Under Windows 7, click the speaker icon in the system tray. Press "Mixer". It has overall device volume, and a slider for each running application.
I recently switched to Windows after running Kubuntu for two years. There were a lot of things I liked about Linux, but sound certainly wasn't one of them. It's nice to have things just work rather than the magic incantations and sacrifices needed for ALSA and PulseAudio.
The full text of the block message, for those of you not on a network using OpenDNS:
"This site was blocked by OpenDNS in response to either the Conficker virus, the Microsoft IE zero-day vulnerability, or some equally serious vulnerability.
If you think this shouldn't be blocked, please email us at contact@opendns.com."
They aren't on Verizon or Sprint quite yet because Microsoft didn't have time to get the OS ready for CDMA devices. Considering how poorly the first CDMA Android devices performed (example: phones using Android 1.6 couldn't use A-GPS for a long time if I remember correctly), getting the bugs out first seems like it was a solid strategy.
There's another massive problem with I/O scheduling on Linux: all of the schedulers are designed for physical disks. With solid state drives as opposed to physical spinning platters, a ladder algorithm is useless and only serves to reduce performance. With solid state drives, the best scheduler is currently noop, which doesn't implement priorities. I prototyped a lottery based scheduler for a class that would allow ionice to be used in a sensible way on solid state drives, but never got it into a state where it didn't crash the kernel. The whole system does seem a little massively out of date.
It used to be that an enterprise WPA2 network had a similar level of privacy to a switched wired network, where individual users couldn't see each other's traffic. Now it is equivalent to a network with hubs, allowing connected users to see each other's traffic.
Also with locked software distribution are all the Verizon phones tied to BREW. Those can only download apps from Get It Now (if I remember the name correctly, it's been a while), and were also code signed. There were also almost no applications, and the ones that did exist were $5 tetris games and the like. Utterly useless except to make Verizon money.
paul248 nailed it. I understand what you are saying, but without the page providing the form being secured, it could be modified to post to a different server or scrape the login with javascript. Unless you want to check the post address and all scripts on the page yourself, an HTTP form isn't really secure.
My bank has a dumb tethered login on the main page, where a form delivered over HTTP posts to a page secured with HTTPS. It took a slashdot thread pointing this out for me to realize it, and now I always use an extra click to find the HTTPS login page. But I'm sure that most people don't, so by the time they even could notice something's wrong, it would be too late. (I use a fairly major American bank.)
Banks sending emails can be very useful. I have my bank send me balance alerts, and when I see one I type in my bank's URL, avoid the tethered login, and transfer some funds. I can't think of a better way for this to work, and if someone does send me a phishing message I don't detect, I'll log into my account and see that it wasn't from the bank anyways.
I use OS X, and although Flash does ship with the system, I have downloaded newer versions direct from Adobe. I've also downloaded third party codecs such as Windows Media/Flip4Mac from Microsoft, and the open source Perian. Granted, I do trust all of those as much as one can trust Adobe and Microsoft, but third party plugins are not unheard of on the Mac, just rarer.
Oh, and don't forget all of the people who have jailbroken their Apple iPhones with software obtained from the shadiest places possible (such as RapidShare)! People have no problems installing random binaries on their systems.
Slashdot car analogy: Do you lock the doors on your car? That helps against those who are not really out to get you. That's not security, as someone who is determined could use a coat-hanger and get in. Might as well not lock your car doors.
For some things, preventing against passive attacks is all that is needed, such as for your Slashdot user account. Currently, the login form is just HTTP, so how could protection against passive attacks be worse? Presenting such as connection in the same way as the verified certificate given to your bank is bad, but by itself, a connection without identity verification isn't worse than plain old HTTP.
Precisely. But there's no way to use authentication-less SSL with HTTP, is there? (At least that a normal use would understand, no tunneling.) And that's the problem.
Let's say I have a small website with logins where I can't afford a cert, but want to add a layer of security, so I follow option 1. Now I have my root certificate installed in my users' browsers. If I'm malicious or even just incompetent and lose my private key, now all of my users are more vulnerable to man-in-the-middle and phishing attacks because I can sign anything I want.
Having users get used to installing new CA's seems to be the worst possible idea for security.
And let's face it, do you personally know and trust the maintainer of every site you have a login at? Would a website verified as belonging to my name be any more trustworthy than one I signed myself? Perhaps this isn't the best idea either, because of the aforementioned man-in-the-middle attacks, but the inclusion of a free CA like CAcert could solve all problems but identification. Even then the lowest level of GoDaddy certs is "Verifies domain control & secures your site," which is identical. (CAcert also has a Web of Trust that is probably better than the verification by GoDaddy for a Deluxe SSL, but I won't get into that.) So for verifying identity, as I said, who am I and why should you trust me anyways? Lots of small websites are run by individuals. Better to have a secure end to end link than no encryption at all, which is the way a lot of smaller websites will have to go. By making self-signed certs all but useless and not providing a free alternative, Mozilla is hurting the web. Oh, and I just checked, and the cheapest GoDaddy certificate is currently $29/yr, more than three times my domain registration.
Some random Linux distro? If you're going to go through the trouble of switching OSes because of security concerns, you might as well use OpenBSD. It has a better security track record than pretty much anything, with what, 2 remote vulnerabilities ever?
"Prohibited and Permissible Uses: ... While most common uses for Intranet browsing, email and intranet access are permitted by your data plan, there are certain uses that cause extreme network capacity issues and interference with the network and are therefore prohibited. Examples of prohibited uses include, without limitation, the following: (i) server devices or host computer applications, including, but not limited to, Web camera posts or broadcasts, automatic data feeds, automated machine-to-machine connections or peer-to-peer (P2P) file sharing..."
Slashdot Mirror
Under Windows 7, click the speaker icon in the system tray. Press "Mixer". It has overall device volume, and a slider for each running application.
I recently switched to Windows after running Kubuntu for two years. There were a lot of things I liked about Linux, but sound certainly wasn't one of them. It's nice to have things just work rather than the magic incantations and sacrifices needed for ALSA and PulseAudio.
The full text of the block message, for those of you not on a network using OpenDNS:
"This site was blocked by OpenDNS in response to either the Conficker virus, the Microsoft IE zero-day vulnerability, or some equally serious vulnerability.
If you think this shouldn't be blocked, please email us at contact@opendns.com."
They aren't on Verizon or Sprint quite yet because Microsoft didn't have time to get the OS ready for CDMA devices. Considering how poorly the first CDMA Android devices performed (example: phones using Android 1.6 couldn't use A-GPS for a long time if I remember correctly), getting the bugs out first seems like it was a solid strategy.
Oh yes, I certainly agree lottery isn't a very good choice, except for the project was due in a few days and it was simple :)
I was, however, quite surprised that there seemed to be no schedulers with priorities and no ladder already in the the kernel.
There's another massive problem with I/O scheduling on Linux: all of the schedulers are designed for physical disks. With solid state drives as opposed to physical spinning platters, a ladder algorithm is useless and only serves to reduce performance. With solid state drives, the best scheduler is currently noop, which doesn't implement priorities. I prototyped a lottery based scheduler for a class that would allow ionice to be used in a sensible way on solid state drives, but never got it into a state where it didn't crash the kernel. The whole system does seem a little massively out of date.
It used to be that an enterprise WPA2 network had a similar level of privacy to a switched wired network, where individual users couldn't see each other's traffic. Now it is equivalent to a network with hubs, allowing connected users to see each other's traffic.
If you can't trust the computer you're on... why do you want to mount encrypted files on it? Wouldn't that defeat the point?
Also with locked software distribution are all the Verizon phones tied to BREW. Those can only download apps from Get It Now (if I remember the name correctly, it's been a while), and were also code signed. There were also almost no applications, and the ones that did exist were $5 tetris games and the like. Utterly useless except to make Verizon money.
The complete rewrite came after Netscape was open sourced and became Mozilla. It is this complete rewrite that has allowed Firefox to progress the way it has. If you're really curious, see http://commons.oreilly.com/wiki/index.php/Open_Sources_2.0/Open_Source:_Competition_and_Evolution/The_Mozilla_Project:_Past_and_Future.
I've had an iPhone application for quite a while that uses this. It's called WritingPad, and the about screen has a link to http://shapewriter.com/.
Two sales, two sales taxes.
It's being worked on. See http://www.openchange.org/.
Not if it's over SSL, where if the man-in-the-middle was just blindly forwarding the connection they wouldn't get to read what was being transmitted.
Well, good thing they thought of that and make you enter your password to purchase applications on the iPhone.
Actually, no. I was thinking of Washington Mutual, where even if you type in https://wamu.com/, it redirects to http://www.wamu.com/personal/default.asp. Argh. https://online.wamu.com/IdentityManagement/Logon.aspx works though. I guess there's a lot of banks like this.
paul248 nailed it. I understand what you are saying, but without the page providing the form being secured, it could be modified to post to a different server or scrape the login with javascript. Unless you want to check the post address and all scripts on the page yourself, an HTTP form isn't really secure.
My bank has a dumb tethered login on the main page, where a form delivered over HTTP posts to a page secured with HTTPS. It took a slashdot thread pointing this out for me to realize it, and now I always use an extra click to find the HTTPS login page. But I'm sure that most people don't, so by the time they even could notice something's wrong, it would be too late. (I use a fairly major American bank.)
Banks sending emails can be very useful. I have my bank send me balance alerts, and when I see one I type in my bank's URL, avoid the tethered login, and transfer some funds. I can't think of a better way for this to work, and if someone does send me a phishing message I don't detect, I'll log into my account and see that it wasn't from the bank anyways.
I use OS X, and although Flash does ship with the system, I have downloaded newer versions direct from Adobe. I've also downloaded third party codecs such as Windows Media/Flip4Mac from Microsoft, and the open source Perian. Granted, I do trust all of those as much as one can trust Adobe and Microsoft, but third party plugins are not unheard of on the Mac, just rarer.
Oh, and don't forget all of the people who have jailbroken their Apple iPhones with software obtained from the shadiest places possible (such as RapidShare)! People have no problems installing random binaries on their systems.
Slashdot car analogy: Do you lock the doors on your car? That helps against those who are not really out to get you. That's not security, as someone who is determined could use a coat-hanger and get in. Might as well not lock your car doors.
For some things, preventing against passive attacks is all that is needed, such as for your Slashdot user account. Currently, the login form is just HTTP, so how could protection against passive attacks be worse? Presenting such as connection in the same way as the verified certificate given to your bank is bad, but by itself, a connection without identity verification isn't worse than plain old HTTP.
Precisely. But there's no way to use authentication-less SSL with HTTP, is there? (At least that a normal use would understand, no tunneling.) And that's the problem.
Or, I could walk down to Safeway, buy a $25 Visa Gift Card with cash, and have a perfectly valid non-traceable payment method. Hurrah. Secure.
Let's say I have a small website with logins where I can't afford a cert, but want to add a layer of security, so I follow option 1. Now I have my root certificate installed in my users' browsers. If I'm malicious or even just incompetent and lose my private key, now all of my users are more vulnerable to man-in-the-middle and phishing attacks because I can sign anything I want.
Having users get used to installing new CA's seems to be the worst possible idea for security.
And let's face it, do you personally know and trust the maintainer of every site you have a login at? Would a website verified as belonging to my name be any more trustworthy than one I signed myself? Perhaps this isn't the best idea either, because of the aforementioned man-in-the-middle attacks, but the inclusion of a free CA like CAcert could solve all problems but identification. Even then the lowest level of GoDaddy certs is "Verifies domain control & secures your site," which is identical. (CAcert also has a Web of Trust that is probably better than the verification by GoDaddy for a Deluxe SSL, but I won't get into that.) So for verifying identity, as I said, who am I and why should you trust me anyways? Lots of small websites are run by individuals. Better to have a secure end to end link than no encryption at all, which is the way a lot of smaller websites will have to go. By making self-signed certs all but useless and not providing a free alternative, Mozilla is hurting the web. Oh, and I just checked, and the cheapest GoDaddy certificate is currently $29/yr, more than three times my domain registration.
Some random Linux distro? If you're going to go through the trouble of switching OSes because of security concerns, you might as well use OpenBSD. It has a better security track record than pretty much anything, with what, 2 remote vulnerabilities ever?
"Prohibited and Permissible Uses:
... While most common uses for Intranet browsing, email and intranet access are permitted by your data plan, there are certain uses that cause extreme network capacity issues and interference with the network and are therefore prohibited. Examples of prohibited uses include, without limitation, the following: (i) server devices or host computer applications, including, but not limited to, Web camera posts or broadcasts, automatic data feeds, automated machine-to-machine connections or peer-to-peer (P2P) file sharing..."
from http://www.wireless.att.com/cell-phone-service/legal/plan-terms.jsp