E******n
发帖数: 641 | 1 ☆─────────────────────────────────────☆
aaaty (Authentic Achievement Aspires To Yuppie) 于 (Tue Jan 6 13:52:08 2009) 提到:
发信人: aaaty (Authentic Achievement Aspires To Yuppie), 信区: Apple
标 题: 新的MBP 17" is a winner
发信站: BBS 未名空间站 (Tue Jan 6 13:50:21 2009), 转信
Macbook和MBP 15"应该学习这个产品:
8 hour battery life, 1000 times chargable
anti-glare screen option
☆─────────────────────────────────────☆
tomtom (tom is) 于 (Tue Jan 6 14:17:22 2009) 提到:
it has a gorgeous look also, I would spend 3000 fo |
|
E******n
发帖数: 641 | 2 ☆─────────────────────────────────────☆
aaaty (Authentic Achievement Aspires To Yuppie) 于 (Fri Apr 10 13:57:46 2009) 提到:
发信人: aaaty (Authentic Achievement Aspires To Yuppie), 信区: Apple
标 题: 目前的MBA 1.8Ghz性能还是很强的啊
发信站: BBS 未名空间站 (Fri Apr 10 13:57:31 2009), 转信
Adamo惨败给X301和MBA
☆─────────────────────────────────────☆
rollingstone (它山之石) 于 (Fri Apr 10 14:17:04 2009) 提到:
笔记本比3dmark没啥意义。3dmark主要看显卡,破本子上个好显卡3dmark就高。还是看
综合测试的pcmark有点意义。而且便携本还要看续航能力和散热。
☆─────────────────────────────────────☆ |
|
S*******r
发帖数: 44 | 3 单位里换了一批笔记本,原来的就整整卖给员工。请大家帮忙看看下面这个T60 ($235)
怎么样,有没有必要买个1年的warranty ($65)? 这里先多谢了!
Black IBM ThinkPad T60 with huge 15" LCD
- Windows XP Pro Installed
- Integrated Wireless - connects to your at home wireless router or any wi-
fi hot spot. No cords necessary!
-DVD Player
- CD Player and Burner
- Software included: iTunes, FireFox, Open Office (a Microsoft Office
compatible software with word processing, spreadsheet, presentation etc.)
Machine Specs:
Model IBM ThinkPad T60
Processor Type Int... 阅读全帖 |
|
n*******e
发帖数: 62 | 4 新来了N300刷了DD-WRT。刷机过程一切顺利。刷完后,有限连接畅通无阻。可是在试图
设置无线局域网连接时,无论"security mode"设什么,甚至disable了,别的设备都连
不上去,KINDLE FIRE总抱怨authenticating failed.下面是我的一些设置:
wireless mode: AP
wireless network mode: MIXED
wireless channel: auto
channel width: auto
wireless SSID broadcast: enable
sensitivity range: 2000
network configuration: bridged
Wirelsss security:
security mode: 试了disabled, wpa personal, wpa2 personal,
wpa aloghriths: AES
key renewal interval:3600
mac filter is disabled.
Authentication type: 试了“auto"和“sh... 阅读全帖 |
|
p**f
发帖数: 3549 | 5 一般发email,接收者都可以通过查看邮件源文件得到发送者的IP。
但我发现,如果email是从iPhone/iPad发出来的,好像没有发送者的IP信息。
请问,这是什么原理,请问有什么办法隐藏发送者的IP么?
比如下面这封邮件的IP显示是:98.139.213.164,是Yahoo的IP,而非发送者电脑IP。
Received: from nm14-vm0.bullet.mail.bf1.yahoo.com (nm14-vm0.bullet.mail.bf1.
yahoo.com [98.139.213.164])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
by mtaiw-aan04.mx.aol.com (Internet Inbound) with ESMTPS id
for <[email protected]
/* */>;
From: [email protecte... 阅读全帖 |
|
i***l
发帖数: 9994 | 6 这话说的。我知道Windows窥探隐私,有不是我自己说的。 就算你不知道你什么隐私被
窥探,你自己google一下不就知道了吗?
你自己读读微软自己的隐私声明。作为一个操作系统供应商,你觉得微软有必要知道你
的姓名,地址,电话,密码,信用卡号,文件内容,付款信息,等等一切吗?就算你信
任微软,哪一天黑客搞定阿三的数据库,你这些信息不是全部泄漏了吗?这算是阿三明
明白白告诉你要收集的信息。背地里不告诉你的谁知道还有啥。个人感觉,Windows10
的这些行为,比病毒木马keylogger还牛逼。Windows10本身就成了个特大号病毒。
https://privacy.microsoft.com/en-us/privacystatement
The data we collect depends on the context of your interactions with
Microsoft, the choices you make, including your privacy settings, and the
products and features you use. Th... 阅读全帖 |
|
x******0
发帖数: 1058 | 7 家里的无线路由器是Dynex Enhanced G Router, Authentication采用的是WPA-PSK,
Encryption Technique采用的是TKIP. 因为我的Laptop比较老 (2005买的DELL
Inspiron 600M), 所以Authentication采用的是WPA-Personal, Encryption Technique
采用的是TKIP. 但就是连不上家里的无线路由器. 家里的另一台laptop采用WPA-PSK 和
TKIP 组合就没有问题. 但wikipedia上说:
WPA-Personal Also referred to as WPA-PSK (Pre-shared key) mode
到底问题在哪儿?
谢谢! |
|
b******d
发帖数: 794 | 8 在linux上写了段javamail的程序,自动通过学校mail server回信(发信)。需要auth
entication.
编译通过,运行报告:
javax.servlet.ServletException: Access to default session denied
com.jspservletcookbook.EmailServlet.doPost(EmailServlet.java:47)
javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
为什么deny session啊?
如果不加authentication,就出IOEXception.
source code:
public class MyAuthenticator extends Authenticator {
public MyAuthenticator |
|
s******e
发帖数: 63 | 9 应该不ESTABLISH CONNECTION吧.这个WEB SERVICE是IP AUTHENTICATED的.因为
PRODUCTION对外的IP太多,DEV SERVER的IP没能加到那个IP AUTHENTICATION LIST上.
从DEV SERVER上运行,前两步过了,第三步THROW CONNECTION TIMEOUT EXCEPTION(因为
IP的原因).
and
't |
|
|
d**k
发帖数: 1223 | 11 现在手里有很多不太大的web application 要做。每个app 都会有很多类似的地方,比
如authentication, web layout等等。而且,要求各个app的look and feel尽量类似。
回头可能会分给不同的人去做,所以我现在盘算着,我是不是能做一个web
application的project模板, 里面把基本的function都包括了,比如说,security/
authentication, spring configuration, hibernate configuration, logging, tile
configuration 以及标准的style sheet等等。当其他的developer开始一个新的
project的时候,直接用这个当模板,然后基本focus在business logic上。想过直接做
一个这样的project放在share drive上,要用的时候直接拿去copy 就好,但是,总觉
得比较土;而且,如果这么做的话,回头需要update这个template project的时候,对
别的app 会麻烦。
如果用mave... 阅读全帖 |
|
g*****g
发帖数: 34805 | 12 You should never use get for authentication, even for ssl.
Your firewall/proxy may log url, and your password is exposed.
As I said, simple https authentication is the way to go for rest api, which
uses post. |
|
p**i
发帖数: 688 | 13 我这样实现的: 系统的用户都存到ldap directory(openldap server)里
subversion用apache的mod_ldap:Authentication Provider设成ldap
以后引进新的server都用ldap authenticate |
|
wy
发帖数: 14511 | 14 thanks.那为什么说RSA authentication is better/preferable than
password authentication? |
|
m**********g
发帖数: 434 | 15 for gmail:
I set: pop.gmail.com for incoming mail and smtp.gmail.com for outgoing mail
with SSL authentication. And gmail works well in Evolution to send and
receive emails.
for hotmail:
I set: pop3.live.com for incoming mail and smtp.live.com for outgoing mail
with SSL authentications. It's ok to receive emails but it cannot send
emails out via hotmail account in Evolution. What's wrong with my config,
then? |
|
m******1
发帖数: 418 | 16 以下是鼠标正常和不正常工作时用命令dmesg|tail得到的结果:
正常时:
[ 68.623720] wlan0: direct probe responded
[ 68.623724] wlan0: authenticate with AP 00:1a:70:d6:14:16 (try 1)
[ 68.626385] wlan0: authenticated
[ 68.626410] wlan0: associate with AP 00:1a:70:d6:14:16 (try 1)
[ 68.628939] wlan0: RX AssocResp from 00:1a:70:d6:14:16 (capab=0x11 status
=0 aid=4)
[ 68.628942] wlan0: associated
[ 68.629442] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 79.376347] wlan0: no IPv6 routers present
[ 1539.374015 |
|
b*****l
发帖数: 9499 | 17 另外,怀疑是不是显卡驱动或者 xorg.conf 的问题
$lspci | grep VGA 的结果是
0a:03.0 VGA compatible controller: Matrox Graphics, Inc. MGA G200eW WPCM450
(rev 0a)
/etc/X11/xorg.conf 是用 Xorg -configure 生成的。。。
/var/log/gdm3/:0-greeter.log 的内容是:
gnome-session[28930]: atk-bridge-WARNING: AT_SPI_REGISTRY was not started at
session startup.
gnome-session[28930]: atk-bridge-WARNING: IOR not set.
gnome-session[28930]: atk-bridge-WARNING: Could not locate registry
** (:28938): DEBUG: Client registered with session manage... 阅读全帖 |
|
b*****l
发帖数: 9499 | 18 相关的大约是这个:
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting n**************[email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/bin/xauth list unix:10.0 2>/dev/null
debug1: Requesting X11 forwarding with authentication spoofing.
debug2: channel 0: request x11-req confirm 0
debug2: client_session2_setup: id 0
debug2... 阅读全帖 |
|
c*********e
发帖数: 16335 | 19 那java呢。c#也要做到web service authentication级别,才算牛人阿。
authentication,现在大家的公司用的是cookie,还是token? |
|
E*****m
发帖数: 25615 | 20 看看強者怎麼做的。
http://www.theregister.co.uk/2013/01/16/developer_oursources_jo
Security audit finds dev OUTSOURCED his JOB to China to goof off at work
Cunning scheme netted him 'best in company' awards
By Iain Thomson in San Francisco • Get more from this author
Posted in Business, 16th January 2013 01:29 GMT
A security audit of a US critical infrastructure company last year revealed
that its star developer had outsourced his own job to a Chinese
subcontractor and was spending all his work ... 阅读全帖 |
|
g*****g
发帖数: 34805 | 21 Why is that not secure, the server only showed a ransom session that belongs
to nobody. Your phone takes the code and authenticate with credentials to
make it yours.
It's like you only need session cookie after authentication. |
|
c*********e
发帖数: 16335 | 22 ios app不支持web session based authentication ?
啥意思? 你不能够用basic authentication来把username,password放header里面?
Claimant
the
attacks |
|
a*f
发帖数: 1790 | 23 Session Hijacking
Session Fixation
Url Hijacking
User ... (forgot the right word, test if the user id has been used in your
system)
Leave no important or sensitive data in Web Cache
HTTPS
Setup Access Rules for all URL resources
Multi-factor authentication
Certified Password Manager and Generator, Use long password such as 1K (
applicable to some users who can do multi-factor authentication)
字典登录攻击
White-listing IPs for Internal Servers, Never Expose Internal Server to
Public Access
Regular Expr... 阅读全帖 |
|
g*****g
发帖数: 34805 | 24 Authentication and authorization are two different things. It's like the
entry to club and VIP room has different requirements.
With authentication you identify the user and pull the user's
roles in session, you use the roles for authorization on every request.
Since the user context is in server side session, hacker cannot modify it.
user,
like |
|
s****y
发帖数: 503 | 25 前台和Java后台之间用Restful Service通讯,Java端需要访问有安全认证(Username/
Password Authentication)的Web Service,请求和响应的xml都蛮复杂的,xml还要和
json进行转换。因为我的App Server是支持JavaEE 7的WebLogic,J2EE 7里的Jax-rs 2
.0和Jsonp对restful支持蛮不错的,那访问Web Service应该怎么实现呢?尤其是
Authentication怎么做比较好? |
|
a*********y
发帖数: 63 | 26 正确。
HTTP Basic Authentication 在 SOAP Authentication 之前。如果你通不过认证,你
看不见SOAP Endpoint.这是一种常见的保护 Web Service 的方式。 |
|
w*s
发帖数: 7227 | 27 简化版的程序,logout, 按了back key后
isAuthenticated() 还说 "you are logged in".
var express = require('express');
var passport = require('passport');
var net = require('net');
var bodyParser = require('body-parser');
var http = require('http');
var multer = require('multer');
var cp = require('child_process');
var exec = require('child_process').exec;
var sys = require('sys');
var path = require('path');
var util = require('util');
var session = req... 阅读全帖 |
|
a*f
发帖数: 1790 | 28
严格按NIST的Minimum Security Requirements做APP这个可能就是基本价了,不管你只
写一行代码还是几万行代码。测试,管理,审查,风险计划,培训,维护和系统支持都
是昂贵的。
Specifications for Minimum Security Requirements
Access Control (AC): Organizations must limit information system access to
authorized users, processes
acting on behalf of authorized users, or devices (including other
information systems) and to the types of
transactions and functions that authorized users are permitted to exercise.
Awareness and Training (AT): Organizations must: (i) ensure th... 阅读全帖 |
|
p******g
发帖数: 347 | 29 ================================================================debug3:
authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/nowhere7/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-
with-mic,password
debug1: Trying private key: /home/nowhere7/.ssh/id_dsa
debug3: no such identity: /home/nowhere7/.ssh/id_dsa: No such file ... 阅读全帖 |
|
h**********c
发帖数: 4120 | 30 you read this message by agree that you will check the authenticity of this
message all by YOURSELF.
叔有一次在林荫上受到咨询,
UN的HR department head,推荐叔去UEA 大型事物馆,
叔颤抖了,敢进回了简历,然后高速叔练习直接大使B. L女士。
10w多美刀的网管位置。
大使要叔做背景调查,往伦敦一个什么地址汇2000刀。
叔奔腾了几只小羊驼,然后move on.
不过通过DOS的官网,写了封投宿信。
可能是我队一个new fired 搞的羊驼,叔shrug it off on this thick beats.
you read this message by agree that you will check the authenticity of this
message all by YOURSELF. |
|
m**t
发帖数: 1292 | 31 socks is a standard based authentication mechanism, usually
is part of the firewall functionality. Remote access users can authenticate
with SOCKS firewall (user name, passwd and so on, not sure whether have public
key based), then traverse the firewall. The attacker can try to find ur machine
's socks port and try out user name/passwd to compromise the firewall, thus
can access ur intranet or well in this case maybe ur machine itself. |
|
r***e
发帖数: 38 | 32 【 以下文字转载自 Programming 讨论区 】
【 原文由 roche 所发表 】
我有点confused,关于server authentication ,就说Java Web server2.0吧
它的doc里说,用authstore.exe create a self signed server certificates,
以后browser用https连接时,browser 会让 client add new server certificate to its
list of trusted certificates. 觉得很简单,是吗?
关于client authentication:
doc如是说
1。 Client request and import client certificate into web browser
2. Client retrieve and transmit client certificate to JWS
3.Server, place the client certificate in JWS
4.Server, enable |
|
e***o
发帖数: 14 | 33 【 以下文字转载自 Linux 讨论区 】
【 原文由 erguo 所发表 】
I have been confused by this problem for a long time.
I need to use ssh to excute a script at the remote server
from local machine:
$ ssh -f remote command
I setup the sshd to use host-based authentication. And it
worked fine except everytime it prompted for password,
which it didn't need (I hit the return and then the ssh
excute the command).
So I took out the password authentication from the sshd
configuration file. Then nobody can directly ssh to the
re |
|
y*********i
发帖数: 7 | 34 when i read through RFC2401, i met this:
IPsec uses two protocols to provide traffic security--Authentication
Header(AH) and.....
The IP Authentication Header(AH) provides connectionless integrity,
data origin authenticaiton, and an optional anti-replay services. .....
how can i translate "connectionless integrity" and "anti-replay" into
Chinese? and what is anti-replay( the meaning and specific process)?
thx.
//bow |
|
w********r
发帖数: 4193 | 35 发信的email server叫smtp server,和收信的email server是可以分开的。收信的
server必须要密码,而smtp server未必需要authentication。
这就好像现实生活中你去邮局取信需要证件,而寄信不需要,所以你可以冒名寄信干坏
事。
只是现在垃圾邮件这么多,大多数smtp server都要求authentication了。但是如果你
有意无意建了一台smtp server不需要验证用户身份,别人就可以利用它冒任何人的
email地址发垃圾邮件,因为发信人的地址其实只是邮件头里面的一个字段,smtp不管
它,就像你去邮局寄信时邮局不管你信封上寄信人的姓名地址一样。 |
|
