1- keepalive : IBM's SNA has an efficient keepalive mechanism. TCP has one but I never saw it working properly.
Uh, no? Please do correct me if I'm wrong, but keepalives are not at all part of the TCP/IP "church". In fact, keepalives are outside the TCP state machine, and I've seen some really interesting behaviors caused by poor implementations of this poor idea.
Poor idea? Well, yes: One of the points of TCP is to be able to survive temporary or intermittent "disappearance" of the underlying network. Keepalives expose these failures, breaking the TCP model.
Some of the bad behavior I've seen? This one is cool....
Server and client, both on HP-UX 6.5 (yeah, I know...). Both ends have sockets set to use keepalives (remember the old ISODE code? Used keepalives over TCP to mimic an X.25 analog that wasn't necessary in a TCP network! deep sigh). Every morning, recycle the server via cron. But server won't come back up, claims socket is in use.
Problem? Server shuts down, tells kernel to close socket. Kernel on server tells client that it is closing, both drop into wait state. Socket will close when client sends its close message. BUT! During the wait state, one end (doesn't matter which) sends the other an ACK. WTF? A keepalive.
Due to a bug in how the HP-UX 6.5 networking libraries handled the TCP state machine violation (an ACK at this point is illegal), the close sequence is forgotten, and the two machines exchange ACKs until one is rebooted. Servver's port is never released by kernel, therefore server cannot come back up. Until client machine or server machine (doesn't matter which) is rebooted.
Sigh. Two days with a network analyzer and a lot of WTF, this can't be moments. IIRC, they fixed this in 7.0, broke it briefly later, but fixed it for good in 8.0 and above.
And don't even get me started on the fact that TCP keepalives are still the default in OpenSSH, despite known security concerns with having a keepalive outside the security envelope, and therefore injectable by an attacker.
If they gave IE away for free, I could legally download it and install it under Wine. But I can't legally do that.
Perhaps I am missing something - perhaps the distinction is between "technically able" and "legally permitted" - but this is something I can easily do. Everytime I've installed MS Office using CrossOver, the Office installation has prompted me to install IE, since it is a necessary component of Office. So it is certainly technically possible.
As to the legality, IANAL of course, but my understanding is that the MS Office license does not and cannot require a Windows license (that would illegally tied selling, no?), and that since Office requires IE, IE itself cannot require a Windows license.
You could argue that I've needed to give $$$ to MS to get IE, and you'd be right: I needed to spend those $$$ to get the entry point that would give me IE. But I think that's a quibble rather than a real counter-argument. MS is carefully controlling the technical means by which one obtains this particular piece of free software. They could just as easily make it easier for you to get it. That they don't is their choice. It's their software, they're free to distribute it as they see fit (within the law of course:->).
Of course, all of this is mere speculation and conjecture based on my interpretation of my experience. I'd love to read a reply from someone who might actually have a clue (not to imply you don't, just using a turn of phrase, I think you know what I mean).
Are any of our/. lawyers about? NewYorkCountryLawyer? Bueller? Bueller?
Not to flame or troll or slashvertise, but how is this new? I was a conference recently where the coolest security product on display was from http://www.airtightnetworks.net/: Their WIPS can be configured with an organization's known wireless clients (MAC address, make, HW and SW versions, etc.), and then detect systems that shouldn't be there.
According to the reseller's CTO - I had the good fortune to stop by the booth before he and the COO departed and the booth was left with only salesdroids - the system has an extensive database of fingerprints - hardware, software, etc., think of timings and the like specific to particular combinations of OS, firmware, and chipset.
This raises the bar for a snooper: They not only have to clone your MAC addresses, etc., they have to clone the MAC, etc., on a box running the same OS, firmware, chipset, as the legit box. And they have to get the WPA keys right.
(They also a neato WPA key management app to raise that bar, too.)
Apologies if this seems slashvertisical, seems to me the best way to debunk someone's claim of newnessess and neverbeendonebeforedness is to point real selling product that does all of the non-vapourware things the someone claims to have invented.
maintain... separate online identities for Work and Recreation
You'll notice from my/. nickname that I did this...
...and now sort of regret it, now that I'm consulting and wish I could tie together the various sites at which I lurk, as part of an effort at building a coherent brand...
...something which I would surely regret 5 years from now, when I move on to project X.
Wanna know what's really funny? I chose "myvirtualid" as a quasi-ironic meaningless handle and decided to use it as a throwaway at all the sites I "really didn't care about", the sites I figured would generate the most spam, etc.
Then, when I got tired of the spam, I would tank myvirtualid and move on....
Except it didn't work out that way - over time, the one email ID that got the least spam was myvirtualid, and the sites that I've maintained the {l|str}ongest association with are those sites where myvirtualid is myHandleOfChoice.
And the only reason I don't get more spam at pwwnow@TheGreat2GBSearchEngineEmailPalace.com is decent spam filtering. I won't even mention pww@MyCorporateConsultingIdentity.com, which just shows how bad the spam filtering is in Evolution (after months of training).
Let's face it: Identity is fluid. Friendships are fluid. And our understanding of them is fluid as well, at least from the perspective of different generations.
There was a good story reprinted in the Gardner Dozois annual a few years ago about a furture virtual world where identity and skins were completely user selectable, and where, after a few years or decades in one place and one skin, it was socially acceptable to "burn down" one's "house" and move on, no forwarding address.
And all that prevented anyone from following and learning the new ID or new location was the simple desire to one day move along one's self. And that was enough.
Let's face it. As wise as the Red Caped Ballooning Blogger may be, none of us really yet understands the implications of the new networking. It's far more pervasive and far more sinister and far more powerful and far more enabling than we yet realize.
And generation ++(++(++(++(++(++X))))) will work within it with an ease lost on them's of us still around trying to puzzle it all out.
Prognosticate all you will, Jack, you don't know jack 'bout what's next.
Imagine my surprise when I visited the survey and could not see the selection boxes or radio buttons for answering the questions.
Oh, silly me, I have my browser set to "ignore colours specified on web pages"...
...because it is easier for me to read and I get fewer headaches, that's why.
Don't get me wrong: I run Linux on every machine I possibly can, and if I could completely dispense with Windows, I would. But the major "they/we still don't get it" feature of the FLOSS world is the (apparent) "our way or the highway" perspective when it comes to information presentation and UI design/layout.
It's like the bad old days of mackytacky just won't go away - remember when the first Macs came out, and soon everyone had these crazy resumes with 10 different fonts and 12 different point sizes, just 'cause they could?
FWIW, while it's getting better, IMHO MS and Apple and good web designers take usability preferences and accessibility concerns far more to heart, generally speaking, than FLOSS GUI and web designers.
It all depends on how one phrases things. For example, if you refer to http://laws.justice.gc.ca/en/ShowFullDoc/cs/O-5///en, you'll see definitions of "special operational information", one of which is "the means that the Government of Canada used, uses or intends to use, or is capable of using, to protect or exploit any information".
So what?
Well, IANAL, but my reading is that the law as phrased allows the GoC to create information classification schemes the existence of which would be considered "special operational information", so revealing the existence of the classification scheme would itself be a contravention of the Security of Information Act, punishable by up to 14 years imprisonment.
Reading between the lines, the other types of information considered "special operational information" are the sorts of thing generally considered to be at least Secret, likely Top Secret, so such a classification scheme could itself be Top Secret.
So one would need a TS clearance to even be permitted to know about such a classification scheme. And learning of such a scheme would make one a person "permanently bound to secrecy".
As for stumbling across such information, well, TS stuff isn't usually left lying around. For example, refer to http://www.ciisd.gc.ca/text/ISM/print/printch5ann3-e.asp: TS docs being sent about are double-enveloped, and the outer envelope does not bear a security marking (but is sealed in a tamper-evident manner). The likelihood of stumbling across TS material is low outside of an approved facility.
And if you are inside such a facility, you have a TS and know that there is stuff you don't need to know, and you keep your blinders on, to not risk stumbling. Or you are being escorted by someone with a TS, who keeps you from stumbling.
Or you are a spy, but that's another story.
Re:Military grade anonymity? Say what?
on
Spying On Tor
·
· Score: 1
There is no clearance above TS
Perhaps not in the US. And not trying to be tongue-in-cheek, but if there, would you be allowed to know of them, without having a TS yourself? (Not that I am in any implying that this might be the case anywhere, you understand....)
Military grade anonymity? Say what?
on
Spying On Tor
·
· Score: 5, Interesting
Military grade anonymity?
What?
Sure, we all know - or think we know - what "military grade crypto" means[1], but now you're just making stuff up.
Military grade anonymity, indeed.
[1] Strong crypto managed in a Type 0 or Type 1, etc., system, where everything is kept secret, hardware and software are tightly controlled, and updates are distributed strictly out-of-band - think spies with briefcases handcuffed to their wrists.
Contrast with "commercial grade crypto", where everything but the secret/private keys themselves are known, well studied, well understood, etc., and updates are distributed in-band, though sometimes "boot strapped" using an OOB shared secret, etc.
There is the perception that "military grade" is somehow stronger than "commercial grade", but what is the basis for this perception? None of us can say, least not here.
To know - to really know - whether military grade crypto is actually any stronger than commercial grade crypto requires a degree of access which itself requires clearance at - or above - top secret, said clearance being predicated on the understanding that those with said access won't reveal what they know, on pain of prosecution.
So the people who do know cannot and will not tell.
You'll just have to take my word for it.:->
"Military grade anonymity" is nothing more than buzzspeak for "anonymity that we think is really, really OMG PONIES good, but we can't prove, what with there being a complete and total lack of mathematically sound anonymity analytics comparable to cryptanalysis, so there, nyah!"
Assuming that this is just a dumb mistake, I don't know what's worse:
Microsoft's complete and total lack of quality control, how many years after they claimed to have made security their number one priority? If your processes are so pathetic that mistakes like this make it out the door, you don't get security and likely never will. Change management is a paramount security control.
Someone, anyone, offering them such a pathetic get out of jail card
Oh, but to err is human!, I hear you saying.
Bollocks. When it comes to the operating system that runs the vaaaaaaast majority of desktops worldwide, quality counts. Or should.
could someobody explain to me why anyone should care about this person
RTFA. -1 for being a dork. -1 for being lazy. -1 for asking others to tell you what you could have learned yourself in less time than it took you to write your post.
Good general practice: RTFA, then read the comments.
(Yeah, yeah, this is/., we cannot expect good practice generally.)
I'd never heard of her either, until I RTFAd. After RTFAing, I'm glad ScuttleMonkey accepted the article, she's a very interesting person with a way cool background, scarily bright, and, according to/.ers, just a fantastic human being.
While I'm at it, technically she is a cryptanalyst, not a cryptographer. (She describes herself as a cryptologist, also correct, since cryptology includes cryptoanalysis and cryptography. Don't know the different? RTFA, what am I, wikipedia?)
GPLv3 is closing loopholes, see the TiVo example, by which people could use other people's work and ignore their obligations under the license, i.e. by making the code modifiable but making modified versions of the code unrunnable.
If Tivo is using GPLv2 code in their box, then are they not obligated to release the source? If so, there is no loophole, since "the industry" will allow us to vote with our feet: Someone will take that code and release a box that does what Tivo does and allows users to modify the OS.
It may take time, and early adopters or the ignorant may later regret their initial purchases, but that's how the market goes.
As awareness of these issues - FLOSS; open, unencumbered, standardized data formats; user sovereignty; my machine is my machine; vendor hegemonies; etc. - grows, more and more consumers will vote with their feet and stop buying the closed boxes.
GPLv3 may be solving a temporary problem, one that will eventually disappear.
Note: I haven't made up my mind about the GPLv3 yet, I'm still mulling....
OK, there's some sarcasm in there. But there's some truth too: The regular release schedule with long post-release support is a major goal and major marketing ambition of Ubuntu. Debian releases way too often, if you count Sid as a release. But should you? Look past Sid, and those "releases" are way too few and far between.
It can't be good for Ubuntu if it loses the "update war" with Microsoft. If you lose the update war, everything else is down hill from there.
Yes, Ubuntu needs to get to a regular release cycle, with quality controlled stable releases. Yes, it would be terrible if Ubuntu "lost this war" to MS.
The war's not over yet, dude, Ubuntu is just realizing growing pains. Dapper always struck me as ambitious, I'm a little disappointed that the delay may prove necessary, but I'll take a better system six weeks late than a buggy system now (and I've been running Dapper since Flight2!)
Ubuntu also needs to catch up to the level of "it just worksatude" that MS and the box vendors have spent years and bazillions of $$$ getting into Windows. Dapper is going to go a long way to achieving this goal.
IMHO, one of the most important building blocks of the future Ubuntu regular release schedule will be a solid foundation. That's what Dapper is intended to be.
Better late and solid than on-time and shaky. We'll get 'em next time...
...and every single time after that, once we've got the right foundation.
Linux is a great OS for people who want to get to know their computers. It is also a great OS for people who just want to get things done. People "just using" their Linux box are in fact contributing something, even if they never contribute code or documentation or anything the rest of us see.
They are contributing numbers and support. And numbers and support are more important than most people have yet realized, IMHO.
I made (well, am making) the switch to Linux because I am tired of others owning my data (e.g., MS 0wnz my email since only their application can access it for me). The more I think about this, the more I believe that open, unencumbered, and standardized data formats and protocols are vital to our future documentary heritage.
Unfortunately vendors of proprietary operating systems and applications will likely always break standards - and certainly will do so behind closed doors - in an effort to gain every single bit of competitive advantage they can. And that threatens our future documentary heritage.
We are moving, slowly slowly slowly, to an electronic world. We must conserve and protect that documentary heritage now before it becomes endangered. Open source is a great enabler - perhaps a necessary enabler - of this conservation.
The more people we get "just living" on open source systems, the more people who will be "just using" open and standardized systems (as we get them built and out there). And the more people there will be thinking about these issues, thinking about the viability of open source and wondering why they ever considered paying a vendor to hold their data hostage.
Users who are "just users" make open source spread into and beyond the mainstream. And that's where we need it to be to protect our own data and our documentary heritage.
One day, we will wonder how we ever let vendors control our information. That day cannot come, IMHO, until we no longer depend upon them. That takes many, many, many "just users" consuming and loving what a few thousand motivated developers and writers and testers and project managers have done, even if they never actually think about them or make contributions in the expected or desired way.
The parent makes two points: 1) that us terminal hackers went from book to book while they learned, and 2) that the documentation already available was where they learned the most.
Re #2: No argument there, the information that comes with a well-documented UNIX is the best way to achieve wizard or guru knowledge levels. Not quite so well suited for getting as far novice, though: A lot of the man pages - at least back in the day - were written by experts who assumed the reader was close to expert, or at least was a C coding system hacker. Like it or not, not all of us were. C coder? Yes. Sysadmin? Eventually? Kernel hacker? Nope. Library hacker? Only at gunpoint. Shell hacker? Oh, yes, please anytime.
How does one climb from naive to novice to comfortable to proto-admin, how does one get to the point that some of the denser available material starts to be beneficial, rather than a poor imitation of nethack? You are in a twisty maze of man pages, without doors or windows, and your dog has died....
Context, and clear and lucid introductory material. That's the starting point. That brings us to...
...point #1: Bounce from book to book? Not so, this terminal hacker. When a job change took me from system 370, where I could hack REXX and JCL with the best of them, to UNIX, where I do better than hold my own in sh and sed, with a little awk/nawk/gawk thrown in, I sat down with one book. Just one. Sobell's Practical Guide to the Unix System. That's all it took: Three days of working through SunOS (3.?) and HP-UX (6.5, yikes) with that on my lap, and I had found my home! UNIX, beloved UNIX.
After Sobell, I was ready to tackle the man pages and get some value.
So am I going to buy this new tome? Well, let's think about that description: tome. Why is the Linux Sobell so much fatter than the UNIX Sobell was?
Beware, flamebait: Possibly because some much of the information available with most distributions is so poor! Man pages that refer to info, and info pages that repeat the man pages word for word, save for the reference to info! Laughable, absolutely laughable.
And, yes, as others have pointed out, there is much information available on the web. Where to start? And how to tell wheat from chaff? Context....
Which brings us back to the Sobell Linux tome: Yes, I will more than likely by it, and I'll bet I'll recommend that others do, because my guess is that it will provide the one thing that all us Linux-proto-admins and Linux-proto-hackers need to get started and to start making sense of what's out there: Context.
By the looks of the review, Sobell's provided plenty.
Well doesn't federal law apply to the states also?
Uh, the correct answer is it depends
FYI, Canada has fairly strict separation of Federal and Provincial laws: The Federal law is primarily the public law, that is, criminal law, and those aspects of the private law (contracts, torts, etc.) that apply to the Territories, to Federal works (anything done by or regulated by the Federal government), international law, and to those things that cross provincial or national boundaries.
Provincial jurisdiction is over private law. Of course, to make things really interesting, the provinces are responsible for enforcing public law within their borders.
And then there are international obligations that cannot be met until each privince changes its laws in the relevant area.
I work mostly at home and have a wife and kids (well, kid). And my home office is a much better working environment than most if not all offices I've worked in.
Why? First, the comfort level: I have it configured to suit me, not some facilities manager. And when I need a break to recharge my brain, I can play my music at most any volume, read/., watch Apollo 13 again, or do most anything. In an office, I'm lucky if I can get decent coffee.
Second, having the sounds of family around me is soothing and conducive to the mental state in which I am most productive. I actually find it easier to work on weekends when they are in the house than those occasional week days when the solitary emptiness creeps past my best discipline and makes me feel oh so alone......those are few, and they are, IMHO, the hardest part of working at home. Overall, the benefits outweigh the disadvantages, so I've adapted and accepted that some days I will need to force myself that much more, that my work will be far harder to do because my being alone has made me lonely.
In an office environment, the ambience is often that of stressed out or gossipy workers being unproductive. That's harder to blot out than the sounds of family life.
(Not true of the best software development environments I've worked in, where everyone was keen and kick-ass. Those were too few and all too fleeting....)
Perhaps it is simply that I am lucky in that my family life is good, strong, and loving. But then again, I work very hard on that as well.
If serious about this, your friend should ensure the shop has sufficient conveniently located plugs for all those laptop users.
My favourite coffee shop with free Wifi (downtown Ottawa) has too few plugs, and one really great convenient table. The other tables are too far from the plugs, and the best plugs are near the bars along the windows, which aren't really wide enough for laptops.
Please tell us about when you programmed with punch cards! Or about telnetting to the SMTP port! Or how much happier you were using only a command line!
Human beings innovate. Full stop. End of story. Thanks to constant innovation, we have Linux, new viruses, GUIs, and a myriad other things good and bad. Including cyberpunk. I'll let you decide where it falls in {good,bad}.
There will always be people wanting to say it in their voice. Some will make their voice using the voices of others.
Others will be dissatisfied with copying/remixing/imitating and will attempt to break new ground. Most will fail.
The innovators, whoever they are, will surprise us in ways we cannot imagine.
BTW, FWIW, IMHO: There will always be an audience. The audience consists of the majority of human beings, the passive masses, who neither produce original content nor remix the content of others in any innovative way. When they do express themselves, they simply parrot what they have heard and seen, with nary an original thought.
The participants are the minority and always will be. Protest demonstrations are a useful analogy. In all but the rarest circumstances, protests consist of a minority of the population, and are lead by an even smaller minority. The leaders are the innovators, the makers of new content. Other participants are the remixers and fans.
The rest of us are the passive majority, using up oxygen waiting to die.
How sad it is that even the remixers are more creative, more innovative, more active than most of us ever will be.
The saddest part is how true this is regardless of how violently we agree or disagree with the active minority.
Remember, patents don't mean you can't code it. You can code it. You can use it for personal non-commercial use. You can distribute the code. But you can't use it commercially, distribute binaries, or sell it.
Uh, no: A patent gives the patent holder the sole right to make, use or sell the invention. This means you cannot legally use SEH in the US unless you have a licensed implementation.
Period, end of story, full stop.
Of course, I can use any SEH implementation to my heart's content, so long as I don't take my laptop over the border....:->
As noted, you can overthink this one to death. A simple recipe may address your needs:
1. The PM generates the key pair and obtains the certificate. The PM is steward of the key pair.
2. The PM performs all signing operations. They're the PM - trust them.
3. For backup purposes, you need multiple people to have access to the key pair in an emergency, e.g., PM hit by bus. Rent a safety deposit box and give the PM and two or three other senior individuals access authority. Perhaps require two or more signers to access the box.
4. With one or more of those folks as witnesses, have the PM save the key pair like so:
4A. Export the key pair to your favourite protected format, e.g., PKCS#12 with 10000 rounds of hashing.
4B. Writes the protected key pair to a medium with decent shelf life, and stick that and the password in an envelope.
4C. Seal the envelope, sign and date the seal. (Helps detect tampering.)
5. Two of the individuals take the envelope and stick it in the safety deposit box.
In the event of an emergency, any two of the senior folks can get the key pair and give it to the new PM.
In the event of suspected misuse of the key pair by someone other than the PM, then the bank's safety deposit records at least let you know who cheated.
Slashdot Mirror
1- keepalive : IBM's SNA has an efficient keepalive mechanism. TCP has one but I never saw it working properly.
Uh, no? Please do correct me if I'm wrong, but keepalives are not at all part of the TCP/IP "church". In fact, keepalives are outside the TCP state machine, and I've seen some really interesting behaviors caused by poor implementations of this poor idea.
Poor idea? Well, yes: One of the points of TCP is to be able to survive temporary or intermittent "disappearance" of the underlying network. Keepalives expose these failures, breaking the TCP model.
For more on keepalive badness, please refer to section 4.2.3.6 of RFC 1122 (HTML); to RFC 2525 (HTML), which documents a number of known problems with the implementation of TCP keepalives; and to http://tcp-impl.grc.nasa.gov/tcp-impl/list/archive/0367.html for more on why TCP keepalives are a bad idea (and not even implemented the same way on all systems!).
Some of the bad behavior I've seen? This one is cool....
Server and client, both on HP-UX 6.5 (yeah, I know...). Both ends have sockets set to use keepalives (remember the old ISODE code? Used keepalives over TCP to mimic an X.25 analog that wasn't necessary in a TCP network! deep sigh). Every morning, recycle the server via cron. But server won't come back up, claims socket is in use.
Problem? Server shuts down, tells kernel to close socket. Kernel on server tells client that it is closing, both drop into wait state. Socket will close when client sends its close message. BUT! During the wait state, one end (doesn't matter which) sends the other an ACK. WTF? A keepalive.
Due to a bug in how the HP-UX 6.5 networking libraries handled the TCP state machine violation (an ACK at this point is illegal), the close sequence is forgotten, and the two machines exchange ACKs until one is rebooted. Servver's port is never released by kernel, therefore server cannot come back up. Until client machine or server machine (doesn't matter which) is rebooted.
Sigh. Two days with a network analyzer and a lot of WTF, this can't be moments. IIRC, they fixed this in 7.0, broke it briefly later, but fixed it for good in 8.0 and above.
And don't even get me started on the fact that TCP keepalives are still the default in OpenSSH, despite known security concerns with having a keepalive outside the security envelope, and therefore injectable by an attacker.
Mr. Albert Einstein, when practicing ancient science, disagrees with your sig.
Mr. Garry Wallace, aka Anthony Michael Hall, also disagrees, at least when practicing weird science.
At least that's how we weigh in in my neighbourhood.
Hmm, Kelly LeBrock....
If they gave IE away for free, I could legally download it and install it under Wine. But I can't legally do that.
Perhaps I am missing something - perhaps the distinction is between "technically able" and "legally permitted" - but this is something I can easily do. Everytime I've installed MS Office using CrossOver, the Office installation has prompted me to install IE, since it is a necessary component of Office. So it is certainly technically possible.
As to the legality, IANAL of course, but my understanding is that the MS Office license does not and cannot require a Windows license (that would illegally tied selling, no?), and that since Office requires IE, IE itself cannot require a Windows license.
You could argue that I've needed to give $$$ to MS to get IE, and you'd be right: I needed to spend those $$$ to get the entry point that would give me IE. But I think that's a quibble rather than a real counter-argument. MS is carefully controlling the technical means by which one obtains this particular piece of free software. They could just as easily make it easier for you to get it. That they don't is their choice. It's their software, they're free to distribute it as they see fit (within the law of course :->).
Of course, all of this is mere speculation and conjecture based on my interpretation of my experience. I'd love to read a reply from someone who might actually have a clue (not to imply you don't, just using a turn of phrase, I think you know what I mean).
Are any of our /. lawyers about? NewYorkCountryLawyer? Bueller? Bueller?
Not to flame or troll or slashvertise, but how is this new? I was a conference recently where the coolest security product on display was from http://www.airtightnetworks.net/: Their WIPS can be configured with an organization's known wireless clients (MAC address, make, HW and SW versions, etc.), and then detect systems that shouldn't be there.
According to the reseller's CTO - I had the good fortune to stop by the booth before he and the COO departed and the booth was left with only salesdroids - the system has an extensive database of fingerprints - hardware, software, etc., think of timings and the like specific to particular combinations of OS, firmware, and chipset.
This raises the bar for a snooper: They not only have to clone your MAC addresses, etc., they have to clone the MAC, etc., on a box running the same OS, firmware, chipset, as the legit box. And they have to get the WPA keys right.
(They also a neato WPA key management app to raise that bar, too.)
Apologies if this seems slashvertisical, seems to me the best way to debunk someone's claim of newnessess and neverbeendonebeforedness is to point real selling product that does all of the non-vapourware things the someone claims to have invented.
maintain... separate online identities for Work and Recreation
You'll notice from my /. nickname that I did this...
...and now sort of regret it, now that I'm consulting and wish I could tie together the various sites at which I lurk, as part of an effort at building a coherent brand...
...something which I would surely regret 5 years from now, when I move on to project X.
Wanna know what's really funny? I chose "myvirtualid" as a quasi-ironic meaningless handle and decided to use it as a throwaway at all the sites I "really didn't care about", the sites I figured would generate the most spam, etc.
Then, when I got tired of the spam, I would tank myvirtualid and move on....
Except it didn't work out that way - over time, the one email ID that got the least spam was myvirtualid, and the sites that I've maintained the {l|str}ongest association with are those sites where myvirtualid is myHandleOfChoice.
And the only reason I don't get more spam at pwwnow@TheGreat2GBSearchEngineEmailPalace.com is decent spam filtering. I won't even mention pww@MyCorporateConsultingIdentity.com, which just shows how bad the spam filtering is in Evolution (after months of training).
Let's face it: Identity is fluid. Friendships are fluid. And our understanding of them is fluid as well, at least from the perspective of different generations.
There was a good story reprinted in the Gardner Dozois annual a few years ago about a furture virtual world where identity and skins were completely user selectable, and where, after a few years or decades in one place and one skin, it was socially acceptable to "burn down" one's "house" and move on, no forwarding address.
And all that prevented anyone from following and learning the new ID or new location was the simple desire to one day move along one's self. And that was enough.
Let's face it. As wise as the Red Caped Ballooning Blogger may be, none of us really yet understands the implications of the new networking. It's far more pervasive and far more sinister and far more powerful and far more enabling than we yet realize.
And generation ++(++(++(++(++(++X))))) will work within it with an ease lost on them's of us still around trying to puzzle it all out.
Prognosticate all you will, Jack, you don't know jack 'bout what's next.
Imagine my surprise when I visited the survey and could not see the selection boxes or radio buttons for answering the questions.
Oh, silly me, I have my browser set to "ignore colours specified on web pages"...
...because it is easier for me to read and I get fewer headaches, that's why.
Don't get me wrong: I run Linux on every machine I possibly can, and if I could completely dispense with Windows, I would. But the major "they/we still don't get it" feature of the FLOSS world is the (apparent) "our way or the highway" perspective when it comes to information presentation and UI design/layout.
It's like the bad old days of mackytacky just won't go away - remember when the first Macs came out, and soon everyone had these crazy resumes with 10 different fonts and 12 different point sizes, just 'cause they could?
FWIW, while it's getting better, IMHO MS and Apple and good web designers take usability preferences and accessibility concerns far more to heart, generally speaking, than FLOSS GUI and web designers.
It all depends on how one phrases things. For example, if you refer to http://laws.justice.gc.ca/en/ShowFullDoc/cs/O-5///en, you'll see definitions of "special operational information", one of which is "the means that the Government of Canada used, uses or intends to use, or is capable of using, to protect or exploit any information".
So what?
Well, IANAL, but my reading is that the law as phrased allows the GoC to create information classification schemes the existence of which would be considered "special operational information", so revealing the existence of the classification scheme would itself be a contravention of the Security of Information Act, punishable by up to 14 years imprisonment.
Reading between the lines, the other types of information considered "special operational information" are the sorts of thing generally considered to be at least Secret, likely Top Secret, so such a classification scheme could itself be Top Secret.
So one would need a TS clearance to even be permitted to know about such a classification scheme. And learning of such a scheme would make one a person "permanently bound to secrecy".
As for stumbling across such information, well, TS stuff isn't usually left lying around. For example, refer to http://www.ciisd.gc.ca/text/ISM/print/printch5ann3-e.asp: TS docs being sent about are double-enveloped, and the outer envelope does not bear a security marking (but is sealed in a tamper-evident manner). The likelihood of stumbling across TS material is low outside of an approved facility.
And if you are inside such a facility, you have a TS and know that there is stuff you don't need to know, and you keep your blinders on, to not risk stumbling. Or you are being escorted by someone with a TS, who keeps you from stumbling.
Or you are a spy, but that's another story.
There is no clearance above TS
Perhaps not in the US. And not trying to be tongue-in-cheek, but if there, would you be allowed to know of them, without having a TS yourself? (Not that I am in any implying that this might be the case anywhere, you understand....)
Military grade anonymity?
What?
Sure, we all know - or think we know - what "military grade crypto" means[1], but now you're just making stuff up.
Military grade anonymity, indeed.
[1] Strong crypto managed in a Type 0 or Type 1, etc., system, where everything is kept secret, hardware and software are tightly controlled, and updates are distributed strictly out-of-band - think spies with briefcases handcuffed to their wrists.
Contrast with "commercial grade crypto", where everything but the secret/private keys themselves are known, well studied, well understood, etc., and updates are distributed in-band, though sometimes "boot strapped" using an OOB shared secret, etc.
There is the perception that "military grade" is somehow stronger than "commercial grade", but what is the basis for this perception? None of us can say, least not here.
To know - to really know - whether military grade crypto is actually any stronger than commercial grade crypto requires a degree of access which itself requires clearance at - or above - top secret, said clearance being predicated on the understanding that those with said access won't reveal what they know, on pain of prosecution.
So the people who do know cannot and will not tell.
You'll just have to take my word for it. :->
"Military grade anonymity" is nothing more than buzzspeak for "anonymity that we think is really, really OMG PONIES good, but we can't prove, what with there being a complete and total lack of mathematically sound anonymity analytics comparable to cryptanalysis, so there, nyah!"
This sounds like a dumb mistake
Assuming that this is just a dumb mistake, I don't know what's worse:
Oh, but to err is human!, I hear you saying.
Bollocks. When it comes to the operating system that runs the vaaaaaaast majority of desktops worldwide, quality counts. Or should.
Is Canada the new America?
Well, y'all went first: You were the prototype, an alpha, if you will.
(Hmm, North American democracy, about 100 years between releases... ...makes Debian look good!)
"Fuck you or I'll take away your teddy bear" is not grammatically correct
Fucking prescriptivist.
One of the older kids learned how to do it just because he wanted to.... Now, I'll admit that it is seems a useless skill....
In the long run, possibly about as useless as writing a 386 kernel just for the fun of it.
Nope, nothing good ever came of doing tech for the sake of loving tech.
Mod parent up,
pww
Mentioned without comment: Echelon and UKUSA.
RTFA. -1 for being a dork. -1 for being lazy. -1 for asking others to tell you what you could have learned yourself in less time than it took you to write your post.
Good general practice: RTFA, then read the comments.
(Yeah, yeah, this is /., we cannot expect good practice generally.)
I'd never heard of her either, until I RTFAd. After RTFAing, I'm glad ScuttleMonkey accepted the article, she's a very interesting person with a way cool background, scarily bright, and, according to /.ers, just a fantastic human being.
While I'm at it, technically she is a cryptanalyst, not a cryptographer. (She describes herself as a cryptologist, also correct, since cryptology includes cryptoanalysis and cryptography. Don't know the different? RTFA, what am I, wikipedia?)
If Tivo is using GPLv2 code in their box, then are they not obligated to release the source? If so, there is no loophole, since "the industry" will allow us to vote with our feet: Someone will take that code and release a box that does what Tivo does and allows users to modify the OS.
It may take time, and early adopters or the ignorant may later regret their initial purchases, but that's how the market goes.
As awareness of these issues - FLOSS; open, unencumbered, standardized data formats; user sovereignty; my machine is my machine; vendor hegemonies; etc. - grows, more and more consumers will vote with their feet and stop buying the closed boxes.
GPLv3 may be solving a temporary problem, one that will eventually disappear.
Note: I haven't made up my mind about the GPLv3 yet, I'm still mulling....
OK, there's some sarcasm in there. But there's some truth too: The regular release schedule with long post-release support is a major goal and major marketing ambition of Ubuntu. Debian releases way too often, if you count Sid as a release. But should you? Look past Sid, and those "releases" are way too few and far between.
It can't be good for Ubuntu if it loses the "update war" with Microsoft. If you lose the update war, everything else is down hill from there.Yes, Ubuntu needs to get to a regular release cycle, with quality controlled stable releases. Yes, it would be terrible if Ubuntu "lost this war" to MS.
The war's not over yet, dude, Ubuntu is just realizing growing pains. Dapper always struck me as ambitious, I'm a little disappointed that the delay may prove necessary, but I'll take a better system six weeks late than a buggy system now (and I've been running Dapper since Flight2!)
Ubuntu also needs to catch up to the level of "it just worksatude" that MS and the box vendors have spent years and bazillions of $$$ getting into Windows. Dapper is going to go a long way to achieving this goal.
IMHO, one of the most important building blocks of the future Ubuntu regular release schedule will be a solid foundation. That's what Dapper is intended to be.
Better late and solid than on-time and shaky. We'll get 'em next time...
...and every single time after that, once we've got the right foundation.
Linux is a great OS for people who want to get to know their computers. It is also a great OS for people who just want to get things done. People "just using" their Linux box are in fact contributing something, even if they never contribute code or documentation or anything the rest of us see.
They are contributing numbers and support. And numbers and support are more important than most people have yet realized, IMHO.
I made (well, am making) the switch to Linux because I am tired of others owning my data (e.g., MS 0wnz my email since only their application can access it for me). The more I think about this, the more I believe that open, unencumbered, and standardized data formats and protocols are vital to our future documentary heritage.
Unfortunately vendors of proprietary operating systems and applications will likely always break standards - and certainly will do so behind closed doors - in an effort to gain every single bit of competitive advantage they can. And that threatens our future documentary heritage.
We are moving, slowly slowly slowly, to an electronic world. We must conserve and protect that documentary heritage now before it becomes endangered. Open source is a great enabler - perhaps a necessary enabler - of this conservation.
The more people we get "just living" on open source systems, the more people who will be "just using" open and standardized systems (as we get them built and out there). And the more people there will be thinking about these issues, thinking about the viability of open source and wondering why they ever considered paying a vendor to hold their data hostage.
Users who are "just users" make open source spread into and beyond the mainstream. And that's where we need it to be to protect our own data and our documentary heritage.
One day, we will wonder how we ever let vendors control our information. That day cannot come, IMHO, until we no longer depend upon them. That takes many, many, many "just users" consuming and loving what a few thousand motivated developers and writers and testers and project managers have done, even if they never actually think about them or make contributions in the expected or desired way.
The parent makes two points: 1) that us terminal hackers went from book to book while they learned, and 2) that the documentation already available was where they learned the most.
Re #2: No argument there, the information that comes with a well-documented UNIX is the best way to achieve wizard or guru knowledge levels. Not quite so well suited for getting as far novice, though: A lot of the man pages - at least back in the day - were written by experts who assumed the reader was close to expert, or at least was a C coding system hacker. Like it or not, not all of us were. C coder? Yes. Sysadmin? Eventually? Kernel hacker? Nope. Library hacker? Only at gunpoint. Shell hacker? Oh, yes, please anytime.
How does one climb from naive to novice to comfortable to proto-admin, how does one get to the point that some of the denser available material starts to be beneficial, rather than a poor imitation of nethack? You are in a twisty maze of man pages, without doors or windows, and your dog has died....
Context, and clear and lucid introductory material. That's the starting point. That brings us to...
...point #1: Bounce from book to book? Not so, this terminal hacker. When a job change took me from system 370, where I could hack REXX and JCL with the best of them, to UNIX, where I do better than hold my own in sh and sed, with a little awk/nawk/gawk thrown in, I sat down with one book. Just one. Sobell's Practical Guide to the Unix System. That's all it took: Three days of working through SunOS (3.?) and HP-UX (6.5, yikes) with that on my lap, and I had found my home! UNIX, beloved UNIX.
After Sobell, I was ready to tackle the man pages and get some value.
So am I going to buy this new tome? Well, let's think about that description: tome. Why is the Linux Sobell so much fatter than the UNIX Sobell was?
Beware, flamebait: Possibly because some much of the information available with most distributions is so poor! Man pages that refer to info, and info pages that repeat the man pages word for word, save for the reference to info! Laughable, absolutely laughable.
And, yes, as others have pointed out, there is much information available on the web. Where to start? And how to tell wheat from chaff? Context....
Which brings us back to the Sobell Linux tome: Yes, I will more than likely by it, and I'll bet I'll recommend that others do, because my guess is that it will provide the one thing that all us Linux-proto-admins and Linux-proto-hackers need to get started and to start making sense of what's out there: Context.
By the looks of the review, Sobell's provided plenty.
Mr. S, hats off for doing it again, and thanks.
Uh, the correct answer is it depends
FYI, Canada has fairly strict separation of Federal and Provincial laws: The Federal law is primarily the public law, that is, criminal law, and those aspects of the private law (contracts, torts, etc.) that apply to the Territories, to Federal works (anything done by or regulated by the Federal government), international law, and to those things that cross provincial or national boundaries.
Provincial jurisdiction is over private law. Of course, to make things really interesting, the provinces are responsible for enforcing public law within their borders.
And then there are international obligations that cannot be met until each privince changes its laws in the relevant area.
YMMV. IANAL.
Mod parent down.
I work mostly at home and have a wife and kids (well, kid). And my home office is a much better working environment than most if not all offices I've worked in.
Why? First, the comfort level: I have it configured to suit me, not some facilities manager. And when I need a break to recharge my brain, I can play my music at most any volume, read /., watch Apollo 13 again, or do most anything. In an office, I'm lucky if I can get decent coffee.
Second, having the sounds of family around me is soothing and conducive to the mental state in which I am most productive. I actually find it easier to work on weekends when they are in the house than those occasional week days when the solitary emptiness creeps past my best discipline and makes me feel oh so alone... ...those are few, and they are, IMHO, the hardest part of working at home. Overall, the benefits outweigh the disadvantages, so I've adapted and accepted that some days I will need to force myself that much more, that my work will be far harder to do because my being alone has made me lonely.
In an office environment, the ambience is often that of stressed out or gossipy workers being unproductive. That's harder to blot out than the sounds of family life.
(Not true of the best software development environments I've worked in, where everyone was keen and kick-ass. Those were too few and all too fleeting....)
Perhaps it is simply that I am lucky in that my family life is good, strong, and loving. But then again, I work very hard on that as well.
YMM - and probably does - V.
If serious about this, your friend should ensure the shop has sufficient conveniently located plugs for all those laptop users.
My favourite coffee shop with free Wifi (downtown Ottawa) has too few plugs, and one really great convenient table. The other tables are too far from the plugs, and the best plugs are near the bars along the windows, which aren't really wide enough for laptops.
Dear grumpy old fart,
Please tell us about when you programmed with punch cards! Or about telnetting to the SMTP port! Or how much happier you were using only a command line!
Human beings innovate. Full stop. End of story. Thanks to constant innovation, we have Linux, new viruses, GUIs, and a myriad other things good and bad. Including cyberpunk. I'll let you decide where it falls in {good,bad}.
There will always be people wanting to say it in their voice. Some will make their voice using the voices of others.
Others will be dissatisfied with copying/remixing/imitating and will attempt to break new ground. Most will fail.
The innovators, whoever they are, will surprise us in ways we cannot imagine.
BTW, FWIW, IMHO: There will always be an audience. The audience consists of the majority of human beings, the passive masses, who neither produce original content nor remix the content of others in any innovative way. When they do express themselves, they simply parrot what they have heard and seen, with nary an original thought.
The participants are the minority and always will be. Protest demonstrations are a useful analogy. In all but the rarest circumstances, protests consist of a minority of the population, and are lead by an even smaller minority. The leaders are the innovators, the makers of new content. Other participants are the remixers and fans.
The rest of us are the passive majority, using up oxygen waiting to die.
How sad it is that even the remixers are more creative, more innovative, more active than most of us ever will be.
The saddest part is how true this is regardless of how violently we agree or disagree with the active minority.
Remember, patents don't mean you can't code it. You can code it. You can use it for personal non-commercial use. You can distribute the code. But you can't use it commercially, distribute binaries, or sell it.
Uh, no: A patent gives the patent holder the sole right to make, use or sell the invention. This means you cannot legally use SEH in the US unless you have a licensed implementation.
Period, end of story, full stop.
Of course, I can use any SEH implementation to my heart's content, so long as I don't take my laptop over the border.... :->
As noted, you can overthink this one to death. A simple recipe may address your needs:
1. The PM generates the key pair and obtains the certificate. The PM is steward of the key pair.
2. The PM performs all signing operations. They're the PM - trust them.
3. For backup purposes, you need multiple people to have access to the key pair in an emergency, e.g., PM hit by bus. Rent a safety deposit box and give the PM and two or three other senior individuals access authority. Perhaps require two or more signers to access the box.
4. With one or more of those folks as witnesses, have the PM save the key pair like so:
4A. Export the key pair to your favourite protected format, e.g., PKCS#12 with 10000 rounds of hashing.
4B. Writes the protected key pair to a medium with decent shelf life, and stick that and the password in an envelope.
4C. Seal the envelope, sign and date the seal. (Helps detect tampering.)
5. Two of the individuals take the envelope and stick it in the safety deposit box.
In the event of an emergency, any two of the senior folks can get the key pair and give it to the new PM.
In the event of suspected misuse of the key pair by someone other than the PM, then the bank's safety deposit records at least let you know who cheated.