Re: [discuss] Re: OOo and OpenDocument mentioned in TheAge
On Wed, 2005-03-23 at 12:12 -0800, Christian Einfeldt wrote: > High School, in Portland, Oregon. IMHO, the day is only about 3 > years away when people will wonder why they ever paid for an office > suite, just the way that people now wonder why they ever paid for a > browser. (I actually paid for Netscape, twice!) I think it is even less time than 3 years. My guess is it is within 2 years. Same will be true for the OS market. The winners in this new world will be the companies who can leverage the Open Source "commons" and build convenient services from the modular components available in the commons. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Re: OOo and OpenDocument mentioned in TheAge
On Thu, 2005-03-24 at 03:58 -0500, Lars D. Noodén wrote: > Also, remember that many IT departments have had the functional equivalent > of an MS sales team working on the inside since 5 or 6 years ago. So they > will be resisitant to other vendors / sources, but as Christian points out > with "demi-Moore's Law", after a certain point that inertia will be in the > favor of open document formats. > > Witness the change from proprietary networking protocols in the 60's, > 70's, and 80's to open ones. Not quite an analogous situation. The real battle was between two open standards - ISO/OSI and TCP/IP. TCP/IP won because it was in fact implementable across a wide range of platforms even though it lacked a "killer app". ISO/OSI was never really implementable and was in fact an effort of the PTTs to maintain their monopoly over data communications. The "killer app" or rather protocols for TCP/IP and the Internet was HTML and HTTP. This really tipped the balance in the 1990s and even forced Microsoft to acknowledge the Internet and TCP/IP as a fact of computing life which further snowballed the wide adoption of TCP/IP and Internet centric technologies. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] your private showstopper
On Tue, 2005-03-29 at 23:20 -0500, Chad Smith wrote: > [EMAIL PROTECTED] wrote: > > "The colors are so KEWL! It's very cool looking!" > > Part of me died inside. Welcome to marketing. :-) -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Re: Horrendous v2 changes...
On Mon, 2005-01-24 at 17:54 -0500, Chad Smith wrote: > Saving passwords is a security risk if anyone other than you has assess > to the machine. Even if you trust the people who have access to it. > For example, let's say I saved my PayPal login info on Firefox, and my > roommate wants to check his PayPal account. He's used my machine Firefox can encrypt any saved passwords. I have not thoroughly checked out the strength of the encryption, but it appears adequate for most needs. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Bruce Schneier advices against MSO
On Wed, 2005-02-02 at 14:47 -0500, Daniel Carrera wrote: > But asking people to commit passwords to memmory is bad, as it makes > people choose insecure passwords. It means that you are securing against > an very improbable attack (physical espinonage) in exchange for becomming > vulnerable to a very likely attack (computer guessing your password). It is not hard to think up secure passwords which are relatively easy to remember. My favorite is to come up with a nonsense phrase and select the first character of each word of the phrase as my password with random case changes and throwing in various mnemonic punctuation marks and numbers. The password is not entirely random, but its entropy is high enough to thwart almost all but the most determined guessing attacks. This is not 100% secure, but it is pretty close and especially when you change your password every few months or so. As always in security, it depends on what you are protecting. For my daily work this approach has proved good enough and I have never had anybody "guess" my passwords. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Passwords (was: Bruce Schneier advices against MSO)
On Thu, 2005-02-03 at 05:07 -0500, Lars D. Noodén wrote: > Also, IMHO, if your bank does not use a one-time pad for passwords as > *part* of the authentication process, then you should switch banks ASAP. > Usually when switching bank, you can negotiate better deals and a few > perks depending on your skills. I know of no banks that use a one-time-pad which is the most secure method to encrypt a message. A one-time-pad is a random sequence of bits the same length as the message you want to encrypt. You simply XOR the message with the pad. The receiver uses the same pad to decrypt the message. The random sequence is then thrown away and the next sequence in a list is used. The sender and receiver obtain the list of random sequences via a secure communications path. e.g. a courier. This is way overkill for almost all commercial computing. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Passwords (was: Bruce Schneier advices against MSO)
On Thu, 2005-02-03 at 05:33 -0500, Lars D. Noodén wrote: > A one time pad is useful in situations where the password can or is > intercepted. Kerberos tickets use this principle, IIRC, though not > actual Kerberos passwords unless you front end it to S/Key or something > similar. S/Key is not a one time pad system. It is a clever hashing scheme. Please do not confuse it with a one time pad. They are different. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Re: Bruce Schneier advices against MSO
On Thu, 2005-02-03 at 08:34 +0100, blabla wrote: > So if I save all my passwords (I simply don't for banking...) using > Mozilla, are you saying that this is a stupid thing to do? I save most of my Website passwords in Firefox, but I encrypt them with a long passphrase. I do not think this is stupid. It is convenient and pretty secure. I have not checked the encryption Mozilla uses, but it appears strong enough for most common purposes. > > Do you know of a linux tool that encrypts passwords? GPG can be used for this purpose. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Bruce Schneier advices against MSO
On Fri, 2005-02-04 at 12:07 +1000, Tim Fairchild wrote: > Then something like "my silly old dog has too many fleas" > > msodh2mf > > is pretty safe by those definitions, and is easily improved like > > m50d#2mf Yes, pretty hard to guess. Of course it also depends on the usage of the password. For example if someone gets a hold of the ciphertext used by this password and the encryption method is weak, then the password can be obtained by brute force. For example the traditional Unix password encryption uses a 56 bit hashing algorithm which takes an 8 character (7 bits per character) password and generates a 13 character hashcode. Authentication is handled by taking a password and generating the hashcode and comparing them. If they match, then the password is correct. With a 56 bit hashing algorithm you can take run through all password combinations in a matter of a few days with sufficient processing power. With a longer password and a strong hashing scheme (say MD5), it takes considerably longer to find the password via a brute force method. For every additional bit of password length, it takes twice as long generate all the combinations of passwords. So if it takes 2 days for an 8 character password (7 bits per character), it would take 128 times longer (2 ** 7) for a 9 character password which is 256 days. Given the long time it takes for a brute force attack for long passwords even if you have the ciphertext, password cracking systems resort to heuristic methods to find likely passwords (e.g. dictionary words, pet names, spouse names, etc) If you use passwords like that, a cracking program can find them in at most a few minutes. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Interview with Bill Gates
On Tue, 2005-02-08 at 06:57 -0500, Lars D. Noodén wrote: > Most interviews with Bill seem a waste of time since he never answers the > questions put to him nor makes any really direct statements. > > He seems to get in the limelight whenever there is something highlighting > non-MS activities in the news or when MS is getting panned. Mr. Gates is constrained by his position as the head of a multinational public corporation. So in general his interviews end up being more pablum than intriguing insights into what he really thinks or believes. The problem Microsoft has these days for all its success is its core products are quickly becoming commodities due in no small part to OOo and Linux. Any smart investor knows the end result of a commoditized product is lower margins which mean lower profits. Is Mr. Gates going to really say that in an interview? I doubt it. It would cause a panic on Wall Street resulting in a lower stock price and possibly a shareholder revolt or even lawsuits. The intriguing part of all this to me is watching Microsoft try to flee upmarket (tighter integration e.g Longhorn) and at the same time respond to the disruptive market erosion created by Open Source software. So far we have gone from Open Source solutions are more expensive (the TCO campaign), to Open Source is less secure, to Open Source is less interoperable. None of these FUD strategies appear to be working. In fact the interoperability argument is so laughable, I suspect it will be put on the shelf very quickly. The market appears to be responding to the "good enough" nature of Open Source software and ignoring the FUD. The patent threat also appears to be losing steam with IBM and Sun opening up at least portions of their patent portfolio at least in a limited ways. There is still a lot to do, but so far nothing Microsoft is doing is sticking. They must be very frustrated in Redmond these days. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Linux version?
On Fri, 2005-03-11 at 11:46 -0800, Ray Wojtak wrote: > Any plans to create a Linux version of OpenOffice? There is a Linux version. Has been for years. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] My recommends to improve Ooo
On Sun, 2008-11-02 at 14:09 +, Ian Lynch wrote: > That is a problem with the way we teach ICT around MS Office. There was > the argument it's what they will use at work but increasingly, is this > the case? Is it desirable to entrench young people early in particualar > work flows that could become redundant? If the cloud and the internet is > the future and many think it is, smaller applets that work cooperatively > together will be the norm, not megalithic applications with high level > of proprietary integration. After all, we don't expect one company to > produce every web site, we use a variety expecting information to > interoperate between them. I have been lurking on the list for a while, but this comment struck a chord with me. What you are describing is the "Unix philosophy" for the "cloud". e.g. provide some generic "glue" to allow applications to cooperate and interact. If you have good enough "glue" then applications will be written to use that glue and the whole becomes more powerful than its parts. -- Smoot Carl-Mitchell System/Network Architect [EMAIL PROTECTED] +1 480 922 7313 cell: +1 602 421 9005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
