Forgot your password?

typodupeerror

Comment: Apple's Podcast Publisher and Podcast Library (Score 2) 126

by plsuh (#38551300) Attached to: Best Software For Putting Lectures Online?

This is exactly the design scenario for Podcast Publisher and Podcast Library.

http://www.apple.com/macosx/server/features/all.html#podcasting

While it can take advantage of a whole cluster of servers, it can also run (albeit more slowly) on a single Core i7 Mini Server. For more detailed docs, see:

https://help.apple.com/advancedserveradmin/mac/10.7/#apdEDF248EC-ED8E-473E-8166-E7D0B2A854D7

It's in use at lots of universities and some K-12 schools.

Hope this helps.

--Paul

Comment: Already dead (Score 4, Interesting) 128

by plsuh (#37415076) Attached to: Certificate Blunders May Mean the End For DigiNotar

This is just going through the motions. DigiNotar has been dead since August 30, when Google, Mozilla, and Microsoft all revoked trust in their certificates. Anyone with at least two brain cells (which seems to exclude a large number of managers, unfortunately) could see the writing on the wall. No one would ever buy a new DigiNotar certificate, since it would always pop up a scary warning to the user in a web browser. Why bother with buying a certificate from DigiNotar and dealing with the resulting end-user support issues, when you can buy from someone else and not have to deal with the problem?

More interesting to me is what will happen to DigiNotar's corporate parent, Vasco Data Security? The purchase of DigiNotar is relatively recent (January 10, 2011), so it's not clear how much influence Vasco's management had over DigiNotar's operations. At the very least, Vasco is going to need to pay for an audit of its own systems to reassure its direct customers.

--Paul

Comment: Cheap, but what about ongoing costs? (Score 1, Interesting) 140

by plsuh (#36920002) Attached to: TN BlueCross Encrypts All Data After 57 Disks Stolen

$6 million is pocket change to a company that has $5.2 billion in annual revenue. However, the true cost is really higher, as encrypting everything means that things like disk corruption are no longer repairable, lost passwords can't be reset without losing data, and the like. It'd be interesting to see just what the ongoing costs are.

That said, I would like to compliment Tennessee BC/BS for doing the right thing, in spite of it costing money.

--Paul

Comment: Subject to race conditions -- lame (Score 4, Insightful) 153

by plsuh (#36510556) Attached to: PlanetLab Creates a More Advanced Sudo

Folks,

Does no one remember 2007? Bob Watson presented a paper on exploiting concurrency to break all kinds of things like systrace back then, complete with example code. Vsys is the same kind of thing -- it has processes executing in an outside space where you can have a race condition and force the parameters to change after the clearance check but before it actually does the work. See:

http://www.watson.org/~robert/2007woot/

--Paul

Comment: Re:Ha Ha, mine goes to 11 (Score 1) 615

by plsuh (#36348722) Attached to: Cheap GPUs Rendering Strong Passwords Useless

consistently (a) remember a long password and (b) type it without a failure at least 50% of the time, is in the single digits.

This myth needs to end. Most people can memorize phrases hundreds of words long:

You missed the second part -- TYPE them consistently enough that they can get in without getting frustrated. I have no doubt that a large percentage of the general population can memorize long, complex passages at the word level. The number that can get them consistently right at the character level is much lower. The number that can get them consistently right at the character level when they are required to change the phrase every six months drops to near zero.


--Paul

Comment: Re:Ha Ha, mine goes to 11 (Score 5, Insightful) 615

by plsuh (#36345224) Attached to: Cheap GPUs Rendering Strong Passwords Useless

What you're missing is that the percentage of the general population that can consistently (a) remember a long password and (b) type it without a failure at least 50% of the time, is in the single digits. Remember, general population, not geeks.

I've expressed the opinion for several years now that password authentication is broken, and that we need to move to two-factor authentication schemes ASAP.

--Paul

Ambiguity: Telling the truth when you don't mean to.

Working...