SEMiSLUG Notes

12 March 1998

Question & Answer Sessions

If I ifconfig down my interface, should my remote-display xterm vanish instantly?

Apparently, "vanish right away" is the actual behaviour. Opinions on the expected behaviour may vary.

How do you do a look-up on a domain name given only partial information?

Telnet to whois.internic.net for the One True Source of whois info. Also, the Internic will give you access to their data if you can convince them you're not a spammer and want the data for research purposes.

Cheap proxy server for WinNT that supports pop3 and web?

Wingate.

Can someone let Kevin Darcy in?

I suppose.

Any suggestions for good, practical anti-spam techniques?

http://spam.abuse.net/ is as good a resource as you're likely to find.

The cheapest, most expedient approach is to delete it.

Any new news on ADSL?

Not really. ANS is generating hype about xDSL, so expect something from them soon.

edu domains for high schools?

Opinions are mixed. It's worth trying.

Is Becki wearing leather pants?

Yes. She got them when Wilson's was going out of business.

Web space for good causes?

Yes. If you have some specific suggestions, tell Gabe.

Is the Automotive Network Exchange (ANX) going to happen? If so, why? If not, why?

Not really. There isn't much in the way of a physical structure.

Presentation

Becki Talks About: The Usenix Security Conference

Carl Ellison's Presentation:

What's the problem with X.500? Many places don't want to put that information where it's publicly available. The addresses are hard to remember.
What was the failure of privacy enhanced mail? NSA was a single source for keys. Yuck.
SSL, the merchant has your credit card number.
No comments on First Virtual, however.
What does 'identity' mean? How do you define it on the net? How do you ensure identity?
http://www.clark.net/pub/dme/html/SPKI.html has some interesting information. Talks about linking name-spaces, and other stuff.
With certificates, there's no way to verify how trustworthy you are, only _who_ you are.

Java:

Microsoft is not the way.
Dynamic linking is a problem, you can't view the entire program as you're writing. You never know what you're going to be pulling in on the client side.
"If you don't have a specification, it can't be wrong. It can only be 'surprising'."
A good thing: Applets are restricted. They can't have much access (except under a Microsoft OS).

(What if you want to save inforamtion?)

Problems with applets: do you know where your Applet has been? Annoying multi-media tricks. rstcorp.com hosts the Bad Applet site. Lots of examples of what to look out for.

coast.cs.perdue.edu has all the security tools you can eat.
http://www-nrg.ee.lbl.gov/bro-info.html has info on how to get bro. It's sort of like NFR. Very alpha code. High speed, large volume monitoring. Written to monitor a FDDI ring. They assume the monitor will be hacked and try to compensate.

Rumor & Inuendo

Fling technology! You heard it here first.
MJO has more job offers than he can handle. Want 'em? (He has no use for any of them.)

[ Return to the SEMiSLUG minutes page ]