Plus a vagina being covered up by a Power button. I wonder what *that* is trying to imply. It's made from the painting "L'origine du monde" ("The origin of the world", hence the power button). You can read about it by searching "L'origine du monde" on wikipedia (WARNING - Even MORE NSFW because they have the painting without that power button!) So, the original painter probably wanted to say that everything in our world comes from a woman's vagina, (and in more than one way! I let you find other interpretations of that;) ), in a very provocative way.
The "turn on" (sexually) aspect of the "power button" was (probably) not meant in the original painting, however.
Re:Full Screen Editing
on
Hacking VIM
·
· Score: 1
With KDE, you can set windows not to have borders. Also (or alternatively) you can setup a shortcut (I set up alt-enter, like in ion) for switching fullscreen mode of windows (which is NOT maximised mode - full screen covers the panels and hides the window border as well). Within emacs you can remove the menu and toolbar (M-x menu-bar-mode, M-x tool-bar-mode, or maybe without the -).
These two things together will give you fullscreen emacs on KDE or ion. You can make them permanent by respectively setting windows rules ("advanced" in the window menu) and putting the commands emacs'.config. If you run vi in an xterm, you can use the same "full-screen" shortcut to maximise the xterm or any terminal that doesn't have compulsory menus/statusbar/tabbar, which will give you a fullscreen vi.
I am not sure if you can set a general "fullscreen" shortcut in gnome, though...
Also, these hacks obviously work if you're using beryl/compiz, so that gives you an openGL accelerated 3D full screen emacs/vi:-)
No presenter in their right mind wants to rely on the internet to deliver a presentation. I was thinking the same about web based apps, that no one would want to rely on the internet to be able to read/write his documents. I guess very few people are "in their right minds":-(
Or, in programming language notation, a cnot gate performs "y ^= x", x being the control bit and y the target bit.
If x and y aren't both pure states (i.e. are a superposition of 00, 01, 10, 11), the operation is performed independently on each basis state. Read http://en.wikipedia.org/wiki/Quantum_computer for more details.
It's too expensive to ship a sophisticated $20 part with a pressed disc that costs $1 to make and you're selling for $20. Dongles have only really been used in very expensive software packages for this reason.
He meant a single dongle for the computer, that is used by all discs
Also, the whole content industry is moving to a "download over the Internet" model. Bill Gates was right when he said this is likely to be the last physical format war. Any solution that is not software only is a non-starter in this context.
See above - you get that dongle once for all, maybe when you buy your computer if such a system is widely used
If you're going to require an internet connection, what's the point of the dongle?
Assuming the dongle isn't tampered with and the computer isn't trusted by the media company (I know, that's a big "if"), this allows creating a secure communication between their servers and the dongle
maybe even connected directly to the video playback circuitry.
So users are going to have to crack their case open every time they want to play a video? I think not.
Huh? You don't have to open your box when you plug a usb stick do you? He talked about two data channels - "connected directly" - that means there's a separate bus for the dongle output - doesn't mean the connector is inside the computer.
I'm not sure however there is a point in re-encrypting the data between the dongle and the screen+speakers as anyway you'd have the "analog hole" afterwards. Maybe it could work like that though: 1. The output devices (screen+speakers) have their own private keypairs 2. The movies/songs are encrypted with another key which is stored in the dongle. Maybe the dongle has to download the keys for each new disk (using a secure connection to the keyserver - the pc can't see the data any more than a router can see https traffic), whatever. Then when you playback something, the dongle decrypts it if you're allowed to, then re-encrypts it for the output devices.
Anyway no matter if you do that or not, no software trick can decrypt the data - you'd have to first read the dongle memory to get its private key, or have a hardware sniffer between the dongle and the output devices (in case that path is not encrypted the way I described above)
No that I hope any such system ever comes to existence of course
If you think that's bad, see what my isp (netcabo, Portugal) is doing:
Every now and then when they want to send me a message (e.g. to tell me about "special offers" or whatever), they intercept one of my http requests and reply with a redirect to a page on their website, with the oh-so-important message and a link to the page I had asked for.
Needless to say that scripts that automatically parse web pages get confused.
I (using linux) have been looking for a way to do video calls with my family (using windows) with no success so far.
At some point I tried using wengo. It uses SIP so it is supposed to interoperate with other software running the same protocol (like ekiga which works on my computer). The linux version didn't work, could neither connect nor access my camera. The windows version didn't work; camera was working but could not connect. They advised in their forums (in French - good thing I know the language) reinstalling plenty of times and one guy having the same symptoms as me finally succeeded:-(after reinstalling three times. I did it five times (on the windows side) and gave up. Their uninstaller only removes half of the software, you need to go through regedit and manually remove plenty of keys, you need to manually remove configuration files etc.
So I don't think I'll try wengo again (maybe I was just unlucky though)
As for my other attempts at video between linux and windows (maybe a bit OT sorry): Skype works both win and lin but no video on linux Ekiga (gnomemeeting) worked in linux but not in windows (camera not detected. Well, the windows version is only early beta). Couldn't get netmeeting to work in windows either Msn works in windows but not (I tried amsn, kopete) in linux
I sometimes make the typo of pressing enter instead of for instance shift...
So let's say I want to do rm -r a/b/c. On my keyboard layout I need shift to type a slash, and it has happened to me that when trying to do the first slash I actually press enter, and execute rm -r a:-(
So when doing something potentially dangerous I start by typing a #, and when done, control-A delete to remove the hash and run the command. If I accidentally press enter then it will try to run something like #rm a and ignore it or fail (depending on the shell).
Of course, cd-ing to the parent directory first is even safer but after a while you get lazy (I do):-)
rtfa again - this *is* used for targetting specific sites. Google is used as an anonymiser.
The article suggests searching cmd.gif to demonstrate that that method is being used, and indeed some of the results show that google's index carries urls containing attacks.
To inject those urls into google's index the attacker doesn't even need to run a search or even contact google a single time - he puts the attack (mentioning the specific host the attacker wants to attack) on some webpage and then waits for google to find it and run the attack.
Then, optionally, using google's cache, the attacker could go check the result of his attack.
You are right - I was only mentionning one solution to one problem - X-level keyloggers. Running a keylogger is easy and only requires the user's priviledges. Replacing/highjacking xterm or bash is more difficult. Assuming you are running the real xterm, ctrl-clicking is sent to the terminal emulator - the shell/program running in it can't intercept it.
So to be even safer you could make sure (by storing desktop configuration in a place not writable by the every day user) that opening an xterm really runs/usr/bin/xterm/bin/sh. Then you'd also have to make sure that typing "su" really runs/bin/su and not/tmp/backdoored-su. And so on.
Anyway my point was not to provide a complete answer to securing password entry. However I think that that feature letting a window (and therefore a process) getting exclusive access to keyboard input is key to achieving that, and tends to be ignored too much (I only know of gpg-agent's passphrase entry agent, xterm and screensavers doing that. For instance kde password dialogs and virtual terminals don't)
How would you propose to remedy this situation? Do you switch to another VT or use a magic sysrq key everytime you become root?
One way (that would not solve "phishing" attacks but at least would be safe against X-level keyloggers) is to have the shell request exclusivity on the keyboard. Xterm has a "secure keyboard" option that does precisely this (ctrl-left click and then select "secure keyboard"). Now if only this option could be automatically activated for the time of a sudo/su/ssh/whatever password prompt (and be available on other virtual terminals than xterm) it would be very useful.
Click on the "print this article" link if you want it on a single page. Of course it doesn't make it shorter but at least you don't have more than one ad.
Ok. Now what prevents the phishing site to just forward the first half of the victim's credentials to the real bank website, download the picture and then send it back to him (like a sort of man-in-the-middle) ? Then there will no be any difference to the user except that it is a bit slower.
One advantage might be that the bank's website would notice there is a large number of attempted logins from different users all coming from the same machine. But this is no longer true if in addition copies of the phishing site are spread over many zombies.
Well when I read it I understood that as the name of the event - names don't necessarily have to be translated.
But then I checked and it looks like it was half translated from the original name "7 Fórum Internacional Software Livre". Well, whatever.
Programmers type characters like { } $ ( ) = + more often than the general population. It would be an awesome geek-toy to have a keyboard which promoted these characters to their own keys and relegated those useless squiggles like vowels to Shift-Ctrl combinations;-).
Your awesome geek-toy already exists! It is the French "azerty" keyboard!:-) Check the layout: azerty.png
{, (, $, etc are accessible by single key-presses, but to type numbers you have to use shift (who uses numbers anyway)
it'd be nice to combine this with a properly tuned archive of debian or gentoo for sparc (archive == both source and binaries) and then have a 100% open computing environment
That won't be 100% open source, you still need the source code of the universe. (That code that physicists are busy reverse engineering)
Slashdot Mirror
So, the original painter probably wanted to say that everything in our world comes from a woman's vagina, (and in more than one way! I let you find other interpretations of that
The "turn on" (sexually) aspect of the "power button" was (probably) not meant in the original painting, however.
With KDE, you can set windows not to have borders. Also (or alternatively) you can setup a shortcut (I set up alt-enter, like in ion) for switching fullscreen mode of windows (which is NOT maximised mode - full screen covers the panels and hides the window border as well).
.config. If you run vi in an xterm, you can use the same "full-screen" shortcut to maximise the xterm or any terminal that doesn't have compulsory menus/statusbar/tabbar, which will give you a fullscreen vi.
:-)
Within emacs you can remove the menu and toolbar (M-x menu-bar-mode, M-x tool-bar-mode, or maybe without the -).
These two things together will give you fullscreen emacs on KDE or ion. You can make them permanent by respectively setting windows rules ("advanced" in the window menu) and putting the commands emacs'
I am not sure if you can set a general "fullscreen" shortcut in gnome, though...
Also, these hacks obviously work if you're using beryl/compiz, so that gives you an openGL accelerated 3D full screen emacs/vi
If you use MSN to talk about important things, just don't forget that it goes in cleartext through Microsoft's servers...
One more reason to prefer Jabber!
That's goatse. And that will teach me to look at random ip addresses ...
Or, in programming language notation, a cnot gate performs "y ^= x", x being the control bit and y the target bit.
If x and y aren't both pure states (i.e. are a superposition of 00, 01, 10, 11), the operation is performed independently on each basis state. Read http://en.wikipedia.org/wiki/Quantum_computer for more details.
It's too expensive to ship a sophisticated $20 part with a pressed disc that costs $1 to make and you're selling for $20. Dongles have only really been used in very expensive software packages for this reason.
He meant a single dongle for the computer, that is used by all discs
Also, the whole content industry is moving to a "download over the Internet" model. Bill Gates was right when he said this is likely to be the last physical format war. Any solution that is not software only is a non-starter in this context.
See above - you get that dongle once for all, maybe when you buy your computer if such a system is widely used
If you're going to require an internet connection, what's the point of the dongle?
Assuming the dongle isn't tampered with and the computer isn't trusted by the media company (I know, that's a big "if"), this allows creating a secure communication between their servers and the dongle
maybe even connected directly to the video playback circuitry.
So users are going to have to crack their case open every time they want to play a video? I think not.
Huh? You don't have to open your box when you plug a usb stick do you? He talked about two data channels - "connected directly" - that means there's a separate bus for the dongle output - doesn't mean the connector is inside the computer.
I'm not sure however there is a point in re-encrypting the data between the dongle and the screen+speakers as anyway you'd have the "analog hole" afterwards. Maybe it could work like that though:
1. The output devices (screen+speakers) have their own private keypairs
2. The movies/songs are encrypted with another key which is stored in the dongle. Maybe the dongle has to download the keys for each new disk (using a secure connection to the keyserver - the pc can't see the data any more than a router can see https traffic), whatever.
Then when you playback something, the dongle decrypts it if you're allowed to, then re-encrypts it for the output devices.
Anyway no matter if you do that or not, no software trick can decrypt the data - you'd have to first read the dongle memory to get its private key, or have a hardware sniffer between the dongle and the output devices (in case that path is not encrypted the way I described above)
No that I hope any such system ever comes to existence of course
People don't RTFA, they *LTFA* - Load TFA (and then close the window without reading).
It's the only way to have the slashdot effect work.
Didn't you mean pwned?
(sorry) :-)
If you think that's bad, see what my isp (netcabo, Portugal) is doing:
Every now and then when they want to send me a message (e.g. to tell me about "special offers" or whatever), they intercept one of my http requests and reply with a redirect to a page on their website, with the oh-so-important message and a link to the page I had asked for.
Needless to say that scripts that automatically parse web pages get confused.
He was talking in base two, obviously. One million in base two is forty in base sixteen (and sixty-four in base ten)
I don't know how many of you noticed: The fictional name "Guillaume Portes" is actually a literal translation of "Bill Gates" in French ...
I'm glad you asked, so I can a bit :)
:-(after reinstalling three times. I did it five times (on the windows side) and gave up. Their uninstaller only removes half of the software, you need to go through regedit and manually remove plenty of keys, you need to manually remove configuration files etc.
:-(
I (using linux) have been looking for a way to do video calls with my family (using windows) with no success so far.
At some point I tried using wengo. It uses SIP so it is supposed to interoperate with other software running the same protocol (like ekiga which works on my computer). The linux version didn't work, could neither connect nor access my camera. The windows version didn't work; camera was working but could not connect. They advised in their forums (in French - good thing I know the language) reinstalling plenty of times and one guy having the same symptoms as me finally succeeded
So I don't think I'll try wengo again (maybe I was just unlucky though)
As for my other attempts at video between linux and windows (maybe a bit OT sorry):
Skype works both win and lin but no video on linux
Ekiga (gnomemeeting) worked in linux but not in windows (camera not detected. Well, the windows version is only early beta).
Couldn't get netmeeting to work in windows either
Msn works in windows but not (I tried amsn, kopete) in linux
mm..
</rant>
1. Related advice:
...
:-(
:-)
I sometimes make the typo of pressing enter instead of for instance shift
So let's say I want to do rm -r a/b/c. On my keyboard layout I need shift to type a slash, and it has happened to me that when trying to do the first slash I actually press enter, and execute rm -r a
So when doing something potentially dangerous I start by typing a #, and when done, control-A delete to remove the hash and run the command. If I accidentally press enter then it will try to run something like #rm a and ignore it or fail (depending on the shell).
Of course, cd-ing to the parent directory first is even safer but after a while you get lazy (I do)
rtfa again - this *is* used for targetting specific sites. Google is used as an anonymiser.
The article suggests searching cmd.gif to demonstrate that that method is being used, and indeed some of the results show that google's index carries urls containing attacks.
To inject those urls into google's index the attacker doesn't even need to run a search or even contact google a single time - he puts the attack (mentioning the specific host the attacker wants to attack) on some webpage and then waits for google to find it and run the attack.
Then, optionally, using google's cache, the attacker could go check the result of his attack.
You are right - I was only mentionning one solution to one problem - X-level keyloggers. Running a keylogger is easy and only requires the user's priviledges. Replacing/highjacking xterm or bash is more difficult. Assuming you are running the real xterm, ctrl-clicking is sent to the terminal emulator - the shell/program running in it can't intercept it.
/usr/bin/xterm /bin/sh. /bin/su and not /tmp/backdoored-su. And so on.
So to be even safer you could make sure (by storing desktop configuration in a place not writable by the every day user) that opening an xterm really runs
Then you'd also have to make sure that typing "su" really runs
Anyway my point was not to provide a complete answer to securing password entry. However I think that that feature letting a window (and therefore a process) getting exclusive access to keyboard input is key to achieving that, and tends to be ignored too much (I only know of gpg-agent's passphrase entry agent, xterm and screensavers doing that. For instance kde password dialogs and virtual terminals don't)
One way (that would not solve "phishing" attacks but at least would be safe against X-level keyloggers) is to have the shell request exclusivity on the keyboard. Xterm has a "secure keyboard" option that does precisely this (ctrl-left click and then select "secure keyboard"). Now if only this option could be automatically activated for the time of a sudo/su/ssh/whatever password prompt (and be available on other virtual terminals than xterm) it would be very useful.
I know a good use for that keyboard ...
http://www.helldesk.dk/keyboard-ctrl-alt-del.jpg
By now you should have understood that writing "this is not funny" on slashdot automatically mods you as funny.
And I am serious, this is not meant to be funny either
Click on the "print this article" link if you want it on a single page. Of course it doesn't make it shorter but at least you don't have more than one ad.
Ok. Now what prevents the phishing site to just forward the first half of the victim's credentials to the real bank website, download the picture and then send it back to him (like a sort of man-in-the-middle) ? Then there will no be any difference to the user except that it is a bit slower.
One advantage might be that the bank's website would notice there is a large number of attempted logins from different users all coming from the same machine. But this is no longer true if in addition copies of the phishing site are spread over many zombies.
Well when I read it I understood that as the name of the event - names don't necessarily have to be translated.
But then I checked and it looks like it was half translated from the original name "7 Fórum Internacional Software Livre". Well, whatever.
That is the way it is spelled in Portuguese (which is the language spoken over there)
Programmers type characters like { } $ ( ) = + more often than the general population. It would be an awesome geek-toy to have a keyboard which promoted these characters to their own keys and relegated those useless squiggles like vowels to Shift-Ctrl combinations ;-).
Your awesome geek-toy already exists! It is the French "azerty" keyboard! :-) Check the layout: azerty.png
{, (, $, etc are accessible by single key-presses, but to type numbers you have to use shift (who uses numbers anyway)
it'd be nice to combine this with a properly tuned archive of debian or gentoo for sparc (archive == both source and binaries) and then have a 100% open computing environment
That won't be 100% open source, you still need the source code of the universe. (That code that physicists are busy reverse engineering)
:-)