Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Inability of server to enforce policy (Score 4, Insightful) 212

by linuxtelephony (#42395339) Attached to: Lax SSH Key Management A "Big Problem"

The biggest issue with SSH is the inability of the server to enforce policy on the client keys. If I'm wrong, I'd love to be corrected and learn what I've been overlooking.

As it stands, there's no way for the server to reject a key that has no pass phrase, a poor passphrase, or an old pass phrase. Short of over-the-shoulder random audits of users using their keys, there's no way to enforce a policy that sets minimum standards for pass phrases on SSH keys.

To my way of thinking that is one of the bigger areas of risk with and drawbacks of the use of SSH.

Comment: Useful even before ASuS Transformer, Vadem Clio? (Score 4, Interesting) 526

by linuxtelephony (#42159033) Attached to: Steve Jobs Was Wrong About Touchscreen Laptops

Anyone remember the Vadem Clio/Sharp TriPad? I do. For all it's clunkiness, if it wouldn't had such a problem with audio quality that would have been my first "tablet" (back in 2000 or 2001). [Oblig. wikipedia link: http://en.wikipedia.org/wiki/Vadem_Clio ] The whine during media playback killed it for me, and I wasn't willing to settle for the price so I ended up returning it. Other than that, and WinCE, it was a very useful device.

I have had the ASuS TF101 plus keyboard now for about a year and I still like it, even if my daughter has taken it over. Plus how many people run the iPad in landscape/vertical using a special case as a stand? I know I do. I can touch type pretty quick on it too (though I prefer it more of a slant then strictly vertical, probably about 60 degrees up from the table). And don't forget about the Lenovo S10-3t convertible? It was the first "laptop" with a touch screen that I've used, and even though the 1024x600 display kills the usability IMO, I still have a hard time putting it up on eBay because I find the touch screen form factor useful in a pinch.

The bottom line is the touch screen laptop is a very usable configuration and I'm surprised it's taken this long to see more of them. I think an almost perfect machine would be something like a macbook air (either 11 or 13 inch), with a quad core i7 (or comparable), 16 gb of RAM, an iPad 3 retina display w/touch for the display, a detachable keyboard (ala Transformer) or possibly rotating keyboard (Vadem Clio, Lenovo Yoga). It should also have 5+ hours of battery life and not get uncomfortably hot. I don't ask for much. :)

Comment: Suspect it's a mis-read bulletin, non-story (Score 1) 392

by linuxtelephony (#39960743) Attached to: Adobe Introduces the Paid Security Fix

From the bulletin:

Adobe released a security upgrade for Adobe Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.

Adobe has released Adobe Photoshop CS6, which addresses these vulnerabilities. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.

Sure sounds like CS5 had upgrade released that addressed these vulnerabilities. I think it also says that released version of CS6 is not vulnerable. Probably marketing people got involved to try and write this to encourage upgrades, which may have backfired a bit.

Comment: SSH Feature Wish: Server policy on SSH keys (Score 3, Interesting) 284

by linuxtelephony (#39476879) Attached to: Getting the Most Out of SSH

I wish it was possible to require SSH keys for some (or even all) users to have a passphrase, and enforce this requirement on the server.

As it stands right now, even if you generate a key for someone with a pass phrase, they can remove it easily on the client side and the server has no way of knowing. This means you could have passwordless logins to remote systems. Not good.

At least with modern systems and key agents you can get passwordless ease of use once you log into your local account, and if someone happens to get your private key they don't immediately have instant access to the machines you can log into. You should have a little time to secure the machines. [Think lost/stolen laptop or backup drive.]

Comment: From ICANN's past... (Score 4, Informative) 26

by linuxtelephony (#39433789) Attached to: ICANN Ethical Conflicts Are Worse Than They Seem

Remember these?
http://yro.slashdot.org/story/02/05/22/0150223/icann-director-seeks-court-order-to-review-records
http://yro.slashdot.org/story/02/03/15/1655246/icann-board-spurns-democratic-elections
http://yro.slashdot.org/story/02/10/31/2035207/icann-ditches-public-participation

The problems with ICANN go back a long time. The only thing that seems to be new here is that perhaps, finally, more light is being focused on them and more people are finally taking notice. Sadly, I suspect it's too little, too late.

Comment: Daycare/Sitter (Score 1) 480

by linuxtelephony (#39408737) Attached to: Ask Slashdot: What Are Your Tips For Working From Home?

I'm a single parent, and even though I work from home I still take my child to daycare so I can work during work hours. While it's nice to have the easy flexibility working from home affords when daycare is unavailable or my child is sick, it really makes a difference being able to have a quiet place to work. The irony of having to leave the house to work from home wasn't lost on me either. :)

+ - PostgreSQL 9.0 released->

Submitted by
greg1104
greg1104 writes "PostgreSQL 9.0 has been released today, including a pile of new features (with example usage for many). The biggest pair of features now included with the database allow near real-time asynchronous binary replication to slave nodes, along with the ability to run queries against them. Packages such as pgpool-II 3.0 have already been updated to build clusters using that feature, allowing transparent application load-balancing across multiple nodes for scaling read-heavy loads."
Link to Original Source

Comment: Re:Probably only applicable to Mass due to interst (Score 1) 510

by linuxtelephony (#31980676) Attached to: Mass. Data Security Law Says "Thou Shalt Encrypt"

Interesting. I'm not disagreeing with you, though based on the definitions I'm familiar with it would seem to violate the interstate commerce rules. Definitely intrastate would apply, but interstate gets interesting.

However if I am in California and someone from Mass comes to my online service and buys from me, I do not have a presence in Mass. Likewise if I were a mail order business. I am not familiar with any precedents that define businesses in different states as having a presence in other states simply because they have a web site that *might* be visited by someone in another state. Of course, I've not been following it as close as I probably should, and IANA, so it's quite likely I missed that when (if) it happened.

Can you point to those? I'd like to get caught up.

Otherwise, it would seem problematic for a business on one side of the country having to follow business rules on the other side of the country. Take the internet out of the equation. A brick and morter business in California (say a used book store) has a telephone. Someone in Mass. calls that book store and asks if they have a specific book. They do, a transaction is made over the telephone and the book sent to the purchaser. Based on the theory you put forth, this brick and morter store in California would now have to jump through the special regulatory and financial hoops being passed in Mass. If other states do the same thing, then these businesses could find themselves having to comply with a myriad of laws, regulations, and other restrictions, potentially just because of the random, one-off transaction of a diligent customer looking for a special book.

I don't think that's likely to go very far, and were it challenged in court I seriously believe it would be thrown out as violating interstate commerce laws.

Obviously this would only be for businesses not maintaining a physical presence of some form in the state. If they have an office, a store, etc. then they would need to comply. Of course, that then begs the question of whether they have to make their nationwide operations comply or just those operations and transactions that originate within the state of Mass.

One things for sure, the lawyers will have fun.

Comment: Probably only applicable to Mass due to interstate (Score 1, Interesting) 510

by linuxtelephony (#31976794) Attached to: Mass. Data Security Law Says "Thou Shalt Encrypt"

This will ultimately probably only end up affect Mass businesses or people with presence in Mass directly. Otherwise this kind of requirement has the potential to impact interstate commerce which states expressly do not have the authority to legislate.

I'm all for requirements to protect data, however it is usually not a good idea to legislate how to accomplish that. When that happens then the industry's ability to innovate is legislated away.

Comment: Unsure myself (Score 1) 750

by linuxtelephony (#31287806) Attached to: Should I Take Toyota's Software Update?

I'm unsure myself - personally I want to know exactly what traits are being changed. There are times where using both pedals at the same time can be useful. Admittedly in a passenger car on the road it's a lot less frequent than going off road or rock crawling in a 4x4.

Specifically, I want to know what criteria need to be met for it to trigger. Does the change cause the engine shutdown (or return to idle? presumably return to idle) at any point when both the brake and gas are pushed at any speed, or only if the vehicle is traveling over 10-20 mph, or only if the accelerator pedal is pressed more then X%?

Odds are I'll end up getting it regardless, just for overall safety in general. Though i'll be pretty annoyed if it is a simple if gas and brake then stall.

Comment: Camry Hybrid & drive by wire (Score 1, Offtopic) 913

by linuxtelephony (#30973422) Attached to: Toyota Pedal Issue Highlights Move To Electronics

I had to think long and hard before buying the Camry Hybrid because of all the drive-by-wire. Finally I decided to give it a go and I am glad I did. I get plenty of room in the cabin (not so much in the trunk though), and consistently get 30+ mpg around town and up to 40+ on highway trips (averaging 36-38 across West Texas at 80 mpg).

Some observations of mine:
- I have a "gear lever" to shift, but I'm pretty sure it's just there for "feel" and it's all electronic; if an electrical problem prevented the car from going into neutral then it wouldn't matter if it were "push button" or the gear lever like I have, it's still electronic.
- the emergency brake is mechanical - and that's your best bet if all else fails (assuming you aren't already going so fast as to make the car uncontrollable by locking the rear wheels
- It is not unusual for me to pull into a parking place, put the car into park, be totally stopped, release the brake, and (while totally still) push the button to turn off the car and have the car jump forward slightly; i suspect it has to do with getting a mechanical "break" in the transmission to engage and by slightly moving the car something akin to a tooth is able to engage the appropriate gear. I'm not able to reproduce on demand so I've not taken the car in for this.
- I have floor mats that are supposed to be held in place by hooks but the hooks keep coming out and floor mat moves all around. This is the factor carpeted floor, not the all season one, and i've never had it cause problems with the accelerator.
- i've not been able to reproduce the launching triggered by the cruise control as reported by SteveWoz, but that may be prius specific and/or speed related (i haven't been anywhere to try at 85 mph yet, speed limits around here stop at 75).

Comment: My Speculation: tablet will be in the "air" family (Score 1) 596

by linuxtelephony (#30696634) Attached to: Why Everyone Has High Hopes For Apple Tablet

Friend of mine and I were talking about this earlier in the week. My guess is that there will be something of a tablet and that it will be in the macbook air family. Something like a keyboardless mac book air, but able to use the bluetooth keyboard/mouse they already offer (or a new smaller version possibly for the purpose). This would let the air become even thinner.

Wildly off-the-wall speculation - verizon data card built in or optional.

"It's what you learn after you know it all that counts." -- John Wooden

Working...