Ask Slashdot: Open Hardware/Software-Based Security Token?
I'd like something like this for a mixed Windows/Mac/Linux network but the costs are just prohibitive.
Yubikeys are $25 each for the hardware, and $45 PER USER. That's just ridiculous when you scale up, and there's an awful lot of manually faffing about to get to the point that it works.
Wait, what? Where do you get the $45 per user cost? I don't see that anywhere on their website.
The "YubiCloud" (where Yubico hosts the authenticator servers) has two modes: free and premium. The free service is open to everyone, even commercial users. The premium service offers an SLA and monthly usage statistics, and costs $3/YubiKey/year (1000-unit minimum).
You can also host your own local YubiKey authentication servers and keep things entirely in-house. Yubico has reference implementations for free on their site.
Ask Slashdot: Open Hardware/Software-Based Security Token?
For software tokens, Google Authenticator has apps for Android, iOS, and BlackBerry. They implement the TOTP standard, so any compatible code-generating software (such as the J2ME app I have on my non-smartphone) will work with it.
They also have a PAM module that works with SSH (or anything else that uses PAM). I've used it before, and it works great.
For reference, neither the apps nor the PAM module depend in any way on Google services, they don't send any data to Google, and will work perfectly happily in a totally offline environment (assuming all the servers and client apps have synchronized clocks).
Verizon Boosts FiOS Uploads To Match Downloads
I don't know about gigabit, but Steam has no problems maxing out my 150Mbps downstream link when I'm downloading games from a nearby server here in Switzerland.
Why the FCC Is Likely To Ignore Net Neutrality Comments and Listen To ISPs
The NRA has its deep pockets and resultant clout not (necessarily) from numerous individual private members but from effectively being an arms industry trade group, the USCoC of arms manufacturers and dealers.
The NSSF is the arms industry trade group. The private arms industry in the US is relatively small compared to, say, the oil, tobacco, alcohol, etc. industry and doesn't have anywhere near the same political clout as those industries. The largest source of income for the NRA is membership dues, and it's from their 5+ million members that they derive their political clout.
Obama Administration Says the World's Servers Are Ours
Nothing unfortunate about it. That only affects the rich and powerful who for all purpose defraud american taxpayers and then shift the money offshore.
Why should any american have to suffer increased deficits and taxes so a tiny elite of wealthy parasites can continue to leach american money offshore
It also affects ordinary, non-rich-and-powerful people like myself: I'm an American PhD student in Switzerland and dealing with all the tax laws purportedly targeted at shady rich people (but which overwhelmingly affect ordinary people) is a massive pain and costs my wife and I several hundred dollars per year for a tax accountant to do our reasonably straightforward (i.e. we have some US investments, retirement accounts, etc. but earn all of our income in Switzerland) taxes.
Honestly, the whole thing can be resolved by making US tax law similar to that elsewhere in the world: pretty much all the other countries tax people based on their residency, not citizenship. That is, a Canadian living in Canada will pay Canadian taxes, but a Canadian living in Switzerland only pays Swiss taxes and owes the Canadian government nothing. Americans get taxed on their global income even if they don't live in the US (though there is a certain amount below which they're not double-taxed).
Ask Slashdot: PC-Based Oscilloscopes On a Microbudget?
I have a DPScope and rather like it.
It's not a super advanced scope, and doesn't compare to standalone scopes like the Rigol DS1052E, but for someone on a budget who has fairly basic needs, it's worth a shot. It was developed by a guy who was annoyed at the drawbacks of other PC-based oscilloscopes and their software.
I use mine for testing homebuilt electronics, and it does well for that. I wouldn't use it for anything significantly more than that sort of stuff, though.
$10k Reward For Info On Anyone Who Points a Laser At Planes Goes Nationwide
Planes get lost, re-routed etc ALL the time.
Think a nightclub with laser advertising, plane flies overhead, or helicopter.
Can they be punished?
Major astronomical telescopes often use lasers for their adaptive optics systems. They coordinate with relevant authorities to insure they don't zap sensitive optics on satellites and post "plane spotters" outside so they can shut down the laser if a plane comes too close to the beam.
Of course, those lasers tend to be considerably more powerful (>5W) than handheld laser pointers (~5mW), so it might not be directly comparable, but I'd hope that any organization that is shooting lasers into the sky would have someone keeping an eye out for aircraft.
To distress my enemies, I'd force on them ...
Ads that interpret a "close" action as "user clicked on the ad".
This seems to happen with ads that hover over the content and require that one click a "close" box (either with the word "close" or with an "X" -- this isn't a pop-up with the standard browser close-window icon).
Gun Rights Groups Say They Don't Oppose Smart Guns, Just Mandates
To have guns insured just like cars are, so that gun owners will always have enough funds to cover any damages that may ensue from mishandling the weapon.
If gun insurance coverage was mandatory then there'd be the right framework for a proper marketplace dynamics.
That's called "liability insurance" and is already included in typical homeowners and renters insurance policies -- the liability policy applies to incidents both on and off one's property. Pretty much everyone already has this (or should have it). It's quite inexpensive, and is typically less than $200/year for renters, so it seems that insurance companies have very little worries about gun owners.
That said, your analogy to car insurance doesn't make sense: the vast majority of car-related injuries and death are due to unintentional acts (i.e., accidents), which insurance will cover. The majority of gun-related injuries and deaths are due to intentional criminal acts, which insurance definitely will not cover. Those likely to go about committing criminal acts with their firearms are unlikely to have "gun insurance" anyway, regardless of if it's legally mandated or not. Your typical gun owner already has liability insurance through their homeowners or renters insurance.
Did the Ignition Key Just Die?
Try turning off a car with keys when the car is in drive.
Mostly doesn't work.
Always worked for me in various cars including a 1982 Volvo 240DL, a 1992 Mercedes 300D turbodiesel, a 2003 Honda Insight, and a 2006 Toyota Camry.
For clarity, I had tested these vehicles in a controlled manner, not an emergency situation nor on public roads.
Retired SCOTUS Justice Wants To 'Fix' the Second Amendment
Unfortunately they were incorrect.
Retired SCOTUS Justice Wants To 'Fix' the Second Amendment
Yo should look a little deeper.
A) Guns are seriously regulated, including need to account for every round. Good luck getting the level of regulation about firearm in the US.
Not quite. You need to account for every round purchased at the range because the government subsidizes such ammo, even for practice purposes with non-government-issued firearms.
You can buy unsubsidized sporting ammo from gun shops and gun-related sporting goods shops with essentially no restrictions other than having the fact that you've bought ammo recorded in a logbook at the shop (which is the case for a small number of US states).
The Swiss do require a permit to purchase guns from a commercial shop, but this is automatically issued unless one is disqualified from owning arms (e.g. mentally unfit, convicted criminal, etc.). Purchasing single-shot or bolt-action firearms does not require a permit. Private sales do not require a permit, but buyer and seller need to keep a record of sale for 10 years.
Source: I live in Switzerland.
First Phase of TrueCrypt Audit Turns Up No Backdoors
Keyfiles don't work for system encryption with TrueCrypt: you can only use passwords (or passphrases, of course).
Private Keys Stolen Within Hours From Heartbleed OpenSSL Site
So not only do those of us responsible for web servers need to generate new server certs for all of our servers... pretty much every current web server cert in existence also needs to be revoked. Are the CAs even willing/able to do something on that scale in a short amount of time?
Netcraft actually has an interesting article about that very situation.
Obviously, the CAs don't really have a choice in the matter, but I can't imagine they really have capacity issues in regards to the actual revoking/signing as that's all automated. If things get crazy busy, they can always queue things -- for most admins it doesn't really matter if the new cert is issued immediately or after 15 minutes.
Human-verified certs like org-verified and EV certs might have a bit of delays, but domain-validated certs should be quick to reissue.
Of course, revocation checking for browsers is really bad. Ideally, all browsers would handle revocation checking in real-time using OCSP and all servers would have OCSP stapling enabled (this way the number of OCSP checks scales as the number of certs issued, not the number of end-users). Stapling would help reduce load on CA OCSP servers and enable certs to be verified even if one is using a network that blocks OCSP queries (e.g. you connect to a WiFi hotspot with an HTTPS-enabled captive portal that blocks internet traffic until you authenticate; without stapling there'd be no way to check the revocation status of the portal).
Also, browsers should treat an OCSP failure as a show-stopper (though with the option for advanced users to continue anyway, similar to what happens with self-signed certificates).
Sadly, that's basically the opposite of how things work now. Hopefully things will change in response to Heartbleed.
Australia May 'Pause' Trades To Tackle High-Frequency Trading
Personally, I think that it should be law that if you buy shares in any company (or fund or whatever), you have to hold on to them for a minimum of a week or a month. Shares represent actual physical companies which own factories and employ real people. Those things don't change in 500 ms. They change over a much larger amount of time. And I believe that the stock market would be healthier if this was reflected in its trading. Obviously, when new information comes out (press release: "The factory of company X has just gone up in flames"), everybody's counter should be set to zero, but shares sold in such a case cannot be bought back a fraction of a second later (because whoever just bought them has to hold on to them for a week/month).
A week or a month might be a bit too long, but something along the order of 1-5 minutes might be reasonable.
Alternatively, one might also have the exchange do batch orders: traders submit their orders to the exchange, the exchange groups them all together, and then processes them all periodically (say, every 30 seconds or something), then displays the results. Since the results are not released until after the batch is fully processed there's no advantage to submitting an order at 29.999 seconds compared to any other time within that window. This way trades can be executed reasonably quickly on a human scale and HFT doesn't have any particular advantage.
Sand in the Brain: A Fundamental Theory To Model the Mind
What's with the "cloudflare" website middleman stuff? Kind of feels like someone's breaking net neutrality. I can't read the link unless I go through a middleman SSL & whatnot?
Cloudflare's basically a CDN.
The site owner intentionally uses Cloudflare as a middleman to cache their content in locations around the globe and to improve security (Cloudflare can block attacks before they hit the actual server). Cloudflare also offers SSL proxying to site owners so visitors can connect securely to the local Cloudflare cache, which in turn connects securely to the source server.
It's quite similar to, say, Akamai, and doesn't "break net neturality" (the site owner specifically elects to use Cloudflare, just as they'd elect to use Akamai).
Why There Are So Few ISP Start-Ups In the U.S.
with dozens of satellites in orbit and then no ISP subscription needed, FREE internets for everybody with an internet capable device, smartphone, tablet, laptop, desktop, etc...
that would make ALL ISPs obsolete
Who pays for the launches, the satellites and the constant adjustments needed to keep them in proper orbits, the ground stations, and the staff needed to run everything? Those are hardly free.
More On the "Cuban Twitter" Scam
Do I think he's lost legitimacy? No.
At the very start he turned over all his data to a few journalists (Glenn Greenwald, Laura Poitras, etc.) and they are the ones who choose to publish articles based on the data he gave to them. Snowden has said he doesn't retain any of the documents or data himself, and has no control over what is published or not. That's entirely up to the journalists.
Skydiver's Helmet Cam Captures a Falling Meteor
How come it made into the news now but not at that time?
Two years is a long time. It seems it is the time it takes to a non-professional to tamper with a video, after the guy got the idea that the video would be more fun having a meteorite falling along with him. Seriously, a falling meteorite? Even if the camera would have caught a real meteorite, we'd have seen a blurry line, at best. The images breakdown clearly shows a number of photographs that have been added to the video.
If the meteorite and the skydiver were moving at (or near) their respective terminal velocities, why do you think that you'd see only a blurry line? The meteorite is not traveling at orbital velocities that deep into the atmosphere (or else it'd be glowing).
Skydiver's Helmet Cam Captures a Falling Meteor
Article notes that they kept it quiet so the geologists could have a look for the rock - I assume these things are pretty rare and perhaps there's even a concern a treasure hunter might get there first and take it? (perhaps a geologist can give a more informed opinion here....) . Certainly I have a geologist friend who was flown from Europe to the deserts of Australia on more than one occasion to look for meteorites because they are so rare... apparently much easier (comparatively speaking) to spot in a bare desert than lush green European landscapes.
The article suggests they looked for it, couldn't find it, and are now asking the public to help find it. Plus perhaps it took a while before the sky diver realised something had happened after a few views of the footage, he might not have realised at the time.
I'm not a geologist, but I do research on meteorites and have participated in a meteorite search expedition sponsored by the Swiss and Omani governments. You're right: there is a concern that private collectors might find meteorites first. In the case of the expedition I was on, that was a major concern: we were plotting the distribution of thousands of fragments of one meteorite strewn over a large (several hundred square kilometers) area. Each of the fragments we found were photographed where they lay from several angles, the location recorded using GPS, given a catalog number, collected using clean tools etc. Private collectors often don't bother doing this, so it makes it difficult to identify where meteorites in private collections came from. This makes it difficult for researchers who are interested in the precise distribution of the fragments (some of my colleagues are able to use the distribution of light and heavy fragments from this meteorite to determine the speed of the wind at different altitudes when the meteorite passed through the atmosphere, and this requires precise knowledge of where the fragments were found). My particular research is less concerned with location, but it's still nice to know the provenance of meteorites.
Of course, we don't begrudge individuals finding meteorites and wanting to keep or sell them, but we'd really appreciate it if people called their local university (or other relevant authority) so researchers could log the find and perhaps keep a sample for scientific purposes.
heypete hasn't submitted any stories.
heypete has no journal entries.