Sounds like it is time for someone in the USA to register a patent for "A novel technique for protecting novel ideas utilizing a public database registering said novel ideas and providing time-limited protection of the said novel ideas" (or something even more obscure ideally;-)
Start charging the Patent Office licencing fees to do their own job and see how quickly things change....
They have reduced the TTL to 60 seconds to make it easier to point it elsewhere if necessary.
Earlier today, the IP number was reachable on port 80 but closed the connection immediately. It didn't look overloaded to me - when that happens, it takes a long time for the connection to be established.
NB the TTL values are just one more reason to use dig rather than nslookup:-)
Desperate: They stay because they have to provide for their family but can't find a job because no one will hire a SCO employee.
...and if such a person presented themselves to me, right now, wishing to leave SCO because of the way SCO is behaving, then I would indeed consider that person on their merits, and give them credit for trying to get out of such an ethically untenable situation.
However, if they wait until SCO is crushed to a pulp, my reaction will be rather more circumspect (ie they can get stuffed)
> The root servers are the core of what we know as the internet. We need authoritative name servers if we don't want to have to remember IP addresses
Actually, that isn't really true. We just do it like that NOW.
All that the root servers do it tell us where to start.
How do we find the root servers? By using a "well known list" that doesn't change very often (order of many years between *major* changes - as long as one of the servers listed is reachable and valid we get an up-to-date list of root servers first time we talk to it after booting).
Suppose that we used a different "well known list" that, instead of listing root servers, listed the authoritative servers for each TLD (.arpa,.net,.biz,....,plus country TLDs). Then you don't actually NEED a "." domain at all.
Sounds crazy? Surely this bigger list would get out of date quicker? Yet we accept new "global" CA's without blinking (or even knowing about it) each time we install a new version of Mozilla (or other browser). This is part of the critical trust infrastructure too. So offer a new "well known list" Free With Every Browser Download:-)
Of course, if this made you nervous, you could still include a "fallback" set of servers for "." to contact in the event that you had a query for a TLD which either was not in the existing list held (new.sux TLD anyone?) or had no responding servers from those listed. Even this would hugely reduce the traffic to the real "root" (ie serving domain ".") servers.
If you're reading about crypto, and you have not heard of Peter Gutmann, then you are either just *starting* to read about crypto, or you have missed out some of the most important *practical* parts of your reading!
Check also the X509 Style Guide. Outstanding and insightful. Trust no one claiming to know about PKI unless they have read and understood this:-)
Just one SMALL problem with what otherwise sounds like a good solution.
If the ditigal content has a valid digital signature, then the digital copy of the digital media will contain the digital content with a valid digital signature.... oops
Remember, digital signatures protect the content against MODIFICATION - not against COPYING
"artificial turkey for the vegetarians"
on
Christmas in 2050
·
· Score: 3, Insightful
"good artificial turkey for the vegetarians"
Good heavens, do you really think most vegetarians WANT artificial turkey? Maybe those who changed during their life "miss" meat, but those of us who have NEVER eaten it (not for the past 150 years in my case as a 4th generation vegetarian) it's not something we would ever contemplate.
The WORST sort of vegetarian food is that which is made to look, feel and taste like meat. Unfortunately, that seems to be what most people think of when they try to prepare vegetarian fare.
The PGP 7.x command line tools were removed because of the ease with which you could hack together a server using the command line tools without paying for a PGP Server-stylee licence which cost a lot more. The E-biz stuff still gave you the command line versions - but that was more expensive.
Absolutely. Remember, ANYTHING that expands the PGP (by which I mean anything which is OpenPGP complient) market is GOOD for everyone.
I use both PGP *and* GPG personally. I use both PGP *and* GPG professionally. For corporate use we HAVE to have the Corporate Recovery features (although you can add an ADK to my *personal* key when you prise it from my dead fingers). For signed files on our FTP server (a Linux box) we can use GPG to auto-check the integrity.
Dead pleased to see PGP being owned by someone who gives a toss now!
Two things for them to consider carefully: 1) Code Review 2) Other platforms (esp. Linux)
Of course, windows didn't actually get as far as COLOUR until after the 1988 Morris worm. Does Virus Building Script programming *work* in monochrome? (I have windows versions 1.03 and 2.0 sitting in my Black Museum of Computer History:-)
Password management like this is a nightmare. Some of the options suggested (LDAP, SecurID etc) rely upon the system you are accessing being able to talk to an external authentication system of some sort.... which means you're up a certain creek in a chickenwire canoe if that facility isn't working.
SSH with RSA keys. Change the management problem into the simpler (and more scalable) one of managing RSA public keys on the boxes (which can be automated).
However (dons flameproof suit...), take a look at the range of hardware that SuSE and Redhat supports out of the box without difficulty - including PCMCIA etc.
I'm a committed Debian user + supporter - but there IS a need for better a installation process...
So it's impossible to fake the GPS signals eh? They're not anything like a regular structured and well-understood format or anything....
I suppose faraday cage technology will be outlawed (only terrorists would want to use a faraday cage surely...)
Faking up the signals and the timing is a matter of some electronics. There is no strength here.
Snake oil. Move on people, nothing to see here....
Re:Try the many front ends
on
Can GnuPG Deliver?
·
· Score: 5, Insightful
The front end doesn't solve the problem that *corporate* users face.
GnuPG doesn't support ADKs (additional decryption keys). A lot of people don't LIKE the whole idea of ADKs. But look at it calmly. I would NOT have an ADK in my personal PGP key under any circumstances. But the PGP key I use for work - that has a designated revoker (so if I'm sacked the key can be revoked without my cooperation), and an ADK that *requests* (it cannot enforce) that items encrypted to my work PGP key can be read by one of our Corporate PGP keys (whose use is very highly controlled - and is held split anyway).
I have encrypted disk partitions - but if I'm hit by a bus, the Corporate disk ADK can recover the data that belongs to the business.
GPG doesn't inherently support key splitting, or disk partition encryption. The key splitting allows proper auditable control over particularly powerful keys. For example, our Root Corporate Signing Key is split amongst 8 trustworthy people and at least 4 of those 8 must cooperate to bring that key together for use.
GPG is great, but it won't replace PGP in the Corporate setting (where it is used a lot more than you might expect...) even WITH a nice frontend until it can support such features. I look forwards to the time when it does!
A business cannot risk losing access to data which is encrypted, so these facilities are required.
Slashdot Mirror
"Never post your email address on slashdot. I got 900 emails! ouch."
Lightweight! I get more SPAM than that EVERY DAY!
Sounds like it is time for someone in the USA to register a patent for "A novel technique for protecting novel ideas utilizing a public database registering said novel ideas and providing time-limited protection of the said novel ideas" (or something even more obscure ideally ;-)
Start charging the Patent Office licencing fees to do their own job and see how quickly things change....
It is incompatible with GPL licensed code which links with it. It's actually the GPL'd bit which gets its licence broken.
They will have to revert or face a fork IMHO
Indeed, you are correct.
Note also that the serial number of the zone file is now 2004020103. When I posted my earlier comment it was 2004020102.
Looks like the first change they made was to drop the TTL to 60, and now it is removed altogether.
It's only the www.sco.com one that has gone though - sco.com has an A record to the same IP, as does
www.no.sco.com, www.mx.sco.com, www.ar.sco.com, www.au.sco.com, www.br.sco.com, www.de.sco.com,
www.cn.sco.com, www.co.sco.com, www.dk.sco.com,
www.se.sco.com, www.fi.sco.com, www.es.sco.com,
www.uk.sco.com, www.fr.sco.com, www.tw.sco.com, www.emeia.sco.com, www.in.sco.com, www.it.sco.com, www.za.sco.com, www.la.sco.com, www.nordic.sco.com
Just www.jp.sco.com points elsewhere (and without the reduced TTL): 202.33.8.83
Interestingly enough, www1.sco.com, www2.sco.com and www5.sco.com all exist still with long TTLs and pointing to different IP numbers
They have reduced the TTL to 60 seconds to make it easier to point it elsewhere if necessary.
:-)
Earlier today, the IP number was reachable on port 80 but closed the connection immediately. It didn't look overloaded to me - when that happens, it takes a long time for the connection to be established.
NB the TTL values are just one more reason to use dig rather than nslookup
$ dig www.sco.com
[...]
www.sco.com. 60 IN A 216.250.128.12
Desperate: They stay because they have to provide for their family but can't find a job because no one will hire a SCO employee.
...and if such a person presented themselves to me, right now, wishing to leave SCO because of the way SCO is behaving, then I would indeed consider that person on their merits, and give them credit for trying to get out of such an ethically untenable situation.
However, if they wait until SCO is crushed to a pulp, my reaction will be rather more circumspect (ie they can get stuffed)
Even *more* embarassing that anyone was using *passwords* rather than SSH RSA keys surely...?!
The might have to rename "smit" to "smite" :-)
Why bother detecting when you can simple use the same technology to destroy any information which may be present there?
If this encoding technique became popular, then so would the necessary tools to scrabmble the covert channel.
> The root servers are the core of what we know as the internet. We need authoritative name servers if we don't want to have to remember IP addresses
:-)
.sux TLD anyone?) or had no responding servers from those listed. Even this would hugely reduce the traffic to the real "root" (ie serving domain ".") servers.
Actually, that isn't really true. We just do it like that NOW.
All that the root servers do it tell us where to start.
How do we find the root servers? By using a "well known list" that doesn't change very often (order of many years between *major* changes - as long as one of the servers listed is reachable and valid we get an up-to-date list of root servers first time we talk to it after booting).
Suppose that we used a different "well known list" that, instead of listing root servers, listed the authoritative servers for each TLD (.arpa,.net,.biz,....,plus country TLDs). Then you don't actually NEED a "." domain at all.
Sounds crazy? Surely this bigger list would get out of date quicker? Yet we accept new "global" CA's without blinking (or even knowing about it) each time we install a new version of Mozilla (or other browser). This is part of the critical trust infrastructure too. So offer a new "well known list" Free With Every Browser Download
Of course, if this made you nervous, you could still include a "fallback" set of servers for "." to contact in the event that you had a query for a TLD which either was not in the existing list held (new
Just a thought.....
If you're reading about crypto, and you have not heard of Peter Gutmann, then you are either just *starting* to read about crypto, or you have missed out some of the most important *practical* parts of your reading!
Check also the X509 Style Guide. Outstanding and insightful. Trust no one claiming to know about PKI unless they have read and understood this :-)
Just one SMALL problem with what otherwise sounds like a good solution.
If the ditigal content has a valid digital signature, then the digital copy of the digital media will contain the digital content with a valid digital signature.... oops
Remember, digital signatures protect the content against MODIFICATION - not against COPYING
"good artificial turkey for the vegetarians"
Good heavens, do you really think most vegetarians WANT artificial turkey? Maybe those who changed during their life "miss" meat, but those of us who have NEVER eaten it (not for the past 150 years in my case as a 4th generation vegetarian) it's not something we would ever contemplate.
The WORST sort of vegetarian food is that which is made to look, feel and taste like meat. Unfortunately, that seems to be what most people think of when they try to prepare vegetarian fare.
Ummm... it was *irony* :-)
That key belongs to "Pretty Good Privacy Inc Corporate Key " created in 1997!
I found it on the keyservers myself.....
-----BEGIN PGP MESSAGE-----
a r/ QN6ii/0/usCMRo0 UvCchxFkcqhFAiGw lDqX2duEyTy9Qdm F7gs6lnJ7giArcYC UPs8rOLpt8fsM1d vgmWcX2kftwrPRJZ rNy5ODlKZqUhi9h SoJRPC5/4EL0H7D8 rHh4k53JSjCnUlz a9rhED2qRp7EVUHa n4Lxoo1CRaSM5T2 FZxxbB6A1LzNvD1y Ys3K+gBwBA0Wbuj f3/kq+IfD9VELamn OsVWaA
Version: PGP 7.1.1
Comment: Yes!
hQEMAwl2udpezNSNAQf/Yn4lIDvU0DS2pRhxz/guFx/yxBr
atgMUr5h+VuoYbOersB8NfPWewWhAE7ok
23a1t6KBEPjawH3wCPXo6RLhpXSmDzAXD
86EzZm7iwZCI3yVotFN5+kFXY2WDV4SCg
Y+zQbIoEon2Zucg7SA3wlUWTQZjsfyHEf
u8bYFQ87v6vbmonlEek9nKCC0pwp6fVzi
OmDfrMNmskVlLOflPivJUM4VLp6A8o28k
Q1819K2BwNrNAX7AGACsptVkJ36PP+LWh
=Qus1
-----END PGP MESSAGE-----
The PGP 7.x command line tools were removed because of the ease with which you could hack together a server using the command line tools without paying for a PGP Server-stylee licence which cost a lot more. The E-biz stuff still gave you the command line versions - but that was more expensive.
Absolutely. Remember, ANYTHING that expands the PGP (by which I mean anything which is OpenPGP complient) market is GOOD for everyone.
I use both PGP *and* GPG personally. I use both PGP *and* GPG professionally. For corporate use we HAVE to have the Corporate Recovery features (although you can add an ADK to my *personal* key when you prise it from my dead fingers). For signed files on our FTP server (a Linux box) we can use GPG to auto-check the integrity.
Dead pleased to see PGP being owned by someone who gives a toss now!
Two things for them to consider carefully:
1) Code Review
2) Other platforms (esp. Linux)
I'm just waiting for the announcement that it's actually going to land on Iraq.
:-)
"Let the Inspectors back in.... or we'll just do fsck all and watch from a distance...."
Of course, windows didn't actually get as far as COLOUR until after the 1988 Morris worm. Does Virus Building Script programming *work* in monochrome? (I have windows versions 1.03 and 2.0 sitting in my Black Museum of Computer History :-)
Well, I guess that missing second will circulate as a surprisingly small mpeg on the Net for those really badly worried.... :-)
When do these appear on ThinkGeek?
Password management like this is a nightmare. Some of the options suggested (LDAP, SecurID etc) rely upon the system you are accessing being able to talk to an external authentication system of some sort.... which means you're up a certain creek in a chickenwire canoe if that facility isn't working.
SSH with RSA keys. Change the management problem into the simpler (and more scalable) one of managing RSA public keys on the boxes (which can be automated).
Job jobbed.
That is mostly true.
However (dons flameproof suit...), take a look at the range of hardware that SuSE and Redhat supports out of the box without difficulty - including PCMCIA etc.
I'm a committed Debian user + supporter - but there IS a need for better a installation process...
So it's impossible to fake the GPS signals eh? They're not anything like a regular structured and well-understood format or anything....
I suppose faraday cage technology will be outlawed (only terrorists would want to use a faraday cage surely...)
Faking up the signals and the timing is a matter of some electronics. There is no strength here.
Snake oil. Move on people, nothing to see here....
The front end doesn't solve the problem that *corporate* users face.
GnuPG doesn't support ADKs (additional decryption keys). A lot of people don't LIKE the whole idea of ADKs. But look at it calmly. I would NOT have an ADK in my personal PGP key under any circumstances. But the PGP key I use for work - that has a designated revoker (so if I'm sacked the key can be revoked without my cooperation), and an ADK that *requests* (it cannot enforce) that items encrypted to my work PGP key can be read by one of our Corporate PGP keys (whose use is very highly controlled - and is held split anyway).
I have encrypted disk partitions - but if I'm hit by a bus, the Corporate disk ADK can recover the data that belongs to the business.
GPG doesn't inherently support key splitting, or disk partition encryption. The key splitting allows proper auditable control over particularly powerful keys. For example, our Root Corporate Signing Key is split amongst 8 trustworthy people and at least 4 of those 8 must cooperate to bring that key together for use.
GPG is great, but it won't replace PGP in the Corporate setting (where it is used a lot more than you might expect...) even WITH a nice frontend until it can support such features. I look forwards to the time when it does!
A business cannot risk losing access to data which is encrypted, so these facilities are required.