I said pretty secure, which is enough for most people most of the time. Your scenario of a malicious visitor connecting wires is far less likely than a drive-by attack by a curious geek with a laptop. Just think about the chances of getting caught in each of these scenarios.
Sorry, the 2.4G unlicensed band is 83 MHz wide while the 900 MHz band is just 26 MHz. Downconverting will spill into cellular and other frequencies in use.
I'm not saying it will not work, but if you are going to step on someone else's frequencies you may as well convert to other frequencies.
The real problem with WEP isn't the weak method it uses to generate RC4 keys. I've seen with my own eyes many networks that don't even have encryption enabled.
The real problem is that encryption is:
A. Optional.
B. Difficult to set up.
WEP isn't close to being "wire equivalent" because wires are, by default, pretty secure. You don't need to manually enable 'no-public-hub-ports-on-external-walls' mode with a wired Ethernet.
A wire isn't just a way to get the bits from A to B - it also acts as a user interface for associating machines with networks. I bet you didn't think of the patch panel in the server room as a user interface, right? Actually, it's a pretty good user interface. It's much more intuitive than any GUI and very reliable (ok, so it's a little messy, but so is my desktop:-)
Here's an idea for how WEP could have been much closer to 'wired equivalent':
When you set up the device on your machine it scans for available networks and shows a list. You choose one. It then tells you to press a key at the same time as pressing a button on the access point.
If you have physical access to the access point you can do it yourself. Otherwise you call the admin on the phone and after checking your identity (usually it's just a matter of recognizing your voice) the admin tells you to press the key '...now!'. That's it. You're on the network, with securely configured strong encryption.
This can be much more secure that it appears - the key is exchanged using Diffie-Hellman key exchange so eavesdropping is not possible. Man-in-the-middle attacks are difficult in a shared medium such as wireless where everyone hears everyone else: if the two participants are careful they can detect such attacks. To prevent attempts to 'take a ride' and join the network at the same time as another machine the access point will verify that there are no other attempts to join the network within a certain period before or after the time window for 'simultaneous' button presses (actually within plus or minus a few hundred milliseconds).
Now, what are the chances of some company actually implementing this?
Why not just use cat-5 for EVERYTHING, including phones, like many companies do in their offices? It's much more flexible.
You can either use jacks with both types of connectors or standardize on RJ45 and use RJ11/RJ45 cables to connect your phones. In this case it helps to keep certain conventions like 'top jack is phone, bottom jack is ethernet' but it's also good to be able to break this rule.
From the "global implications" page of segway.com
on
This is IT?
·
· Score: 2
"As your sense of what is local expands, so will your sense of community. This might translate into greater support of local businesses or a stronger connection to your neighbors, who you'll now see face to face instead of through car or bus windows. "
Digital Signatures as a direct replacement for pen signatures is really a bad idea. Basically, what an X.509 certificate says is "On [date] a public key [hash] was held by [individual or orgnaization] and I have absolutely no idea what hardware, software and security procedues [individual or organization] uses to protect it. Signed by [issuer]".
Digital Notarization is a much better idea. It's the equivalent of a notarization seal, not a pen signature. Digital Notaries are required to employ certain security measures or else they could lose their license and have their certificates revoked. A Notarized Digital Signature says "On [date], I have verified the identity of [individual or authorized representative of organization] and obtained their informed consent of the content of the following document [hash]. If necessary, I will testify to this fact in court. Signed [notary]".
Recently there have been a few projects using a subset of wine to support some subset of Win32 for some specific purpose (codecs, games etc). This looks like a possible application for this technology. I wouldn't be surprised if WinAMP itself is being ported with the aid of winelib.
We used to have to redial the BBS until 3 o'clock in the morning because it only had one line. And then we had to connect at 300 goddamn bits per second and every slightest click on the line would appear as garbage characters because there was NO ERROR CORRECTION.
But you try and tell the young people today that... and they won't believe ya'.
The scariest thing is that I'm not just paraphrasing Monty Python's 4 Yorkshiremen - it's all actually true...
Note long before Sharon's visit to the Temple Mount the peace talks were tense but there was actually agreement on most points. Today both sides often express doubt about the other side's intentions at the time, but I believe they may have been genuine enough.
But the fact that there was agreement on most points only brought the remaining points of disagreement into sharper contrast. Central among them was Jerusalem.
Both leaders knew they would not have support from their people for anything that might be interpreted as concessions on Jerusalem. They also knew they have much more to lose than just politically - based on past experience they could literally lose their lives at the hands of the extremists of their own people.
So Yasser Arafat did the only logical thing, followed the only course of action that would not only keep him alive but also reap some political gain - blow up the talks and make it appear to be the Israeli's fault.
Sharon's visit provided a convenient spark, but it would have happened anyway.
Arafat had ordered the uprising. Palestinian television started broadcasting nationalistic songs and show old footage from the Intifada as it is of current events, well *before* the eruption. Activists of the PLO helped stir up the population and Presto! - you have a "spontaenous" response of outrage to the visit.
What was Ehud Barak thinking at the time? I don't know. I believe he saw it coming but tried to keep to the original course of action anyway. What else could he have done? What do you do when your mind tells you that it will not work, not thi time, but your heart tells you that you must have hope, that the chance for peace is worth taking this enormous risk to your country and to your people?
Other I/O interfaces like scsi utilize a seperate processor to allow the cpu to perform more important tasks.
The USB host controller is about as smart as many SCSI controllers. It uses bus-mastering DMA based on control structures prepared in memory by the CPU and intepreted by the USB host controller. It puts a very light load on the CPU. What wastes CPU cycles is the type of devices that people build - USB WinModems that rely on the CPU for the modulation, or simple, DAC-only USB audio devices that use the CPU for all sample rate conversion, mixing, software synthesis etc.
True, Intel has been pushing to move more and more of the value in a PC from the peripherals to the motherboard where it can monopolize it. In order to do that they needed an EFFICIENT serial I/O bus. USB is not wasteful in itself.
The fact that USB is a low-cost interface makes it possible to build such devices that use (abuse?) the CPU power. The cost savings of a WinModem compared to a DSP-based modem, for example, would not have such a big effect on the price tag if the interface were much more expensive.
USB polling? Depends on how you look at it
on
USB 2.0 For Linux
·
· Score: 2
If you look at the low-level traffic on the bus USB is really a polling architecture. But from the host processor's point of view USB is interrupt-driven since the USB host controller does the polling itself and interrupt the host only if it needs special attention. In reality, a well-written USB driver puts a very light load on the host. Microsoft's USB drivers are not so well-written. The audio drivers are particularly aweful. This is NOT a limitation of the USB standard.
Not quite the same
on
Data Mining?
·
· Score: 3, Insightful
This mine should be at least as secure as a suburban datacenter for a lower physical security budget. It has cooling that is at least as reliable as a conventional datacenter for a lower budget. These should translate to cost savings for their customers.
These guys appear to concentrate on bringing a cost-effective service to their customers rather than nuclear bunker bragging rights. Have you seen the prices on thebunker.net?
The best thing about GNU/Linux is the people who use it.
- Kenneth W. Melvin
I was going to reply to this message, saying that this is the one point of the entire list which deserves special emphasis. I was a bit surprised to see that someone else has already replied saying it's the only point he did not agree with.
Sure, GNU/Linux people can sometimes be a pain, especially when they disagree with each other. But I always realize that it's only because they care. They care deeply, and I wouldn't have it any other way.
I would guess that the writer of the article
on
Mob Software
·
· Score: 2
I would dare to guess that the writer of this article is quite likely to be an INFP personality according to the Myers-Briggs personality type classification system.
I'm not sure about the original PC but the XT technical reference came with the complete schematics of the motherboard and all expansion boards and complete source code of the BIOS.
But can a 13 year old make it impossible for you or anyone else to reach your home by these roads for days or weeks without any significant risk of being caught?
Slashdot Mirror
It's nice to be able to run Linux on your PS2 but that's not what it's running when you are playing Tekken.
Wires secure?
I said pretty secure, which is enough for most people most of the time. Your scenario of a malicious visitor connecting wires is far less likely than a drive-by attack by a curious geek with a laptop. Just think about the chances of getting caught in each of these scenarios.
Sorry, the 2.4G unlicensed band is 83 MHz wide while the 900 MHz band is just 26 MHz. Downconverting will spill into cellular and other frequencies in use.
I'm not saying it will not work, but if you are going to step on someone else's frequencies you may as well convert to other frequencies.
The real problem with WEP isn't the weak method it uses to generate RC4 keys. I've seen with my own eyes many networks that don't even have encryption enabled.
:-)
The real problem is that encryption is:
A. Optional.
B. Difficult to set up.
WEP isn't close to being "wire equivalent" because wires are, by default, pretty secure. You don't need to manually enable 'no-public-hub-ports-on-external-walls' mode with a wired Ethernet.
A wire isn't just a way to get the bits from A to B - it also acts as a user interface for associating machines with networks. I bet you didn't think of the patch panel in the server room as a user interface, right? Actually, it's a pretty good user interface. It's much more intuitive than any GUI and very reliable (ok, so it's a little messy, but so is my desktop
Here's an idea for how WEP could have been much closer to 'wired equivalent':
When you set up the device on your machine it scans for available networks and shows a list. You choose one. It then tells you to press a key at the same time as pressing a button on the access point.
If you have physical access to the access point you can do it yourself. Otherwise you call the admin on the phone and after checking your identity (usually it's just a matter of recognizing your voice) the admin tells you to press the key '...now!'. That's it. You're on the network, with securely configured strong encryption.
This can be much more secure that it appears - the key is exchanged using Diffie-Hellman key exchange so eavesdropping is not possible. Man-in-the-middle attacks are difficult in a shared medium such as wireless where everyone hears everyone else: if the two participants are careful they can detect such attacks. To prevent attempts to 'take a ride' and join the network at the same time as another machine the access point will verify that there are no other attempts to join the network within a certain period before or after the time window for 'simultaneous' button presses (actually within plus or minus a few hundred milliseconds).
Now, what are the chances of some company actually implementing this?
Why not just use cat-5 for EVERYTHING, including phones, like many companies do in their offices? It's much more flexible.
You can either use jacks with both types of connectors or standardize on RJ45 and use RJ11/RJ45 cables to connect your phones. In this case it helps to keep certain conventions like 'top jack is phone, bottom jack is ethernet' but it's also good to be able to break this rule.
Let's hope.
Digital Signatures as a direct replacement for pen signatures is really a bad idea. Basically, what an X.509 certificate says is "On [date] a public key [hash] was held by [individual or orgnaization] and I have absolutely no idea what hardware, software and security procedues [individual or organization] uses to protect it. Signed by [issuer]".
Digital Notarization is a much better idea. It's the equivalent of a notarization seal, not a pen signature. Digital Notaries are required to employ certain security measures or else they could lose their license and have their certificates revoked. A Notarized Digital Signature says "On [date], I have verified the identity of [individual or authorized representative of organization] and obtained their informed consent of the content of the following document [hash]. If necessary, I will testify to this fact in court. Signed [notary]".
Is anyone aware of other OS project using the linux kernel but without building a unixlike environment on top of it?
Ok, so how many hits did slashdot get today with
"User-Agent: Mozilla/3.0 (compatible; OffByOne; Win****) Webster Pro V3.2"?
"If we convert machines to speach recognition, we're effectively asking people to interact with them in dumber ways."
Uh huh.
Recently there have been a few projects using a subset of wine to support some subset of Win32 for some specific purpose (codecs, games etc). This looks like a possible application for this technology. I wouldn't be surprised if WinAMP itself is being ported with the aid of winelib.
Strange, I can't find the word 'drool' anywhere in the comments for this article...
Luxury.
We used to have to redial the BBS until 3 o'clock in the morning because it only had one line. And then we had to connect at 300 goddamn bits per second and every slightest click on the line would appear as garbage characters because there was NO ERROR CORRECTION.
But you try and tell the young people today that... and they won't believe ya'.
The scariest thing is that I'm not just paraphrasing Monty Python's 4 Yorkshiremen - it's all actually true...
Moderate this post up, ok?
Just in case, I run the linux AG client in chroot jail.
Note long before Sharon's visit to the Temple Mount the peace talks were tense but there was actually agreement on most points. Today both sides often express doubt about the other side's intentions at the time, but I believe they may have been genuine enough.
But the fact that there was agreement on most points only brought the remaining points of disagreement into sharper contrast. Central among them was Jerusalem.
Both leaders knew they would not have support from their people for anything that might be interpreted as concessions on Jerusalem. They also knew they have much more to lose than just politically - based on past experience they could literally lose their lives at the hands of the extremists of their own people.
So Yasser Arafat did the only logical thing, followed the only course of action that would not only keep him alive but also reap some political gain - blow up the talks and make it appear to be the Israeli's fault.
Sharon's visit provided a convenient spark, but it would have happened anyway.
Arafat had ordered the uprising. Palestinian television started broadcasting nationalistic songs and show old footage from the Intifada as it is of current events, well *before* the eruption. Activists of the PLO helped stir up the population and Presto! - you have a "spontaenous" response of outrage to the visit.
What was Ehud Barak thinking at the time? I don't know. I believe he saw it coming but tried to keep to the original course of action anyway. What else could he have done? What do you do when your mind tells you that it will not work, not thi time, but your heart tells you that you must have hope, that the chance for peace is worth taking this enormous risk to your country and to your people?
An ssh-agent which supports physical tokens like the Dallas semiconductors iButton (decoder rings are cool!)
Using ssh-agent to access cfs encrypted directories.
Using ssh-agent to unlock GnuPG keys.
All of the above, tunnelled through ssh-agent forwarding.
Using the same physical token to log in locally.
World peace.
Other I/O interfaces like scsi utilize a seperate processor to allow the cpu to perform more important tasks.
The USB host controller is about as smart as many SCSI controllers. It uses bus-mastering DMA based on control structures prepared in memory by the CPU and intepreted by the USB host controller. It puts a very light load on the CPU. What wastes CPU cycles is the type of devices that people build - USB WinModems that rely on the CPU for the modulation, or simple, DAC-only USB audio devices that use the CPU for all sample rate conversion, mixing, software synthesis etc.
True, Intel has been pushing to move more and more of the value in a PC from the peripherals to the motherboard where it can monopolize it. In order to do that they needed an EFFICIENT serial I/O bus. USB is not wasteful in itself.
The fact that USB is a low-cost interface makes it possible to build such devices that use (abuse?) the CPU power. The cost savings of a WinModem compared to a DSP-based modem, for example, would not have such a big effect on the price tag if the interface were much more expensive.
If you look at the low-level traffic on the bus USB is really a polling architecture. But from the host processor's point of view USB is interrupt-driven since the USB host controller does the polling itself and interrupt the host only if it needs special attention. In reality, a well-written USB driver puts a very light load on the host. Microsoft's USB drivers are not so well-written. The audio drivers are particularly aweful. This is NOT a limitation of the USB standard.
This mine should be at least as secure as a suburban datacenter for a lower physical security budget. It has cooling that is at least as reliable as a conventional datacenter for a lower budget. These should translate to cost savings for their customers.
These guys appear to concentrate on bringing a cost-effective service to their customers rather than nuclear bunker bragging rights. Have you seen the prices on thebunker.net?
The best thing about GNU/Linux is the people who use it.
- Kenneth W. Melvin
I was going to reply to this message, saying that this is the one point of the entire list which deserves special emphasis. I was a bit surprised to see that someone else has already replied saying it's the only point he did not agree with.
Sure, GNU/Linux people can sometimes be a pain, especially when they disagree with each other. But I always realize that it's only because they care. They care deeply, and I wouldn't have it any other way.
I would dare to guess that the writer of this article is quite likely to be an INFP personality according to the Myers-Briggs personality type classification system.
David Hastings' SIGINT satellite page
I'm not sure about the original PC but the XT technical reference came with the complete schematics of the motherboard and all expansion boards and complete source code of the BIOS.
But can a 13 year old make it impossible for you or anyone else to reach your home by these roads for days or weeks without any significant risk of being caught?