...is how you can scroll down past the cascade of de Raadt nonsense and find an actual reasonable response from the bcw maintainer himself!
Unfortunately, with so much noise coming from de Raadt, the only thing most people are going to see are his ridiculous responses.
I'm sure someone else has drawn this line before, but he reminds me of the OpenBSD mascot. Like a blowfish, he fills up with (hot) air when threatened and is very defensive.
So, as a former poll worker, I'll go ahead and clear up some of the assumptions that you've made:
It's not people at the polling place that they're concerned with. Its the corrupt officials who get to take the machine home with them, who could replace valid vote data with a trumped up memory card showing a clear majority win for whoever is paying them the most.
I ran one of the polling sites in San Diego where the EVMs were used this year, and I was one of the people who had these machines sitting in my place for a week prior to the election. I agree that having this equipment sitting in my house isn't ideal, but I don't personally think it means the end of fair and safe voting:
Most of the Corrupt Officials in the training courses I had to attend were close to 80 years old. No, 110. I'll go so far as to divulge that they weren't even technically savvy enough to hook up the keypad and printer to the machine without a lot of help. These are not the people I suspect of tampering with the memory cards.
To track down these officials and break into their home to gain access to these machines wouldn't be trivial. It wouldn't be impossible, but so what if you did? If I had any reason to believe that my machines had been touched, I'd get a new set. Plus, now the scope of the attack involves both hacking and breaking and entering.
Replacing the memory card is also non-trivial. Even if I had a doctored card, the Election startup procedure requires that multiple precinct officials have to check the vote count on the machine and print out a paper "Zero Report" showing that absolutely no votes are stored on the card yet -- now the attack involves modifying Diebold's software to doctor these screens and printouts.
Lastly, it's just not worth it. If you were able to execute this kind of attack as an Official or an Outsider, you'd be swaying a tiny number of votes in the grand scheme of things. A single precinct accounts for too small a percentage of total votes cast to justify the effort. To do this kind of attack at a large scale would require some sort of conspiracy between hundreds of election officials, or it would require a squad of ninjas to break into the houses of these hundreds of election officials undetected.
To the credit of the people coordinating the election, procedures in San Diego were better than in most other parts of the nation. My voting machines were given to me and taken from me by armed police, and the regulations regarding seals and paper trails were well defined. I won't rule out some kind of dark police conspiracy either, but I'll admit that I thought about how I could modify the election results, and there was no viable method. Not without, say, the budget of a politician;)
Privacy advocates see this move by VeriChip as a way to introduce their product to Latin America after a lukewarm reception in North America.
Um, um, what? Just a marketing ploy? Just looking to get more market share?
In other news, The Burger King Corporation has finished constructing it's first run of biomechanical overlord drones. These drones have been shown to be capable of both mind control and world domination. Market Analysts see this as a ploy to increase the Whopper's market share, as the Big Mac has rapidly been gaining popularity.
Distributed read/write
Pieces of files exist in multiple places and are needed by multiple processes in multiple locations
Overall, I see average 30 gigabytes throughput across the cluster, not from node to node. The node to node speed could, of course, never exceed that of the transmission medium.
I went to the site expecting the good old Rainbow style A.M.A.N.D.A. logo, but the site is 'zmanda' branded...
To me, this looks like some third party updated and extended some OSS. That said, I think the title is a bit misleading in that this isn't Amanda 2.5 at all, but some other project...
This happened to me last week. My problem with it is the fact that I'm a 'liability,' now. My feeling is that even before I put in my notice, I was a 'liability.' If I intended to do harm, I could have easily snagged all of the important SSH keys and installed backdoors before I put in my notice.
I guess it's just the idea that you're an open liability, now. Whatever, 2 weeks severance is nice.
If you look closely at the function, first the variable $salt is generated randomly. Second, an an md5 hash is generated for "$salt . $plaintext" which in Perl and PHP equates to contatenating the salt with the plaintext, thereby incorporating the salt into the hash.
The salt is prepended to the cipher only so that it can be used during decoding. That is, the decoding function will grab the salt from between the second two dollar signs and prepend it to the cleartext string that it's hashing.
J Allard (Expert):
Q: Will a completely black 360 be available?
A: not currently in plan for launch but as you know we will have removable faceplates and i expect down the line we will get feedback that people want other colors and we will provide it
Looks like those obnoxious mall kiosks that sell faceplates for Nokia phones from 1992 will be able to refresh their inventory.... *sigh*
Unfortunately, the md5 function won't usually take a salt argument. You can salt it easily by hand, though, by doing something along these lines:
function saltedMD5($plaintext) {
$salt = randomString(8);
$ciphertext = md5($plaintext);
$saltycipher = '$1$' . $salt . '$' . $ciphertext;
return $saltycipher; }
(note: consider this pseudocode, as it's some kind of cross between PHP and Perl)
This function accepts a password and returns one like this:
$1$rjWol9cE$MRr13YqfuhasxTkyIjUiY1
This is the standard format for shadowed passwords for most modern *nix distributions, and it's invulnerable to lookups in most general-purpose databases.
While I'm not a fan of MAPS, AOL isn't much better. They do IP blacklisting just as much as MAPS, and they're even harder to get ahold of when working to get IPs delisted.
I just wish MAPS was an ISP that AOL could blacklist. That would be entertaining.
I work for an ISP who recently got blacklisted just as the poster did. All of our outgoing SMTP servers got blacklisted even though it was a colo customer sending a majority of the spam. Then, after numerous contacts from our abuse department, we get no response at all.
The problem as I see it is this: MAPS operates on two fronts. They have their customer front, and they have the blocking front. Customers use MAPS because it does cut down on SPAM. ISPs like RoadRunner even use it. On that front, it's a good service. On the back end, though, they aren't responsive, and they aren't really operating responsibly (they don't have to).
In other words, what can you do? MAPS will appeal to customers for a long time, and those who are blocked will have to deal with it.
Don't forget, iloveyou.vbs didn't do major damage to Microsoft systems.
Virus writers are gunning for the user more and more. Take the SirCam virus for example: it attached files in your My Documents folder to a bunch of emails and sent them to people in your address book. Didn't hurt your computer... just your reputation when your neighbors found kiddie porn in their email.
The moon or Mars would be a natural venue for the concept, a place too hostile for mankind, where viabs could work around the clock: Let robots spit out a city, then settle in when it's ready.
You'll land in the bathroom/livingroom/spacedock shaped like a booger, and then you can relax in the bedroom/backyard or use your machine-built PC in the garage
I just fail to see how this amorphous abstract thing would be practical. Admittedly, it would be cool looking and unique, but still.
Slashdot Mirror
IANAL, but I think you're looking for the following:
http://en.wikipedia.org/wiki/Hatch_Act_of_1939
It's not entirely spelled out in that article since you're given a very high level view, but I think that's the relevant section of law.
...is how you can scroll down past the cascade of de Raadt nonsense and find an actual reasonable response from the bcw maintainer himself!
Unfortunately, with so much noise coming from de Raadt, the only thing most people are going to see are his ridiculous responses.
I'm sure someone else has drawn this line before, but he reminds me of the OpenBSD mascot. Like a blowfish, he fills up with (hot) air when threatened and is very defensive.
I ran one of the polling sites in San Diego where the EVMs were used this year, and I was one of the people who had these machines sitting in my place for a week prior to the election. I agree that having this equipment sitting in my house isn't ideal, but I don't personally think it means the end of fair and safe voting:
To the credit of the people coordinating the election, procedures in San Diego were better than in most other parts of the nation. My voting machines were given to me and taken from me by armed police, and the regulations regarding seals and paper trails were well defined. I won't rule out some kind of dark police conspiracy either, but I'll admit that I thought about how I could modify the election results, and there was no viable method. Not without, say, the budget of a politician
Privacy advocates see this move by VeriChip as a way to introduce their product to Latin America after a lukewarm reception in North America.
Um, um, what? Just a marketing ploy? Just looking to get more market share?
In other news, The Burger King Corporation has finished constructing it's first run of biomechanical overlord drones. These drones have been shown to be capable of both mind control and world domination. Market Analysts see this as a ploy to increase the Whopper's market share, as the Big Mac has rapidly been gaining popularity.
Is anyone else reminded of the 'phallic flash' at the end of Fight Club? Just think... drop a GE logo on there and BAM!
Instant advertising greatness.
Distributed read/write Pieces of files exist in multiple places and are needed by multiple processes in multiple locations Overall, I see average 30 gigabytes throughput across the cluster, not from node to node. The node to node speed could, of course, never exceed that of the transmission medium.
Where I work, I deal with 30-40GBps average read/write total throughput on our distributed filesystem using GigE and Cisco 6509s.
I have trouble imagining an application that could eat up more than that. It's bananas.
I went to the site expecting the good old Rainbow style A.M.A.N.D.A. logo, but the site is 'zmanda' branded...
To me, this looks like some third party updated and extended some OSS. That said, I think the title is a bit misleading in that this isn't Amanda 2.5 at all, but some other project...
Just my $0.02
And I JUST downloaded and compiled Xorg stable today... should've checked the /. first.
This happened to me last week. My problem with it is the fact that I'm a 'liability,' now. My feeling is that even before I put in my notice, I was a 'liability.' If I intended to do harm, I could have easily snagged all of the important SSH keys and installed backdoors before I put in my notice.
I guess it's just the idea that you're an open liability, now. Whatever, 2 weeks severance is nice.
Oops =P
The salt is prepended to the cipher only so that it can be used during decoding. That is, the decoding function will grab the salt from between the second two dollar signs and prepend it to the cleartext string that it's hashing.
J Allard (Expert):
Q: Will a completely black 360 be available?
A: not currently in plan for launch but as you know we will have removable faceplates and i expect down the line we will get feedback that people want other colors and we will provide it
Looks like those obnoxious mall kiosks that sell faceplates for Nokia phones from 1992 will be able to refresh their inventory.... *sigh*
Unfortunately, the md5 function won't usually take a salt argument. You can salt it easily by hand, though, by doing something along these lines:
function saltedMD5($plaintext)
{
$salt = randomString(8);
$ciphertext = md5($plaintext);
$saltycipher = '$1$' . $salt . '$' . $ciphertext;
return $saltycipher;
}
(note: consider this pseudocode, as it's some kind of cross between PHP and Perl)
This function accepts a password and returns one like this:
$1$rjWol9cE$MRr13YqfuhasxTkyIjUiY1
This is the standard format for shadowed passwords for most modern *nix distributions, and it's invulnerable to lookups in most general-purpose databases.
I wouldn't put too much stock into Google. Not after watching how MSN Search is growing off on the horizon...
While I'm not a fan of MAPS, AOL isn't much better. They do IP blacklisting just as much as MAPS, and they're even harder to get ahold of when working to get IPs delisted.
I just wish MAPS was an ISP that AOL could blacklist. That would be entertaining.
Say hello to Ricochet.
They're doing what you proposed - wireless nodes on telephone poles. Streetlights, too.
I work for an ISP who recently got blacklisted just as the poster did. All of our outgoing SMTP servers got blacklisted even though it was a colo customer sending a majority of the spam. Then, after numerous contacts from our abuse department, we get no response at all.
The problem as I see it is this: MAPS operates on two fronts. They have their customer front, and they have the blocking front. Customers use MAPS because it does cut down on SPAM. ISPs like RoadRunner even use it. On that front, it's a good service. On the back end, though, they aren't responsive, and they aren't really operating responsibly (they don't have to).
In other words, what can you do? MAPS will appeal to customers for a long time, and those who are blocked will have to deal with it.
Don't forget, iloveyou.vbs didn't do major damage to Microsoft systems.
Virus writers are gunning for the user more and more. Take the SirCam virus for example: it attached files in your My Documents folder to a bunch of emails and sent them to people in your address book. Didn't hurt your computer... just your reputation when your neighbors found kiddie porn in their email.
Considering you can get a Logitech 6-button wireless mouse w/ scroll wheel for ~$28, I don't know why anyone would buy the Apple product.
Isn't that kinda like comparing the iPod with the other hard-drive based players on the market?
The answer simply is: they just will.
For every link to Goatse, the value of the network has an absolute drop of 225.2.
All elliptical curve math, unfortunately, falls under Microsoft's patent on all things curvy or mildly resembling a circle. =\
Anyone in Oakland right now is encouraged to help beta test the network. All you need is an 802.11 enabled card, and the SSID is 'linksys.'
If you're having any trouble, just go ahead and access http://192.168.1.1. Leave the username box blank and the password is 'admin.'
Thanks.
The moon or Mars would be a natural venue for the concept, a place too hostile for mankind, where viabs could work around the clock: Let robots spit out a city, then settle in when it's ready.
You'll land in the bathroom/livingroom/spacedock shaped like a booger, and then you can relax in the bedroom/backyard or use your machine-built PC in the garage
I just fail to see how this amorphous abstract thing would be practical. Admittedly, it would be cool looking and unique, but still.