SEMiSLUG Notes
12 March 1998
Question & Answer Sessions
- If I ifconfig down my interface, should my remote-display xterm vanish
instantly?
- Apparently, "vanish right away" is the actual behaviour. Opinions
on the expected behaviour may vary.
- How do you do a look-up on a domain name given only partial information?
- Telnet to whois.internic.net for the One True Source of whois
info. Also, the Internic will give you access to their data if
you can convince them you're not a spammer and want the data for
research purposes.
- Cheap proxy server for WinNT that supports pop3 and web?
- Wingate.
- Can someone let Kevin Darcy in?
- I suppose.
- Any suggestions for good, practical anti-spam techniques?
- http://spam.abuse.net/ is as good a resource as you're likely
to find.
The cheapest, most expedient approach is to delete it.
- Any new news on ADSL?
- Not really. ANS is generating hype about xDSL, so expect something
from them soon.
- edu domains for high schools?
- Opinions are mixed. It's worth trying.
- Is Becki wearing leather pants?
- Yes. She got them when Wilson's was going out of business.
- Web space for good causes?
- Yes. If you have some specific suggestions, tell Gabe.
- Is the Automotive Network Exchange (ANX) going to happen? If so, why?
If not, why?
- Not really. There isn't much in the way of a physical structure.
-
Presentation
Becki Talks About: The Usenix Security Conference
Carl Ellison's Presentation:
What's the problem with X.500? Many places don't want to put that
information where it's publicly available. The addresses are hard
to remember.
What was the failure of privacy enhanced mail? NSA was a single
source for keys. Yuck.
SSL, the merchant has your credit card number.
No comments on First Virtual, however.
What does 'identity' mean? How do you define it on the net? How do
you ensure identity?
http://www.clark.net/pub/dme/html/SPKI.html has some interesting
information. Talks about linking name-spaces, and other stuff.
With certificates, there's no way to verify how trustworthy you are,
only _who_ you are.
Java:
Microsoft is not the way.
Dynamic linking is a problem, you can't view the entire program as
you're writing. You never know what you're going to be pulling in
on the client side.
"If you don't have a specification, it can't be wrong. It can
only be 'surprising'."
A good thing: Applets are restricted. They can't have much access
(except under a Microsoft OS).
(What if you want to save inforamtion?)
Problems with applets: do you know where your Applet has been?
Annoying multi-media tricks. rstcorp.com hosts the Bad Applet site.
Lots of examples of what to look out for.
coast.cs.perdue.edu has all the security tools you can eat.
http://www-nrg.ee.lbl.gov/bro-info.html has info on how to get bro. It's
sort of like NFR. Very alpha code. High speed, large volume monitoring.
Written to monitor a FDDI ring. They assume the monitor will be hacked
and try to compensate.
Rumor & Inuendo
- Fling technology! You heard it here first.
- MJO has more job offers than he can handle. Want 'em? (He has no
use for any of them.)