away from the website itself, you have more flexibility. In other words, I could set up my own openid server to authenticate me based on either username/password, or from a list of acceptable one-time pads. When using a public terminal, authenticating to my OpenID server using a onetime pad would give me the ability to authenticate to temporarily authenticate to any site I wanted, without having to give my passwords to a proxy service like KYPS. Oh, for want of more widespread OpenID adoption...
I for one can't wait for Truecrypt 5.0. Scheduled for release in January of 2008, the new version will contain (I believe) the first FOSS implementation of full hard drive encryption (pre-boot authentication and everything(Windows)), as well as a very good encrypted container solution that will work on Windows/Linux/MacOSX.
First year in college, 2 maxtor 250's died. RMA'd and both warranty replacements died. Then the HD in my laptop died. Then one other random HD died. That's why I have everything important on at least 3 hard drives and use RAID5 for all of my general storage.
Slashdot Mirror
I really hate to say it, but I think Active Directory is most definitely the way to go. No other directory systems allows for as simple administration of a large number of windows computers, your windows clients will "Just Work" with it, and it isn't difficult to make windows boxes, wikis, etc authenticate against it (I've had to do this many times...).
Active directory lets you access it via LDAP which a lot of software packages understand (a note here, structure the LDAP binds such that the username is in the form of SAMACCOUNTNAME@WINDOWSDOMAINFQDN, this has worked almost every time for me).
The free version of Likewise Open will make it very easy for the linux boxes themselves to authenticate against AD without having to mess with any pam conf yourself, and if you pay them money you can even deploy GP's to linux boxes (disclaimer, I've never tried this part).
In sum, while I hate to say it, you can make almost any client solution work with AD either directly or via LDAP or Kerberos, and it's the best possible solution for windows client management, so I'd go with that.
Just my .02
hahaha you got me, well played ;)
This is complete sensationalist crap. Truecrypt isn't broken, (probably) nor are any of the other programs they possibly claim to have broken.
This is easy to test for yourselves folks, I just did it in 5 minutes.
dd if=/dev/urandom of=/home/me/somefile.jpg bs=512 count=10000
Performing this command and then scanning the resulting file with "File Investigator" results in the file being detected as a headerless encrypted data file.
Whoever pointed out that they simply identify any randomly filled binary file of a size of a multiple of 512bytes is correct.
TrueCrypt doesn't use ECB mode, hasn't for some time, etc etc etc. Stop freaking out every time someone claims to have broken it.
Author said he wanted only the home directory (I'm assuming you mean %USERPROFILE%) encrypted. While TrueCrypt can natively encrypt the entire drive, there is an addon available to perform only encryption on your "Documents and Settings\Username" folder. The enhancement is available at http://tcgina.t35.com/ Of course, truecrypt is available at www.truecrypt.org Even though I use truecrypt for the entire drive, I separately use TCGINA so that I can have a portable encrypted container of just my user profile, so that I have a compact way to transport my documents, program settings, etc.
Grep has this built in grep -r [-i] "keyword" *
This is an extremely good way to teach. This method also makes it extremely easy to teach synchronization too (tell two kids to go modify the value pointed to by their label at the same time, and have that value on the chalkboard). You can give your students a better understanding of pointers, memory, and threading than most students have in a single class without showing them a line of code.
Another solution is to use Truecrypt to protect the contents of the drive. Then, the day you leave, send your hard drive back to yourself via overnight mail. Then if they ask for the contents of your laptop, you're incapable of giving it to them, but you're no less secure. You are however out of your data for a day or two.
Insert the word string in the previous message ;)
You could create a filter for them that would automatically delete all email that doesn't contain a that is well-known to your family/those who would email them.
You can't check your email this way, you can only send it this way.
Typically I don't refer to setting up a "secure" LAMP server as optimization, so I'll list a couple of the technologies I use for both scenarios. One of the below posts mentioned that the biggest deal is the insecure application code you may be running -- this is very true. Security stuff--For this, I use mod_security (apache module) to chroot the directory in which apache works to /chroot/apache. This way, in case an app breaks it is at least limited to this portion of the directory tree. Chrooting made easy really.
Permissions -- once inside the chroot make sure you know everywhere that the web server has permission to write data, and keep these locations to a minimum. If an app is vulnerable, hopefully it won't be able to replace application code in itself and/or elsewhere.
Some speedup stuff:
Eaccelerator -- look it up, install it, it works great and speeds up php execution substantially.
MySQL query cache - look it up, turn it on, it helps a lot.
Ramdisk -- This goes with both optimization and security -- a lot of popular webapps use Smarty or a similar technology to create and then compile templates for code/data that is displayed. These apps need write access to whatever directory is used to store their compiled templates. I have an entry for a ramdrive in /etc/fstab that mounts a ramdrive inside of apache's chroot and then symlink all of those temporary directories there -- that way the compiled templates are both quickly accessed and I minimize the number of places apache can write data.
These are just a couple of the things I use to speed up and secure my server, some people may have more or less or disagree with how I do things, but at least you have a couple more topics to research :)
Until you actually let someone authenticate to your site using OpenID, you're not really helping anything. You're just spreading BS about how open you are when you're really just supporting further centralization around yourself. Until the big names start acting as Relying Parties, I don't wanna hear about it.
Mod parent up, the only good way to do SPAM filtering is to ONLY deliver a 250 Queued message if the email is actually going to be delivered.
Yet another reason why I like OpenID so much. Once you push the actual mechanism for authentication away from the website itself, you have more flexibility. In other words, I could set up my own openid server to authenticate me based on either username/password, or from a list of acceptable one-time pads. When using a public terminal, authenticating to my OpenID server using a onetime pad would give me the ability to authenticate to temporarily authenticate to any site I wanted, without having to give my passwords to a proxy service like KYPS. Oh, for want of more widespread OpenID adoption...
You guys are all missing one of the most important ones: Immediately repeal a good portion of the Executive Orders currently in effect.
I for one can't wait for Truecrypt 5.0. Scheduled for release in January of 2008, the new version will contain (I believe) the first FOSS implementation of full hard drive encryption (pre-boot authentication and everything(Windows)), as well as a very good encrypted container solution that will work on Windows/Linux/MacOSX.
Uptime.
Tested the voltage on them several times and they checked out.
First year in college, 2 maxtor 250's died. RMA'd and both warranty replacements died. Then the HD in my laptop died. Then one other random HD died. That's why I have everything important on at least 3 hard drives and use RAID5 for all of my general storage.