Earlier versions of the Wikipedia entry, online from May through September of that year, had contained incorrect statements about Seigenthaler, including allegations that he was once suspected of involvement in the Kennedy assassinations as well allegations that he joined the Nazi party in 1934....
I agree with many of the intelligent posts around the idea that "database encryption is just one small piece of the puzzle" - I agree that *selective* database encryption is one crucial piece to a defense-in-depth multi-layered security strategy.
Yet still, the is a fantastic well though out book. Its not a cure all, but a great book on this one segment of a good secure database solution.
For the beginner, just dive right in to page 37 and read the overview of Cryptographic structures. Then, stare at the diagram on page 41 for many hours and understand the workflow of this architecture.
For the advanced practicioner, a lot of this was review, but I got the most out of Chapter 8, "reqirements hardening" - although most clients think I'm paranoid when I talk security at the initial requirements gathering meetings, this small chapter helped my fine-tune my approach.
For secure IM solutions, my experience (now) is that Jabber is the only way to go. Its supports AES, the Jive server is open source (and the croud cheers), it's incredibly easy to set up and configure, and its SECURE. Just about any other modern solution will your intra-office communication, something that could easily destroy your business.
For UI's, I must admit that I love Yahoo to talk to clients, so I think a dual-im-client solution is the only way to go. In summary:
Intra Office communication: Jabber and a Jive server
Communication with clients: Yahoo (supports yahoo and msn users now or soon, screw AIM users)
And last, don't use IM as a replacement for phone calls. Sometimes you really need to hear the person talk, I have lost contect via IM many times with smart people.
I have solved all of my Windows XP IE 6.0 security problems by applying either the Fedora, SUSE or Firefox patches. But seriously, we should all expect that their are always arbitrary code problems with IE and just not use it ever. Isn't this review, class? Am I not preaching to the saintly and all perfect slashdot choir? Open Source Rules, we hate M$, right? Right?
My understanding is that it is already deployed in the French Quarter, and will be citiwide in a year. But at 512kbps now, and 128kbps in a year (after the state of emergency is over) - seems rather slow. But not bad for free service while roaming around town.:) In fact here is the entire article from CNN to save you a click: http://www.cnn.com/2005/TECH/internet/11/29/wirele ss.neworleans.ap/index.html
Tuesday, November 29, 2005; Posted: 2:40 p.m. EST (19:40 GMT)
NEW ORLEANS, Louisiana (AP) -- Hurricane-ravaged New Orleans is starting the nation's first free wireless Internet network owned and run by a major city, a move aimed at boosting the city's stalled economy.
Mayor Ray Nagin made the announcement at a late morning news conference.
Similar projects elsewhere have been stalled by stiff opposition from telephone and cable television companies aimed at discouraging competition from public agencies.
Nagin said the system started operation Tuesday in the central Business District and the French Quarter. It is to be available throughout the city in about a year.
The system uses hardware mounted on street lights to cover the city.
Most of the equipment was donated by three companies: Intel Corp., Tropos Networks and Pronto Networks.
The system will operate at 512 kilobits per second as long as the city remains under a state of emergency.
That will be slowed once the state of emergency is over -- that date has not been determined -- to 128 kps in accordance with state law, which restricts government-owned Internet service.
To fix the xbox over-heating problems, update the xbox software over the "Live" service, and make sure to keep the machine on a flat surface in a well ventilated area and you should be ok. Lots of these heating problems are ventilation issues.
Re:Errors with Safari
on
Amazon Goes Wiki
·
· Score: 2, Informative
Safari is just behind the curve in browser support, mixed with a recent surge in use. As a AJAX web developer, that sucks. Take Sarissa - the lightning fast XML Javascript parsing engine. Works "everywhere" except for Safari. Many sights I develop just "looks different" in Safari. The positive side is, my employer bought me my first mac (iMac mini) and it's more responsive than my $2000 uber-dell. As for development, I now "code Javascript" to Safari - and test everywhere else, since Safari is the lowest common denominator.
Dude,
This is a righteous architecure. It's so simple and straight-forward, and already I can think of client-side support libraries to make this all-the-more rapid to code. How sweet! I'm going to stick to xml since I have so much legacy xml server code, but I'm very thankful you took the time to show us what you are up 2!:)
Pretty cool man - so this is how you send data to the server...
What are you using for server code?
What does your server code spit back, xml?
What libs are you using for xml parsing?
You usin' XSLT or just straight Javascript to map data-to-ui?
Re:Is AJAX secure (https)?
on
Ajax in Action
·
· Score: 1
Ah, but if the referencing page is HTTPS, Javascript will continue to use HTTPS. The need to have a HTTP page, and a HTTPS Javascript transaction is one I have not seen yet - I just make the page HTTPS!:)
I used Winamp from the beginning - It's really cool to see what their creators are up to. If you are into iTunes - check THIS out from Dimitry of Winamp fame: http://subband.com/ It's supposedly "allows you to add bass frequencies, spatialization, 3D surround sound and numerous other real-time enhancements to your music when played through iTunes" - any chance this is cool?
Well now, if you only wanted one instance of that message, you would use Singleton. If you wanted a nice simple interface to a more complex system, in general, they call that the "Facade" pattern. If I want lots of knows know when my state changes, I use Observer.
I recomend that you pick up a book on design patterns - my favorite is the one with the cute blonde on the cover. It will help you in interviews. I speak the language, and right now I am seeing dot.com rates and no shortage of work.
Re:Is AJAX secure (https)?
on
Ajax in Action
·
· Score: 3, Informative
I forced the URL to HTTPS and it worked just fine. The browsers already support HTTPS and that translates directly to JavaScript.
I make sure the initial page it HTTPS to start with. I do not know how to have a HTTP page, and a HTTPS Javascript transaction.
AJAX inthe Real World
on
Ajax in Action
·
· Score: 5, Informative
In may ways, that book is out-of-date. Here is what is working for me *today*. There are many possibiliites, but my focus is Rapid Application Development - and these tools help me rock and roll, fast.
Last week I was tasked to replace several standard (but sometimes complex) HTML business forms with an AJAX solution. Here are the best tools I found after lots of research time. This is bleeding edge; but functional in Opera, Safari, IE XP, FF XP, FF OSX, no small feat.
1) AJFORM - submit a form via Javascript using HTTP post or get without refreshing the page. (next release in a few days, keep an eye on it, its brilliant and easy to use) http://redredmusic.com/brendon/ajform/
2) YOUR SERVER CODE - I use Java, but anything including ASP, CF, PHP - its all works. (Standard HTTP). Just needs to spit out XML, easy feat.
3) GOOGLES XPATH LIB - those of you who use Sarissa, drop it - she does not support Safari. Google's XPATH lib does, well, on all browsers you need. http://goog-ajaxslt.sourceforge.net/ - this is the best and easiest way to "search into" XML data. You can use native DOM calls, but it takes about 10x as much time to get it right.
With AJFORM and Googles XPATH lib on the client, I was able to quickly and effectively start making business forms in AJAX that were "scarry fast" and WOW'ed all the folks who are paying the bills! YAY!
The impression is that "vulnerabilities" are like the weather and beyond all human control.
I think this is one of the messages that SANS is trying to get out - that these vulnerabilites are TREATED like weather by many companies and are NOT controlled in a systematic way.
So, SANS releases a very famous list of the "top 20 volnerabilities" this quarter - its a well thought out and well researched list. I think your beef is unjustified, I say with respect.
SANS is pretty hard core, and they do not say such things lightly.In fact, SANS is well know for pissing on ANYONE who is insecure, politics be damned. SANS has made a LOT of industries upset at them, and that is exactly why I trust them for security news and advice. Plus, their training classes (security centric) are the best in the industry. If you want a happy-feel-good company, go elsewhere, SANS does not play nice. If you want the best security info, SANS news and training is THE BEST.
Dr Thompson,
Thanks for sticking your neck out.
My question is: has your research given you enough data to provide feedback on other flavors of Linux?
I suspect that Microsoft chose to pick on light-weight Novel since their flavor or Linux is one of the relative weakest. Any thought on that?
Adam,
After reading your well thought-out comments, they would lead me to think that you believe Googles promise of "do no evil" is just an empty promise?
Slashdot Mirror
Yea, like on his record, for the rest of his life if he gets hit with a felony. Not a laughing matter.
Dude, it includes 3 years of SOFTWARE support, which you do NOT get when you download for free. This is H-U-G-E.
Just for you I added this sentence on Wiki:
Earlier versions of the Wikipedia entry, online from May through September of that year, had contained incorrect statements about Seigenthaler, including allegations that he was once suspected of involvement in the Kennedy assassinations as well allegations that he joined the Nazi party in 1934....
Hell no... go for the simple mechanical workarounds.
Dude, there is no replacement for the thrill of cracking a (inherently flawed) digital security system.
I agree with many of the intelligent posts around the idea that "database encryption is just one small piece of the puzzle" - I agree that *selective* database encryption is one crucial piece to a defense-in-depth multi-layered security strategy.
Yet still, the is a fantastic well though out book. Its not a cure all, but a great book on this one segment of a good secure database solution.
For the beginner, just dive right in to page 37 and read the overview of Cryptographic structures. Then, stare at the diagram on page 41 for many hours and understand the workflow of this architecture.
For the advanced practicioner, a lot of this was review, but I got the most out of Chapter 8, "reqirements hardening" - although most clients think I'm paranoid when I talk security at the initial requirements gathering meetings, this small chapter helped my fine-tune my approach.
For secure IM solutions, my experience (now) is that Jabber is the only way to go. Its supports AES, the Jive server is open source (and the croud cheers), it's incredibly easy to set up and configure, and its SECURE. Just about any other modern solution will your intra-office communication, something that could easily destroy your business.
For UI's, I must admit that I love Yahoo to talk to clients, so I think a dual-im-client solution is the only way to go. In summary:
Intra Office communication: Jabber and a Jive server
Communication with clients: Yahoo (supports yahoo and msn users now or soon, screw AIM users)
And last, don't use IM as a replacement for phone calls. Sometimes you really need to hear the person talk, I have lost contect via IM many times with smart people.
I have solved all of my Windows XP IE 6.0 security problems by applying either the Fedora, SUSE or Firefox patches. But seriously, we should all expect that their are always arbitrary code problems with IE and just not use it ever. Isn't this review, class? Am I not preaching to the saintly and all perfect slashdot choir? Open Source Rules, we hate M$, right? Right?
My understanding is that it is already deployed in the French Quarter, and will be citiwide in a year. But at 512kbps now, and 128kbps in a year (after the state of emergency is over) - seems rather slow. But not bad for free service while roaming around town. :) In fact here is the entire article from CNN to save you a click: http://www.cnn.com/2005/TECH/internet/11/29/wirele ss.neworleans.ap/index.html
Tuesday, November 29, 2005; Posted: 2:40 p.m. EST (19:40 GMT)
NEW ORLEANS, Louisiana (AP) -- Hurricane-ravaged New Orleans is starting the nation's first free wireless Internet network owned and run by a major city, a move aimed at boosting the city's stalled economy.
Mayor Ray Nagin made the announcement at a late morning news conference.
Similar projects elsewhere have been stalled by stiff opposition from telephone and cable television companies aimed at discouraging competition from public agencies.
Nagin said the system started operation Tuesday in the central Business District and the French Quarter. It is to be available throughout the city in about a year.
The system uses hardware mounted on street lights to cover the city.
Most of the equipment was donated by three companies: Intel Corp., Tropos Networks and Pronto Networks.
The system will operate at 512 kilobits per second as long as the city remains under a state of emergency.
That will be slowed once the state of emergency is over -- that date has not been determined -- to 128 kps in accordance with state law, which restricts government-owned Internet service.
And please, this project looks very interesting. Can you please open-source your "whop-ass" methodologies?
FYI: Safari 1.3 promises to close the gap - and include support for the Canvas object (whoa). :)
To fix the xbox over-heating problems, update the xbox software over the "Live" service, and make sure to keep the machine on a flat surface in a well ventilated area and you should be ok. Lots of these heating problems are ventilation issues.
Safari is just behind the curve in browser support, mixed with a recent surge in use. As a AJAX web developer, that sucks. Take Sarissa - the lightning fast XML Javascript parsing engine. Works "everywhere" except for Safari. Many sights I develop just "looks different" in Safari. The positive side is, my employer bought me my first mac (iMac mini) and it's more responsive than my $2000 uber-dell. As for development, I now "code Javascript" to Safari - and test everywhere else, since Safari is the lowest common denominator.
Dude, This is a righteous architecure. It's so simple and straight-forward, and already I can think of client-side support libraries to make this all-the-more rapid to code. How sweet! I'm going to stick to xml since I have so much legacy xml server code, but I'm very thankful you took the time to show us what you are up 2! :)
Pretty cool man - so this is how you send data to the server...
What are you using for server code?
What does your server code spit back, xml?
What libs are you using for xml parsing?
You usin' XSLT or just straight Javascript to map data-to-ui?
Ah, but if the referencing page is HTTPS, Javascript will continue to use HTTPS. The need to have a HTTP page, and a HTTPS Javascript transaction is one I have not seen yet - I just make the page HTTPS! :)
1cm square seems like a great size for a cerebral implant!
I used Winamp from the beginning - It's really cool to see what their creators are up to. If you are into iTunes - check THIS out from Dimitry of Winamp fame: http://subband.com/ It's supposedly "allows you to add bass frequencies, spatialization, 3D surround sound and numerous other real-time enhancements to your music when played through iTunes" - any chance this is cool?
Please note that it was Justin Frankel **and** Dmitry Boldyrev that created Winamp and ported it to Windows. http://inventors.about.com/od/mstartinventions/a/M PThree.htm (look under "MP3 Players")
Well now, if you only wanted one instance of that message, you would use Singleton. If you wanted a nice simple interface to a more complex system, in general, they call that the "Facade" pattern. If I want lots of knows know when my state changes, I use Observer.
I recomend that you pick up a book on design patterns - my favorite is the one with the cute blonde on the cover. It will help you in interviews. I speak the language, and right now I am seeing dot.com rates and no shortage of work.
I forced the URL to HTTPS and it worked just fine. The browsers already support HTTPS and that translates directly to JavaScript.
/ JavaScript/Q_21636735.html
:)
I make sure the initial page it HTTPS to start with. I do not know how to have a HTTP page, and a HTTPS Javascript transaction.
Here is another link that talks about the same issue. http://www.experts-exchange.com/Web/Web_Languages
PS: GREAT QUESTION! VIVA SECURE SOLUTIONS!
In may ways, that book is out-of-date. Here is what is working for me *today*. There are many possibiliites, but my focus is Rapid Application Development - and these tools help me rock and roll, fast.
Last week I was tasked to replace several standard (but sometimes complex) HTML business forms with an AJAX solution. Here are the best tools I found after lots of research time. This is bleeding edge; but functional in Opera, Safari, IE XP, FF XP, FF OSX, no small feat.
1) AJFORM - submit a form via Javascript using HTTP post or get without refreshing the page. (next release in a few days, keep an eye on it, its brilliant and easy to use) http://redredmusic.com/brendon/ajform/ 2) YOUR SERVER CODE - I use Java, but anything including ASP, CF, PHP - its all works. (Standard HTTP). Just needs to spit out XML, easy feat. 3) GOOGLES XPATH LIB - those of you who use Sarissa, drop it - she does not support Safari. Google's XPATH lib does, well, on all browsers you need. http://goog-ajaxslt.sourceforge.net/ - this is the best and easiest way to "search into" XML data. You can use native DOM calls, but it takes about 10x as much time to get it right.
With AJFORM and Googles XPATH lib on the client, I was able to quickly and effectively start making business forms in AJAX that were "scarry fast" and WOW'ed all the folks who are paying the bills! YAY!
Whats your architecture for AJAX?
The impression is that "vulnerabilities" are like the weather and beyond all human control.
I think this is one of the messages that SANS is trying to get out - that these vulnerabilites are TREATED like weather by many companies and are NOT controlled in a systematic way.
So, SANS releases a very famous list of the "top 20 volnerabilities" this quarter - its a well thought out and well researched list. I think your beef is unjustified, I say with respect.
SANS is pretty hard core, and they do not say such things lightly.In fact, SANS is well know for pissing on ANYONE who is insecure, politics be damned. SANS has made a LOT of industries upset at them, and that is exactly why I trust them for security news and advice. Plus, their training classes (security centric) are the best in the industry. If you want a happy-feel-good company, go elsewhere, SANS does not play nice. If you want the best security info, SANS news and training is THE BEST.
Dr Thompson, Thanks for sticking your neck out. My question is: has your research given you enough data to provide feedback on other flavors of Linux? I suspect that Microsoft chose to pick on light-weight Novel since their flavor or Linux is one of the relative weakest. Any thought on that?
Adam, After reading your well thought-out comments, they would lead me to think that you believe Googles promise of "do no evil" is just an empty promise?