Brassa massa mandelmassa, vi vill sluta höra massa snacka. Igår kom det fram att Rafinha, Diego och alla de där inte är tvugna att spela OS. Detta efter en lång gate, som till slut hamnade hos CAS. Anledningen är att OS inte är någon FIFA-turnering, men det enda vi får av detta är att Brasilien ska betala Rafinhas försäkring. Schalke har valt att inte kalla hem honom, och efter att ha sett Brasilien vs. Belgien tidigare idag undrar jag om jag vill ha tillbaka honom. Han gjorde en hel del filmningar, bland annat en som fick Fellaini utvisad.

Sälj dyrt till Pool, tack! Det finns gott om goda, billigare ytterbackar ute i Tyskland, Europa och världen.

Samtidigt sticker Zé II tillbaka till Brasilien, men tyvärr inte på permanent basis. Chansvärvning of the year har "personliga skäl" till att åka till sitt hemland under några dagar, vilket förstås är okey om det nu verkligen är något. Det är ofta den gode Zé II inte kan spela av olika anledningar...

Gotta say we still havin fun with this game, so many characters to create only 50 slot *sobs*

sorry for the low quality, lighting was a bit off.

First Kurogane from the Anime Tsubasa reservoir chronicles

Next we have Sir Moran ready for battle

Next up is Carlos Evil dark scythe knight

A trio of hero's the Soul Calibur Powerpuff girls

Of course we couldn't have a update without a SEPHIROTH!!!

Hikaru from the manga/anime Angelic Layer

Vyse from Skies of Arcadia

Shinobu from the anime/manga Ninja Nonsense

My own creation Foxfire

And finally Haseo's 3rd form from .hack//roots

wow so alot of creations, we hope you like em as much as we do and maybe next week i will get to play a different game lol

Elbobo out.

Specyfikacja systemu jest opisana normą europejską EN 302 304.

Telewizja Cyfrowa w systemie DVB-H (Digital Video Broadcasting - Handheld) pozwala odbierać treści audio-wideo w urządzeniach mobilnych, takich jak telefony komórkowe, palmtopy i inne urządzenia multimedialne.
DVB-H formalnie zostało przyjęte jako standard ETSI (European Telecommunications Standard Institute) w listopadzie 2004 roku i przystosowane do funkcjonującego już standardu naziemnej telewizji cyfrowej DVB-T. Technologię tę odpowiednio zmodyfikowano, by pokonać bariery techniczne związane z zasilaniem i maksymalnym wydłużeniem żywotności baterii urządzeń mobilnych. DVB-H pozwala na odbiór programów telewizyjnych oraz transmisję danych, wykorzystując jako kanał zwrotny sieć telefonii komórkowej, przez co staje się w pełni interaktywna. Użytkownicy mają możliwość oglądania telewizji na żywo w ruchu, podczas przemieszczania się, w miejscach gdzie do tej pory nie było to możliwe. Mobilna telewizja cyfrowa niesie za sobą także inne korzyści, takie jak interaktywność, przesył danych itp.

W zależności od konfiguracji oraz wymagań operatora system DVB-H może składać się z następujących elementów składowych:

• Cyfrowej stacji czołowej wykonanej w standardzie DVB-H
• Systemu nadajników radiowych standardu DVB-H
• Systemu ESG (Ellectronic Programm Guide)
• Systemu CAS (Customer Access System)
• Systemu zarządzania treścią
• Terminali przenośnych standardu DVB-H (telefonów komórkowych)

System DVB-H może pracować na następujących możliwych częstotliwościach:

• VHF-III (170-230 MHz lub części tego pasma)
• UHF-IV/V (470-862 MHz lub części tego pasma
• L (1.452-1.492 GHz)

DVB-H może być obsługiwany poprzez tę samą platformę, która obsługuje system DVB-T.
Komisja Europejska wezwała państwa członkowskie do udostępnienia częstotliwości dla przekazu komórkowego, tak szybko jak to możliwe (w zakresie UHF - 470 - 862 MHz). Ze względu na właściwości techniczne, częstotliwości te uważa się za najbardziej odpowiednie dla komórkowych usług multimedialnych. Ponadto Komisja rozpoczęła także proces otwarcia innego zakresu częstotliwości dla usług telewizji komórkowej, tzw. zakresu L (1452 - 1492 MHz), jako rozwiązania awaryjnego.

Technologia DVB-H, dzięki poparciu Komisji Europejskiej, może się stać cennym atutem w wyścigu o rynek cyfrowej telewizji mobilnej.

Schemat systemu

System dedykowany

• OPERATORZY TELEKOMUNIKACYJNI

This is the same hospital that cared for the convoy of Chinese/Tibetan climbers, originally intended for the Olympic torch team, caught in a rockslide on the infamous Karakoram Highway enroute to Gasherbrum 1.

Read the full article here.

1f - Soldier's Hat, clear stage while taking no damage
2f - Warrior Trousers, clear stage with no ring outs from either side
3f - Pauldron, switch with ally more than 2 times
4f - Warlord's Belt, perform 3 attack throws
5f - Clergy Clothes, defeated an enemy with a ring out
6f - Wonder Jacket, threw an opponent
7f - Warrior Trousers, cleared the stage without missing any attacks
8f - Armor Ring: Ice Mirror, switch characters twice
9f - Scarlett Blossoms, guarded the opponent's attack 3 times in a row
10f - Silver Boots, guarded the opponent's attack 10 times in a row
11f - Grim Horn, defeated all enemies with a critical finish
12f - Magus Cloth, defeated all enemies with ring out
13f -Pegasus Sallet, destroy all the walls
14f - Phantom Pavilion: Seesaw, performed guard impact more than 3 times
15f - Submissions Belt, clear the stage using only the A and G buttons
16f - Warlord's Belt, clear the stage with 0 time remaining
17f - Arm Bandages, execute a 5+ combo
18f - Kouchu Kabuto, stood on all corners of the stage
19f - Longhua Qippo, switch with ally more than 5 times
20f - Life Gem: Sun, cleared the stage with a critical finish
21f - Longhua Qippo, voluntarily performed a ring out
22f - Honor boots, perform more than 4 counter hits
23f - Frilled skirt, guard more than 3 times in a row
24f - Protect Gem: Cardinal directions, Perform a combo with more than 240 damage
25f - Zhuque Changpao, threw more than 5 times
26f - Warthog Cuirass, executed a 10+ combo
27f - Iron Gauntlets, cleared the stage with no damage taken
28f - Aculeus Suit, opponent guarded a guard break attack at least twice
29f - Menghu Boots, switch with ally 5+ times
30f - Spirit Gem: Noniple Heads, clear stage without guarding
31f - Longming Qippo, perform 5+ Just Inputs
32f - Vane Mask, perform a low throw
33f - Battle dress, perform 3 attack throws
34f - Power Gem: warrior Princess, perform guard impact 3+ times
35f - Warthog Pauldrons, clear without switching
36f - Parlor Blouse, clear stage with 0 time remaining
37f - Siren's helm, defeat all enemies with critical finishes
38f - Gorgon Fauld, defeat all enemies with ring out
39f - Kingfisher Greaves, clear the stage without changing position
40f - Deer Head, execute a 5+ combo
41f - Minotaur, perform 5+ Just Inputs
42f - Demonic Gloves, clear the stage without letting opponents invoke a skill
43f - Repel Gem: Iron Shell, perform an over the back throw
44f - War Cloak, no ring outs either side
45f - Tiger Lily Kabuto, Defeat enemies without using any skills
46f - Butterfly salet, same as above
47f - Succubus Boots, throw 5 times
48f - Life Dem: Jade, Clear stage with a character equipped with the "invisible" skill
49f - Horns of Calamity, clear stage with no attacks missing
50f - Tiger Lily Breastplates, execute a 10+combo
51f - Tiger Lily Fauld, perform more than 4 counterhits
52f - Feathered Wings, clear stage with a critical finish
53f - Blade Ring: Demon Lord, defeat all enemies with a ring out
54f - Leviathan Pauldron, destroy all the walls
55f - Priestess Kimono, perform 3 attack throws
56f - Leviathan Burgonet, perform a combo with more than 240 damage
57f - Voodoo Armlets, voluntarily perform a ring out
58f - Tiger Pauldrons, defeat all enemies without any skills equipped
59f - Voodoo Greaves, guard an enemies attack 10 times in a row
60f - Voodoo Breastplate, clear the stage without switching characters

Tower of Lost Souls items Guide Descend

B5 - Dark Knight's Cloak
B10 - Blade Ring: Raging Thunder
B15 - Lapin Chapeau
B20 - Repel Gem:Fox Demon
B25 - Succubus Gauntlets
B30 - Demonic Armor
B35 - Demonic Pauldrons
B40 - Voodoo Crown

Credit goes to Topcat269

“1. Students whose IDs are still being processed may present their form-5 as proof of enrollment. Otherwise their enrollment status will be verified from the OCS. Once verified, they will sign in the logbook and allowed entry.”

This is a regular practice. Only that there has been another practice that form-5’s can only be used three (3) times. In this provision, no such statement was indicated. Is it safe to assume that the form-5 can be used more than three (3) times? I think, yes.

On the part that the enrollment is to be verified, it is okay, provided that the OCS who is tasked to verify the enrollment of the student is quick enough to respond. I suggest that the guards be provided with the master list of students enrolled. But, I think, that is another tedious thing to do. An extra job for the guards, it will be. This is considering the space in the gate. There will be a tendency for people to crowd, cause stagnation of students in the gate. We need to practice speed.

There is a better solution for the problem, always bring your ID with you. I think it is imperative for all to do so.

“2. Students who forgot their IDs and Form 5 on the third instance within the week, month, or semester will no longer be allowed to enter the CAS premises. The student will be referred to the Office of the Student Affairs (OSA) for appropriate action.” (Emphasis mine)

As far as I am concerned, this provision was made to provide sanction. Only, the sanction was not mentioned. It gives the students a leeway for mistakes or forgetfulness. The only confusing part here is the text in boldface which mentions time periods week, month or semester. How will the counting be? I think a more elaborate explanation is necessary on that part. Further, the college rules are applying on the erring student, thus referral to OSA is somehow incompatible. Better, if the student will be referred to the OSADCW instead.

“3. Students are reminded to wear their ID at all times when inside the campus.” (Emphasis mine)

This is the most controversial part here. Previously, this item is worded as “required” not “reminded.” What is the basic difference between the two? By lexical definition, “remind” refers “to putting in mind something,” in this case wearing of ID at all times. “Require,” on the other hand, refers “to demanding as necessary and essential.” Simply put we are reminded not required. There is no force that will tell the students to indeed wear the ID at all times, but rather, the students are asked to keep in mind that they are advised to wear the ID. So, if I may say, based on my interpretation, students may or may not, depending on his/her choice, wear the ID within the college premises. If you wear your ID, then it is fine. If you don’t, there will be no consequences on your part.

“4. Erring students, or those who refuse to cooperate with the gate guards on the implementation of these rules, will be reported to the office of the Special Assistant to the Dean for Community Welfare (OSADCW) and the OSA for appropriate action.”

Cooperate? How cooperate? The guards, most of the time, as complained to me by students, are somehow imposing. I am not in the authority to tell them that though. It is for the college administration to remind them of their limits. Now, does cooperation mean, in this context, that students should show their IDs properly to the guards on duty? If it is so, then no problem. I think the students must also be cautious on this. Merely showing of IDs is different from properly showing it. I think that must be emphasized.

“5. All Visitors will be asked to surrender identification cards to the guards, sign the logbook, and issued a ‘Visitor’s Pass’ which must be worn at all times while at CAS.”

Another question I want to raise is that who are the visitors? There are instances that students from UP Diliman who come to UP Manila are considered as visitors. They are asked to sign the logbook, and take a visitor’s pass with them. Sometimes, other students, even from other institutions can just enter the premises. Though lately, the guards have been strict on the visitor’s policy, I still want to know who are classified as visitors and who are not. The clearer, the better.

“6. The members of the faculty and staff are also enjoined to wear their IDs at all times.”

According to a professor “Faculty members are privileged so they are not required to wear ID. They are incomparable to students with regards to this matter.” But they are enjoined to wear their ID, which will be hard to do. I have not much to say about the side of the faculty and staff since I am not well aware of their position of the issue.

“7. Security guards are strongly advised to report irregular incidents to the Office of the Associate Dean for Planning and Development. Security guards have no disciplining authority over the students. The most they can do is to file an incident report and submit it to either OADPD or OSADCW.” (Emphasis mine)

Finally, here is another important provision in this order. As I mentioned earlier, the security guards have been deemed very imposing, to the point of harassing the students. I suggest that the guards be briefed regarding this new set of rules. They may be too limiting to the students to the point that they will not allow them to enter. Also, it must be stressed that guards cannot touch or hold the students whenever they are bringing the student for report. Plus, the students, as human beings, must be treated with proper respect. No power tripping.

I believe my explanations may be insufficient to refute all the items. All I am after to let it be known to all that the ID wearing policy is not mandatory. It is reminded.

There are so many variations and parts that you'll be happy for weeks.  So with that in mind i present to you the viewer a few of our first CaS creations.

First up Ethan Waber from PSU

My own creation Demon K

Elbobo, using the crazy Voldo style of fighting

and finally whilst he has no crown and sceptre I felt that King Philthy needed to be created:)

Elbobo.

forum 1 - fprum 2 - forum 3 - forum 4 - forum 5 - forum 6

Find game faqs, tips, help, guides, character creation, cas, and more, enjoy <3

Je venais de quitter mon dernier client, à Saint-Constant, et je revenais vers le bureau. Pour ce faire, j'ai emprunté la route 132, le long de la voie maritime. À la hauteur de Brossard, je m'apprêtais à dépasser un camion-remorque, qui roulait dans la voie du centre, mais il y avait, dans la voie de gauche, une petite berline, une Toyota Yaris, de couleur bleue foncée (n'ayez crainte, mon cher monsieur; je ne publierai pas votre numéro de plaque), qui roulait à la même vitesse que le camion-remorque. Le conducteur de la voiture, le bras sorti par la fenêtre, me faisait de grands gestes, parfois pointant vers le haut, mais jamais "avec le doigt du milieu", par contre. Je me demandais bien ce qu'il voulait.

Y avait-il présence policière dans le coin? Voulait-il me prévenir que quelque chose n'allait pas, avec mon camion? Pourtant, quand j'ai quitté mon dernier client, mon camion était tout à fait au point, rien ne clochait.

Voyant qu'il maintenait la vitesse du camion-remorque, je ralentis un peu, afin de prendre la voie du centre, derrière le camion-remorque, puis la voie de droite. Malheureusement pour moi, il y a un pick-up, à droite. Je décide donc de revenir dans la voie de gauche, en faisant l'inverse du processus que je viens d'énumérer, ce qui me ramène derrière la Yaris bleue. La gesticulation de son chauffeur recommence. Quelques instants plus tard, je retourne à droite, et cette fois, la voie est libre; je dépasse donc le camion-remorque, puis je reviens vers la voie du centre. Je roule assez rapidement, dans le but avoué de dépasser la petite berline, mais le type de la Yaris a lui aussi accéléré!

Nous roulons quasi-parallèlement pendant quelques centaines de mètres, mais je voulais en avoir le coeur net; je ralentis un peu, et reprend la voie de gauche, derrière lui. Comme je m'y attendais, le cirque recommence. C'est à ce moment que j'ai compris à qui j'avais affaire. Le conducteur de la petite Yaris s'était auto-proclamé "Justicier de la route". Mais le pire, dans toute cette histoire, c'est que si ce type croyait que je contrevenais à la loi, en roulant dans la voie de gauche, il avait tort sur toute la ligne. Voici pourquoi.

La définition que l'on se fait d'un camion, et la définition que la loi fait d'un camion, sont différentes, sur certains points. Et le camion que je conduis, dans mon travail, n'est pas un camion, au sens de la loi. C'est que dans la très grande majorité des cas d'application de la loi, un camion a une masse nette (à vide) de plus de 3000 kilogrammes. Aussi, les camions répondant à cette définition ne sont pas autorisés dans la voie de gauche, sur les autoroutes à trois voies, doivent aussi respecter la signalisation interdisant leur accès à de nombreuses rues, et s'arrêter aux postes de pesée, lorsque les feux clignotent. Ces camions doivent également être inspectés annuellement par un mandataire de la SAAQ.

Le camion que je conduis, par contre, a une masse nette de seulement 2700 kilos. Au sens de la loi, il est considéré au même titre que n'importe quelle voiture, même une Toyota Yaris. Je peux rouler dans la voie que je veux, je fais fi des postes de pesée, et aucune inspection annuelle n'est obligatoire, sur mon camion, parce qu'au sens de la loi, ce n'est pas un camion. Devrais-je l'appeler mon "non-camion", à ce moment-là? Mais non! Alors comment fait-on pour différencier un vrai camion d'un "non-camion"? Par la plaque. Les camions de plus de 3000 kilos ont un numéro de plaque qui commence par la lettre L, alors que les autres, comme le mien, ont un numéro qui commence par la lettre F. Voilà.

Je vous ai parlé du pire, dans cette histoire, mais le plus drôle (drôle après coup, parce qu'il n'est rien arrivé de dramatique), c'est que le type à la Yaris bleue a quitté précipitamment la voie de gauche pour traverser complètement la route et s'engouffrer dans la bretelle de sortie vers la route 112. Ainsi donc, en plus de me nuire pour défendre un point de règlement qui ne s'applique même pas à moi, il a risqué sa vie, et celle des autres usagers de la route. Brillant, comme comportement!

La morale de cette histoire, que je dédie particulièrement à ce type, sur la 132, ainsi qu'à tous ceux qui voudraient s'auto-proclamer justicier de la route, est la suivante. Une partie des impôts, qui sont prélevés de vos revenus durement gagnés, servent à payer grassement des policiers, qui sont spécialement formés pour faire appliquer la loi. Il serait brillant de leur laisser le champ libre afin qu'ils fassent leur travail, et justifient ainsi leur salaire. En deux mots, ne causez donc pas un accident pour simplement tenir tête à un autre conducteur.

Compris?

Individual Insurance; although the average individual will spend hundreds and sometimes thousands of dollars in insurance premiums over the course of a year (sometimes hundreds of thousands over the course of a lifetime!) peolple often remain unaware of their coverages.

The purpose of this blog is to assist in bringing the proper information regarding insurance that you need to know.

Auto Insurance: Rates and premiums will tend to vary significantly between carriers, what this means for a family or individual seeking insurance is not to limit yourself by stereotypical names and flashy commercials. The age, type of vehicle, number of accident, number of years of experience, and credit score will all have an affect on your monthly bill.

* Submitting an E-Mail address with your application will generally grant you anywhere from 1-5% discount (its worth having a google/yahoo/hotmail "junk" backup e-mail address just for this purpose)

* Making payments on an EFT (electronic funds transmission) as a rule of thumb will also save you an additional 5-10% on top of the e-mail discount. note that the EFT can be canceled after the first month and the discount will remain consistant. This is ideal if you don't want to pay from a direct bill but still want the discount.

* Differences in coverages: This will be one of the dominant factors in determining how high or low your bill will be. despite what most people think having higher coverages does not necessarilly mean higher payments. ex: a person with no comp and collision might expect to pat the same or even more than a person who has this coverage. after the first two years of having high coverages rates tend to level off and decrease by year. Unlike low coverages which are low but usually stay the same or go higher.

Health Insurance: It is no secret that healthcare costs are expensive and require a need for a stable financial background. A group policy (except 1 person group) will always be more affordable than an individual policy. Having a group policy also gives an employee the benefit of having no preexisting conditions.
Your best option should always be to be insured as a member of a group.

Individual Health Insurance: Even in this option there are many ways to relieve burdens of financial payments on your behalf. ex: A student who works part time and may not enter a group may choose to open an HSA. (health savings account)

HSA: This option is ideal for young people in reletively good health whom do not wish to spend money on insurance premiums but still want to be covered in case of emergency. What the health savings account does is offer a tax deferred account that accumulates interest. (also tax deferred) This way the person is covered and if they do not use the insurance they still accumulate money that they can later use for other expenses.

Copay Plans: Copay plans vary from company to company but they offer sufficient coverages and in this case it is best to consult with an agent about which package will suit your needs best.

Short Term Medical: This should not be used as your primary source of insurance. Little insurance is still better than no insurance and short term medical should only be considered in cases such as changing between jobs or having coverage as a student.

This blog is moderated by the licensed professionals at ALLY Insurance, located in Lauderhill, Florida. Our purpose is to inform people on the best methods of choosing what insurance is most fitting for them and the most effective techniques in obtaining it.

In the coming weeks, we will publish various articles intended to make the average insurance customer more savvy and knowledgeable when shopping for a policy.

If you have any suggestions on the subjects you would like us to cover or have any questions please let us know, either on the blog or directly.

ALLY Insurance
7543 W. Oakland Park Blvd.
Lauderhill, FL 33319 Telephone: (954) 748-5436
Telephone: (754) 422-6164
FAX: (954) 748-5438

Configuration of CAS Client in Acegi-based apps

The web application side of CAS is made easy due to Acegi
Security. It is assumed you already know the basics of using Acegi
Security, so these are not covered again below. Only the CAS-specific
beans are mentioned.

First of all modify Pentaho's web.xml to link only one applicationContext file (I've called it spring-acegi.xml):

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-acegi.xml
</param-value>
</context-param>

You will need to add a ServiceProperties bean
to your application context (spring-acegi.xml).

This represents your service:

<bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties">

<property name="service">

<value>

https://localhost:8443/pentaho/j_acegi_cas_security_check

</value>

</property>

<property name="sendRenew"><value>false</value></property>

</bean>

The service must equal a URL that will be monitored by the CasProcessingFilter. The
sendRenew defaults to false, but should be set to true if your application is particularly sensitive. What this parameter does is tell the CAS login service that a single sign on login is unacceptable. Instead, the user will need to re-enter their username and password in order to gain access to the service.

The following beans should be configured to commence the CAS authentication process:

<bean id="casProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter">

<property name="authenticationManager">

<ref bean="authenticationManager"/>

</property>

<property name="authenticationFailureUrl">

<value>/casfailed.jsp</value>

</property>

<property name="defaultTargetUrl">

<value>/</value>

</property>

<property name="filterProcessesUrl">

<value>/j_acegi_cas_security_check</value>

</property>

</bean>

<bean id="casProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">

<property name="loginUrl">

<value>https://localhost:8443/cas-server-webapp-3.2.1/login</value>

</property>

<property name="serviceProperties">

<ref bean="serviceProperties"/>

</property>

</bean>

<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">

<property name="authenticationEntryPoint">

<ref local="casProcessingFilterEntryPoint"/>

</property>

</bean>

You will also need to add the CasProcessingFilter to web.xml:

<filter>

<filter-name>Acegi CAS Processing Filter</filter-name>

<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>

<init-param>

<param-name>targetClass</param-name>

<param-value>org.acegisecurity.ui.cas.CasProcessingFilter</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>Acegi CAS Processing Filter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

The CasProcessingFilter has very similar properties to the AuthenticationProcessingFilter
(used for form-based logins). Each property is self-explanatory.

For CAS to operate, the ExceptionTranslationFilter must have its authenticationEntryPoint property set to the CasProcessingFilterEntryPoint bean.

The CasProcessingFilterEntryPoint must refer to the ServiceProperties bean (discussed above),
which provides the URL to the enterprise's CAS login server. This is where the user's browser will be redirected.

Next you need to add an AuthenticationManager that uses CasAuthenticationProvider and its
collaborators:

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">

<property name="providers">

<list>

<ref bean="casAuthenticationProvider"/>

</list>

</property>

</bean>

<bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider">

<property name="casAuthoritiesPopulator">

<ref bean="casAuthoritiesPopulator"/>

</property>

<property name="casProxyDecider">

<ref bean="casProxyDecider"/>

</property>

<property name="ticketValidator">

<ref bean="casProxyTicketValidator"/>

</property>

<property name="statelessTicketCache">

<ref bean="statelessTicketCache"/>

</property>

<property name="key">

<value>my_password_for_this_auth_provider_only</value>

</property>

</bean>

<bean id="casProxyTicketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">

<property name="casValidate">

<value>

https://localhost:8443/cas-server-webapp-3.2.1/proxyValidate

</value>

</property>

<property name="proxyCallbackUrl">

<value>

https://localhost:8443/pentaho/casProxy/receptor

</value>

</property>

<property name="serviceProperties">

<ref bean="serviceProperties"/>

</property>

<property name="trustStore">

<value>$JAVA_HOME/jre/lib/security/cacerts</value>

</property>

</bean>

<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">

<property name="configLocation">

<value>classpath:/ehcache-failsafe.xml</value>

</property>

</bean>

<bean id="ticketCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">

<property name="cacheManager">

<ref local="cacheManager"/>

</property>

<property name="cacheName">

<value>ticketCache</value>

</property>

</bean>

<bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">

<property name="cache">

<ref local="ticketCacheBackend"/>

</property>

</bean>

<bean id="casAuthoritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">

<property name="userDetailsService">

<ref bean="userDetailsService"/>

</property>

</bean>

<bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/>

Ageci is set up around the inMemoryDaoImpl, four users are defined Admin and User. This DAO is used
to get the credentials for the users who are authenticated by CAS, CAS can only check if a user is authenticated.
See the example below:

<bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">

<property name="userMap">

<value>

Admin=***,ROLE_ADMIN,ROLE_AUTHENTICATED

User=***,ROLE_AUTHENTICATED

</value>

</property>

</bean>

Or if you prefer:

<bean id="userDetailsService"

class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">

<property name="dataSource">

<ref local="dataSource" />

</property>

<property name="authoritiesByUsernameQuery">

<value>

<![CDATA[SELECT username, authority FROM granted_authorities

WHERE username = ?]]>

</value>

</property>

<property name="usersByUsernameQuery">

<value>

<![CDATA[SELECT jbp_uname, jbp_password, enabled

FROM jbp_users WHERE jbp_uname = ?]]>

</value>

</property>

</bean>

Note the granted authorities, usually configured in acegi security, are ignored by CAS because
it has no way of communicating the granted authorities to calling applications.
CAS is only concerned with username and passwords (and the enabled/disabled status).
In this implementation of userDetailsService we use default ROLE_* name definition.
If you want to mantain (for easy understanding) roles coming from CAS credentials remember to
write "ROLE_" prefix before your desired Role, otherwise you'll obtain an error response
(about UNKNOWN ROLE) while deploying pentaho.war.

Otherwise try to modify role_prefix property to anoter prefix...
see Spring acegi security documentation for this.

If you have to use proxyTickets:

Note the CasProxyTicketValidator has a remarked out trustStore property. This property might be helpful if you experience HTTPS certificate issues. Also note the proxyCallbackUrl is set so the service can receive a proxy-granting ticket. As mentioned above, this is optional and unnecessary if you do not require proxy-granting tickets. If you do use this feature, you will need to configure a suitable servlet to receive the proxy-granting tickets. We suggest you use CAS' ProxyTicketReceptor by adding the following to yourweb application's web.xml:

<servlet>

<servlet-name>casproxy</servlet-name>

<servlet-class>edu.yale.its.tp.cas.proxy.ProxyTicketReceptor</servlet-class>

</servlet>

<servlet-mapping>

<servlet-name>casproxy</servlet-name>

<url-pattern>/casProxy/*</url-pattern>

</servlet-mapping>

Finally for logout from Pentaho you need to add the following:

<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="https://administrator-desktop:8443/cas-server-webapp-3.2.1/logout">
<constructor-arg>
<list>
<bean class="com.pentaho.security.ProPentahoLogoutHandler">
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler">
</bean>
</bean>
<property name="filterProcessesUrl" value="/Logout">
</property></list></constructor-arg></constructor-arg></bean>

and remember to add "logoutFilter" to filterChainProxy at the beginning of the configuration file.

This completes the configuration of CAS. If you haven't made any mistakes, your web application should happily work within the framework of CAS single sign on. No other parts of Acegi Security need to be concerned about the fact CAS handled authentication.

A full example of applicationContext file is here.

Just adapt it to Pentaho's and CAS configuration parameters.

This guide was written looking at:

• Acegi security guide

• isthisjava blog

If I made some mistakes please post here your suggestions...

Thanks a lot.

]]> http://uskassat.wordpress.com/?p=24 Thu, 31 Jul 2008 15:50:32 +0000 pasquale rizzi http://uskassat.wordpress.com/?p=24

JBoss Portal: enabling SSO with CAS - Central Authentication Service (taken from this guide)

This Single Sign On plugin enables seamless integration between JBoss Portal and the CAS Single Sign On Framework.

Details about CAS can be found here

1. Install CAS server (v 3.2.1). This should be as simple as deploying single cas-server-webapp-3.2.1.war file.

2. Copy portal-identity-lib.jar and portal-identity-sso-lib.jar files from
   $JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib to
   $JBOSS_HOME/server/default/deploy/cas-server-webapp-3.2.1.war/
   WEB-INF/lib.

3. Edit $JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-server.war/
   WEB-INF/context.xml file and enable proper tomcat valve
   by uncommenting following lines:

   <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
   casLogin="https://localhost:port/cas-server-webapp-3.2.1/login"
   casLogout="https://localhost:port/cas-server-webapp-3.2.1/logout"
   casValidate="https://localhost:port/cas-server-webapp-3.2.1/serviceValidate"
   casServerName="localhost:port"
   authType="FORM"
   />

4. Update valve options as follow:

   • casLogin: URL of your CAS Authentication Server

   • casLogout: URL of your CAS Authentication Server

   • casValidate: URL of your CAS Authentication Server validation service

   • casServerName: the hostname:port combination of your CAS Authentication Server

5. Copy casclient.jar into $JBOSS_HOME/server/default/deploy/jboss-portal.sar/lib.
   You can download this file from CAS homepage or from JBoss repository under http://repository.jboss.com/cas/3.0.7/lib/

6. Edit $JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml file and uncomment following lines:

   <mbean
   code="org.jboss.portal.identity.sso.cas.CASAuthenticationService"
   name="portal:service=Module,type=CASAuthenticationService"
   xmbean-dd=""
   xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
   <xmbean/>
   <depends>portal:service=Module,type=IdentityServiceController</depends>
   <attribute name="HavingRole"></attribute>
   </mbean>

   This will expose special service in JBoss Portal that can be leveraged by CAS AuthenticationHandler if the server is deployed on the same
   application server instance. This AuthenticationHandler will be enabled in next 2 steps.

7. Edit $JBOSS_HOME/server/default/deploy/cas-server-webapp-3.2.1.war/
   WEB-INF/deployerConfigContext.xml and add following line in the
   authenticationManagers's authenticationHandler property's section:

   <bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler"/>

   This can replace default SimpleTestUsernamePasswordAuthenticationHandler so whole part of this config file can look as follows:

   <property name="authenticationHandlers">

   <list>

   <bean
   class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler">
   <property
   name="httpClient"
   ref="httpClient" />
   </bean>

   <bean class="org.jboss.portal.identity.sso.cas.CASAuthenticationHandler"/>

   </list>

   </property>

To test the integration:

• Go to your portal. Typically, https://localhost:8443(or 443)/portal

• Click on the "Login" link on the main portal page

• This should bring up the CAS Authentication Server's login screen instead of the default JBoss Portal login screen

• Input your portal username and password. For built-in portal login try user:user or admin:admin

• If login is successful, you should be redirected back to the portal with the appropriate user logged in.

• MOST IMPORTANT: if you want to make working logout action from portal, and portals inside it, you have to change the href link in header.jsp located in $JBOSS_HOME/server/default/deploy/jboss-portal.sar/portal-core.war/WEB-INF/jsp/header/ like here: <a href="https://your-server-name:8443/cas-server-webapp-3.2.1/logout?service= https://your-server-name:8443/signout?location=portal">Logout</a>

Last step is available here

]]> http://uskassat.wordpress.com/?p=20 Thu, 31 Jul 2008 15:44:13 +0000 pasquale rizzi http://uskassat.wordpress.com/?p=20

Overview (taken from Pentaho WIKI)

Single sign-on (SSO) allows a user to authenticate then request secured resources from members of the SSO system without subsequent re-authenticating. SSO is made possible with CAS.

Central Authentication Service

CAS is a single sign-on service. When users explicitly attempt to login (also known as authenticate) or when users request a resource which requires authentication, they are redirected to the CAS application. It alone handles the username and password submitted by the user. Upon successful login, CAS returns the user to the resource originally requested. It is up to the application containing the requested resource to grant or deny access based on authorization rules inside that application. Note that CAS provides only the name of the authenticated user to each application; it is up to each application to fetch the roles belonging to the authenticated user. Once it has fetched the roles belonging to an authenticated user, it can make authorization decisions based on those roles.

CAS at a Glance

In the above diagram, a "service app" refers to a "client" of the Central Authentication Service; it relies on CAS to authenticate users for it. Also note that the backing database used by CAS to check usernames and passwords is not necessarily the same backing database used by client applications to fetch roles, although in the above diagram they are the same.

Enabling Single Sign-On

Enabling SSO requires the installation of a brand new web application (i.e. CAS) along with modifications to both JBoss Portal and the Pentaho web application to consume CAS services. And CAS requires service apps to connect via SSL so an SSL certificate will be required. If you've decided that SSO is right for you, follow the steps described on the pages below.

First step: How to enable SSL (HTTPS) on JBoss

Follow this guide, until "Enable SSL on JBoss":
- don't read about Tomcat...
- don't follow the instructions in step 1 but replace them with the following:

• generate the key and a custom keystore with Keytool provided with Java jdk in that folder you are in:
  keytool -genkey -alias serverkeys -keyalg RSA -keystore mykeystore.keystore -storepass mypass -keypass mypass -dname "CN=my.real.hostname, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"
• create the server certificate
  keytool -export -alias serverkeys -keystore mykeystore.keystore -storepass mypass -file server.cer
• import the server certificate into JVM certificates
  keytool -import -alias serverkeys -file server.cer -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

Continue with step 2, 3, 4, 5 and you have finished.
Close that guide. Now your JBoss instance is ready to use Https and SSL certificate.

Second step is available here

Today I was trying wordpress to authenticate itself from a CAS server. I found out that wordpress has a CAS plugin which is built upon the phpCAS library.

My CAS server is a Ruby CAS server., and I have an AMP setup up with the wordpress (ver. 2.6), phpCAS (ver. 0.60-1), Wordpress CAS plugin (ver. 2.2 ) and latest version of Pear::DB. ( I know ... I have filled it up in one line, but its easy if you follow the docs! )

After activating the CAS plugin, I had a huge number of warnings and errors on my browser. Most of them were solved after giving them appropriate permissions. And resolving the libraries the respective components needs.

Then, depending on your CAS Server's SSL configuration, you need to edit "client.php" of phpCAS to allow https or http alone.

Then it worked fine, but wordpress would not login as it did create the cookie for the user. I went through the previous versions of the same plugin and found that wordpress has a function called wp_setcookie which can be called to set the cookie for a user.

The patch created by me modifies the wordpress plugin to explitcity set a cookie, if a user is granted a ticket from the CAS server. Note that, the older versions of the same plugin had the set_cookie code, but I could not find a changelog for the same.

If any one else have anyother experieces with Wordpress and CAS, I'd love to hear their experiences as well.

1. Un protocollo aperto e ben documentato;
2. SSO non solo WEB; Supporta anche la proxy autentication che permette per esempio anche a intere applicazioni di autenticarsi e non solo a client web.- Compliant con il procollo SAML per l’iterazione con altri sistemi SSO;
3. Una componente server open source; E’ possibile scaricarselo e installarselo in casa per testare l’ambiente. Funziona sia con apache 1 che apache 2.
4. Una vasta libreria di client per Java, Net, PHP, Perl, Apache, uPortal e altri ancora;
5. Integrato con uPortal, BlueSocket, TikiWiki, Mule, Liferay, ExO, Moodle e altri ancora
6. Vengono forniti molti esempi pronti all'uso.
7. Si tratta di un software con una comunità abbastanza robusta e attiva.
8. Rilasciato con aggiornamenti abbastanza cadenzati.
9. Scritto in java e open source.

Funzionamento

E' basato su cookie di sessione (come la maggior parte dei SSO).

CAS richiede SSL.

CAS usa LDAP per memorizzare le informazioni degli utenti connessi.

Quando un utente accede ad un sito CASizzato il sito lo reinderizza al server CAS. In questa fase un cookie viene salvato sulla macchina dell'utente. Questo cookie contiene un ticket univoco che lo identifica. Dopo che CAS ha verificato la sua identità lo rimanda indietro al sito di partenza. CAS aggancia un ticket unico alla URL del sito protetto.

Il sito protetto vede il ticket e manda tale ticket al CAS server. CAS chiede al servizio protetto se il ticket è buono. Se si l’accesso è garantito.

Client per CAS

Net Cas Client

.Net Http module

Acegi as CAS Client

ASP.NET Forms Authentication

AuthCAS

CAS + Seam Web Applications

CAS and JSR-168

CAS Client for Java 3.0

CAS Client for Java 3.1

CAS Proxying with ASP.Net Forms Authentication

CASBar- Toolbar for Firefox 2

CASP — CASP is an ASP .NET CAS client implementation in C #.

ColdFusion client script

Copy of CAS Client for Java 3.0

ISAPI Filter

Java Client

JSP Client

mod_auth_cas

MOD_CAS

mod_python auth module

PAM Module

Perl Client

phpCAS

CAS e Java

Per quanto riguarda la configurazione. Si mette un jar nel web-inf. Si configura un filtro (CAS in Java è gestito mediante Filter) e dovrebbe essere tutto a posto.

http://www.ja-sig.org/wiki/display/CAS/CASifying+Tomcat+Manager

CAS e .NET

http://www.ja-sig.org/wiki/display/CASC/ASP.NET+Forms+Authentication

In .NET viene usato un HTTPModule.

Esempio in DotNET

HTTPModule Filter Process

Il filtro HTTPModule è un programma C# che intercetta tutte le URL verso IIS 6.0 ed esegue le seguenti azioni:

il filtro controlla se si tratta di un utente valido guardando il cookie di sessione.

se un utente valido esiste (l'utente si è già autenticato all'applicazione corrente), lo USER ID è registrato nella collection degli elementi di contesto alla voce HTTP_USER e il controllo viene redirezionato alla URL richiesta. l'utente può essere prelevato in questo modo: string user = (string)Context.Items["HTTP_USER"];

Se non esiste un utente valido nel cookie di sesisone allora il filtro controlla il Ticket nel SSO Server.

se il ticket esiste (l'utente è stato già autenticato) il filtro inizia con il SSOServer il processo di validazione, uno user ID viene generato e salvato e crittato nel cookie di sessione e memorizzato nella collection di contesto alla voce HTTP_USER.

se la validazione fallisce viene generato un errore e il filtro torna un eccezione.

se nè esiste un utente valido, nè un ticket esiste (l'utente non si è autenticato) allora il filtro inizia un processo di login redirezionando il controllo al processo di SSO Login.

il filtro HTTPModule usa 2 files di configurazione per gestire questa fase:

il primo definisce i nomi di directory file e le directory del file di configurazione principale, se viene richiesta SSL, se e dove loggare le informazioni sul processo di filtro.

Il filtro HTTPModule è installato in ogni directory in cui si vuole intercettare la URL.

Se il filtro valido l'utente l'applicazione può leggere lo userID nella server variable HTTP_user.

Se il server SSO non valida l'utente l'applicazione non accederà mai alla URL richiesta.

Conclusioni

In buona sostanza CAS è un sistema di autenticazione puro e non di autorizzazione.

In altre parole consente di propagare l'identità dell'utente tra diverse applicazioni eventualmente istallate su server o in domini differenti mediante dei ticket crittografati. La determinazione dell'autorizzazioni assegnate ad un utente e l'enforcing delle policy di sicurezza sono compiti che spettano all'applicazione.

In effetti, è prassi utilizzare CAS in combinazione con un directory server in cui sono censite sia le identità degli utenti che i ruoli assegnati, tuttavia è responsabilità di ogni singola applicazione connettersi alla directory per accedere al profilo dell'utente e quindi applicare le dovute policy. Una possibile soluzione potrebbe essere quella di inserire nel ticket / cookie informazioni supplementari. Essendo il ticket scambiato di frequente non è una procedura consigliabile dato che il profilo di un utente può essere molto articolato mentre tale ticket deve essere il più snello possibile.

Riferimenti

http://www.ja-sig.org/products/cas/

http://wiki.case.edu/Central_Authentication_Service

http://www.ja-sig.org/wiki/display/CASC/.Net+Http+module
http://www.ja-sig.org/wiki/display/CASC/ASP.NET+Forms+Authentication
http://www.ja-sig.org/wiki/display/CASC/CAS+Proxying+with+ASP.Net+Forms+Authentication
http://www.ja-sig.org/wiki/display/CASC/ASP.NET+Forms+Authentication+with+Role+Provider

]]> http://richard3.wordpress.com/?p=904 Sun, 27 Jul 2008 15:58:19 +0000 Richard3 http://richard3.wordpress.com/?p=904 Les problèmes, survenus dans la nuit de vendredi à samedi, à Kanesatake, sont une preuve supplémentaire que n'importe qui fait n'importe quoi, à cet endroit.  Aussi, il serait grandement temps que l'on prenne des mesures en rapport avec l'ampleur du problème, dans cette communauté mohawk.

Après tout, il n'a fallu que quelques bien-pensants qui, soi-disant au nom de la sécurité, ont gueulé au MTQ que les cellulaires au volant pouvaient être dangereux, pour que la ministre Julie Boulet oblige tous les conducteurs à avoir "une gogosse dans l'oreille", et interdise le téléphone à la main pendant la conduite.  À force de se faire dire que la cigarette, ça pue, pis ça fait de la boucane, le gouvernement a interdit de fumer à moins de 30 pieds de la porte de plusieurs édifices publics, ainsi, bien sûr, qu'à l'intérieur.  Sur quel ton faudra-il dire que la communauté de Kanesatake n'est pas capable de venir à bout de ses "irréductibles", afin que le gouvernement mette ses culottes, et agisse, dans ce dossier?

Quand le conseil d'une municipalité n'est pas capable de régler un problème, le ministère des affaires municipales et des régions met la municipalité en tutelle, le temps qu'il faut pour régler les choses.  Existe-t-il une mesure pour régler les problèmes d'une communauté mohawk?  Si une telle mesure n'existe pas, il faudrait en créer une.  Et tant qu'à faire, autant y mettre le paquet!  Quand il fut déclaré que la vitesse causait plusieurs accidents, on n'a pas lésiné; on a acheté un pistolet-radar à chaque policier, et tout le monde paie, maintenant!  Il faudra faire la même chose, en rapport avec ces irréductibles; la communauté les défend, alors la communauté devra payer!

Ma mesure serait simple.  On donne six mois aux autorités mohawk de Kanesatake pour débusquer, et réduire au silence une fois pour toutes les fauteurs de troubles de leur communauté.  Après ce délai, au moindre incident, tous les habitants de la communauté sont déportés dans d'autres réserves mohawk, et le territoire de Kanesatake est cédé aux municipalités limitrophes, et ce, une fois pour toutes.  Les communautés de Kahnawake et de Kanesatake ont un beau grand territoire commun, à l'est de Sainte-Lucie-des-Laurentides; ce serait un excellent endroit pour les reloger!  Évidemment, pendant ces six mois de grâce, on laisse carte blanche aux autorités locales pour régler le problème à l'interne, et faire le "grand ménage" que plusieurs membres de la communauté n'osent pas demander en public.  En mettant tout le monde au courant de la mesure, les membres de la communauté s'impliquerait davantage, pour régler le problème, parce qu'ils connaîtraient les conséquences d'un autre laisser-aller.

À force d'apprendre, dans les médias, que des mohawks - toujours les mêmes - ont fait un barrage, démoli des voitures de la Sûreté du Québec, et créé du grabuge, et ce à chaque fois qu'un policier de la SQ éternue un peu trop fort, un jour ou l'autre, un gars en revient.  Si la communauté de Kanesatake n'est pas capable de régler le cas de quelques fauteurs de troubles en six mois, et ce avec une liberté d'action sans précédent, alors la communauté devra être dissoute.  Partout dans le monde, les états interviennent quand des communautés vont trop loin.  À Oka, il est maintenant temps d'agir.

I'm Cas van Cooten and I run the website Cas van Cooten designs (http://www.cas.vancooten.com)
If you are in need of a logo, website, banner or another design, visit that site, and I can help you out.

Thanks,

~Cas van Cooten

La ministre de l'éducation, Michelle Courchesne, a beau dire que "le régime parfait n'existe pas", il n'en demeure pas moins que le gouvernement doit souvent procéder à des saisies, se payer à même des remboursements d'impôts, ou même inscrire des hypothèques légales sur les propriétés des étudiants, qui ne se sont pourtant pas gênés quand fut le temps de demander des prêts.  Seulement en 2006-2007, pas moins de 1241 étudiants ont tout simplement déclaré faillite, au lieu de rembourser.

Le plus drôle, dans cet article, ce sont les réactions des porte-parole des fédérations étudiantes.  Le président de la Fédération étudiante universitaire du Québec (FEUQ), David Paradis, se dit d'avis que "le programme d'aide financière est déconnecté de la réalité en surévaluant la capacité de payer des étudiants".  Je dirais plutôt que c'est David Paradis, qui est déconnecté de la réalité, parce que tout le monde sait, dans le vrai monde, que quiconque emprunte, que ce soit pour des études, pour financer une maison, ou pour acheter du "pot", doit un jour rembourser.

Pour sa part, Merlin Trottier-Picard, de la Fédération étudiante collégiale du Québec, affirme que des étudiants, qui ont cumulé parfois plus de 20,000$ de dettes, "frappent un mur" en terminant leur formation.  Il déclare que "C'est facile d'emprunter.  C'est plus difficile de rembourser".  J'ajouterais une suite, à sa déclaration.  Quelque chose comme "C'est facile de boire ses prêts et bourses dans toutes sortes de partys, dont plusieurs organisés directement sur les campus.  C'est plus difficile de réussir ses examens."  Ça revient à dire que si l'on décide d'entreprendre des études, il faut y mettre un peu de sérieux.  Il semble que nos deux porte-parole aient oublié ce petit détail.

Personnellement, je me demande quelle est la dette étudiante de ces deux individus, juste pour le fun.  Un tableau, qui accompagne l'article, mentionne que le prêt moyen attribué en 2006-2007 est de 3254$, et que la somme de 21,376$ représente la dette d'études moyenne d'un finissant au doctorat.  Il me semble qu'un finissant au doctorat, ça ne se retrouve pas à travailler au salaire minimum.  La dette moyenne d'un finissant au baccalauréat se chiffre à 11,467$, alors que 25,390 étudiants ont obtenu une aide financière, alors qu'ils vivaient toujours chez leurs parents.  Alors si je prends les paroles de Merlin Trottier-Picard, ses amis, qui ont accumulé parfois plus de 20,000$ de dettes ont dû user leurs fonds de culottes pas mal longtemps dans les CEGEPs.  À moins qu'il parle de ses amis universitaires.

À mon point de vue, ceux qui ont des dettes étudiantes mirobolantes, et qui n'ont pas les moyens de les honorer, malgré les plans de remboursement avantageux, parce que beaucoup moins sévères de n'importe quelle hypothèque, sont certainement ceux qui ont étudié dans des programmes de "sciences molles", qui sont impressionnantes sur un CV, mais qui ne valent rien de plus que la feuille de papier sur lequel leur diplôme est imprimé, quand vient le temps de faire la besogne pour laquelle ils finiront par être embauchés.  Ce serait probablement aussi le cas des "gosses de riches", qui passent le plus clair de leur temps au CEGEP ou à l'université, parce que leurs parents sont écoeurés de les voir flâner à la maison, et leur dit des trucs du genre "si tu veux pas travailler, au moins, fais quelque chose de ta vie, et vas étudier".  Ces "flancs mous" sont d'ailleurs d'excellents clients des concentrations de sciences molles, subventionnées par le gouvernement, pour flâner dans les institutions d'enseignement supérieur, et certains d'entre-eux pourraient même sûrement devenir porte-parole de fédérations étudiantes, tellement ça fait longtemps qu'ils passent d'un cours, ou d'une concentration, à un autre.

L'une des solutions à ce problème d'endettement, que tout le monde finit par payer, en bout de ligne, avec ses impôts, serait de ne fournir l'aide financière que dans les secteurs à grande demande, comme la médecine, par exemple.  Toutes les sciences molles, qui ne garantissent que peu - ou pas - d'emplois, ne devraient permettre ni bourse, ni prêt, et ce afin que les fonds disponibles encouragent la formation d'étudiants vraiment désireux de participer au développement et à l'avancement de la société.  Une autre passerait par le refus pur et simple de prêter de l'argent à un étudiant qui change de cours, et ce à partir de la troisième fois.  Il existe des processus d'évaluation très efficaces, qui permettent à un étudiant de se diriger vers la bonne formation dès le départ; aussi, on pardonnerait un "recommencement", mais les autres seraient aux frais de l'étudiant.  Je crois que ces deux mesures garantiraient une baisse du nombre de prêts non-remboursés, à long terme, parce que les étudiants seraient attendus sur le marché du travail, et ce dès leur graduation.  Ils pourraient ainsi rembourser promptement leur dette d'étude.

Mais je vais sûrement me faire dire que de telles mesures vont "à l'encontre du libre choix des étudiants d'étudier dans ce qu'ils veulent".  Mon but n'est pas d'empêcher les étudiants d'étudier dans ce qu'ils veulent.  Il est de faire en sorte que le gouvernement finance les futurs diplômés dont la société a vraiment besoin.

Mitteilung des CAS vom 24. Juli 2008 im Wortlaut:

The following appeals have been filed with the Court of Arbitration for Sport (CAS):

• FC Schalke 04 v./International Olympic Committee
• FC Schalke 04 v./Brazilian National Olympic Committee
• Werder Bremen v./International Olympic Committee
• Werder Bremen v./Brazilian National Olympic Committee

A press release will be issued by the CAS if and when any additional information becomes available.  In the meantime, there will be no further statement from CAS regarding these matters.

Quelle: tas-cas.org

Since I've been living on my own I don't have cable to watch TV nor do I have a car to listen to the radio.  I'm pretty much away from Winnipeg's mainstream content so I can't engage in conversations relating to what's killed on the radio these days or about funny commercials they've seen recently.  With the wonderful world of the Internet I can watch and listen to basically anything I want at anytime.  I've always been listening to one source to get my audio fix.  Ever since my brother introduced me to Cerritos All Stars Live Mixshow I can't get enough.

Cerritos All Stars Live Mixshow (CAS) is an online radio station created by turntable DJs from Cerritos, California.  Their sets range from R&B, oldschool, reggae, club music to mashups.  Every Mondays, Wednesdays and Fridays have got their live sessions with different DJs and replay their older sets after hours to keep you listening.  Having playlists going all the way back to 2003, they've been doing this for a while and have even expanded their shows to different cities and countries!  Some shows can last you 30 minutes while most will keep you bobbing your head for more than 2 hours.

Even though I've got more than 30GBs of music on my iPod most of the tracks I've played this year are all from Cerritos baby!  Using an application called Screamer Radio, I'm able to record their shows and listen to them at home, bus, bike, work or wherever.  I can't stress enough that 90% of the music I listen to is from CAS.  After listening to great sets mixing good songs back to back how can I go back to listening to the radio or single tracks?  It's like finding that one live band who'll mix a few great songs together in one super fantastic set.  Don't get me wrong.  I still listen to full albums to get the feel of the entire album but I'll always go back to CAS.  I've tried other online radio stations and, again, I eventually return to CAS.  It is an online radio station and after playing so many sets throughout the year sometimes the mixes share the same tracks which get a little repetitive.  After listening to CAS for a while, you'll find some moments in their sets where you're just groovin' and movin' and it'll make you want to dance like no one's lookin'.  This is THE online radio station to check out after you've killed your favorite DJ mixes (mine would be from J Period and DJ Neil Armstrong).  Tune in.  Now!