[Crons are jobs which run nightly in UNIX speak] On Wed, 21 Apr 2004, Jerry Yeager wrote:
> Unix is an operating system that is meant to be ran all of the time > instead of being shutdown a lot. OS-X like most Unixes needs to do > housekeeping on a regular basis. it keeps a lot of records of what it > does during the day in various log files, and these can get very large, > so it takes care of that by compressing them and rotating the old ones > out of the way. This takes processor time so it does this late at night > when most folks are not using the system. Also It checks the status of > running operations and cleans things up when it finds a problem. This > is also part of the housekeeping stuff. Out of interest, what if it can't? I for one get quite annoyed at the nightly OS X jobs because either: a) Laptop is closed at that time and not running b) I'm using Laptop and definitely don't want to be bothered Is there an Apple way to reconfigure this? [ie) not the UNIX way] This is mainly theoretical though as the only one that tends to do anything is the system update, and I know I can do basic configuring of when that does checking. > Cookies do a lot of things besides store you passwords. Shopping carts > come quickly to mind, one way is to store the cart info on a server, a > very slow and error prone way of doing things, cookies make this easy > and almost trouble free. In addition, they can be used to have security It'd be interesting to see exactly how this is being done at the more popular websites. I just took a peek at an Amazon basket, and it appears to be a server-side session. This basically puts a number in a cookie on your machine and relates that number to a bit of memory on the server where it temporarily stores your shopping basket. This is the normal way as far as I know, but I tend to get brainwashed by the 'enterprise' Java world. I know in smaller scale things like PHP, cookies are used far more often by the developer and not just the person who coded the actual server system [ie) the stuff you get with OS X Server]. You often see people doing this without cookies when you see something-something-id in the url. Builder.com used to do this, but seem to have changed in the last 6 months or so. They now seem to use cookies. I'm looking at /Users/<user>/Library/Cookies/Cookies.plist by the way. > in web-sites where it is needed. You do not need to connect to the > internet, EVER, to turn over private information to some group of > government turncoats to lose it, large chunks of your private medical > and financial information is freely swapped now between various > corporations. Yep. Plus if we're getting into the fatalistic realities of information gathering, there's ECHELON [NATO project to monitor world communications] storing this thread in their databases right now. Except I mentioned their name, so they'll read it. Wave at the cameras :) [and answering Tony a bit lower down...] > > Jerry > > On Apr 21, 2004, at 8:08 PM, Tony LaFemina wrote: > > > Henri Yandell wrote: > > > > You may not be one of them, but I think there are a few on the list > > that are security conscious. I never understood the reasoning behind I've a healthy level of paranoia :) I worry about what will probably happen rather than what might happen. If I use Outlook, I'll probably get a virus. If I am slightly behind on an OS X update, I might get hacked, but most likely won't. > > As far as cookies go, you mention storing passwords. Why would any > > security conscious person want somebody or something else storing that > > kind of information? You also mention a cookie remembering who you Passwords are only worth the information they protect. I have various weak passwords I happily use on crappy websites that insist I register, and I'm perfectly happy for Safari [password cache] or the website [cookie] to effectively remember my login. It makes life a lot easier and if someone steals my laptop and gets in, they can happily pretend to be on those sites. Builder.com is a good example of that. If someone steals my laptop, I'm far more worried about lost documents and source code than the fact they can post comments as me at builder. On the other side, I keep server and banking passwords pretty tight. To talk to servers, you can use things called SSH Keys as your password. It's basically a large, cryptographically secure password that you additonally protect with a passphrase, ie multiple words. When I log into the machine, I set it up, and when I turn the machine off [or log out, or just turn off this feature], I can't automatically connect to servers/email etc. It's very cool. SSL, aka https://, also has a similar concept I think. It would be very nice if our banks would send us a signed certificate that we would put on our computers and log in with. I hate using a 4 digit pin to log into my modifiable bank acccount. They could send us an encrypted USB key etc and there'd be various electronic handshaking. All very possibly and sci-fi; especially once said electronic handshake was on a chip under our skin :) Problem I suspect is that the cost of fraud does not outweight the cost of implementing a solution that can beat current fraud; plus future fraud would just be created. I imagine that's why credit card companies in the US have us write our numbers on the cheque we pay with. In the UK the account number and credit card number are different things, but over here they are the same. I suspect the cost of 2 numbers isn't worth the cost of the fraud it would save. It's late and I'm waffling. Sorry :) Hen | The next meeting of the Louisville Computer Society will | be April 27. The LCS Web page is <http://www.kymac.org>. | List posting address: <mailto:macgroup at erdos.math.louisville.edu> | List Web page: <http://erdos.math.louisville.edu/macgroup>
