[SLUG] Industry TechLink News
Title: Industry TechLink eNewsletter 2004Issue 20 WELCOME to this ISSUE of Industry TechLink News. For technology assistance or further information on these articles, phone us on 1800 111 485*. Industry TechLink News Subscribe Unsubscribe Online Enquiry Case Studies Print Version Inside this Edition: Information Security - an exercise in risk management I said backup! How to prevent data loss and a visit to the shrink! Information Security - an exercise in risk management Ever worried about the integrity of your company's IT network? Ever spent sleepless nights thinking about potential attackers and hackers?Contemplating locking down your network to the point that it no longer functions with ease?If you are empathising with the above mentioned questions, then Industry TechLink may very well have the answers you are seeking.Industry TechLink's information technology consultants have a range of powerful and highly functional solutions that can eliminate the stress and worry associated with securely and cost effectively securing your company network. Whether you have 2 or 222 people on your network, Industry TechLink can provide you with innovative solutions that address your requirements and don't necessarily break the bank!If you are tired of speaking with 'savvy' sales people who want to sell you a million dollar solution, then call Industry TechLink for some much needed free advice and guidance on 1800 111 485! more info Industry TechLink is an Australian Government funded free advisoryservice to help solve your technology problems, locate machinery and recommend business improvements. To speak with our technology consultants, call us on 1800 111 485. I said...backup or PERISH! Now...take a deep breath...relax...breathe in, breathe out... breathe in...Failing to manage or protect the integrity of your company's data can have disastrous consequences to the viability of your services. Industry TechLink consultants can advise you on suitable data storage solutions that can best serve your business needs and budget. Many organisations have turned a blind eye towards system backups due to a perceived 'high cost', and the resources (both hardware and human) required to administer such a program. However developments in technology and infrastructure mean that there are numerous solutions available to businesses wishing to safely and securely backup their organisation's information.Innovative technology now provides business owners with backup options including daily backups at a pre determined time delivered over a 440 bit Secure Socket Layer (SSL) encrypted line to a central repository (data storage bank), via the internet, backing up onto DVD devices, CD-ROM devices, and tape.Ideally, the time to investigate innovative and cost effective backup options is when you are updating company hardware and IT infrastructure, or realise that your existing backup regime is flawed and dangerous to the longevity of your operations.To find out more about data storage solutions, ring Industry TechLink on 1800 111 485 today! more info Recent Issues2005 Diary Give Away!Microtextures Unlock Innovative OpportunitiesAlliance struck to provide businesses with energy saving technologies!Hybrid Laser Welding Cuts Manufacturing Costs!Lightweight Concrete Industry TechLink is an Australian Government funded service. 'Industry TechLink News' is published with the authorisation of the Australian Government and conforms to Section 17 of the Spam Act 2003. Industry TechLink pays the courtesy to recipients by providing them with the opportunity to 'opt out' of the distribution list, in accordance with the intent and spirit of the Act. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] February DebSIG
When: Wednesday, February 16, 6:30pm - 7:30pm (Note: This is earlier than usual) Where: James Squire Brewery ( http://debian.slug.org.au/events/jsb.html ) This month Russell Coker will be giving a talk on SE Linux as he passes briefly through Sydney. As Russell needs to be at Sydney Airport by 8:30 it's highly recommended you get there early as we'll probably kick things off at about 6:30pm instead of the usual 7:00pm. Russell will be around for a chat and a beer from 5:30pm or earlier. Along with the usual free-form discussions / debates that will precede and follow his talk, food, drink and internet access are available and people generally start wandering in from 18:30 (or 17:30 this month) for a good 'ol chin wag. More Info: http://debian.slug.org.au/ Maps: http://debian.slug.org.au/events/jsb.html iCal Feed: http://debian.slug.org.au/events/event.ics RSS Feed: http://debian.slug.org.au/events/rss.xml signature.asc Description: Digital signature -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] how to open an eps file
To view it: ghostview (same as gs) kghostview gsview ggv (gnome ghost view) To edit it: Note that Postscript is a programming language, and doesn't lend itself well to editing. That being said, there are some programs that will edit some Postscript files. Your best chance is to use Adobe Illustrator, but Skencil (www.skencil.org, formerly sketch) can also open some post-script files. I was hoping that inkscape would do it, but it doesn't seem to. You can embed .eps files in OpenOffice. If you want to see the picture inside OpenOffice, you will probably need to add a tiff preview image. gsview can do this for you (see Edit | Add EPS Preview). (This trick also works for Microsoft Word.) Even without embedding the tiff preview, the .eps file will most likely come through properly when you print the file to a Postscript printer, or when you create a .pdf (OpenOffice has a one-click export to PDF function.) Having said all this, I have not actually worked with .eps files in OpenOffice, so I am not absolutely sure that it will work. Let us know how you go. This is the procedure that works with Microsoft Word. Ben Stanley. On Mon, 2005-02-14 at 23:47, Andrewd wrote: As the title says, I have an eps file (for a logo). Any ideas on what I need to open it with. Open Office states it was created with adobe but no image. Karbon14 seems to lock up, and GIMP opens it but does not display it properly - any ideas? also I am using Mandrake 10. Thanx Andrew D -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
Hi, I've just forwarded your question to one of the managers of WebCollage and he said that they don't give a complete solution for single-sign-on but for a nominal fee, and if you have an NT or a Solaris box they will send you a copy of their software so you can get rid of the frames stuff. Cheers, --Amos On Tue, 15 Feb 2005 16:41:23 +1100, Taryn East [EMAIL PROTECTED] wrote: I've been given the task of doing a single-login and am having trouble finding out how to do it... the issue is that our business allows some of our website to be viewable through the website of some of our channel partners. These channel partners have a login to our website to allow them to do this. However, the channel partners have customers that only have a login to the channel-partner websites... and the channel partners don't want to directly give them the login to our site, but do want the pages displayed (generally using yucky frames... but hey). ok, now they aparrently used to do this by having a url with the username/password in it (ie using basic http authentication with the login details as parameters). Firstly this is unsafe and secndly - microsoft (in a rare moment where their interests align with ours) has turned this feature off in IE (to stop address-bar spoofing). I need some sort of alternative method of doing this, however all the 'help files on this issue seem to just say: let the users get the prompt and login... the problem with this being that the user does not have the login details and will not be given them - ie this is not a solution for me :( Now when this issue first came up I got all enthusiastic and went wandring through the web and found that you can send the details in an http header etc etc... however I seem to have hit a brick wall in that I don't see how to actually send that. There is a hell of a lot on the web on autologin functions from the recipient side fo things (ie the one receiving the login details) but we need some code to hand to our channel partners that can run on their server to send the login details to us... something that can be activated through a normal webpage that will not bug the user for anything. I trawled through the HTTP specs and the PHP pages looking for anything that might help, but I readily admit that I'm doing a random search - I don't really know where to go look for this stuff. Does anyone here have any ideas? Even just some general direction on a good place to go looking? Cheers and thanks in advance, Taryn -- This .sig temporarily out-of-order. We apologise for any inconvenience - The Management -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Your email is protected by Mailshell -- To block spam or change delivery options: http://www.mailshell.com/control.html?a=balatsrial4tlprafm_jqupsjnpz1k FreshAddress.com http://rd.mailshell.com/ad482 Earn up to $3 for each of your friends who signs up with Mailshell! http://rd.mailshell.com/sp5 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
again I missed the list... I'll get used to shift-L someday... * [EMAIL PROTECTED] [EMAIL PROTECTED] spake thus: Sounds like a cookie that requires them to login the first time, doesn't it? or can a site set a cookie for another site? I would think that browsers would not let us see the cookie set by the channel-partners' sites. :( Cheers, Taryn -- This .sig temporarily out-of-order. We apologise for any inconvenience - The Management -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
On Wed, 16 Feb 2005 07:16:00 +1100, Taryn East * Mike MacCana [EMAIL PROTECTED] spake thus: Do you have a Kerberos server (KDC)? Their web client (IE/FF) could send a kerberos ticket for authentication, and get access in a secure fashion without prompting them for anything. This question reminded me of the Liberty Alliance (http://www.projectliberty.org) - as far as I got it, the Liberty Alliance is just about such cross-site authentication. Does anyone know if they have anything concerete to work with beyond the papers they put until today? The only link with a promising label is about a member-donated SecureID.Java implementation in the Developer Resources page. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
Slightly off-topic from the original post but... The company I used to work for are implementing liberty alliance as part of a new platform, so I guess there are implementations available, but since they were using IBM (one of the members of liberty) as a consultancy for it I would imagine that they have access to things non-members don't. I saw a working demo of the technology at an XML conference where a chap from Nokia authenticated using the platform ( on a series 60 handset) to an AOL website. I think Nokia are going to include the technology on their phones, as it's an ideal solution to mobile billing problems. For those that dont know, Liberty Alliance is an XML based system to identify a user across multiple providers without actually knowing who the user is, and allowing the user to specify what information they would like each provider to know. Rob. On Wed, 16 Feb 2005 09:15:23 +1100, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Wed, 16 Feb 2005 07:16:00 +1100, Taryn East * Mike MacCana [EMAIL PROTECTED] spake thus: Do you have a Kerberos server (KDC)? Their web client (IE/FF) could send a kerberos ticket for authentication, and get access in a secure fashion without prompting them for anything. This question reminded me of the Liberty Alliance (http://www.projectliberty.org) - as far as I got it, the Liberty Alliance is just about such cross-site authentication. Does anyone know if they have anything concerete to work with beyond the papers they put until today? The only link with a promising label is about a member-donated SecureID.Java implementation in the Developer Resources page. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Rob Sharp e: [EMAIL PROTECTED] w: quannum.co.uk j: [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
* Rob Sharp [EMAIL PROTECTED] spake thus: I'm guessing that you use PHP, and if you are, then the CURL library is your friend... http://au2.php.net/curl You should be able to authenticate to the remote site and 'proxy' the pages to the users browser by echoing the server response to the browser... You could then rewrite their links to use your 'proxy'. Hope that points you in the right direction. YES! thanks so much , this is exactly the sort of thing I'm looking for. I can throw one of these together on our site and see how it works then send the code on over to our channel partners. Thanks again, Taryn -- This .sig temporarily out-of-order. We apologise for any inconvenience - The Management -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
* [EMAIL PROTECTED] [EMAIL PROTECTED] spake thus: Sounds like just what WebCollage (http://www.webcollage.com) do. snip it all sounds good - but I'd rather not recommend to our channel partners that they essentially buy a new system for their websites... they have their own systems already. But it's an option to keep in mind - especially gien that we can't hand-craft a solution for each of them, we can always say and if none fo these works for you... Cheers and thanks, Taryn -- This .sig temporarily out-of-order. We apologise for any inconvenience - The Management -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] text to web page, adding br ?
Quote=Voytek but, get an extra line, do I still use br ? Short grubby answer, yes. Longer but cleaner answer, no. Use a cascading style sheet and set the top/bottom-padding for the paragraph, e.g head ... style p { bottom-padding: 10px; } /style ... /head Try http://www.csszengarden.com HTH P. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: safe(ish) single-login from website
ok, reading this has made me suspect my knowledge of cookies is much less complete than I had at first thought... I'm just going to ask a whole bunch more questions and hopefully nut out the answers... * Matthew Palmer [EMAIL PROTECTED] spake thus: There's lots of things that can be done with cookies: The bog-basic way -- have the channel partner set a cookie for your site containing info on them. Maybe base64 encode it to keep out the casual poker. this would be ok for the channel partners logging into our site, but wouldn't clients of the channel partner have issues with the cookies being for the channel-partner site? how would their site set a cookie for our site such that someone logging into their site can then get into ours? The hyper-secure option -- Provide each of your channel partners with the public portion of an asymmetric key, with which they encrypt the contents of the cookie, typically a unique ID of some sort, of perhaps other useful info. Your site then decrypts the cookie with the private portion of the key, and (assuming everything matches) grants appropriate access. Use asymmetric rather than symmetric so that insecurity at the other sites won't screw *you* over, and use a different key pair for each channel partner so that you can prove which partner provided the referral. this seems to be a way of securing the above... which is nice, but probably OTT given that I know how dodgy security is already on our site... while I'm trying to persuade them to change this, I may not be able to do it on this project (especially as I'm the junior programmer and the senior programmer is much more into it's just easier this way... but I'm not bitter ;)) anyway, as I can see, the above raises the same questions for me as the previous one - I'm not sure how we can then get this onto the channel-partner's clients without having to hand each of them the key... and I get the feeling this is similar to just handing them the login details. To clarify, I think the business perspective here is that the channel partners don't want their clients realising that they can just come to our site by themselves without having to use the CP sites... they don't want the middlemen (ie themselves) cut out :) So they don't want the clients knowing that there is any other login even involved. The WS option -- Have the channel partner generate a unique ID and send it to your site via some sort of basic SOAP interface, and hand the same ID (or derivative) to the user in a cookie set for your site. this sounds interesting and probably the better option in the long run - but this also sounds like we would have to alter how we currently do logins (currently via http authentication rather than SOAP options) which is unlikely to be scoped into the current project. :( It's probably a good idea for our next generation project, though. I hear they're planning on changing over to form based authentication... which to me means nothing and I haven't heard anything more about it apart from just that, even after asking (I think I got some vague waffle about it being just better). Alternately, the channel partners could have individual portal pages which they point their users to, which you then set cookies or whatever to identify the visitor and they get redirected to the right place. by individual do you mean a different page for each user? Probably not a good idea - I think they like their generic pages and I can understand why. Otherwise I think I'm just confused... ok, now they aparrently used to do this by having a url with the username/password in it (ie using basic http authentication with the login details as parameters). Eeew. Why bother even *having* logins if they're going to send them to anyone that asks for them? yep, that's my reaction... again, I'm just a junior - what would I know ;) I guess they like the impression of being secure without actually putting all that hard work and effort that it'd obviously take to fix it (not). sigh But then, this is business for you and I am just not surprised anymore. There is a hell of a lot on the web on autologin functions from the recipient side fo things (ie the one receiving the login details) but we need some code to hand to our channel partners that can run on their server to send the login details to us... something that can be Details of the partners' sites? If you're going to write it for them, unless they're all using the same environment and roughly the same websites, you're not going to be able to send them a one-size-fits-all bit of code. yes I know and I have informed my manager of this - he didn't realise it and hoped that it could all be done at our end... he was hoping we could just hand them a URL-solution like it was before... Anyway, I've convinced him that we can only offer possible solutions - and he has asked me to write a demo area that we can show to CPs. The PHP solution of CURL ofered in
Re: [SLUG] safe(ish) single-login from website
* Gavin Carr [EMAIL PROTECTED] spake thus: Try mod_auth_tkt: http://www.openfusion.com.au/labs/mod_auth_tkt/ this sounds really like a good option but... https://www.taryn.com/cgi-bin/ticket.cgi?user=foo;pass=bar this looks like exactly the sort of thing that I can't do anymore - which is prompting me to make these changes... Have I misunderstood what you're doing here? Otherwise it'd be a great solution as it won't matter what system the CPs are running for it to work! Cheers and thanks, Taryn -- This .sig temporarily out-of-order. We apologise for any inconvenience - The Management -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: safe(ish) single-login from website
For a future implementation, you might wanna look over this friendly introduction to liberty/saml on xml.com. Liberty and SAML propose pretty much the kind of stuff you want to do, and are an open (OASIS) standard. http://www.xml.com/pub/a/2005/01/12/saml2.html Rob. On Wed, 16 Feb 2005 10:54:58 +1100, Taryn East [EMAIL PROTECTED] wrote: ok, reading this has made me suspect my knowledge of cookies is much less complete than I had at first thought... I'm just going to ask a whole bunch more questions and hopefully nut out the answers... * Matthew Palmer [EMAIL PROTECTED] spake thus: There's lots of things that can be done with cookies: The bog-basic way -- have the channel partner set a cookie for your site containing info on them. Maybe base64 encode it to keep out the casual poker. this would be ok for the channel partners logging into our site, but wouldn't clients of the channel partner have issues with the cookies being for the channel-partner site? how would their site set a cookie for our site such that someone logging into their site can then get into ours? The hyper-secure option -- Provide each of your channel partners with the public portion of an asymmetric key, with which they encrypt the contents of the cookie, typically a unique ID of some sort, of perhaps other useful info. Your site then decrypts the cookie with the private portion of the key, and (assuming everything matches) grants appropriate access. Use asymmetric rather than symmetric so that insecurity at the other sites won't screw *you* over, and use a different key pair for each channel partner so that you can prove which partner provided the referral. this seems to be a way of securing the above... which is nice, but probably OTT given that I know how dodgy security is already on our site... while I'm trying to persuade them to change this, I may not be able to do it on this project (especially as I'm the junior programmer and the senior programmer is much more into it's just easier this way... but I'm not bitter ;)) anyway, as I can see, the above raises the same questions for me as the previous one - I'm not sure how we can then get this onto the channel-partner's clients without having to hand each of them the key... and I get the feeling this is similar to just handing them the login details. To clarify, I think the business perspective here is that the channel partners don't want their clients realising that they can just come to our site by themselves without having to use the CP sites... they don't want the middlemen (ie themselves) cut out :) So they don't want the clients knowing that there is any other login even involved. The WS option -- Have the channel partner generate a unique ID and send it to your site via some sort of basic SOAP interface, and hand the same ID (or derivative) to the user in a cookie set for your site. this sounds interesting and probably the better option in the long run - but this also sounds like we would have to alter how we currently do logins (currently via http authentication rather than SOAP options) which is unlikely to be scoped into the current project. :( It's probably a good idea for our next generation project, though. I hear they're planning on changing over to form based authentication... which to me means nothing and I haven't heard anything more about it apart from just that, even after asking (I think I got some vague waffle about it being just better). Alternately, the channel partners could have individual portal pages which they point their users to, which you then set cookies or whatever to identify the visitor and they get redirected to the right place. by individual do you mean a different page for each user? Probably not a good idea - I think they like their generic pages and I can understand why. Otherwise I think I'm just confused... ok, now they aparrently used to do this by having a url with the username/password in it (ie using basic http authentication with the login details as parameters). Eeew. Why bother even *having* logins if they're going to send them to anyone that asks for them? yep, that's my reaction... again, I'm just a junior - what would I know ;) I guess they like the impression of being secure without actually putting all that hard work and effort that it'd obviously take to fix it (not). sigh But then, this is business for you and I am just not surprised anymore. There is a hell of a lot on the web on autologin functions from the recipient side fo things (ie the one receiving the login details) but we need some code to hand to our channel partners that can run on their server to send the login details to us... something that can be Details of the partners' sites? If you're going to write it for them, unless they're all using the same environment and roughly the same websites, you're not
[SLUG] Re: Re: safe(ish) single-login from website
On Wed, Feb 16, 2005 at 10:54:58AM +1100, Taryn East wrote: * Matthew Palmer [EMAIL PROTECTED] spake thus: There's lots of things that can be done with cookies: The bog-basic way -- have the channel partner set a cookie for your site containing info on them. Maybe base64 encode it to keep out the casual poker. this would be ok for the channel partners logging into our site, but wouldn't clients of the channel partner have issues with the cookies being for the channel-partner site? how would their site set a cookie for our site such that someone logging into their site can then get into ours? Setting a cookie to be read by another site is trivial, and is standard practice at a lot of sites -- the f2 network (smh.com.au, theage.com.au, and all the rest of those f**kwits) do it all the time. There are settings in Firefox to deny the setting of cookies for another site, but even I, the Cookie Nazi, don't have that option turned on. The hyper-secure option -- Provide each of your channel partners with the public portion of an asymmetric key, with which they encrypt the contents of the cookie, typically a unique ID of some sort, of perhaps other useful info. Your site then decrypts the cookie with the private portion of the key, and (assuming everything matches) grants appropriate access. Use asymmetric rather than symmetric so that insecurity at the other sites won't screw *you* over, and use a different key pair for each channel partner so that you can prove which partner provided the referral. this seems to be a way of securing the above... which is nice, but probably OTT given that I know how dodgy security is already on our site... If you're going to do it, you might as well do it properly. anyway, as I can see, the above raises the same questions for me as the previous one - I'm not sure how we can then get this onto the channel-partner's clients without having to hand each of them the key... The channel partner has their public key, they use that to crypt up something and hand the crypted string in a cookie to the web browser, which then presents the crypted string to *your* site, which decrypts using the private key, and if everything works out you permit access to the browser and increment the channel partner's statistics. To clarify, I think the business perspective here is that the channel partners don't want their clients realising that they can just come to our site by themselves without having to use the CP sites... they don't want the middlemen (ie themselves) cut out :) So they don't want the clients knowing that there is any other login even involved. Indeed. Which is why the user has to go to their site to login and receive a cookie to permit them entry into your site. It's probably a good idea for our next generation project, though. I hear they're planning on changing over to form based authentication... which to me means nothing and I haven't heard anything more about it apart from just that, even after asking (I think I got some vague waffle about it being just better). Blergh. Form-based auth is more flexible to some degree, but it's always seemed a bit wasteful to me, considering that HTTP comes with an auth mechanism already... Alternately, the channel partners could have individual portal pages which they point their users to, which you then set cookies or whatever to identify the visitor and they get redirected to the right place. by individual do you mean a different page for each user? Probably not a good idea - I think they like their generic pages and I can understand why. Otherwise I think I'm just confused... It's quite simple. You create a page on your site, like so: http://www.yoursite.com/incoming.cgi Which gets passed a couple of parameters, like so: /incoming.cgi?token=xyzzyxyzzyxyzzyloc=/page/you/want/to/go/to.html Your site takes the token information as an instead of for the cookie, verifies it (using any one of the methods above), and then, if it all matches, sets a local cookie and sends a Location: /page/you/want/to/go/to.html header to redirect the user to the page they really wanted to view. So, your channel partners need to rewrite all URLs that point to your site in the form above, probably with a dynamically generated token= field, so you can do the cookie management yourself. In case you're still hung up on HTTP auth, I'll state things very cleanly: there is *no* *way* for you to do what you want using plain HTTP authentication on your site. There are only two ways to send HTTP auth info to the web server -- by plain-texting the credentials into the URL, or having the user type them by hand. You *will* need to implement some alternative means for your channel partners to hand off users from them to you. There is a hell of a lot on the web on autologin functions from the recipient side fo things (ie the one receiving the login details) but we need some code to hand
Re: [SLUG] FYI: Campaign of Mis-Information
On Tue, Feb 15, 2005 at 03:02:47PM +1100, Jeff Waugh wrote: quote who=Jeff Waugh This is probably better off on slug-chat, but given that you've raised it here: What exactly is objectionable in these articles? They seem entirely balanced, reasonable and well-informed to me. Quoting the big end of town when writing an article about a controversial topic is not exactly pandering to their desires. Summary of the couch potato article, by paragraph (media analysis is so much fun). I'm yet to find anything seriously objectionable. The article actually summarises our point of view on copyright issues very well, and right up front, which is unusual. [snip] * Comparison of analogue and digital tools, introduce digital convergence (23, 24) On Tue, Feb 15, 2005 at 04:24:20PM +1030, Glen Turner wrote: Except for But in a connected, digital world, the threat to copyright holders is far greater. Witness the downfall of the music industry in recent years. (The Australian record industry has lobbied against changing Australian copyright law). when the ARIA figures show no such thing. The ARIA figures show a decline in value, but no decline in sales volume. And the downfall of the music industry is largely their own doing anyway. URL: http://smh.com.au/news/Music/CD-retailers-advocate-nicensafe/2004/12/29/1103996608131.html# Anand PS: mainly added so that furture googlers can find this easily. -- linux.conf.au 2005 - http://lca2005.linux.org.au/ - Birthplace of Tux April 18th to 23rd - http://lca2005.linux.org.au/ - LINUX Canberra, Australia - http://lca2005.linux.org.au/ -Get bitten! -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] FYI: Campaign of Mis-Information
quote who=Anand Kumria And the downfall of the music industry is largely their own doing anyway. URL: http://smh.com.au/news/Music/CD-retailers-advocate-nicensafe/2004/12/29/1103996608131.html# Anand PS: mainly added so that furture googlers can find this easily. Note that this was not one of the articles linked in Craige's email. - Jeff -- linux.conf.au 2005: April 18th-23rdhttp://linux.conf.au/ Old timers will tell you what a pain unstable was during the new testament transition. - Jon Corbet on Debian's KJV packages -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] FYI: Campaign of Mis-Information
Anand Kumria wrote: And the downfall of the music industry is largely their own doing anyway. Well ya know, if there is to be a downfall to the music industry one would hope it would be as a result of their standard operating procedure of putting hype ahead of artistic merit. But hey, we've been waiting, what, 8 years, for the Napster and mp3.com and John Perry Barlows of the world to take us into a new era of non-hype based music. What did we get instead? The global karaoke contest that is Idol. Oh well, Trent -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
On Wed, Feb 16, 2005 at 11:07:11AM +1100, Taryn East wrote: * Gavin Carr [EMAIL PROTECTED] spake thus: Try mod_auth_tkt: http://www.openfusion.com.au/labs/mod_auth_tkt/ this sounds really like a good option but... https://www.taryn.com/cgi-bin/ticket.cgi?user=foo;pass=bar this looks like exactly the sort of thing that I can't do anymore - which is prompting me to make these changes... I don't think so. I think what you are talking about is passing basic authentication parameters in the url, which you have to do every request, often in the clear, and is prone to leakage via referrals. These are just CGI parameters, over SSL, done once. There's no leakage because all you're getting back is a text file. You could equally well use a POST here if doing a GET makes you nervous. Cheers, Gavin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
On Wed, Feb 16, 2005 at 11:14:33AM +1100, Rob Sharp wrote: You may run into all sorts of privacy issues if you start sending user passwords unencrypted over a URL... Of course, this is when the assymetric excryption key mentioned earlier becomes useful! On Wed, 16 Feb 2005 11:07:11 +1100, Taryn East [EMAIL PROTECTED] wrote: * Gavin Carr [EMAIL PROTECTED] spake thus: Try mod_auth_tkt: http://www.openfusion.com.au/labs/mod_auth_tkt/ this sounds really like a good option but... https://www.taryn.com/cgi-bin/ticket.cgi?user=foo;pass=bar That would be where the 's' in 'https' comes in handy. :-) -G -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
On Wed, 16 Feb 2005 15:18:59 +1100, Gavin Carr [EMAIL PROTECTED] wrote: On Wed, Feb 16, 2005 at 11:14:33AM +1100, Rob Sharp wrote: You may run into all sorts of privacy issues if you start sending user passwords unencrypted over a URL... Of course, this is when the assymetric excryption key mentioned earlier becomes useful! On Wed, 16 Feb 2005 11:07:11 +1100, Taryn East [EMAIL PROTECTED] wrote: * Gavin Carr [EMAIL PROTECTED] spake thus: Try mod_auth_tkt: http://www.openfusion.com.au/labs/mod_auth_tkt/ this sounds really like a good option but... https://www.taryn.com/cgi-bin/ticket.cgi?user=foo;pass=bar That would be where the 's' in 'https' comes in handy. :-) :-$ (I'll get me coat) -G -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Rob Sharp e: [EMAIL PROTECTED] w: quannum.co.uk j: [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] safe(ish) single-login from website
Rob Sharp wrote: :-$ (I'll get me coat) heh, I remember I went to an interview with Yahoo, London and for some reason they were asking me lots of OO Perl questions. I also had a flu. After 20 minutes of saying my recollection of that aspect of Perl isn't too good, I finally got up and declared I'll get my coat. Thanks for the pleasant memory :) Trent -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: [SLUG-ANNOUNCE] February DebSIG
Hi, I hope there will be a install fest scheduled soon as I have yet to finish installing Debian on my pentium 1 laptop/ Thanks Cheng Lim Matt Hope writes: -- SLUG - Sydney Linux User Group Announcements List - http://slug.org.au More info: http://lists.slug.org.au/listinfo/announce -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Automake books?
Hello, I'd like to finally sit down and learn GNU Automake properly. The only book I found about this is the online book at http://sources.redhat.com/autobook/ (available also in hardcopy). My only concern about this book is that it seems to have not been updated since 2001 or so. Is this a problem or is it still accurate for current versions of the covered tools? Thanks, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Automake books?
On Wed, 16 Feb 2005 17:34:30 +1100 [EMAIL PROTECTED] wrote: Hello, I'd like to finally sit down and learn GNU Automake properly. The only book I found about this is the online book at http://sources.redhat.com/autobook/ (available also in hardcopy). My only concern about this book is that it seems to have not been updated since 2001 or so. Is this a problem or is it still accurate for current versions of the covered tools? Autoamke has not changed that much since 2002. That book should be sufficient. Erik -- +---+ Erik de Castro Lopo [EMAIL PROTECTED] (Yes it's valid) +---+ Always code as if the person who ends up maintaining your code will be a violent psychopath who knows where you live. -- Martin Golding -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html