Worried about people getting a worm from
a message containing your (spoofed) address?
Folks, it looks like the compelling case for
the non "paranoid-cryptoweenie" demographic to use PGP just arrived: sign
all your messages and add in your.sig
"any message appearing to come from <me@mydomain.cc>
is a forgery unless it has a valid PGP digital signature. Any such forged message probably
contains malware and should be discarded."
It was called "SCO OpenServer 5", and I first used it
in 1994. It was hideous. Any time you installed a traditional unix program you shat all over the
symlink hierarchy and generally hosed something.
It made mangement of vendor supplied packages
slightly simpler, but the whole point of open systems is
that you are not locked into dependence on your OS vendor!
Re:Oh joy, "The Attack of the Easily Led"
on
4l-j4z333ra 0wn3d
·
· Score: 1
Obviously *your* town has a different protest culture than mine. Around here almost every
protest has a Rent-A-Crowd element who are just there to make noise.
Judgemental? Judging is what rational creatures do. Look at the issues and facts, weigh opinions, and decide
for yourself.
Oh, and if you can't learn to discuss issues without making incoherent personal attacks, perhaps you should seek employment at the white house?
Re:Oh joy, "The Attack of the Easily Led"
on
4l-j4z333ra 0wn3d
·
· Score: 1
He has killed and has ordered killings of thousands and thousands of people
So have many other despots, even US allies (or puppets). Concern for the suffering of Iraqis, is not, I submit, the true reason for this war. Concern for (or even knowledge of the existence of) foreigners does not hitherto appear to have been a
major element of US political or popular thinking.
I'm Australian. As far as I can tell Australia
is involved in this mess because the Aussie PM
likes to be invited 'round to have a beer with George and Tony and feel like he's an Important World Leader^TM.
Re:Oh joy, "The Attack of the Easily Led"
on
4l-j4z333ra 0wn3d
·
· Score: 1
you seem to mention socialists as being mentally incompetent, dishonest people.
No, I said that the kind of morons who go to marches to have a fight and loot stores are criminals and losers. They seem to be endemic blights on socialist activist groups. I'm sure respectable socialists (snicker) are probably embarrassed by these people too. I am so far from being a socialist that you'd need a trebuchet to throw rocks at me, but just because all you people who disagree with me are wrong doesn't necessarily mean you're stupid or dishonest.:-)
Oh yes, one last thing (in my best cheesy klingon voice): I am NOT a conformist.
Re:Oh joy, "The Attack of the Easily Led"
on
4l-j4z333ra 0wn3d
·
· Score: 1
Funny, I always thought that attacking police and looting stores was more of an anarchistic thing to do.
Oh, call it libertarian instead of anarchist if you like. The idea that mature people can just get on with their lives, eschew [initiation of] violence, and not need the gummint to poke its nose
into every aspect of private life.
As for the "recent unpleasantness" in Iraq, put it in terms of the golden rule: bombing a country because their ruler is an asshole is a bad
precedent. The ruler of my country (not the USA, btw) is an asshole too, but I don't really feel like being bombed today because of him, or having my kids starved to death, y'know?
Oh joy, "The Attack of the Easily Led"
on
4l-j4z333ra 0wn3d
·
· Score: 1
The problem I have with script kiddies making political
attacks is the same as the problem with high-school
students and university freshers filling out the
bulk of the current political protest marches.
These people are immature, inexperienced and
naive, and are just as easily led to a BAD cause
as a good one. (I'm sure many of us old farts cringe when recalling some of the lame ideas we supported when we were young and impressionable.)
THINK, don't just follow the guy with the megaphone.
(I happen to be anti-war, but for anarchistic reasons; I wouldn't be seen dead marching with those socialist loonies who seem to think a protest march is a "gonna bash some pigs and loot me a new
pair of shoes" event.)
I signed up, promised my firstborn son,
downloaded the code, read a
buttload of docs on the builder and compiled
up the producer apps. Shockingly, it built with no errors.
But there's no doco (or I didn't find it yet),
and no hint of what the hell
all these binaries are supposed to do.
I just want to convert all these useless.rm files
on my drive to MPEG (VCD specifically) so I never have to deal
with rm again. I've had zero luck getting
this done using transcode, mencoder or mjpegtools; the output always has flicker, or bad audio sync.
Has anybody figured out what this helix release
actually does?
Re:Yes, but Australian culture is still different
on
New Mad Max Film
·
· Score: 1
You, dear troll, suck.
You love the work of Miller & Gibson so much that you can't/wait/ to steal it from them.
I built a device about 5 years ago that used strokes in either
direction.
For a backyard inventor, the hard part of that is
finding switches that are suitable.
I used levers (moved by the fingertips) which had a microswitch on either side.
Rather than using wood for the parts, I used
a combination of old fiberglass circuit boards and
a PVC modelling material called Fimo which can be
baked hard in a home oven. You buy it in craft stores.
I built a two-key-per finger design back around
1996. I'm sure I still have bits of the
protoype in my junk box. It didn't use
the same arrangement as the chordite design, and abandoned my two-key prototype
because of the difficulty in getting small enough
switches; I went back to working with one switch
per finger.
My designs have two bucky-bit modes; either the
bucky bit applies to the next "ordinary" key or,
by "double-clicking" the "bucky chord", the modifier
remains active until deactivated.
(That idea of sticky-modifiers is certainly not novel, Microsoft use it in their
handicapped-accessibility add-on for the Windoze control panel).
I was quite suprised to learn that IBM
had a patent (exipred, thankfully) on the state-machine algorithm for assembling chord events. That is just so obvious; I certainly
didn't consider it remarkable when I independently arrived at that method.
Now the method of holding the device in the
hand without straps, that I have not seen
before.
I still to this day maintain a DOS boot disk
with 4dos and several other useful tools. I use
it for troubleshooting and for setting up systems.
I call it "The One True Boot Disk" and my cow-orkers are forever coming by and begging to
borrow it. (Make a copy from the disk image on
the file server, I tell them, but do they listen...)
Once you introduce time travel, you have painted yourself
into a corner.
Once the "go back in time and fix things" crutch has been
employed once, the slippery slope to sloppy scriptwriting and
unimaginative stories has started.
Now that we have the web, and peer to peer file sharing,
alt.binaries can FOAD, and the sooner the better.
Sure, easy access to pr0n and warez is popular, but I'm
sick of seeing months of valuable discussion get purged from
my news-server to make room for some moronic binary
flood in alt.binaries.hamsters.duct-tape or whatever.
C'mon, Usenet is the worst possible medium for distributing large binary files.
Microsoft released a patch ages ago to turn
off executable attachments et. al.
Nobody installed it. The kind of people
who went looking for it already knew
better than to run attached executables. The
kind of people who are victims of these
trojans hated the patch because, those
people WANT to be able
to click on attachments and have them run.
Living without the latest animated christmas card
is intolerable to them.
(Or rather, they are unable to perform any more
complicated procedure, so it's single-click or nothing for that user base.)
Yeah, they decided to send the plaintext
password over the wire instead. Yeah, that'll
work. Not.
Bob, the reason is that the
CHAP authentication protocol
requires that the server know the plaintext password.
Just keeping a hash isn't good enough.
The requirement for plaintext passwords
is a drawback for many challenge-response
protocols. You trade-off the value of never
sending the password over the net (instead using
challenge-response) with having to store the
actual password on the server (instead of the
result of a one-way hash).
Encrypting the passwords doesn't help. If the
authentication program needs the plaintext
value it must be able to decrypt the password,
so the attacker simply steals the encrypted
passwords and a memory-dump of the executing decryptor program.
There are many reasons to put self-signed certificates on a keyserver.
I put my ID fingerprint on my business card, then
my key on the keyserver. If somebody who has my
card wants my key, they download it and compare
the fingerprints. If they don't have my card,
they can call me and read out the fingerprint,
or verify it through some other means that is
more trustworthy than email.
Self-signatures also prevent third parties from
adding another email address to my certificate
and submitting it back to the server. If each
email address on a certificate is self-signed,
only the posessor of the private key could have
added those IDs to the key.
The web of trust is one way of verifying that
a key really belongs to a particular principal,
but it is not the only way. Flexibility is
one of the ways PGP wins over other public-key infrastructures (with PGP you are not forced to trust all the parties in the
trust web. If you roll your own offline verification method, you don't even need to trust any of them.
Slashdot Mirror
Folks, it looks like the compelling case for the non "paranoid-cryptoweenie" demographic to use PGP just arrived: sign all your messages and add in your .sig
-- Chris "Paranoid cryptoweenie"
I'm a debian bigot too, but I'm not evangelistic about it. Different flavours suit different people and purposes.
It was called "SCO OpenServer 5", and I first used it in 1994. It was hideous. Any time you installed a traditional unix program you shat all over the symlink hierarchy and generally hosed something.
It made mangement of vendor supplied packages slightly simpler, but the whole point of open systems is that you are not locked into dependence on your OS vendor!
Obviously *your* town has a different protest culture than mine. Around here almost every protest has a Rent-A-Crowd element who are just there to make noise.
Judgemental? Judging is what rational creatures do. Look at the issues and facts, weigh opinions, and decide for yourself.
Oh, and if you can't learn to discuss issues without making incoherent personal attacks, perhaps you should seek employment at the white house?
So have many other despots, even US allies (or puppets). Concern for the suffering of Iraqis, is not, I submit, the true reason for this war. Concern for (or even knowledge of the existence of) foreigners does not hitherto appear to have been a major element of US political or popular thinking.
I'm Australian. As far as I can tell Australia is involved in this mess because the Aussie PM likes to be invited 'round to have a beer with George and Tony and feel like he's an Important World Leader^TM.
Oh yes, one last thing (in my best cheesy klingon voice): I am NOT a conformist.
Oh, call it libertarian instead of anarchist if you like. The idea that mature people can just get on with their lives, eschew [initiation of] violence, and not need the gummint to poke its nose into every aspect of private life.
As for the "recent unpleasantness" in Iraq, put it in terms of the golden rule: bombing a country because their ruler is an asshole is a bad precedent. The ruler of my country (not the USA, btw) is an asshole too, but I don't really feel like being bombed today because of him, or having my kids starved to death, y'know?
The problem I have with script kiddies making political attacks is the same as the problem with high-school students and university freshers filling out the bulk of the current political protest marches.
These people are immature, inexperienced and naive, and are just as easily led to a BAD cause as a good one. (I'm sure many of us old farts cringe when recalling some of the lame ideas we supported when we were young and impressionable.)
THINK, don't just follow the guy with the megaphone.
(I happen to be anti-war, but for anarchistic reasons; I wouldn't be seen dead marching with those socialist loonies who seem to think a protest march is a "gonna bash some pigs and loot me a new pair of shoes" event.)
I signed up, promised my firstborn son, downloaded the code, read a buttload of docs on the builder and compiled up the producer apps. Shockingly, it built with no errors.
But there's no doco (or I didn't find it yet), and no hint of what the hell all these binaries are supposed to do.
I just want to convert all these useless .rm files
on my drive to MPEG (VCD specifically) so I never have to deal
with rm again. I've had zero luck getting
this done using transcode, mencoder or mjpegtools; the output always has flicker, or bad audio sync.
Has anybody figured out what this helix release actually does?
You, dear troll, suck.
/wait/ to steal it from them.
You love the work of Miller & Gibson so much that you can't
I'm a hardcore Emacs junkie, and I seriously contemplate chord input with Emacs.
It's not impossible, and I have the chord tables to prove it :-)
(Hint: next time you boot GameOS, have a look at the accessiblity page in the control panel).
For a backyard inventor, the hard part of that is finding switches that are suitable.
I used levers (moved by the fingertips) which had a microswitch on either side.
Rather than using wood for the parts, I used a combination of old fiberglass circuit boards and a PVC modelling material called Fimo which can be baked hard in a home oven. You buy it in craft stores.
I built a two-key-per finger design back around 1996. I'm sure I still have bits of the protoype in my junk box. It didn't use the same arrangement as the chordite design, and abandoned my two-key prototype because of the difficulty in getting small enough switches; I went back to working with one switch per finger.
My designs have two bucky-bit modes; either the bucky bit applies to the next "ordinary" key or, by "double-clicking" the "bucky chord", the modifier remains active until deactivated. (That idea of sticky-modifiers is certainly not novel, Microsoft use it in their handicapped-accessibility add-on for the Windoze control panel).
I was quite suprised to learn that IBM had a patent (exipred, thankfully) on the state-machine algorithm for assembling chord events. That is just so obvious; I certainly didn't consider it remarkable when I independently arrived at that method.
Now the method of holding the device in the hand without straps, that I have not seen before.
So NA kills PGP?
Is that a silent 'S' between the 'N' and the 'A'?
I call it "The One True Boot Disk" and my cow-orkers are forever coming by and begging to borrow it. (Make a copy from the disk image on the file server, I tell them, but do they listen...)
Once you introduce time travel, you have painted yourself into a corner.
Once the "go back in time and fix things" crutch has been employed once, the slippery slope to sloppy scriptwriting and unimaginative stories has started.
Time travel has ruined Star Trek for me.
Now that we have the web, and peer to peer file sharing, alt.binaries can FOAD, and the sooner the better.
Sure, easy access to pr0n and warez is popular, but I'm sick of seeing months of valuable discussion get purged from my news-server to make room for some moronic binary flood in alt.binaries.hamsters.duct-tape or whatever.
C'mon, Usenet is the worst possible medium for distributing large binary files.
Microsoft released a patch ages ago to turn off executable attachments et. al.
Nobody installed it. The kind of people who went looking for it already knew better than to run attached executables. The kind of people who are victims of these trojans hated the patch because, those people WANT to be able to click on attachments and have them run. Living without the latest animated christmas card is intolerable to them.
(Or rather, they are unable to perform any more complicated procedure, so it's single-click or nothing for that user base.)
Yeah, they decided to send the plaintext password over the wire instead. Yeah, that'll work. Not.
Bob, the reason is that the CHAP authentication protocol requires that the server know the plaintext password.
Just keeping a hash isn't good enough.
The requirement for plaintext passwords is a drawback for many challenge-response protocols. You trade-off the value of never sending the password over the net (instead using challenge-response) with having to store the actual password on the server (instead of the result of a one-way hash).
Encrypting the passwords doesn't help. If the authentication program needs the plaintext value it must be able to decrypt the password, so the attacker simply steals the encrypted passwords and a memory-dump of the executing decryptor program.
I put my ID fingerprint on my business card, then my key on the keyserver. If somebody who has my card wants my key, they download it and compare the fingerprints. If they don't have my card, they can call me and read out the fingerprint, or verify it through some other means that is more trustworthy than email.
Self-signatures also prevent third parties from adding another email address to my certificate and submitting it back to the server. If each email address on a certificate is self-signed, only the posessor of the private key could have added those IDs to the key.
The web of trust is one way of verifying that a key really belongs to a particular principal, but it is not the only way. Flexibility is one of the ways PGP wins over other public-key infrastructures (with PGP you are not forced to trust all the parties in the trust web. If you roll your own offline verification method, you don't even need to trust any of them.
Sheesh.
p.s. GAT: E+++
If you're into gaming (of the war- or RP- variety), or hang out with those who are, you will kill yourself laughing reading this book.
If you ever stayed in a college dorm, you are also in mortal danger of fatal mirth.
I enjoyed this book. It's not a masterpiece, but it is good fun.