Not very easily, but you can use two factor authentication to make sure that even if scammers find out the static username, password
I've got one of these for my banking, and have had it for a few years now. I've also implemented rsa tags on a clients terminal server. And yes, they do solve a lot of problem, especially clients being less then perfect with their password complexity.
If someone does an inside job of compromising a bank's certificate, how much time would you think the certificate would be on the wild without being revoked? I bet enough time to do a lot of damage.
Not nearly as much damage as would have been done if everyone used self-signed certs. Look up 'man in the middle' attack.
ALL sites would be more secure with a self-signed certificate than plain HTTP. But self-signed certificates scare the crap out of visitors with their alarmist warnings. If anything, the warnings should be shown on plain HTTP sites saying "Watch out! This isn't encrypted".
Being the internet, i'm not quite sure that this isn't sarcasm, but i'm going to pretend it isn't.
Encryption is only a small part of the idea of certificates. The main part is that it gives you, the user, some idea that the web site you are typing your credentials into is who you think it is (eg your bank) and isn't someone else pretending to be your bank.
Encryption is all well and good, but a simple keystroke logger subverts all encryption on the wire, so it doesn't add that much value.
If your bank had a self signed cert, I could create a self signed cert that looked similar enough that most people couldn't spot the difference, and then I could fiddle with the dns settings on the internet cafe that I run (i don't really run an internet cafe, just go along with me), and make you log into my pretend bank website instead. I wouldn't need to do anything to the laptop you brought with you to pull this off.
Look up 'man in the middle' attack if you want to know more.
(or just ignore me if you were being sarcastic and I completely missed the point:)
Only internally, when you have rolled out your trusted root cert to all the users who might access you site (in a secure manner of course).
Or during testing when you have dev.mywebsite.com that you are giving selected users access to for debug and testing purposes. But the cost of a dns validated cert is so low that you might as well just fork out the $$$ and put a proper cert on it anyway.
Can you cite any examples of a case where a certificate has been subverted in this way?
And while you are on your soapbox, what is the alternative? By what other method do you suggest that I prove to my satisfaction that when I go to www.mybank.com.au that I am actually at mybank's website, and that a dns record somewhere hasn't been subverted and I am instead entering my login details to a phishing site made up to look exactly like my bank?
I'm pretty sure you are talking out of your arse. Unless you can cite some examples of a big name company (eg a major bank) having had their certificate subverted in this way, and not having said certificate revoked almost immediately, i'll stick with what works thanks.
Maybe he's just planning on moving somewhere else.
Option #1 . Advertise and Sell House . Advertise and Sell Car . Advertise and Sell Jetski . Advertise and Sell misc other crap, pack it in boxes, give it to charity, take it down to the dump, etc . Make all of the above events line up with each other so he isn't left with no house or no car etc
Option #2 . Sell it all on eBay as a job lot . Offer to introduce you to friends and cow-orkers to sweeten the deal (no obligation to actually like the person or employ them if they're a dick) . Invent a bit of a sob story to go with it . Profit!
Which one sounds easier? Selling stuff is a pain. Trying to make sure you get rid of your house, car, and other crap which costs money to move all at the same time is even more of a pain. The last thing you'd want is to sell the house and then not be able to find a buyer for your car and jet-ski. Or sell your car but then have to wait 6 months for your house to sell (and have to hire or buy another in the meantime)
When I counted the people in each photo I thought 'wow! what are the chances of 11 people alive in 1978 still being alive now?'. Having read the article I find that there were actually 12 people supposed to be at the shoot but one was absent, and one had passed away in the intervening 30 years so it's actually 11/12 people are still alive 30 years later, but still, not a bad effort!
... with line feeds and extra white space stripped out (can't go wasting paper now), double sided, on a dot matrix printer (9 pin in 'draft' mode), and bound in many separate folders.
Fortunately the GPL uses the word 'reasonable' in a few places to get around attempts at this sort of obfuscation:)
About 2 years ago I was approached by a company that wanted some changes made some in house software. The programmer had left and couldn't be re-employed to make the changes (he was pensioned off due to illness I believe). The documentation was almost perfect, the code was well commented and everything, I was quite impressed. What didn't impress me though was that the documentation I was given (about 12 folders worth) was for the current version of the code, but the source I was given was for about 8 versions ago - about 2 years prior. Lots and lots of changes made in the meantime. The company searched high and low but finally declared that a copy of the latest source code did not exist. I ended up rewriting it on a more modern development platform. Scanning the code in was going to be more trouble than it was worth.
Now that's parenting. At 8 years old there will be no permanent marking on the kids record, but they'll have learnt that the laws do apply to them. They might be a bit shitty at mum for a bit (mum called the cops on me?), but they'll get over it.
By 18, there isn't a lot left a parent can do without significant pain. Breaking lifelong habits (eg no matter what you do i'll bail you out) are going to hurt both parties a lot. It's much easier when the kids are younger.
That's like saying an illegal downloader should get 5 years in jail. Cause you know....they're breaking teh lawz!
I'd have no problem with someone being punished for crime, when they had repeatedly, after being warned repeatedly, continued to commit the crime. Even downloading stuff from the internet that they should have paid for but didn't.
Assuming that the warning was sufficient and they understood the punishment, they've obviously decided for themselves that downloading the latest episode of (eg) 'Lost' without paying for it is worth spending prison time for.
Now I think 5 years jail time would be stupid, I think a heap of weekends worth of community service would be more like it, but if the law was set at 5 years and the perpetrators knew it, then so be it.
Does anyone really really want to download stuff from the internet that badly??? It's not like your constitutional rights are violated if you are unable to download stuff from the internet that you didn't pay for. Go for a walk instead.
When I eventually move to the desert, I'd like to play with using some solar panels to run an air-cooling setup.
Build your house underground, or into an artificial hill. Deserts often see extremes of temperature so a large amount of thermal mass will even things out nicely.
I wonder what sort of obstacles you'd have in building an underground house in soil that isn't just sandy, but is just sand... if it's anything like trying to dig a hole in the dry sand at the beach it could be a bit tricky:)
Things like this cost money, which the university will now have to find from somewhere else, eg cut backs on staffing? Losing your job hurts.
If you happen to be a friend of this guy, or just happen to play cards with him occasionally during breaks, and you manage to get straight A's, a suspicious eye will be cast upon you. There might even be an investigation and if the investigation is in any way public, even if it determines that you earned every single one of those A's, it will still hurt.
I'm sick of 'white collar' crime being under punished. These people ruin lives, and just because they did it with a computer or an elaborate scam instead of with a gun or a baseball bat, it doesn't mean they should get off _that_ much more lightly. It's not like the rules aren't clearly stated.
In Australia I think they aren't allowed to make a claim in large print that is contradicted by fine print. So they aren't allowed to say <Large Print>Unlimited*</Large Print> and then <Small Print>* Not really</Small Print>
because everyone knows that "God" is the Ultimate Practical Joker.
I thought "God" was just a device created to prove a point about the silliness of teaching Flying Spaghetti Monsterism at schools in Kansas. Or have I gotten them back to front again?
Governments and corporations in all countries do this all the time.
1. Leak potential new legislation to very unreliable media outlet 2. Measure public reaction 3a. if extremely negative then deny it, it came from a very unreliable media outlet after all! 3b. if only mildly negative then proceed 4. ??? 5. Profit
Even in Iceland, the world leader in geothermal, there is a lot of concern that their attempts to harness the power could accidentally set off some sort of event (earthquake, eruption, explosion) that could put people in danger.
Aren't earthquakes and volcanos natures way of releasing a build up of energy? So if you do something to cause the release of that energy in advance, shouldn't the event be smaller? eg if the forces that cause an earthquake 'build up' over 20 years, but you test an underground nuke 5 years into that time and it causes the earthquake to happen then instead, wouldn't that earthquake be smaller than it would have been 15 years down the track?
And if you are releasing it slowly over a period of time, (i'm talking about volcano's now and tapping into geothermal energy) could that stop the event from happening at all?
(i'm actually asking a question here - i don't know the answer even if it sounds rhetorical).
*Prizes* should look like 10,000.00 so they appear big.
Maybe there is some tax that comes into effect if you offer a prize of 10K or more? Kind of like the cars I (used to - laws changed I think) see for sale for $2999 (because at $3000 you had to provide a roadworthy certificate), or $49999 (because the luxury car tax kicks in at $50000)
This is your datacenter management software speaking... due to increasing costs and decreasing revenue there is an opportunity for some umm... after hours work...
However, tailgaters are very often so stupid that they will by nature pull up behind somebody, tailgate them, and never pass, NO MATTER WHAT SPEED THE GUY AHEAD OF THEM IS DRIVING! And, if you slow down enough that they finally do pass, and they don't see anyone ahead of them, they will then very often slow down ahead of YOU, either out of spite, or total carefree selfish lack of attention.
Thinking about it since my last post, I don't think i've realy had a problem with tailgaters in the last few years. If anyone has really come up close behind me, they've either passed me and that's the last i've seen of them, or i've pulled over and let them past. I've not had the problem of people tailgating, getting past, and then slowing down. The roads where I do most of my driving are mostly duplicated now, and the ones that aren't must just be traveled by more sensible drivers.
But tailgaters are a hazard on the road, and like any other hazard should be avoided at all costs. If that means pulling over and waiting 5 minutes until they are long gone then so be it. You will never ever 'teach' them anything by playing games with them, as they are too stupid to learn, like kangaroos they're just dumb animals which you have to avoid.
Sometimes, no matter how frustrating, the only way to 'win' is not to play. (I tell my kids that all the time - "she can't copy everything you say if you don't say anything":)
Of course, I'm in a manual: I can drive with a steady pitch from the engine and I'm at a steady speed
My little Morris 850 (Mini) was like that. Mine had an 1.1L engine with extractors on it so it was really noisy, but I'd seldom need to check the speedo as the engine noise was a pretty good indicator (The speedo was in MPH anyway, and about 15% wrong). I miss that car:(
The other thing was that hills didn't seem to faze it. It was a lightweight car with a lightweight driver and a lightly modified motor, so I only had to think about putting the food down further on really steep hills.
At which point I accelerate, overtake *them*, and put some reasonable distance between our cars. I occasionally have to rinse and repeat, but the majority of people get the hint.
The hint? do they mod you 'troll' or 'flamebait'?
Either your cruising speed is faster than theirs in which case you won't have the tailgating problem, or their speed is faster than yours in which case you should just let them past instead of being a prick about it. Maybe you haven't been driving long enough or maybe you're just a slow learner, but tailgaters simply don't 'get it', and you can't teach 'it' to them. The best you can do is make sure that you're not the one they run up the rear of when you have to brake for a hazard. And one day, when you pull over to let them past, you'll pass them again when they are at the side of the road explaining to a police officer why they were in such a hurry, and nothing will get the smile off your face for the rest of the day!
The only incident of road rage I've ever encountered in my ummm... 15 years of driving was once when I was braking fairly quickly at a red light and someone cut in front of me forcing me to brake even harder. I shook my head in disbelief and the guy obviously got a bit pissed about it. He took off really really slowly, drove that way for about 500 metres looking in the rear view mirror the whole time, then floored it. I guess he was waiting for me to try and overtake but I didn't play. I'm not sure that even counts as road rage.
I've been beeped at a few times when i've done something stupid (hey... it happens to the best of us:). If you count that sort of stuff then it's not surprising the figure is 90% but as you say, who knows what they are counting...
Slashdot Mirror
I've got one of these for my banking, and have had it for a few years now. I've also implemented rsa tags on a clients terminal server. And yes, they do solve a lot of problem, especially clients being less then perfect with their password complexity.
Not nearly as much damage as would have been done if everyone used self-signed certs. Look up 'man in the middle' attack.
Being the internet, i'm not quite sure that this isn't sarcasm, but i'm going to pretend it isn't.
Encryption is only a small part of the idea of certificates. The main part is that it gives you, the user, some idea that the web site you are typing your credentials into is who you think it is (eg your bank) and isn't someone else pretending to be your bank.
Encryption is all well and good, but a simple keystroke logger subverts all encryption on the wire, so it doesn't add that much value.
If your bank had a self signed cert, I could create a self signed cert that looked similar enough that most people couldn't spot the difference, and then I could fiddle with the dns settings on the internet cafe that I run (i don't really run an internet cafe, just go along with me), and make you log into my pretend bank website instead. I wouldn't need to do anything to the laptop you brought with you to pull this off.
Look up 'man in the middle' attack if you want to know more.
(or just ignore me if you were being sarcastic and I completely missed the point :)
Only internally, when you have rolled out your trusted root cert to all the users who might access you site (in a secure manner of course).
Or during testing when you have dev.mywebsite.com that you are giving selected users access to for debug and testing purposes. But the cost of a dns validated cert is so low that you might as well just fork out the $$$ and put a proper cert on it anyway.
Can you cite any examples of a case where a certificate has been subverted in this way?
And while you are on your soapbox, what is the alternative? By what other method do you suggest that I prove to my satisfaction that when I go to www.mybank.com.au that I am actually at mybank's website, and that a dns record somewhere hasn't been subverted and I am instead entering my login details to a phishing site made up to look exactly like my bank?
I'm pretty sure you are talking out of your arse. Unless you can cite some examples of a big name company (eg a major bank) having had their certificate subverted in this way, and not having said certificate revoked almost immediately, i'll stick with what works thanks.
Maybe he's just planning on moving somewhere else.
Option #1
. Advertise and Sell House
. Advertise and Sell Car
. Advertise and Sell Jetski
. Advertise and Sell misc other crap, pack it in boxes, give it to charity, take it down to the dump, etc
. Make all of the above events line up with each other so he isn't left with no house or no car etc
Option #2
. Sell it all on eBay as a job lot
. Offer to introduce you to friends and cow-orkers to sweeten the deal (no obligation to actually like the person or employ them if they're a dick)
. Invent a bit of a sob story to go with it
. Profit!
Which one sounds easier? Selling stuff is a pain. Trying to make sure you get rid of your house, car, and other crap which costs money to move all at the same time is even more of a pain. The last thing you'd want is to sell the house and then not be able to find a buyer for your car and jet-ski. Or sell your car but then have to wait 6 months for your house to sell (and have to hire or buy another in the meantime)
Nothing to see here - move along.
When I counted the people in each photo I thought 'wow! what are the chances of 11 people alive in 1978 still being alive now?'. Having read the article I find that there were actually 12 people supposed to be at the shoot but one was absent, and one had passed away in the intervening 30 years so it's actually 11/12 people are still alive 30 years later, but still, not a bad effort!
Fortunately the GPL uses the word 'reasonable' in a few places to get around attempts at this sort of obfuscation :)
About 2 years ago I was approached by a company that wanted some changes made some in house software. The programmer had left and couldn't be re-employed to make the changes (he was pensioned off due to illness I believe). The documentation was almost perfect, the code was well commented and everything, I was quite impressed. What didn't impress me though was that the documentation I was given (about 12 folders worth) was for the current version of the code, but the source I was given was for about 8 versions ago - about 2 years prior. Lots and lots of changes made in the meantime. The company searched high and low but finally declared that a copy of the latest source code did not exist. I ended up rewriting it on a more modern development platform. Scanning the code in was going to be more trouble than it was worth.
You don't have to be stupid to be dangerous, just careless.
I was the kid in class who always left the chuck key in the drill before turning it on. I never hurt anyone but only because I was lucky.
I used to do a lot of work on my car (Morris 850) and would routinely forget to do things up properly (eg like wheels).
Basically I'll think before I do something, but won't necessarily remember to do the things I should do.
Under no circumstances should I be allowed to do something like work on 240V electrical wiring :)
Now that's parenting. At 8 years old there will be no permanent marking on the kids record, but they'll have learnt that the laws do apply to them. They might be a bit shitty at mum for a bit (mum called the cops on me?), but they'll get over it.
By 18, there isn't a lot left a parent can do without significant pain. Breaking lifelong habits (eg no matter what you do i'll bail you out) are going to hurt both parties a lot. It's much easier when the kids are younger.
I'd have no problem with someone being punished for crime, when they had repeatedly, after being warned repeatedly, continued to commit the crime. Even downloading stuff from the internet that they should have paid for but didn't.
Assuming that the warning was sufficient and they understood the punishment, they've obviously decided for themselves that downloading the latest episode of (eg) 'Lost' without paying for it is worth spending prison time for.
Now I think 5 years jail time would be stupid, I think a heap of weekends worth of community service would be more like it, but if the law was set at 5 years and the perpetrators knew it, then so be it.
Does anyone really really want to download stuff from the internet that badly??? It's not like your constitutional rights are violated if you are unable to download stuff from the internet that you didn't pay for. Go for a walk instead.
Build your house underground, or into an artificial hill. Deserts often see extremes of temperature so a large amount of thermal mass will even things out nicely.
I wonder what sort of obstacles you'd have in building an underground house in soil that isn't just sandy, but is just sand... if it's anything like trying to dig a hole in the dry sand at the beach it could be a bit tricky :)
How can you say he hasn't hurt anyone?
Things like this cost money, which the university will now have to find from somewhere else, eg cut backs on staffing? Losing your job hurts.
If you happen to be a friend of this guy, or just happen to play cards with him occasionally during breaks, and you manage to get straight A's, a suspicious eye will be cast upon you. There might even be an investigation and if the investigation is in any way public, even if it determines that you earned every single one of those A's, it will still hurt.
I'm sick of 'white collar' crime being under punished. These people ruin lives, and just because they did it with a computer or an elaborate scam instead of with a gun or a baseball bat, it doesn't mean they should get off _that_ much more lightly. It's not like the rules aren't clearly stated.
In Australia I think they aren't allowed to make a claim in large print that is contradicted by fine print. So they aren't allowed to say <Large Print>Unlimited*</Large Print> and then <Small Print>* Not really</Small Print>
I thought "God" was just a device created to prove a point about the silliness of teaching Flying Spaghetti Monsterism at schools in Kansas. Or have I gotten them back to front again?
Governments and corporations in all countries do this all the time.
1. Leak potential new legislation to very unreliable media outlet
2. Measure public reaction
3a. if extremely negative then deny it, it came from a very unreliable media outlet after all!
3b. if only mildly negative then proceed
4. ???
5. Profit
Aren't earthquakes and volcanos natures way of releasing a build up of energy? So if you do something to cause the release of that energy in advance, shouldn't the event be smaller? eg if the forces that cause an earthquake 'build up' over 20 years, but you test an underground nuke 5 years into that time and it causes the earthquake to happen then instead, wouldn't that earthquake be smaller than it would have been 15 years down the track?
And if you are releasing it slowly over a period of time, (i'm talking about volcano's now and tapping into geothermal energy) could that stop the event from happening at all?
(i'm actually asking a question here - i don't know the answer even if it sounds rhetorical).
Microsoft automatic updates are another potential record candidate. Even if you only count applications, IE7 was distributed that way.
I can. I can stop caffeine any time I want to.
Maybe there is some tax that comes into effect if you offer a prize of 10K or more? Kind of like the cars I (used to - laws changed I think) see for sale for $2999 (because at $3000 you had to provide a roadworthy certificate), or $49999 (because the luxury car tax kicks in at $50000)
This is your datacenter management software speaking... due to increasing costs and decreasing revenue there is an opportunity for some umm... after hours work...
Thinking about it since my last post, I don't think i've realy had a problem with tailgaters in the last few years. If anyone has really come up close behind me, they've either passed me and that's the last i've seen of them, or i've pulled over and let them past. I've not had the problem of people tailgating, getting past, and then slowing down. The roads where I do most of my driving are mostly duplicated now, and the ones that aren't must just be traveled by more sensible drivers.
But tailgaters are a hazard on the road, and like any other hazard should be avoided at all costs. If that means pulling over and waiting 5 minutes until they are long gone then so be it. You will never ever 'teach' them anything by playing games with them, as they are too stupid to learn, like kangaroos they're just dumb animals which you have to avoid.
Sometimes, no matter how frustrating, the only way to 'win' is not to play. (I tell my kids that all the time - "she can't copy everything you say if you don't say anything"
My little Morris 850 (Mini) was like that. Mine had an 1.1L engine with extractors on it so it was really noisy, but I'd seldom need to check the speedo as the engine noise was a pretty good indicator (The speedo was in MPH anyway, and about 15% wrong). I miss that car
The other thing was that hills didn't seem to faze it. It was a lightweight car with a lightweight driver and a lightly modified motor, so I only had to think about putting the food down further on really steep hills.
The hint? do they mod you 'troll' or 'flamebait'?
Either your cruising speed is faster than theirs in which case you won't have the tailgating problem, or their speed is faster than yours in which case you should just let them past instead of being a prick about it. Maybe you haven't been driving long enough or maybe you're just a slow learner, but tailgaters simply don't 'get it', and you can't teach 'it' to them. The best you can do is make sure that you're not the one they run up the rear of when you have to brake for a hazard. And one day, when you pull over to let them past, you'll pass them again when they are at the side of the road explaining to a police officer why they were in such a hurry, and nothing will get the smile off your face for the rest of the day!
The only incident of road rage I've ever encountered in my ummm... 15 years of driving was once when I was braking fairly quickly at a red light and someone cut in front of me forcing me to brake even harder. I shook my head in disbelief and the guy obviously got a bit pissed about it. He took off really really slowly, drove that way for about 500 metres looking in the rear view mirror the whole time, then floored it. I guess he was waiting for me to try and overtake but I didn't play. I'm not sure that even counts as road rage.
:). If you count that sort of stuff then it's not surprising the figure is 90% but as you say, who knows what they are counting...
I've been beeped at a few times when i've done something stupid (hey... it happens to the best of us