5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

alphadogg writes "Five years after the disclosure of a serious vulnerability in the Domain Name System dubbed the Kaminsky bug, only a handful of U.S. ISPs, financial institutions or e-commerce companies have deployed DNS Security Extensions (DNSSEC) to alleviate this threat. In 2008, security researcher Dan Kaminsky described a major DNS flaw that made it possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate website to a fake one without the website operator or end user knowing. While DNS software patches are available to help plug the Kaminsky hole, experts agree that the best long-term fix is DNSSEC, which uses digital signatures and public-key encryption to allow websites to verify their domain names and corresponding IP addresses and prevent man-in-the-middle attacks. Despite the promise of DNSSEC, the number of U.S. corporations that have deployed this added layer of security to their DNS server is minuscule."

How custom hosts files help vs. DNS flaws... apk

As they help you avoid making DNS requests, if you use 'hardcoded' entries of your favorites, properly resolved against the in-arpa addr "TLD" that houses that information!

I do so, via this application I wrote up:

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

Which, if you read the list of what it can do for you as an end user of the resulting output it produces listed in the link above, you'll understand how/why...

"It's as strong as steel, & a 3rd of the weight" - Howard Stark from the film "Captain America"

---

Especially vs. competing alternate 'solutions', noted below in AdBlock/Ghostery & yes even DNS servers, next, as 'examples thereof'...

(Solutions that used to be good & I even recommended them in security guides I wrote up over the decades now -> http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Submit&gbv=1&sei=ka3yUKzxB-6_0QHLroCQCA

(Security guides of mine that did extremely well for myself and users of them) for Windows users, for "layered-security"/"defense-in-depth" purposes - the BEST THING WE HAVE GOING vs. threats of all kinds, currently!

(Not anymore though, & certainly NOT far as AdBlock's concerned especially, not after this):

---

Adblock Plus To Offer 'Acceptable Ads' Option:

http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option

(Meaning by default, which MOST USERS WON'T CHANGE, it doesn't block ALL ads - they "souled-out"... talk about "foxes guarding the henhouse")!

---

Plus, Adblock CAN'T DO AS MUCH & not from a single file solution that runs in Ring 0/RPL 0/kernelmode via tcpip.sys, a driver (since it's part of the IP stack & tightly integrated into it) which is far, Far, FAR FASTER than ring 3/rpl 3/usermode apps like browsers, & addons slow them down (known issue in FireFox).

To wit, 10++ things AdBlock can't do, hosts can:

---

1.) Blocking rogue DNS servers malware makers use

2.) Blocking known sites/servers that serve up malware... like known sites/servers/hosts-domains that serve up malicious scripts

3.) Speeding up your FAVORITE SITES that hosts can speed up via hardcoded line item entries properly resolved by a reverse DNS ping

4.) AdBlock works on Mozilla products (browser & email), hosts work on ANY webbound app AND are multiplatform.

5.) AdBlock can't protect external to FireFox email programs, hosts can (think OUTLOOK, Eudora, & others)

6.) AdBlock can't help you blow past DNSBL's (DNS block lists)

7.) AdBlock can't help you avoid DNS request logs (hosts can via hardcoded favorites)

8.) AdBlock can't protect you vs. TRACKERS (hosts can)

9.) AdBlock can't protect you vs. DOWNED or "DNS-poisoned" redirected DNS servers (hosts can by hardcodes)

10.) Hosts are EASIER to manage, they're just a text file (adblock means you had BEST know your javascript, perl, & python (iirc as to what languages are used to make it from source)).

& more... as a tiny 'sampling' & proofs thereof!

---

Same with Ghostery:

---

Evidon, which makes Ghostery, is an advertising company.

They were originally named Better Adver

DNSSEC is not the best long term fix

DNSSEC is a flaw too! Once I watched a keynote from Daniel J. Bernstein at FISL pointing out all the flaws that make DNSSEC vulnerable. So he pointed to a better solution called DNSCurve: http://en.wikipedia.org/wiki/DNSCurve

Re:DNSSEC is not the best long term fix

[GameboyRMH]

Furthermore see Moxie Marlinspike's criticisms of DNSSEC:

http://www.thoughtcrime.org/blog/ssl-and-the-future-of-authenticity/

About 2/3 way down the page.

Re:DNSSEC is not the best long term fix

DNSCurve is DJB's solution. Now, DJB ranks as one of the best engineers of our time. But DNSCurve has it's own problems, which DJB merely classifies as design choices. Well... that's pretty much how the DNSSEC classified their "flaws", too.

Personally, I'd prefer DNSCurve. But DNSSEC isn't that bad. Its biggest fault is its complexity.

Re:DNSSEC is not the best long term fix

[Bengie]

From the sound of the wiki article, DNSCurve only secures the channel communicating to the DNS server, while DNSSEC secures channel and the actual DNS records.

We need both secure communications and validation that the returned entries haven't been modified by the server itself.

Re:DNSSEC is not the best long term fix

DNSCurve is DJB's solution. Now, DJB ranks as one of the best engineers of our time. But DNSCurve has it's own problems, which DJB merely classifies as design choices. Well... that's pretty much how the DNSSEC classified their "flaws", too.

Personally, I'd prefer DNSCurve. But DNSSEC isn't that bad. Its biggest fault is its complexity.

I'd say the biggest fault of all of them is lack of implementation.

Rather pointless to sit here bitching about how one sucks worse than the other when 99.999% of the DNS world clearly doesn't give a shit about either solution.

Re:DNSSEC is not the best long term fix

He doesn't get it. People who tout SSL keys in DNSSEC are very aware of the hierarchical nature of the DNSSEC trust relations and who we would be trusting if we used DNSSEC to distribute SSL keys. The point is that we're already trusting the very same people now, in addition to the CAs, and they're not even using trustworthy DNS yet. When you get a certificate from a no-frills CA, you only need to be able to receive mail at one of a few local parts under the domain that you want the certificate for. Bam, everybody who uses SSL must also trust the DNS hierarchy not to enable an attacker to divert mail. SSL keys in DNSSEC are not less secure than what we have now, but they're much simpler, much cheaper and don't pretend to do more checking before issuing a certificate than they actually do. SSL keys would be the killer app for DNSSEC. Let the CAs do thorough verification and kick out any CA which issues or enables others to issue spoofed certificates. We can still have reasonably secure encryption for most web traffic, and by enabling anybody to switch on HTTPS without having to pay extra for a certificate, SSL keys in DNSSEC would make the web much more secure than it is today.

Re:DNSSEC is not the best long term fix

Slides from a Bernstein talk
A quote:

Summary so far:
DNSSEC does nothing to improve DNS availability.
DNSSEC allows astonishing levels of DDoS amplification, damaging Internet availability.
DNSSEC does nothing to improve DNS privacy.
DNSSEC, even with NSEC3, leaks private DNS data.

Re:DNSSEC is not the best long term fix

I'm a DJB fan (run qmail and djbdns since I setup my server in the 90's), but as Paul Vixie points out here: http://www.isc.org/community/blog/201002/whither-dnscurve dnscurve doesn't solve the same problems as DNSSEC. dnscurve solves the problems of an insecure internet between the resolver and the responding DNS server. But it doesn't solve the "can the responding DNS server be trusted" problem.

Re:DNSSEC is not the best long term fix

[yfrdtyid]

http://www.cloud65.com/ what Melvin implied I'm shocked that you can make $5577 in one month on the internet. did you see this website

Re:DNSSEC is not the best long term fix

SSL with DNS (via DNSSEC) providing the PKI is a done deal, as DANE it was published as an RFC and is standards track already. Google's Chrome supports this functionality today, Firefox has a patch they've sat on.

Moxie doesn't get it because he's not interested in building something people will actually use, he's interested in the intellectual exercise. A fully distributed system where everybody has to make personal trust decisions to get anything to work is Moxie's dream, but in the real world we've _been_ there and the outcome was that everybody proxied their decision onto a handful of "trusted" vendors who solved the Dancing Pigs problem by trusting every vendor they heard about. So DANE doesn't plan to do that again (but Moxie is free to build it, and use it with the six other people who like making trust decisions all day).

Anyway, like I said, DANE is a done deal, like IPv6. Pundits will continue to write that it has "failed" and use phrases like "eggheads" and "whizkids" and talk about how brilliant they are to be able to predict the past so accurately now that it has happened, but that's what pundits do for a living and anyone with half a braincell knows to ignore their wittering.

Re:DNSSEC is not the best long term fix

Having delved into both deeply, implementing DNSCurve in one server and partially having implemented DNSSEC elsewhere, I can give you a better comparison.

DNSCurve secures the channel between a recursive DNS cache and upstream authoritative servers. It does not attempt to secure the client->cache channel, although there have been related proposals (modifications of the same basic guts DNSCurve had) to secure that channel as well. DNSCurve is designed for a world where you implicitly trust your cache. Either you decide your ISP or shared cache provider (e.g. OpenDNS) is trustable, or you simply run your own cache. Some people claim the DNS doesn't scale well like that, but it actually copes just fine. Having a recursive cache on every home router is not the end of the world, and makes DNSCurve a fully-secure solution that's miles better than DNSSEC.

DNSSEC is designed around a world that assumes un-trustable, even adversarial, shared DNS caches. It assumes you can't (god knows why) run a local recursive cache or use one that you implicitly trust for other reasons. It assumes that the caches you're forced to use will actively try to screw with your DNS data. So it goes about protecting the actual data end-to-end with digital hashes of the authoritative records that can be verified (after passing through N levels of untrusted caches) all the way down at the client. However, it doesn't secure any of the channels in the general sense, it's design is extraordinarily complex, and it has repeatedly caused security problems of its own (e.g. amplification attacks, denial of service, hash flaws, and new pathways to remotely list the hostnames within a domain via DNSSEC probing). The key management is pretty arcane too, and was clearly set up to make certain DNS companies a lot of money hosting DNSSEC for others because nobody else would want to deal with that crap.

The world as DJB tried to paint it, with DNSCurve and local/trusted caches, is a far better one. The modifications to the DNS were much simpler in nature, it was far easier to implement, and far less prone to introducing new security problems. The only real pragmatic hangup that prevented widespread adoption (well, aside from the "professional" long-term BIND/DNSOPS/Verisign/etc community hating him for constantly pointing out their silliness) was that his public-key sharing mechanism was to essentially name your nameservers after your public key. So for example, if I went to the .com registrar and wanted to register example.com and use DNSCurve on example.com's nameservers, I had to use a base64-encoded public key as a hostname, and it was a long one. Instead of registering "ns1.example.com" upstream, you had to register "aoiejf0a4uaoisrjao84o8halsidjfalkejfoq48falsierfjalskef.example.com" as a nameserver hostname (or whatever, imagine that random crap was a long base64 string).

Some others worked on a modified DNSCurve proposal which dropped the ugly nameserver names in place of stealing DNSSEC's DS or KEY records (and just using them in isolation at the registrar as a registered DNSCurve public key), but that also gained no traction. Really, that variant could've won the day, and should have, if it weren't for bickering and politics.

Re:DNSSEC is not the best long term fix

[marka63]

Slides from a Bernstein talk
A quote:

Summary so far:
DNSSEC does nothing to improve DNS availability.

Neither does DNSCurve.

DNSSEC allows astonishing levels of DDoS amplification, damaging Internet availability.

Which is not a problem of DNSSEC per say but a basic problem of DNS. It is also solvable. It just requires will to deploy the solutions.

DNSSEC does nothing to improve DNS privacy.

This was a explicit non goal of DNSSEC.

DNSSEC, even with NSEC3, leaks private DNS data.

No more than DNS leaks private data.

Re:DNSSEC is not the best long term fix

[marka63]

DNSSEC was designed around real world constraints, not the mythical world where every resolver can talk to authoritative servers directly or only through trusted recursive servers. Yes, there are ISP that force you to use their name servers.

DNSSEC is designed to cope with untrusted authoritative servers. Most people don't have the resources to provide the servers necessary for fault tolerance. With DNSCurve you have to trust those operators to not change the data as any change they make can go undetected. With DNSSEC the worst they can do is reduce the effective number of name servers for the zone.

As for OpenDNS you still have to establish a trusted path to them.

Re:DNSSEC is not the best long term fix

The point is that we're already trusting the very same people now, in addition to the CAs, and they're not even using trustworthy DNS yet.

Speak for yourself AC. Not everyone trusts all the CAs in the world. Some of us actually do go through the CAs in the browser and disable the ones we don't trust.

Let the CAs do thorough verification and kick out any CA which issues or enables others to issue spoofed certificates.

LOL! Seriously. You really think the CAs will do that? The browser makers are more likely to be feared by the CAs. And even today the browser bunch aren't that strict.

Sweden Innovates

[ptudor]

So, there's OpenDNSSEC to automate deployments; I strongly suggest spending the time to watch the .SE NIC's nine-part training videos from 2010 at Youtube to improve one's understanding: http://www.youtube.com/watch?v=zl3gdM5tDTo

Some respected members of our community dismiss DNSSEC. This video of DJB presents an opinion: DJB at 27C3

Re:Sweden Innovates

[Eunuchswear]

videos? Does noone know how to rite anymore?

Aargh - the next fucker is telling me to look at some flash shit!

Re:Sweden Innovates

[kwark]

If you just kept reading instead of getting distracted by flash, you'd have seen the next link point to human readable text explaining (briefly) how dnssec works and how to implement it for a specific named. I just have to hope you read past flash this time.

Re:Sweden Innovates

[drinkypoo]

If I need to watch a nine-part training video to understand DNS, then someone has fucked up DNS. That is bullshit.

Re:How custom hosts files help vs. DNS flaws... ap

great... now all the hosts file shills will come crawling out of the wood work. Yes, fine for a few machines... but how about 5000? You really want to make 5000 hosts file entries every time you want to lock down a domain name? idk, running your own DNS server, and locking that down, sounds shittons easier.

Re:How custom hosts files help vs. DNS flaws... ap

[dickplaus]

I only scanned this, but I'm supposed to turn off my computer and no longer use the interwebs is what I gathered?

so this is aiding and abetting terrorists.

By not applying the fix, they are aiding the enemies of the USA to attack and bring down everything in the USA.

The DHS should be taking the lot in for questioning about Un-American activities.

Re:How custom hosts files help vs. DNS flaws... ap

[Sheetrock]

Nah, just edit once and have the other 4999 machines fetch through Gnutella with a batch file. It's not like this isn't a solved problem.

If you are a customer

Of Comcast, you know you are already DNSSEC'd. Just as a heads up!

Basic rule of computer security

[dkleinsc]

Many potentially targeted organizations will not spend the time and money to make the necessary changes without prodding. I've seen this in payment security too: A lot of companies are shocked and dismayed when they find out that they are supposed to store credit card numbers in some way other than in plaintext in a database accessible to anyone with the single database login that everyone in the company has.

The only thing that will prod them is experiencing a cost of doing nothing that is higher than the cost of implementing the solution.

Re:Basic rule of computer security

...The only thing that will prod them is experiencing a cost of doing nothing that is higher than the cost of implementing the solution.

Basic rule of business: The "experience" they refuse to pay for may just be their last decision as a business.

Have fun gambling. The lawyers always seem to enjoy it.

I deployed it at our ISP recursive servers

[whois]

It broke access to several DNSSEC enabled websites that were misconfigured. After a few months of support problems where we suggested the websites fix their issues and they ignored it, it was requested by management that we turn it off.

It's a very bad design as it stands now. It's unable to return any error but NX Domain for DNSSEC errors for reasons of backword compatibility, which is stupid since you need a DNSSEC enabled resolver to make the request.

It also has an incredibly steep learning curve that even experienced public key administrators face problems with.

Re:I deployed it at our ISP recursive servers

[bbelt16ag]

sounds like job security..

Re:I deployed it at our ISP recursive servers

[anom]

This. I recently set up a new name server and had to disable it for similar reasons.

Re:I deployed it at our ISP recursive servers

If you use the correct dns server, dnssec will be a piece of cake.

Re:I deployed it at our ISP recursive servers

[nullchar]

Would either the parent or GP like to list some sites that were broken with DNSSEC? There are some decent tools to test DNSSEC queries, so I'm surprised the DNS admins for the broken zones have left it broken. There's not really any half-assed zone signing with DNSSEC, you either sign the entire zone or you don't.

Re:I deployed it at our ISP recursive servers

[gweihir]

And there is the little problem that in the long run, its certificate system is just as broken as the SSL cert system is now. My guess is it is not worth the effort at all.

Re:I deployed it at our ISP recursive servers

Except the largest cable ISP in the US, Comcast, has DNSSEC resolvers enabled for customers by default, and they manage to deal with these problems.

They even track and publish informaiton of (large) failing domains and in the backend work with website owners to notify them of the deficiancies. As a Comcast customer, I notify the Comcast DNS folks whenever I have DNSSEC problems, as they have a large amount of clout and will use it to notify website owners.

More large ISPs need to get on board - when we have critical global mass with the majority of the large ISPs enabling DNSSEC, DNS operators will fix their problems - or better yet monitor and proactively update their signatures, keys, etc. This is much like they do with SSL certs.

Re:I deployed it at our ISP recursive servers

[kwark]

"its certificate system is just as broken as the SSL cert system is now"

Can you explain this? DNSSEC hasn't got much common with the SSL cert system. There is only 1 root authority, the weak point during a key change. Each domain/tld has their own (multiple) keys. tld and domains should regenerate the short Zone Signing Keys fairly often (a couple of weeks), while the bigger Key Signing Keys should be regenerated about once in a year. If a tld is compromised it only has to create a new KSK, individual domains aren't affected (IIRC). If an individual nameserver or domain is affected only that server of domain needs to regenerate a KSK.

Re:I deployed it at our ISP recursive servers

[whois]

We beat Comcast to the punch by about a year. I'm happy that they turned it on and can afford to support it, but 90% of the customers you have are dumb and don't care why it doesn't work from your ISP, they just care that it works at Starbucks and doesn't work at their house.

Being a huge monopoly has an advantage when it comes to telling customers to pack it up when they have DNS issues. I too am a comcast customer and I run my own resolver (for flexibility, not because they implemented DNSSEC)

All the domains that didn't work at the time were government sites. Usually obscure subdomains that only individual customers needed access to, so hounding random government agency to fix their problems didn't really help the rest of your customers. Also, contact with random government agency admin, which isn't easy to begin with, might be impossible if their admin contact has an MX within the broken DNSSEC domain (or we're forced to use non-DNSSEC enabled resolvers for our own email servers to contact them)

Re:I deployed it at our ISP recursive servers

[gweihir]

Too many people in there. Somebody will either mess up or be corrupt. A PKI only works in practice if there is a single CA or a very small number of CAs under tight control. Ignoring the non-technological angle is just incompetent.

Re:I deployed it at our ISP recursive servers

[kwark]

But there are no CAs in DNSSEC. There are only public/private keypairs under control of the owner of the domain.
www.example.com. has 3 pairs/signatures to check:

• .
• com.
• example.com.

example.com. tells the com. authority what it's public KSK is.
com. tells the root zone what it's public KSK is.
The public KSK of the root is known by all people/software that want to check dnssec signatures (the weak point since how do you securely distribute and update that one?).

Re:I deployed it at our ISP recursive servers

[idontgno]

Well, if your assertion is that "people are a problem", you're not the first to make that observation..

It's a little-considered fact that 100% of insider crime is committed by insiders.

Short of extincting the human race, I don't see a good solution. Maybe we should not fixate on the insolubles?

Re:I deployed it at our ISP recursive servers

[KiloByte]

It also has an incredibly steep learning curve that even experienced public key administrators face problems with.

There's a way to do it in the name server itself, but here's a way for newbies:

1. in named.conf.local, change file "example.org.zone"; to file "example.org.zone.signed";
2. where you would do rndc reload example.org after a change, you instead do zonesigner --usensec3 -zone example.org. example.org && rndc reload example.org
3. read the key-signing key zonesigner created, log in to your registrar, add a DS record by pasting data from that file
4. if you want the keys to expire (zonesigner's default), set up a cronjob to re-sign the zone. This can be automated with rollerd, but cron is something everyone already knows.

That's all. I don't think someone not able to follow these steps should muck with DNS records.
(Yes, there are nicer ways, but this one is simplest.)

Re:I deployed it at our ISP recursive servers

[dkf]

The public KSK of the root is known by all people/software that want to check dnssec signatures (the weak point since how do you securely distribute and update that one?).

The usual way with PKI is to have two identities involved in the root. One, the master, has a public key very widely known and with a very long life, and only ever used to validate the "operational key"; the master private key is kept offline in a safe somewhere. Perhaps with armed guards or something like that. The operational key is what is used to validate child domains, and as such is in use a lot more and so is more exposed. On the other hand, you can generate new ones (with only the hassle of the armed guards) without needing to update all the consumers of the keys; operationally, that's entirely practical.

I have no idea if DNSSEC is set up to work this way. It's quite possible that it isn't, with clients assuming that the identity of the agent authorizing the root zone is its own lonesome thing.

Re:I deployed it at our ISP recursive servers

[gweihir]

And that makes com a CA. Or how do you think the signature of com gets onto the public key of example.com? Magic?

Re:I deployed it at our ISP recursive servers

[gweihir]

Indeed. The problem I see with things like DNSSEC is that it implies trustworthiness that may well not be there, hence I understand why people are not bothering with it. (Aside from it being another protocol monster form a really clueless tram...) It is also generally not needed for things like remote access, just use 2-sided authentication.

Re:I deployed it at our ISP recursive servers

[kwark]

"Or how do you think the signature of com gets onto the public key of example.com? Magic?"

It doesn't. And you are confusing a web of trust with CA, it's like PGP. com. can only tell a dnssec user what it thinks the public KSK of example.com. is. That should have been communicated in a secure way to com. It is oneway trust between direct parent-child relations in the dns tree.

Dutch solution

[CAPSLOCK2000]

SIDN (the maintainer of .nl) offers a small discount to domains that use DNSSEC. This was sufficient motivation for a few large hosting companies to enable DNSSEC across all their domains. In just a few days a fifth of all Dutch domains switched over. By now 26% of the .nl domains (1.381.790 out of 5.153.408) use DNSSEC.

And do you know why it's not widely deployed?

[grasshoppa]

Because the standards are a pain in the ass and most implementations are needlessly complex.

Re:And do you know why it's not widely deployed?

[bbelt16ag]

then fix it! whats your excuse now? and if you can't then complain to the ones who can.

Re:And do you know why it's not widely deployed?

Sounds like you are ready for an entirely plug and play society. Well, welcome to the real world kiddo... people are constantly evolving into trying to break security, and it isn't going to be an out of the box (HOORAY MCAFEE!) solution.

Re:And do you know why it's not widely deployed?

[grasshoppa]

Wrong actually. Security works best when it's simple. Make it too complex, or needlessly complex, and you open yourself up for implementation flaws.

Security implementation should only be as complex as needed. Added complexity only serves to compromise the security you are trying to achieve in the first place.

Re:And do you know why it's not widely deployed?

[nullchar]

Agreed. Implementing DNSSEC is a royal pain in the ass for the authoritative server operator. If it was easy, many would have done it.

Additionally, your domain registrar must support DNSSEC to list the digest records or even public keys with the registry so they can be listed in the TLD-root zone. Once you sign a domain, you cannot transfer the domain to a non-DNSSEC-implementing registrar.

Re:And do you know why it's not widely deployed?

[gweihir]

Indeed. Security is even more dependent on simplicity and clarity than reliability is. Today, we have not even really mastered software reliability and then some people think a complex security mechanism is a good idea? Talk about really not getting it.

Re:And do you know why it's not widely deployed?

Yes you can, just disable dnssec before transfering.

Re:And do you know why it's not widely deployed?

[nullchar]

Of course you can always un-sign your zone. But the idea is that we all should sign our zones to prevent cache poisoning or MITM DNS responses or ISP filtering/wildcarding, etc.

Just like most mail server admins have enabled SPF via simple TXT records, only a few of those have implemented DKIM which requires signing each outbound email.

I do appreciate the beauty of a crazy chaotic and somewhat democratic process to create new standards (IETF/RFC) and implement them laissez-faire style on an as-needed basis.

If cache poisoning or abusive DNS filtering/hijacking was happening on a regular basis and reported widely in the [tech] media, DNSSEC would be implemented rapidly. There's just not enough threat to cover the pain of zone signing. Also, we have to trust the root server operators to never lose their keys...

Re:And do you know why it's not widely deployed?

But when transfering a domain, "cache poisoning" always happens. Caches have the old records till their ttl expires. So when I know somebody is going to change dnsservers, I tell them to change ttls to something low like 300s. If it is a dnssec domain I now have to tell them to unsign the zone well before moving. Not a big deal.

Re:And do you know why it's not widely deployed?

[nullchar]

What? When you transfer a domain, you usually KEEP the existing nameservers. It's often not wise to use DNS provided by your registrar -- because then when transferring the domain, you need to pre-copy the zone to a new DNS provider.

Yes, you can move the DNS zone from a set of nameservers to another set of authoritative servers, and reducing TTLs for the SOA and NS records are advisable before making that change. However, the registry operators almost always set 48 hour TTLs on the set of authoritative nameservers, and that cannot be changed. Thus, you need the zone active on BOTH sets of nameservers for at least 48 hours.

There is no poisoning of any cache when either transferring a domain or moving the DNS zone to another provider. Various resolver caches may have different values for the SOA and NS records, but those caches are still correct and not poisoned by a 3rd party.

Re:Dutch Innovate

[kwark]

Why choose this instead of powerdnssec? I strongly suggest the dnssec training at http://www.dnsseccourse.nl/en/player.html (flash) to improve one's understanding of the dnssec protocol. And powerdns to implement it http://doc.powerdns.com/powerdnssec-auth.html

BTW dnssec adoption is amongst the highest for .nl in absolute numbers of domains, simply because there is a bounty for every domain signed. If you have a few hundred of domains the costs to implement are lower than the discount given till mid 2014 == profit for implementing dnssec. And since powerdns does all the hard work automatically and dynamically in a transparant way (except importing the DS key in the tld)

As usual, I am correct in my predictions... apk

"Now - I truly KNOW this post will no doubt be downmodded, because Advertisers do NOT want this type of information getting out en-masse to enlighten users - they bought out Ghostery, crippled Adblock, but TRY THAT with a local hosts file (good luck!) especially one a user builds himself!" - by Anonymous Coward on Tuesday January 29, @02:12PM (#42729809)

See subject-line & that quote of mine from my posting: Technically unjustifiable downmods = "the best you've got", troll naysayers?

* Apparently so, since I don't see ANYONE able to validly disprove my computing technical points in my initial post on custom hosts files value on MANY levels (added speed, security, reliability, & even anonymity to an extent) -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42729809 :)

APK

P.S.=> So much for the 'brainpower' of /. forums trolls, eh? I even challenged them to disprove my points in that same post:

"(Beat THAT with a stick... or better yet? With information that disproves my points (to any 'naysayers' or trolls, that is))." - by Anonymous Coward on Tuesday January 29, @02:12PM (#42729809)

Any takers? Apparently not - nope, all my 'detractors' have is BOGUS unjustifiable downmods of my post, nothing more... lol, as usual!

... apk

Re:As usual, I am correct in my predictions... apk

Good God APK - try to organize your thoughts and keep it concise (but I know you can't). You'll probably still be considered a troll but I won't have to scroll so far.

APK - Always Pointless Kerfuffle

Re:As usual, I am correct in my predictions... apk

[Sardaukar86]

As usual, APK trumpets his own mighty awesomeness and publicly congratulates himself on his precognitive abilities yet continues to be genuinely puzzled why people can't be bothered with him.

Yup, now's your chance to chalk this up as another victory for APK! (Might be a good time to get some of your AC sockpu^H^H^H^H^H^Hfriends to pop out of the woodwork to defend you)

Re:Dutch Innovate

[ptudor]

Why choose one over the other? I don't care :) So far people have chosen neither.

Re:Logon scripts & my app I posted... apk

Sure, update the hosts file and have everybody logout/login again. Nothing of value will be lost during working hours.

Smart companies have you logout @ day's end

BOTH for security purposes (& to save power too), 1st of all.

Secondly, that's only 1 way - there are others (some of the other repliers note them to you in fact, not sure if they're valid or not, but - learn to read!)

* In any case, you fail (and posting as AC too, "gosh, I wonder WHO downmodded my post & now has to reply AC"... lol, NOT!) - especially on security & why logging out @ day's end, IS important!

Especially considering you missed this simple fix that easily overcomes your "objection", troll, & in your initial trolling ac post here -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42729915

APK

P.S.=> IF/when the "best you've got" is an unjustifiable downmod vs. my initial posts' points -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42729809 YOU FAIL!... apk

Re:Smart companies have you logout @ day's end

You're the one obsessed with the hosts file. Freak. Windows doesn't even have a fucking /etc directory!

Re:Smart companies have you logout @ day's end

[DroolTwist]

Especially under system32/drivers. Don't look there!

Re:Smart companies have you logout @ day's end

A login script is the solution you suggested, that clearly has huge drawbacks during working hours. You created this problem, you solve this. Sofar I still favour a dnsserver with a database backend if there was actually some problem solved by handcrafted "dns" responses.

Algemene Periodieke Keuring.

DNS is not a security mechanism...

[gweihir]

If your security depends on DNS working, you are screwed anyways. That is likely the main reason nobody uses DNSSEC: It does solve the wrong problem.

1. The sane way for remote access it is to require 2-sided authentication on connection, making DNSSEC entirely redundant.
2. For the open web, things are a bit differently, but there you can land on a malicious page any time and the only solution for that is a not vulnerable browser or a secure browsing environment.

There is also the small issue that DNSSEC is badly borked and a nightmare to install and maintain. In addition, the other PKI (SSL certs) is badly broken, and there is really no reason the DNSSEC PKI would fare any better if widely deployed. In the long run, it is very likely that DNSSEC is just a waste of time and effort.

Re:DNS is not a security mechanism...

Missing the point. The internet depends on DNS being secure. Unfortunately DNSSEC sucks, and DNSCurve is from DJB, so neither are gaining widespread use.

Re:DNS is not a security mechanism...

[jd]

2-sided authentication was mandated in the early IPv6 specs by the IPSec mechanism. Sun offered an alternative, SKIP.

Since then, both have been ported to IPv4.

IPSec is occasionally used by VPN clients, but that's about it. Most VPN clients are run on laptops or other portable devices, often over a wireless link. This is where Sun SKIP was stronger than IPSec, which is ideal for a wired network but gets noisy when you've links that aren't guaranteed stable and error-free.

Regardless, neither is used for meaningful network-to-network or host-to-host 2-sided authentication on the wired Internet.

As for solving the wrong problem, again with IPv6, I'll point to the UK's solution which is to use carrier NAT. Which breaks just about everything. (Which is frustrating a hell. I was one of the pioneers on IPv6 in the UK, and indeed had the first registered node on the 6Bone At that time, the most recent Linux kernel was 2.0.20 and you had to use a special patchset to get the IPv6 support.)

What this boils down to is that there is no desire AT ALL in industry to use correct solutions, good solutions or even workable hacks. The industry wants things that are fundamentally broken to stay broken because repairs hurt profits and profits are god to them. (Which is clearly irrational, Linus made it quite clear HE was God.)

In a pure or semi-pure market economy, profitable defects are superior to costly integrity. The market is incapable of addressing this because the market isn't designed to consider intangibles like security, reliability, robustness, etc. It's designed to keep shareholders and directors happy and stuff the plebs actually using the products.

Re:DNS is not a security mechanism...

[gweihir]

And this is relevant how? IPsec is known to be another protocol monster by clueless designers. How IPsec ever passes the IETF process is a mystery to me. Numerous people must have messes up simultaneously.

TLS (as in OpenVPN, for example) and SSH for UNIX provides a much better basis for 2-sided authentication, and both are in widespread use.

Re:DNS is not a security mechanism...

[dmelomed]

The problem with IPv6 adoption is its design, not politics. It was designed as a replacement instead of IPv4 backward-compatible extension. An administrator and end-users have to go through hoops to make this garbage work, and that's why nobody wants to. Why should/would they? IPv6 should have been designed such that neither administrators, nor end-users would have to do much to upgrade.

Re:DNS is not a security mechanism...

[jd]

TLS vulnerability on Slashdot frontpage today.

SSH is of dubious value as it encrypts only select channels, whereas the remaining channels may contain sufficient information to pose a significant vulnerability.

Give me something that WORKS, for Pete's sake, and not this backyard crap.

Re:DNS is not a security mechanism...

[jd]

IPv4 is intrinsically incapable of being secured. So, if you want to design a secure IP protocol, you cannot have one that is backwards-compatible.

IPv4 is also necessarily fragmented - there is no correlation between IP address and location within the network, leading to bloat in router tables, inefficient routing decisions, excessive latency and greater vulnerability to MitM attacks via router poisoning.

IPv4 requires manual configuration, whereas IPv6 is autoconfigurable by design.

IPv4 has support for IP Mobility and Network Mobility, via kludgy message forwarders, whereas IPv6 can support these using transitional IP addresses and backbone redirects.

IPv6 does indeed require very little to upgrade.

This is the sum total of what users actually need to do: NOTHING.

This is the sum total of what network administrators need to do: Activate autoconfigure on the router and have dynamic DNS pick up allocations from there.

That's it. That is all. NOTHING MORE.

By doing NOTHING more than the above, you would be able to pick up a laptop and migrate from wireless access point to wireless access point seamlessly - any changes in IP address and routing would be handled for you. Yes, that means you could move from the library to a cafe to your home without dropping a single packet and all connections remaining intact.

You demonstrate the real reason IPv6 isn't mainstream at this point - you've bought into the ignorant naysayers' arguments and know nothing about what IPv6 does, how to use it, or what it offers.

Re:DNS is not a security mechanism...

[dmelomed]

"You demonstrate the real reason IPv6 isn't mainstream at this point - you've bought into the ignorant naysayers' arguments and know nothing about what IPv6 does, how to use it, or what it offers."

Right, by doing nothing!

What's there to buy into? The problems with IPv6 and its lack of adoption are widely discussed on mailing lists (it's got many warts, the need for 'AAAA' records, needless complexity, etc., etc., and even people who write firewall code and run ISPs for a living will tell you they'd rather run carrier grade NAT. If it is automatic and easy, why haven't we switched yet when so many SOHO routers still have trouble with IPv4!? By doing nothing??

Re:Logon scripts & my app I posted... apk

Just a shame your program is so slow. Isn't it, APK?

Re:Dutch Innovate

[kwark]

Nobody is using them? 1/5 of the .nl domains are registered DNSSEC domains:
http://xs.powerdns.com/dnssec-nl-graph/

You're in error: %Windir%\system32\drivers\etc

" Windows doesn't even have a fucking /etc directory!" - by Anonymous Coward on Tuesday January 29, @03:22PM (#42730715)

What? Your "FoaMiNg-@-teh-MouTh" profane failed illogical ad hominem attack shows you're in error as does my subject-line!

("Rinse, Lather, & Repeat", troll -> %Windir%\system32\drivers\etc).

CLUE/New NEWS/NewsFlash: Windows IP stack is BSD derived & yes, it has an etc folder (subfolder/subdirectory actually)...

APK

P.S.=>

"You're the one obsessed with the hosts file. Freak." - by Anonymous Coward on Tuesday January 29, @03:22PM (#42730715)

Not obsessed - I just know custom hosts are effective for added speed, security, reliability, & even anonymity to an extent is all... & yes, they work!

(Better than competing solutions like AdBlock, Ghostery, & even DNS - which custom hosts can overcome its shortcomings supplementing them, even the secured-filtered ones I used listed in my 1st post)...

Nice part is, because of hardcoded fav. sites of yours you can put into it for the above benefits? It "lightens the load" of DNS server requests for those that admin them too - BONUS!

... apk

Re:You're in error: %Windir%\system32\drivers\etc

[Sardaukar86]

Not obsessed - I just know custom hosts are effective for added speed, security, reliability, & even anonymity to an extent is all... & yes, they work!

(Better than competing solutions like AdBlock, Ghostery, & even DNS - which custom hosts can overcome its shortcomings supplementing them, even the secured-filtered ones I used listed in my 1st post)...

Nice part is, because of hardcoded fav. sites of yours you can put into it for the above benefits? It "lightens the load" of DNS server requests for those that admin them too - BONUS!

... apk

So, what would you call compulsive and repeated behaviour in the same manner on the same topic with the same point..? English already has a word for that, we call it obsessive. Sorry APK, but if the shoe fits..

Secondly, who in their right mind gives a fuck about load on internal DNS servers these days? Surely your paid time is better spent on other aspects of network management?

Oh and this would probably be the right time for you to claim one of your little man-child victories here, gotta be consistent APK. Don't forget to add it to your list, there's a good boy.

Ok, a challenge to you (OR anyone)... apk

Disprove my points on a valid technical computing basis here http://it.slashdot.org/comments.pl?sid=3417867&cid=42729809

* Let's see how "organized & concise" YOU are... especially since you're reduced to illogical off topic b.s. rather than sticking to the subject @ hand here!

(Good luck - you'll NEED it, as I've made that challenge here 100's of times, & not a SINGLE 'naysayer troll' has been able to disprove my points, not a one, ever!)

APK

P.S.=> Call me all the names you want to, you're only projecting your own faults onto me... but, again, meet my challenge!

(Face facts: You can't - you know it, I know it & anyone with 1/2 a brain knows it, lol...)

... apk

Re:Ok, a challenge to you (OR anyone)... apk

Sorry bud, but he's right. Anytime I see your horribly formatted posts I just scroll past. I'm not disagreeing with your points necessarily, I'm just pointing out that trying to read your posts is painful at best. The random punctuation, poor use of whitespace, and rambling sentences are highly distracting. If you can't take a few minutes to put together a paragraph and form your thoughts into a cohesive post, it reflects on whatever topic you're trying to speak about. One can only assume that your point of view on the subject at hand is equally disjointed.

Was it really that critical?

If nobody's updating, how many compromises were there, really? Is it really all that critical? Or is it really a lot of FUD?

Re:How custom hosts files help vs. DNS flaws... ap

[ilikejam]

APK - what's to stop someone poisoning one of the source hosts files you use to generate yours? Like, for example, adding an entry for google.com which points to a drive-by infection site?

Re:Dutch Innovate

So you are saying .00004 % of the internet have registered and nobody is making a huge deal out if it?

Seek assistance for your mental health

You do realise the reason that no-one ever actually reads what you write is because of all the tiresom eMPaSiS you insist on using? People just can't be bothered picking their way thorugh that mess, especially when they know in advance that it will be the usual incoherent screed. More than that, your style of posting suggests a problem with your mental health. If you're not already under the care of an appropriately qualified health professional, I would suggest seeking help asap.

My data sources do... apk

From reputable sources in the security community, like malwarebytes (hpHosts), Norton/Symantec, ZeusTracker, SpyEye Tracker (& other botnet watchers), MVPS, & other valid reputable, reliable, & punctually updated sources...

* :)

And, there ya go!

(Mind you - I 'hardcode' their entries into my hosts file, AFTER they are properly reverse-DNS pinged, & that hits the in arpa addr 'tld' that houses that information for EVERYONE...)

I.E.-> Thus - I can't be 'misdirected', in other words, & that's how this helps vs. DNS faults here & dns-poisonings, too!

APK

P.S.=> Hope that "sheds some light" on that question of yours... apk

Re:My data sources do... apk

[ilikejam]

Hmm. That's a lot of sources, any one of which could be compromised at any time.

P.S. in-addr.arpa PTR records are delegated from the root nameservers just like A records - doing reverse lookups doesn't buy you much in terms of security, if you're worried about hijacked DNS.

Re:Dutch Innovate

[mooingyak]

If you have a few hundred of domains the costs to implement are lower than the discount given till mid 2014 == profit for implementing dnssec

I'm assuming there's some kind of catch in there so that it's not worthwhile for someone to register a few thousand new domains and then implement DNSSEC on them.

"Major flaw" is a tricky term

[jbmartin6]

How "major" is the flaw when there are few reports of it being used in attacks? People will change their behavior when there is a real reason to do so. Until there is an upswing in DNS cache poisoning, most will see no reason to go to the expense of converting. As another poster pointed out, there are plenty of other techniques attackers are using to impersonate websites.

Re:"Major flaw" is a tricky term

Keep in mind that cache poisoning works during the TTL, and so can be intermittent. People might not know, and then if they investigate, it might be gone.

Re:"Major flaw" is a tricky term

[jd]

There are few reports of people flying planes into office blocks. People changed behavior, not because there was a reason, but because it was highly visible.

There are many reports of drunk driving fatalities every day. (More die in road accidents per day than have died in terrorist attacks in the past decade.) Nobody changes their behavior because these deaths are NOT highly visible.

People don't give a shit about risk assessment (and aren't capable of it anyway), people only care about the emotional, visible things in life.

This is why cybersecurity will never get implemented sensibly - nobody bar the most hardcore geek gets emotionally attached to the functioning of a device, and visibility is near-zero.

Corporations lose billions each year due to computer fraud. How often do you see such attacks in the news? How many of those attacks were caused by DNS poisoning? (My guess is that nobody knows the figure because most companies who admit being attacked don't say how, and most companies attacked don't admit to having been broken into. No data, so nothing to base any figures on.)

We have to assume that as long as computer fraud is taking place with no indication of how it is taking place that all open vectors are suspect. Some are more likely than others, so you should definitely be closing high priority ones in the absence of information, but closing very low maintenance vectors early is also a good idea - those will be things most often forgotten about and/or assumed to have already been dealt with. Putting the DNS fix in before you forget to is wiser than forgetting to ever put the fix in at all.

Re:"Major flaw" is a tricky term

[jbmartin6]

When I say 'reports' I refer to the data on successful attacks, not necessarily 'news'. Despite your assertion, there are several sources of such data. And you'll have to provide a citation regarding how much fraud is taking place with no indication of how. According to some of the other posters here. moving to DNSSEC is not 'very low cost maintenance', so doing it when the apparent threat is very close to zero is in most cases going to be judged a waste of time.
Regardless, my intended point could be phrased like this: people will make the change when they perceive a reason to do so. And right now there doesn't appear to be a reason. The simple fact of a vulnerability isn't a reason, we will accept it just like all the other vulnerabilities we live with every day.

Re:"Major flaw" is a tricky term

[jd]

Most of the vulnerabilities we live with are stupid and are only there because humans are incapable of assessing risk. (Those times I refer to myself as an elf, it is because I completely disavow any association with such monstrous stupidity and there are no existent homo sapien subspecies recognized that I could otherwise label myself as. As it is, I am debating whether to lobby the scientific establishment on nomenclature because there's bugger all evidence of any wisdom amongst the humans I've encountered.)

You understand that the US and British Government have lost both civilian and military laptops, unencrypted, not because enabling encryption would have been hard but because the bloody plebs in said establishments were too bloody lazy! They did not comprehend that risk existed, assuming that a computer that wasn't online was guaranteed safe. That each and every e-commerce site that puts a database of credit card details plus names and addresses on the SAME BLOODY MACHINE as the web server is not doing so because typing in "192.168.0.2" is so much harder than "127.0.0.1", but because e-commerce companies have a god complex and thus risk is what other people face.

"According to some of the other posters...." Sorry, Anecdotal Evidence is not acceptable. Please re-watch Dilbert and try again. I have never had a problem implementing DNSSEC, it took me about 45 minutes to get IPv6 up and running the first time in 1996 (including time to compile kernel, establish tunnels, configure the router, register with the 6Bone, etc) and about 45 seconds to get IPv6 up and running the other day (99.9% of everything has already been done). I absolutely refuse to accept such wimpy excuses, especially in a tech/geek forum. If the CEOs want to go play with their Barby dolls, that's fine, but I don't accept whining from those who should know better.

Re:"Major flaw" is a tricky term

[jbmartin6]

humans are incapable of assessing risk

Well that's not true. Humans assess risk all the time. For example, I drove today even though I know there is a chance I could get in a fatal accident. Just because the assessment of others doesn't agree with your assessment doesn't mean they are stupid or wrong.

Re:"Major flaw" is a tricky term

[jd]

First, look up the research and don't base your arguments on Anecdotal Evidence (even your own). The peer-reviewed research says they are stupid and wrong, therefore they are stupid and wrong until there is sufficient evidence to reject that hypothesis. Given your use of Anecdotal Evidence, it is clear that such a rejection may take a while.

Second, I am old enough to be tired of the utter ignorance of the world around me. I've been deep into science for longer than most Slashdotters have been alive. Hell, I've been on Slashdot longer than most Slashdotters have been alive. But not once has that science been particularly difficult or challenging. I've seen more challenging recipes for marshmallow candy. There is simply no reason for anyone to be ignorant. It isn't justifiable on the grounds of difficulty of material (much of which boils down to 1+1=2, when you get right down to it), or difficulty of access (the interwebs aren't just for lolcats, although I'm beginning to think lolcat caption writers put more effort into their work than most Slashdotters). If there's no rational justification for ignorance, then there is only one option left - you're all either mad or stupid.

You call 2-3 minutes full runtime slow?... apk

To wit, after doing a FULL import run (1 min. on a SLOW DSL connection, it's MUCH faster on FIOS), deduplicate (10 seconds), do favorites for more speed (7 seconds), & save (JUST sub 1minute)?

* I guess it depends on what you call "slow"...

(IF you run the "optional" but recommended 'convert & filter', it adds another 3-5 minutes or so, tops - again, depending on the CPU & internet connection speeds you have).

Try it yourself, you'll see - nicest part is, I have a personal version (6.0++) I am testing that cuts that by another 20% eaisly... can't wait to release it in fact!

APK

P.S.=> Mind you, that's ONLY on an Intel Core I7 920 cpu @ stock 2.67 ghz here, & a SLOW FIOS connection... put it on a faster CPU, & faster internet connection for import? Cut that time down by a HELL of a lot!

... apk

Re:You call 2-3 minutes full runtime slow?... apk

[Sardaukar86]

P.S.=> Mind you, that's ONLY on an Intel Core I7 920 cpu @ stock 2.67 ghz here, & a SLOW FIOS connection... put it on a faster CPU, & faster internet connection for import? Cut that time down by a HELL of a lot!

... apk

Wow, you're quite the coder there, APK.

Some have wondered where exactly all the power goes from the ongoing harvest of Moore's law's rich yield. Others may have speculated but what now seems apparent is that the additional power we gain is squandered away by chumps like APK who think 'program optimisation' means running the software with a faster CPU.

Wrong

DNSSEC only signs records, it doesn't do encryption.

Opinions vary (by a 242++:1 ratio)... apk

"You do realise the reason that no-one ever actually reads what you write is because of all the tiresom eMPaSiS you insist on using? People just can't be bothered picking their way thorugh that mess, especially when they know in advance that it will be the usual incoherent screed. " - by Anonymous Coward on Tuesday January 29, @04:04PM (#42731251)

Regarding your failed illogical off-topic ad hominem attack, & to the ratio of 242++:1 per your /. peers (regarding upward moderations of my posts listed next):

---

Roughly 242++ of them & I post as AC (hard to get even +1, as /. hides our posts & we "AC"'s start @ ZERO/0 points, unlike registered "lusers", lol!):

+5 'modded up' posts by "yours truly" (8):

HOSTS & BGP:2010 -> http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450
FIREFOX IN DANGER: 2011 -> http://news.slashdot.org/comments.pl?sid=2559120&cid=38268580
TESLA:2010 -> http://science.slashdot.org/comments.pl?sid=1872982&cid=34264190
TESLA:2010 -> http://tech.slashdot.org/comments.pl?sid=1806946&cid=33777976
NVIDIA 2d:2006 -> http://hardware.slashdot.org/comments.pl?sid=175774&cid=14610147
Ubuntu Linux sends back local disk query strings to CANONICAL: 2012 -> http://news.slashdot.org/comments.pl?sid=3304601&cid=42234351
Question to Mr. Mark Shuttleworth @ UBUNTU/CANONICAL: 2012 -> http://news.slashdot.org/comments.pl?sid=3304725&cid=42243467
COMPUTER ASSOCIATES BUSTED FOR ACCOUNTING FRAUD:2010 -> http://news.slashdot.org/comments.pl?sid=1884922&cid=34350102

----

+4 'modded up' posts by "yours truly" (5):

APK SECURITY GUIDE:2005 -> http://developers.slashdot.org/comments.pl?sid=167071&cid=13931198
INFO. SYSTEMS WORK:2005 -> http://slashdot.org/comments.pl?sid=161862&cid=13531817
WINDOWS @ NASDAQ 7++ YRS. NOW:2009 -> http://tech.slashdot.org/comments.pl?sid=1290967&cid=28571315
CARMACK'S ARMADILLO AEROSPACE:2005 -> http://science.slashdot.org/comments.pl?sid=158310&cid=13263898
What I admire about Theo DeRaadt of BSD fame: 2012 -> http://linux.slashdot.org/comments.pl?sid=3007641&cid=40785151

----

+3 'modded up' posts by "yours truly" (8):

APK MICROSOFT INTERVIEW:2005 -> http://developers.slashdot.org/comments.pl?sid=155172&cid=13007974
Linux security failures 2011-2012: 2012 -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42306663
APK MS SYMBOLIC DIRECTORY LINKS:2005 -> http://it.slashdot.org/comments.pl?sid=166850&cid=13914137
APK FOOLS IE7 INSTALL IN BETA HOW TO:2006 ->

Re:Opinions vary (by a 242++:1 ratio)... apk

So you have a couple of accounts yourself you use to mod your AC posts. Big deal, proves nothing.

Admins on AD can do it ANY time... apk

"A login script is the solution you suggested, that clearly has huge drawbacks during working hours. You created this problem, you solve this." - by Anonymous Coward on Tuesday January 29, @04:30PM (#42731531)

Any admin with AD rights globally on a LAN/WAN can enmasse copy them over with batches, powershell etc. type work (takes seconds) since they have access to all nodes/disks/shares (or should).

* And, there you go... another solution that works, easily!

Especially since a smart AND SKILLED admin HAS access to any & all lan/wan nodes, pc workstation OR server-wise, to do so, easily, per the methods noted above, and, can script too!

---

" Sofar I still favour a dnsserver with a database backend if there was actually some problem solved by handcrafted "dns" responses." -

Which DNS servershave, and have had, PROBLEMS!

( Such as per this article & my list of faults noted in my initial post point out -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42729809 @ its termination... see my 'p.s.' section there for that list!)

Feel free to refer to it, AND also it's list of filtered secured DNS servers I listed that I use!

(Yes, I use DNS too, just not locally here with a single machine @ home is all, I use external online ones... GOOD ones!)

I *think* you don't understand - I don't "hate" DNS, I need it too, but it has shortcomings that for instance, per this article? Custom hosts files CAN OVERCOME (via hardcoding your favorites into them).

APK

P.S.=> And, there you go! Still - a SMART COMPANY has you logoff after you're done working, to save power but MORE FOR SECURITY PURPOSES, if they're smart - then, your logon script copies in an updated hosts then (takes seconds)...

... apk

Not a criticism of DNSSEC

[pavon]

That isn't a criticism of DNSSEC. That is a criticism of using DNSSEC for things other than DNS resolution. Domain names and IP addresses have to be allocated in a centrally managed fashion, so to avoid conflicts. DNS already has a hierarchical design by nature and DNSSEC simply makes it more secure.

SSL key distribution/validation on the other hand doesn't have to be centrally managed, so adopting a hierarchical control structure like DNSSEC for that task is a suboptimal solution. In fact the problems in the CA system we currently have directly stem from such a hierarchical trust scheme. We would be much better of going with a truly distributed system for SSL key validation.

But that doesn't mean that using DNSSEC for domain name queries is a bad idea.

Re:Not a criticism of DNSSEC

[dkf]

In fact the problems in the CA system we currently have directly stem from such a hierarchical trust scheme. We would be much better of going with a truly distributed system for SSL key validation.

I'm unconvinced. (I'm particularly unconvinced by the handwave-assert-jedi-mind-trick style of argument there, but that's by-the-by.) The fundamental problem is that it is very hard to work out if the assertions in a public certificate are true; all you can tell is that the information was digitally signed by someone or something. With a web of trust model, either you have non-transitive trust (which totally doesn't scale at all!) or you have transitive trust, in which case all it takes is for one person to get it wrong and the bad guys get in (and their first acts will be to seek to leverage their new trustedness to obscure how they got in). I suppose you could have someone acting as an authority that says who can be trusted to handle transitive links, but that's virtually back to the CA model except with plenty more technical complexity than before.

Quit projecting YOUR methods, troll... apk

"So you have a couple of accounts yourself you use to mod your AC posts" - by Anonymous Coward on Tuesday January 29, @04:40PM (#42731657)

Why don't I have all +5 posts then? See my subject-line above, & quit "projecting" your OWN methods of bogus self-upmoderation!

(It's also fairly obvious you're trolling me by AC after you downmodded my initial post, & if you used your "registered 'luser'" account to reply? You'd remove your downmod... that is, unless you know the 'trick' around that (logon/logoff to preserve your cookie state)).

---

"Big deal, proves nothing." - by Anonymous Coward on Tuesday January 29, @04:40PM (#42731657)

Well - Seems It proved you wrong & OUTNUMBERED by a 242++:1 margin & ratio over YOUR "trollish off-topic" illogical ad hominem attacks easily enough!

Hey - "DO THE MATH" -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731467 :)

APK

P.S.=> Seriously - your trolling career? Find another - you aren't very good @ it & are VERY EASY to outwit... every time!

... apk

Re:Dutch Innovate

[kwark]

No catch, just a discount per domain registered for dnssec (0.28 EUR/year). I have about 1k .nl domains, I spend a few days figuring out what dnssec was about, how to implement, test and maintain it. Activated it on the corporate domain, some personal and a couple of test domains and waited 2 months to see if there were problems (none). So now it is active for all domains saving us 420 EUR till the discount ends in 2014-06. For us it was not enough to cover the expense of my time, but this had to be implemented eventually, so better do it now while you still get some discount.

Re:How custom hosts files help vs. DNS flaws... ap

[aztracker1]

If you have that many machines to manage, then running your own DNS server with those zones setup as you would a hosts file shouldn't be an issue.

Why not all 4+?

Because you might not have enough accounts with mod points at those times.

Per my 1st post? I do better things... apk

Sounds like you cheat the moderation system here (I don't - no need, per my list which is good enough for me... especially as an AC poster -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731467 ) but, I have LITERALLY caught others who do (and drove one away in fact - if you would like proof? Ask!).

Anyhow/anyways:

However, unlike others who don't HAVE anything BETTER to do (lol, like "live for karma points" on a forums)?

As you can see: I am out doing what's right, & right by others too -> http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74 by producing a useful program!

* That "all said & aside"?

I challenge you to put your energies to better use, per my challenge to you & any LIKE you (i.e. -> Off-Topic trolls especially), here -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731025

Good luck - You'll NEED it: Many trolls like you have tried over time, & not a single one has validly disproved my points listed where my program is, not a single one!

APK

P.S.=> Ah, you trolls... you're ALL the same - projecting must be part of your "troll mentality" or something, lol... apk

Re:Dutch Innovate

[kwark]

Math fail detected: 250*10^6 domains, 5*10^6 .nl, 10^6 .nl with dnssec. So atleast 0.4% of all domains are dnssec:
5/250/5 == 0.004 * 100% == 0.4%
.nl is in the 5 top of most used country TLDs. .nl is used for about 70% of the domains targetting the dutch market. So dnssec implementation is huge for the local market. And while it still might not be perfect, it is better than just plain DNS.

I'd recommend BOTH (I use both)... apk

As "layered-security"/"defense-in-depth" is the BEST thing we have going vs. online threats... get a GOOD filtering vs. online threats DNS server, & a good hosts file (as well as the usual 'security hardening' for various OS, such as this guide of mine outlines for years now -> http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=HOW+TO+SECURE+Windows+2000/XP&btnG=Submit&gbv=1&sei=I08IUdP6A-f90gHZpYC4Bg )

In fact, I outlined some good filtering vs. online threats type DNS servers for that here in my initial posts on hosts -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42729809

Which, yes, hosts files can & do overcome this DNS issue, via hardcoded favorite sites in them,!

Thus, relieving webbound clients of having to even query DNS at all, bonus since it's generally FASTER than remote queries, especially how I do it off a TRUE SSD (based on DDR-2 RAM, the Gigabyte IRAM & with my favs @ the top of the hosts file, cached into the local kernelmode diskcaching subsystem, rather than the faulty Windows DNS clientside cache).

Nice part is, IF you run a DNS server? Hosts can "lighten your load" by lessening queries routed to them - BONUS!

APK

P.S.=> I also listed some GOOD filtering vs. online threats DNS servers there too, but again - DNS has problems (see the termination of my initial post on just a partial list of them over time)...

However - those I listed? For home machines, or stand-alone single machine users only...

E.G.-> I wouldn't use them on an AD network (won't work, I've tried it - it messes up mailserver MX records stuff & clients like outlook etc.)

... apk

Re:Dutch Innovate

[ptudor]

Whether it's the AC's numbers or your numbers, you're both talking about less than a percent as though it's greater than a margin of error in the real world. Export your expertise and let's all work on dotcom next.

Why didn't you disprove the self mod theory?

See subject, your inability to disprove this must mean you are modding your own posts.

I'd have all +5's & I don't... apk

IF I was 'self-modding', as you seem to know ALL about? I'd have all +5 posts not a load of +1's... besides: The technical points in my posts are solid, hence, the upmod ratings by others! Read them yourself, if you wish, as you might learn a trick or two...

I don't use a registered 'luser' account... no need, as again, I have better things to do than live for karma points on a forums! See below...

Above all else: What I do know, is that what you said 'fell apart' vs. my list of upmods here -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731467

Fact!

* Again - so it "sinks in" to your skull, "Mr. Troll": I have and DO, better things -> http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

(Things which gives users more speed, security, reliability, & even anonymity to an extent, THAT SOLVE THIS PARTICULAR ARTICLE'S DNS ISSUE no less!)

APK

P.S.=> Again - Why not spend your energies *trying* to disprove my points on custom hosts files, noted here as a challenge to ANY 'naysayers' (like trolls especially, like yourself) -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731025

You might learn something (or possibly, I just might (doubt it vs. a troll, but there it is)).

Seriously - GOOD LUCK: You'll NEED it, badly!

(Again/once more - Since no one has ever disproved my points on custom hosts files with valid critique or information, & not just here on this site either, though 100's have tried & failed, every single time)...

.... apk

Re:Dutch Innovate

[kwark]

Like I said, for the local market dnssec presence is huge, and last time I checked NLD is still part of the real world and it still has some influence on it (especially considering its size).

But .com has everything in place to do dnssec. So if an owner of a .com wants to get dnssec support, they should get a dutch dns provider, there are many that give the customer the option to activate dnssec.

DNSSEC is a PITA

[FuegoFuerte]

And the Dans are both tools (Kaminsky and Bernstein). And to the guy who suggested hosts files with nasty scripts copying things to and fro, ummm... NO. Sounds like some of the horror stories I've heard of how things are cobbled together at a certain large Seattle-based internet retailer, and it's the kind of hair-brained idea a DevOps fan might dream up.

It's more secure than DNS queries... apk

" doing reverse lookups doesn't buy you much in terms of security, if you're worried about hijacked DNS." - by ilikejam (762039) on Tuesday January 29, @06:54PM (#42732923) Homepage

See subject-line above:Especially vs. what this article's about (the Kaminsky DNS flaw remaining MOSTLY UNPATCHED WORLDWIDE 5 yrs. later no less).

That is a shame!

I certainly DO get better & faster resolutions locally from a custom hosts file too, and don't even run the risk of querying a VERY potentially dns-poisoned redirected DNS server either... bonus and yes, more secure ones because of this article's premise (by avoiding DNS completely).

Every bit, helps!

APK

P.S.=> And, since I bypass DNS by hardcoded hosts file entries, doing DIRECT reverse DNS against in arpa addr is more secure than querying a potentially redirect dns poisoned DNS server (per this article) - but, I don't *think* you're denying it's so either, per your quoted reply above...

... apk

Re:It's more secure than DNS queries... apk

[ilikejam]

I'm not sure you understand how DNS works - the reverse entries are delegated to the IP space owners, so it's just as likely that the in-addr.arpa records are being poisoned, and so your reverse lookup check doesn't buy you much. It's better than not checking, but a well organised poisoning attack will be modifying PTR records to cover SSL full-circle checks anyway.
In fact, you're still trusting that DNS is sound to check your hosts files are coming from the right places, and then adding further vulnerability by trusting that A Bunch Of Suppliers aren't feeding you bogus entries.
Even if your hosts file _is_ OK, you still can't protect yourself from resolving xyz.domain.com entries, because hosts files can't use *.domain.com so you can't stop your PC from resolving rapidly changing subdomains.
So, in terms of poisoned host records you're actually more at-risk by using a huge custom hosts file, not less. Statically defining host records to 127.0.0.1 will protect you from reaching a known attack site, but fast-flux subdomains nullify that protection in a lot of cases, and for similar reasons it offers only limited protection from the Kaminsky attack.

Quick thoughts from a DNS implementer

[MaraDNS]

Really quickly:

• DNScurve, as pointed out above, doesn't do nearly as much as DNSSEC does. In particular, DNScurve still allows "NXDOMAIN recirection" but DNSSEC doesn't. In addition, Bind, NSD, Unbound, and PowerDNS (non-recursive) have DNSSEC support, but there is not a mainstream DNS server out there with DNScurve support.
• djbdns hasn't been updated since 2001 and even the unofficial forks do not have patches for all three CVE security holes in DjbDNS. Since DjbDNS' goal was security, I consider it abandoned until someone makes a fork fixing all of the known security problems.
• There are ways to make blind DNS spoofing almost impossible without needing to add complex cryptography. Crypto, however, is needed when the attacker can watch the DNS packets that the victim sends.
• I would love to implement DNSSEC for MaraDNS, but I would need $50k US to pull it off. I would like make it a kickstarter project, but I think people would rather just use Unbound/NSD (which, unlike MaraDNS, was funded with a government grant) instead of throwing money my way.

Saw your comment on hosts... apk

"And to the guy who suggested hosts files with nasty scripts copying things to and fro, ummm... NO. Sounds like some of the horror stories I've heard of how things are cobbled together at a certain large Seattle-based internet retailer, and it's the kind of hair-brained idea a DevOps fan might dream up." -

See subject-line above: This is far better & how/why vs. this threat -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42729809

* Beats the hell outta scripts by far, & is "GUI easy" to use (for Windows users).

Enjoy!

APK

P.S.=> Against this particular threat? It works, hands-down, AND, against tons of other malicious sites-servers/hosts-domains that are known to "f you up" too!

It gains you MORE speed, MORE security, MORE reliability, & even anonymity to an extent!

(See this short list of what it can do in a direct link to it -> http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74 for a short summary).

Both 32 &/or 64-bit as well...

... apk

Oi

DNSSEC has nothing to do with the Kaminsky attack.

The Kaminsky attack took advantage of what was essentially bad randomness in DNS resolver implementations.

DNSSEC solves the problem of DNS being plaintext (and consequently vulnerable to man-in-the-middle attacks) in the first place. If you want to call that a "vulnerability", it's one that's been around (and known) for as long as DNS; I guess ~30 years? Current internet culture requires more security so DNSSEC throws a layer of cryptography on top of traditional DNS; the same way that TLS/SSL/IPSec throw a layer of cryptography on top of TCP/UDP. Why not let TLS/SSL/IPSec solve the problem as they are used at a layer below DNS you ask? Because not everyone wants everything crypto'ed all the time (it eats up processing power), and TLS/SSL/IPSec don't solve the DNS problem in the form they are currently used.

As far as cryptography, DNSSEC has no known flaws beyond the standard complaints against PKI based systems (and no one's agreed on a way to improve on PKI).

As far as usability, DNSSEC has unfortunately exposed a lack of fundamental DNS/crypto knowledge amongst sysadmins. Adding to the problem is the fact that BIND/Unbound were messy to administer in the first place, but systems that automate the process have seen very steady development/improvement.

It pains me how uninformed the currently modded comments are. It similarly pains me that this comment will likely not catch anyone's attention. It pains me the most that I bothered to write it.

Re:Oi

This is a flawed analogy, and this BS appears so often it's probably misinformation agenda. DNSSEC is not like SSL or TLS, because it does not do encryption, just signing, and even that is done poorly.

Seek help

I'm the AC who posted about your mental health; I can assure you I have not posted anywhere else in this thread, indeed have never replied to any of your posts. I did nothing more than skim my eye over your reply, but again I say in all seriousness, you have a mental health issue that really should be addressed.

DNSSEC is badly flawed

DNSSEC is a really horrible idea. Google for yourself all the critiques by well-known security persons. It's really really poorly designed, and should be aborted while it's still remotely possible. The DNS does need upgrades. In 20/20 hindsight there are a ton of pragmatic security, scalability, and general design flaws with our ancient DNS, but DNSSEC just piles more crap on top of the heap and makes things worse...

Illogical off-topic ad hominem attacks

NEED NOT APPLY, troll...

* :)

"I'm the AC who posted about your mental health; I can assure you I have not posted anywhere else in this thread, indeed have never replied to any of your posts. I did nothing more than skim my eye over your reply, but again I say in all seriousness, you have a mental health issue that really should be addressed." - by Anonymous Coward on Tuesday January 29, @08:41PM (#42733701)

Do you have the following items to your name/credit?

---

1.) A PhD in the psychiatric sciences

2.) A license to practice said psychiatric sciences professionally

3.) A formal examination of myself as to my "alleged mental state" (according to you, an AC troll) given in a professional psychiatric environs

---

No, OF COURSE YOU DON'T!

* Without them, you're guilty of libeling myself!

That is also showing us you're:

---

A.) NOT considering the consequences of your actions here

&

B.) That you're repeating the same mistake over & over again too!

---

(Both are often said to be signs of insanity!)

SO, Please - if ANYONE's "insane" here, it is clearly yourself...

APK

P.S.=> Quit projecting your own issues onto me, & grow up (or take your meds, lol)...

... apk

Re:Illogical off-topic ad hominem attacks

[Stalks]

Someone take the bold tag away from this guy, it hurts.

Re:Illogical off-topic ad hominem attacks

Same AC as before here. Once again I have not read your reply because I don't need to. Once again I strongly urge you to seek medical assistance.

Challenge STILL stands, unscathed... apk

Despite downmodding my initial post I just replied to -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731025

* :)

("Gosh & Golly Gee - I wonder WHY?", lmao (not)).

APK

P.S.=> Yes folks - There an OLD saying of "When you're RIGHT? You're right..."

I am, without question, right in all of my points noted in the post of mine I am replying to, unquestionably!

(Hence, why the unjustifiable downmodders, who ac trolled me afterwards, "can't touch this" on ANY account...)

... apk

Re:Challenge STILL stands, unscathed... apk

[Beetjebrak]

Dude.. I've just read post upon post of agressive flaming here, mostly from you. Expressing yourself in such an insufferable know-it-all kind of way detracts hugely from any technical merit your software may have, which I'm not disputing because I haven't looked at it. I'm simply extremely distrustful of anyone who keeps repeating that they're unquestionably right on everything they say. Sounds too much like a priest I knew as a child.

Re:Challenge STILL stands, unscathed... apk

[gmhowell]

Sounds too much like a priest I knew as a child.

That's interesting; I'm starting to wonder if APK is explainable by an interaction with a priest HE may have had as a child.

Re:How custom hosts files help vs. DNS flaws... ap

Oh god. apk's lithium prescription's run out again.

Re:How custom hosts files help vs. DNS flaws... ap

[Stalks]

This fails in 2 ways ...

1.
Using the hosts file is incredibly inefficient. Just role a DNS server, run it on localhost if you have to, and use that instead.

A hosts file needs 2 entries per domain. ie.
127.0.0.1 example.com
127.0.0.1 www.example.com

It then needs a new entry for every single subdomain.
127.0.0.1 ad100.example.com
127.0.0.1 ad200.example.com
127.0.0.1 ad300.example.com

2.
By setting up your malicious content to use random subdomains, like a4bacd4adef.domain.com renders any host files useless as they can't possibly list every permutation.

DNS inefficiencies compared... apk

How can you say hosts 'fail', when they stop this problem, first of all? Hardcoded hosts file entries AVOID DNS SERVERS, totally!

Secondly: It's not inefficient if it stops the problem here, and custom hosts do, (via hardcoded entries in the hosts file & avoiding potentially compromised DNS servers):

E.G. (example DNSBL):

---

44.3.200.10.dnsbl.example.com. IN A 127.0.0.3
                                                                IN TXT "spam source, rot in hell"
45.3.200.10.dnsbl.example.com. IN A 127.0.0.3
                                                                IN TXT "spam source, rot in hell"
*.5.222.10.dnsbl.example.com. IN A 127.0.0.10
                                                                IN TXT "confirmed DUL range, please use your ISP's smart mail host"
2.0.0.127.dnsbl.example.com. IN A 127.0.0.2
                                                                IN TXT "My-private-blacklist: test record. The list is active"

---

That's FAR larger data than even your examples of far tinier hosts file entries... period!

Additionally - What if the ENTIRE domain & all of its subdomains AREN'T compromised (as in hosting malware or malicious script)? You've got that part wrong when examined from "the flip side"... so, your 'sword cuts both ways'.

Hosts files are also part of the IP stack itself, tightly integrated with it & require to "extra moving parts" like DNS servers do in front-ends, daemons/services (room for more parts to breakdown as well) & because they're part of the IP stack running in Ring 0/RPL 0/kernelmode (and I've seen DNS servers that run in slower Ring 3/RPL 3/usermode), they're more efficient that way as well!

DNS entries are more complex & larger than hosts files entries from DNSBL's I've seen as well.

DNS servers, because of those items use more CPU cycles, RAM, & other forms of I/O too - due to more "moving parts", complexity of entries, & room for breakdown.

APK

P.S.=> That's inefficiencies right there using DNS as well! - the WORST being the fact that 5 yrs. later, patches aren't applied to DNS servers & hosts can stop that cold via the hardcodes I noted right off the bat...

... apk

Since custom hosts solve this... ap

Avoiding having to access compromised DNS servers since hosts allow that, let's hope I keep it up then, since custom hosts solve this issue.

* :)

(You FAIL - even @ trolling!)

APK

P.S.=> You FAIL troll (even though I am not on "meds" of any kind, nor do I need to be, unlike yourself, clearly "projecting" your own 'issues' onto myself, obviously, lol)...

... apk

You're off-topic... apk

Additionally? Again, still- my challenge stands unscatched -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731025 since your off-topic b.s. doesn't disprove ANY of the points I've made on custom hosts files value, on multiple levels for end users of them, in adding:

---

1.) More SPEED/BANDWIDTH (by saving yours you paid for)
2.) More SECURITY
3.) More RELIABILITY (vs. downed or dns-poisoned redirected DNS servers)
4.) More ANONYMITY (to an extent vs. DNS request logs)

---

& far more (e.g.-> being able to 'skirt' DNSBL's even)...

APK

P.S.=> You FAIL, & that's that - and yes: My challenge STILL stands, unscathed, as-per-usual vs. /. trolls like yourself especially...

... apk

"Rinse, Lather, & Repeat" off-topic troll.. ap

http://it.slashdot.org/comments.pl?sid=3417867&cid=42731025

* GOOD LUCK against that... seriously: Nobody's managed to disprove my points on hosts files here (or, elsewhere, ever).

APK

P.S.=> Considering also that custom hosts files SOLVE THIS PROBLEM (via hardcoded entries to your favorite sites you can place in them, avoiding VERY possibly compromised DNS servers due to non-patching even 5 yrs. later vs. the Kaminsky bug)?

YOU FAIL!

(And, you know it, I know it, & anyone else reading with 1/2 a brain knows it as well (thanks I suppose for making ME look GOOD on that account))...

... apk

"Run, Forrest: RUN!!!", lmao... apk

http://it.slashdot.org/comments.pl?sid=3417867&cid=42731025

* See my subject-line, & the link above - since THAT is all I have to say to any 'naysayers' (especially off-topic trolls such as yourself).

(Try being on topic next time... or, is that "beyond your ken"? Obviously it is, if THAT is all you have to "contribute" here, troll...)

APK

P.S.=> As per usual? My challenge to ANYONE to disprove my points on custom hosts files' value in added speed, security, reliability, and even anonymity to an extent, STILL stands, unscathed... as always!

Especially considering custom hosts files solve this issue with potentially compromised DNS servers due to being unpatched vs. the Kaminsky bug, 5++ yrs. later! by being able to use 'hardcoded' favorites of yours entered into them, properly reverse DNS resolved against the arpa in addr 'tld'...

... apk

You're off topic troll, period... apk

IF the "best you've got" is off-topic gurglings? Grow up. This isn't "english writing class" (nor are you an expert authority in it)... who are YOU to listen to anyhow?

NOBODY!

Try this instead:

http://it.slashdot.org/comments.pl?sid=3417867&cid=42731025

* See my subject-line, & the link above - since THAT is all I have to say to any 'naysayers' (especially off-topic trolls such as yourself).

(Try being on topic next time... or, is that "beyond your ken"? Obviously it is, if THAT is all you have to "contribute" here, troll...)

APK

P.S.=> As per usual? My challenge to ANYONE to disprove my points on custom hosts files' value in added speed, security, reliability, and even anonymity to an extent, STILL stands, unscathed... as always!

Especially considering custom hosts files solve this issue with potentially compromised DNS servers due to being unpatched vs. the Kaminsky bug, 5++ yrs. later! by being able to use 'hardcoded' favorites of yours entered into them, properly reverse DNS resolved against the arpa in addr 'tld'...

... apk

On your 2nd point? Here's where you fail... apk

"2. By setting up your malicious content to use random subdomains, like a4bacd4adef.domain.com renders any host files useless as they can't possibly list every permutation." - by Stalks (802193) * on Wednesday January 30, @03:42AM (#42735631)

I don't fail here - you do: My application:

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

---

Gets them, yes - even the types you noted (the fastflux & SPF types (algorithmically added types too, with names tacking on #'s randomly or in order, either way)) FROM MY SOURCES IN THE SECURITY COMMUNITY & right away as they get them...

Auto-magically/no effort, often as you like manually (or you can setup my app to draw new data every 12 hours if you wish).

Additionally - you failed your 1st "so-called 'point'" as well on your ALLEGED "inefficiencies" in hosts files vs. DNS here & badly -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42736287

(Simply since hosts entries data are FAR smaller than DNS entries in DNSBL's, no questions asked - your data required is LARGER, hands-down, undeniably).

DNS servers are also:

1.) MORE "moving parts" complex in services/daemons, & front-ends to them
2.) MORE complex in entries necessary (and knowledge for it)
3.) Wasteful of CPU cycles due to more parts
4.) Wasteful of ELECTRICITY (due to extra moving parts)
5.) Wasteful of RAM (data is larger, see that DNSBL I put out)
6.) Wasteful of other forms of I/O too
7.) Room for more "breakdown" in their parts in DNS since there ARE more 'moving parts' involved, especially programs (hosts are merely a text file filter for the IP stack itself)
9.) Hosts are an integrated part of the IP stack itself, running in Ring 0/RPL 0/kernelmode & merely a filter for it (which the IP stack has over 40++ yrs. of optimization & refinement put into it, as well as hardening vs. compromise)
10.) I've seen DNS servers that run in far, Far, FAR SLOWER Ring 3/RPL 3/usermode as well vs. kernelmode & the IP stack as noted in point #9

Above ALL else, per this article's example?

DNS = COMPROMISABLE (per this article & other means noted @ the tail end of my initial post, do refer to that in its termination/'p.s.' section, here -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42729809 )

Hosts solve that too - easily: Since 'hardcoded' entries of your favorite sites you go to is possible in them, avoiding potentially compromised DNS servers totally!

This also allows FASTER resolution of IP addresses from host-domain names, by far (especially to remote DNS servers, & especially if they come up NXDOMAIN) also, & local custom hosts allow TOTAL end-user control - remote DNS does not!

APK

P.S.=> A list of some of the reputable & RELIABLE sources my application utilizes:

1.) hpHosts (malwarebytes)
2.) Norton/Symantec
3.) ZeusTracker
4.) SpyEye Tracker
5.) 2 other botnet trackers (same sources, just more 'minor' botnets)
6.) malwaredomainslist
7.) MVPS.org
8.) Someone who cares hosts list

... apk

Re:On your 2nd point? Here's where you fail... apk

[Stalks]

I'm sorry but you fail to counter any points. Hosts file = inefficient and random subdomains CANNOT be countered by a hosts file.

As a spammer, I could setup a wildcard entry "* IN A " and just use simple PHP to set every image and every advert to use .domain.com. Hosts file cannot solve this. There is no argument here, this is FACT.

Your attempt to counter the localhost DNS server point by saying that the server itself would be compromised is a joke. You demonstrate complete misunderstanding of computer logic. You give a DNSBL listing as an example and it wasn't even mentioned..... You say it could be compromised. It is LOCALHOST. At which point is the DNS server listening on localhost anymore liable to attack than a file in /etc? The file in etc is static, it can be edited, it is a known entity, its flaws are transparent.

You have shown a complete lack of thought in your responses, your aim is to attempt to squash any rebuttle, even if it makes yourself look stupid to your peers (which is everyone else at this point). Therefore this internet discussion is pointless. You are pointless.

Re:On your 2nd point? Here's where you fail... apk

[Stalks]

Didn't realise "plain old text" reformatted tags.

Actual line #2:
As a spammer, I could setup a wildcard entry "* IN A [ip]" and just use simple PHP to set every image and every advert to use [random].domain.com. Hosts file cannot solve this. There is no argument here, this is FACT.

Re:On your 2nd point? Here's where you fail... apk

[Stalks]

your data required is LARGER, hands-down, undeniably

hosts file at %windir%/system32/drivers/etc/hosts
b026324c6904b2a9cb4b88d6d61c81d1.adverts.example.com 127.0.0.1
26ab0db90d72e28ad0ba1e22ee510510.adverts.example.com 127.0.0.1
6d7fce9fee471194aa8b5b6e47267f03.adverts.example.com 127.0.0.1
48a24b70a0b376535542b996af517398.adverts.example.com 127.0.0.1
1dcca23355272056f04fe8bf20edfce0.adverts.example.com 127.0.0.1
9ae0ea9e3c9c6e1b9b6252c8395efdc1.adverts.example.com 127.0.0.1
84bc3da1b3e33a18e8d5e1bdd7a18d7a.adverts.example.com 127.0.0.1
c30f7472766d25af1dc80b3ffc9a58c7.adverts.example.com 127.0.0.1
7c5aba41f53293b712fd86d08ed5b36e.adverts.example.com 127.0.0.1
31d30eea8d0968d6458e0ad0027c9f80.adverts.example.com 127.0.0.1
166d77ac1b46a1ec38aa35ab7e628ab5.adverts.example.com 127.0.0.1
2737b49252e2a4c0fe4c342e92b13285.adverts.example.com 127.0.0.1
aa6ed9e0f26a6eba784aae8267df1951.adverts.example.com 127.0.0.1
367764329430db34be92fd14a7a770ee.adverts.example.com 127.0.0.1
8c9eb686bf3eb5bd83d9373eadf6504b.adverts.example.com 127.0.0.1
[...forever...]

dns server on localhost
$ORIGIN example.com
* IN A 127.0.0.1

Sure they do with my application... apk

"I'm sorry but you fail to counter any points. Hosts file = inefficient and random subdomains CANNOT be countered by a hosts file." -

When my sources get them, and they do regularly (some many times a day updating)? I GET THEM & add them, "automagically" via my application!

* CAN YOU NOT READ? My sources are reputable, reliable, & punctual from the SECURITY COMMUNITY ITSELF, no less & do update often!

(That's WHAT THEY DO!)

APK

P.S.=> As often as I like manually, or automatically via the 12 hour periodic update the program has. - SORRY, facts ARE facts: & on those grounds alone? You FAIL, badly...

... apk

WTF kind of hosts entries are those? apk

Hosts don't LOOK like that internally, lol:

"hosts file at %windir%/system32/drivers/etc/hosts
  b026324c6904b2a9cb4b88d6d61c81d1.adverts.example.com 127.0.0.1
  26ab0db90d72e28ad0ba1e22ee510510.adverts.example.com 127.0.0.1
  6d7fce9fee471194aa8b5b6e47267f03.adverts.example.com 127.0.0.1
  48a24b70a0b376535542b996af517398.adverts.example.com 127.0.0.1
  1dcca23355272056f04fe8bf20edfce0.adverts.example.com 127.0.0.1
  9ae0ea9e3c9c6e1b9b6252c8395efdc1.adverts.example.com 127.0.0.1
  84bc3da1b3e33a18e8d5e1bdd7a18d7a.adverts.example.com 127.0.0.1
  c30f7472766d25af1dc80b3ffc9a58c7.adverts.example.com 127.0.0.1
  7c5aba41f53293b712fd86d08ed5b36e.adverts.example.com 127.0.0.1
  31d30eea8d0968d6458e0ad0027c9f80.adverts.example.com 127.0.0.1
  166d77ac1b46a1ec38aa35ab7e628ab5.adverts.example.com 127.0.0.1
  2737b49252e2a4c0fe4c342e92b13285.adverts.example.com 127.0.0.1
  aa6ed9e0f26a6eba784aae8267df1951.adverts.example.com 127.0.0.1
  367764329430db34be92fd14a7a770ee.adverts.example.com 127.0.0.1
  8c9eb686bf3eb5bd83d9373eadf6504b.adverts.example.com 127.0.0.1" - by Stalks (802193) * on Wednesday January 30, @09:53AM (#42737455)

Are you HIGH?

Blocking Hosts entries are FAR tinier, e.g.:

0 badsitetoblockexample1.com

or

0.0.0.0 badsitetoblockexample2.com

AND YOU ALSO HAVE THEM IN REVERSE: it's IP address (space) hostdomainname, fool!

---

"dns server on localhost
  $ORIGIN example.com
  * IN A 127.0.0.1" - by Stalks (802193) * on Wednesday January 30, @09:53AM (#42737455)

WTF - again: ARE YOU HIGH?? That's still larger per line vs. my examples above!

See above, "rinse, lather, & repeat"... yes, you can 'wildcard' but what good is it since DNS servers are MASSIVELY COMPROMISABLE per this article & hosts can supplement them to OVERCOME this?

---

* IF you're going to post here, be ACCURATE & CORRECT, instead of attempting to MISLEAD others with untruthful bullshit!

APK

P.S.=> Have you NO shame?

... apk

Re:WTF kind of hosts entries are those? apk

[Stalks]

0.0.0.0 microsoft.com

This doesn't work. I can still access the site.
Please give me a working example of how to quickly and easily block ALL of microsoft.com in a single line.

DNS on localhost isn't compromisable. You are the very example of FUD. http://en.wikipedia.org/wiki/Fud

"Rinse, Lather, & REPEAT" vs. your "fact"... a

http://it.slashdot.org/comments.pl?sid=3417867&cid=42737535

* You FAIL... since you failed to account for the fact my application gets the data to block ANYTHING necessary from reputable, reliable, & punctually updating sources "automagically", from the SECURITY COMMUNITY ITSELF (which tracks this stuff to NO end).

APK

P.S.=> FACT: Hosts files, custom ones, can supplement DNS servers AND overcome this shortcoming in them vs. malicious sites as well...

Again, so it 'sinks in' - ALL VIA THE APP I WROTE (since it updates from reputable, reliable, & punctually updating sources, even with algorithmically generated malicious fastflux types)

... apk

Funny you conveniently ignore these facts... apk

I stated them explicitly too in a list (once more for your reference):

"DNS servers are also:

1.) MORE "moving parts" complex in services/daemons, & front-ends to them
2.) MORE complex in entries necessary (and knowledge for it)
3.) Wasteful of CPU cycles due to more parts
4.) Wasteful of ELECTRICITY (due to extra moving parts)
5.) Wasteful of RAM (data is larger, see that DNSBL I put out)
6.) Wasteful of other forms of I/O too
7.) Room for more "breakdown" in their parts in DNS since there ARE more 'moving parts' involved, especially programs (hosts are merely a text file filter for the IP stack itself)
9.) Hosts are an integrated part of the IP stack itself, running in Ring 0/RPL 0/kernelmode & merely a filter for it (which the IP stack has over 40++ yrs. of optimization & refinement put into it, as well as hardening vs. compromise)
10.) I've seen DNS servers that run in far, Far, FAR SLOWER Ring 3/RPL 3/usermode as well vs. kernelmode & the IP stack as noted in point #9" - by Anonymous Coward on Wednesday January 30, @07:55AM (#42736495)

Again - Funny you AVOID ALL THAT too, eh? Not... lol!

Now - THEY ARE FACTS!

Multiple facts not in favor of DNS, especially locally, which YOU rather "conveniently avoided", no less!

("Gosh & golly gee, I wonder why?"... lol, NOT! They "shoot your down", badly...)

* :)

APK

P.S.=> Let's also NOT FORGET THE PREMISE OF THIS ARTICLE, since 5++ yrs. later, the KAMINSKY BUG IS UNPATCHED on DNS SERVERS WORLDWIDE - thus, compromisable!

What SOLVES it?

Custom hosts, via hardcodes especially + vs. other known malicious sites-servers/hosts-domains online (and trackers, phishers, spammers, bogus DNS servers, botnet C&C servers etc.), & automagically, via my application:

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

---

By providing updated custom hosts file information REGULARLY automagically if one wishes OR manually in minutes no less (also autoprotecting the hosts file via write-protect attributes supplementing UAC protection as well which hosts files have since VISTA onwards)...

And, with less moving parts (especially local DNS servers that are wasteful, more complex in file data, more moving parts room for error & more, listed above), vs. your "facts" which ARE in error (by omission too see above)...

... apk

Ms does it for THEIR sites (good reason)... apk

It's because Microsoft BYPASSES the host file for THEIR sites to work (ala Windows Update etc./et al) -> http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=%22Microsoft+bypasses+the+hosts+file%22&btnG=Submit&gbv=1&sei=lkUJUcnFEejg0gHgq4DoBg

* ALBEIT, for GOOD REASONS, noted above for example/instance...

APK

P.S.=> Get it? Good...

.. apk

Re:Ms does it for THEIR sites (good reason)... apk

[Stalks]

Okay, there is one flaw in hosts file, they can be bypassed.

I will now try with slashdot.org

0.0.0.0 slashdot.org

...

C:\>ping -n 1 slashdot.org
Ping request could not find host slashdot.org. Please check the name and try again.

Okay, it blocks it, great.

C:\>ping -n 1 www.slashdot.org
Pinging www.slashdot.org [216.34.181.48] with 32 bytes of data:
Reply from 216.34.181.48: bytes=32 time=107ms TTL=245

Oops, sorry. I remain unconvinced. I'll stick to an internal DNS server for blocking. Single point of configuration, works on ALL devices on my local network and handles wildcards.

Re:Funny you conveniently ignore these facts... ap

[Stalks]

1.) MORE "moving parts" complex in services/daemons, & front-ends to them

Yes more moving parts.

2.) MORE complex in entries necessary (and knowledge for it)

False. Still haven't found case to handle wildcards.

3.) Wasteful of CPU cycles due to more parts

Citation needed.

4.) Wasteful of ELECTRICITY (due to extra moving parts)

Citation needed.

5.) Wasteful of RAM (data is larger, see that DNSBL I put out)

Data used for configuration != Data used in RAM during use.

6.) Wasteful of other forms of I/O too

OS needs to re-read hosts file. DNS servers are much more efficient.

9.) Hosts are an integrated part of the IP stack itself, running in Ring 0/RPL 0/kernelmode & merely a filter for it (which the IP stack has over 40++ yrs. of optimization & refinement put into it, as well as hardening vs. compromise)

It reads a text file into RAM, it isn't any more secure that any other configuration file. A local dns server has the same vulnerabilities. ie. Edit "HKLM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath" registry entry, hosts file is not longer used. Protection bypassed.

10.) I've seen DNS servers that run in far, Far, FAR SLOWER Ring 3/RPL 3/usermode as well vs. kernelmode & the IP stack as noted in point #9"

Oh, your local text file is read faster than the DNS server 1000s of miles away? Try again with a local one.

Hmm.

a large HOSTS file (over 135 kb) tends to slow down the machine

- mvps.org

The premise of this article dusts you... apk

You concede my 1st point - good: Since it is the foundation of the rest below (big mistakes on YOUR end):

"False. Still haven't found case to handle wildcards" - by Stalks (802193) * on Wednesday January 30, @11:10AM (#42738291)

What good's wildcarding if DNS is compromisable per the Kaminsky bug?

(Clue - "It AIN'T", for most of the world's DNS servers, 5++ yrs. later no less!)

"YOU HAVE BEEN DUSTED!" by yours truly (and the severe negligence of companies & admins + ISP's, worldwide... fact, sorry but it is, & I DON'T LIKE IT EITHER - hence, my supplementing DNS servers with hosts)

---

"Citation needed" -

NIONE REQUIRED - buddy, I am a many time 'decorated' & awarded developer of programs since I wager, possibly BEFORE YOU WERE BORN (or in diapers) & if you need 'citation' of that? Ask... & "ye shall receive": Programs with more parts DO eat more CPU cycles, RAM, & other forms of I/O - especially if they're essentially REDUNDANT (which a local dns server, is, vs. hosts files).

I also don't *think* you understand - I USE DNS myself, albeit, secured filtered ones vs. known malicious threats online - see my original post for 'citation' of that much, no less, since you "demand" that!

---

"Citation needed." - by Stalks (802193) * on Wednesday January 30, @11:10AM (#42738291)

On ELECTRICITY usage? Please - same DEAL AS ABOVE: NOTHING & I mean nothing 'rides for free' in a computer (or life)... it ALL costs & the more of a load you carry, the more you use... common-sense actually, surprised you do NOT realize these things!

Man - see above, no 'citation' required: I am QUITE expert & via professional experience for over 18++ yrs. now, & LONG before that (since 1982) as to "how it all works"... & again: SHOULD YOU REQUIRE PROOF? I can post it, in seconds... such as things like winning a FINALIST position & MS TechEd 2000-2002 in its HARDEST CATEGORY - SQLServer Performance Enhancement (which Windows IT Pro magazine, then Windows NT mag/2000 mag. highly reviewed well also)... as a 'single example citation' thereof!

---

BIG MISTAKE here:

"OS needs to re-read hosts file. DNS servers are much more efficient" - by Stalks (802193) * on Wednesday January 30, @11:10AM (#42738291)

Are you NUTS? Once a hosts file is loaded @ OS startup or 1st clientside app request (1 of 2 ways, I elect the latter via the local kernelmode diskcaching subsystem rather than the Windows clientside faulty with larger hosts files DNS cache service)?

It's in RAM, read as FAST AS POSSIBLE!

I even BEAT DNS indexing or binary/b-tree seeks by placing my favorites @ the TOP of the hosts file too - this beats dns indexing hashtables (unreliable & stupid, hash functions are TOUCHY & this is known too - tough to implement & RE-implement) up to 2++ million entries how I do it (20 favs @ top of hosts file).

DO THE MATH - you'll see on that last account!

---

ANOTHER BIG MISTAKE:

"It reads a text file into RAM, it isn't any more secure that any other configuration file." - by Stalks (802193) * on Wednesday January 30, @11:10AM (#42738291)

Again - see above: Cached into RAM 1 of 2 ways, & beats DNS hashtable OR btree seek indexes the way I do it too... & DNS servers, like ANY app? Load config data from FILES ON DISK... period!

As to MVPS? I beat that using the local kernelmode diskcaching subsystem... fast as it gets in Ring 0/RPL 0/kernelmode + ram based loads (plus my trick for hardcodes, which again SOLVE THIS ISSUE IN DNS per this article, no questions asked).

APK

P.S.=> My opinion, based on the above from you in errors? Shows me you NEED to learn more than you know on how computers, programs, & the OS + its services/drivers/daemons REALLY do work!

... apk

Re:The premise of this article dusts you... apk

[Stalks]

Okay I see you have no citations for those points, just guesswork. I accept this as you conceding the argument in my favor. That is acceptable.

Any operating system tricks to cache data are not exclusive to just a hosts file so any points made there are moot and disregarded.

Besides, the SPEED difference of any of these system would be unmeasurable (unless you have citations? oh you don't don't nevermind that then), its not what I am arguing. An internal DNS system (not affected by any sort of poisoning vulnerability, ie. internal, internal, internal) would be a much better suited solution to your problem because of pervious unresolved points.

Haha, a "favourites at the top" sorted text file beats indexing, what planet are you on.

Addendum (important 4 security (UAC))... apk

"It reads a text file into RAM, it isn't any more secure that any other configuration file." - by Stalks (802193) * on Wednesday January 30, @11:10AM (#42738291)

UAC in Windows VISTA onwards protects hosts files, so does MS Security Essentials (part of Windows 8 no less)... lastly & IMPORTANTLY:

My app does so ontop of those, with read-only/write-protection attributes APPLIED while it runs (unless you turn that off, it's possible & I do on updates automated - & have to so updates "take"):

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

---

* Courtesy of "yours truly" - "Ghost in the Machine" & "Last of the V8 Interceptors - a piece of HISTORY!"

APK

P.S.=> "Here endeth the lesson"... learn by it, in addition to the 1st part I wrote you in rebuttal, here -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42738543

... apk

Re:Addendum (important 4 security (UAC))... apk

[Stalks]

So read-only file flag and NTFS ACLs. Nothing special then.

BTW I'm loving this discussion, I know you're a troll, and a good one, but its awesome to see how far people will go. Especially when you're also getting your link count up with each post :)

DNS servers can be bypassed (see article)... apk

This very THREAD exemplifies it, and? See this http://it.slashdot.org/comments.pl?sid=3417867&cid=42738641

Unlike ISP DNS servers (or that of companies unpatched vs. the Kaminsky flaw have been now, for 1/2 a decade? What a shame, no less?? I hope YOU patched yours!)

However - if you want to be wasteful, ala this list of DNS ineffficiencies vs. hosts I wrote up, all fact & I dusted one of your fellow naysayers on it above? That's up to you... I can lead a horse to water, I can't make him drink after all:

"DNS Servers are also (inefficient apk):

1.) MORE "moving parts" complex in services/daemons, & front-ends to them
2.) MORE complex in entries necessary (and knowledge for it)
3.) Wasteful of CPU cycles due to more parts
4.) Wasteful of ELECTRICITY (due to extra moving parts)
5.) Wasteful of RAM (data is larger, see that DNSBL I put out)
6.) Wasteful of other forms of I/O too
7.) Room for more "breakdown" in their parts in DNS since there ARE more 'moving parts' involved, especially programs (hosts are merely a text file filter for the IP stack itself)
9.) Hosts are an integrated part of the IP stack itself, running in Ring 0/RPL 0/kernelmode & merely a filter for it (which the IP stack has over 40++ yrs. of optimization & refinement put into it, as well as hardening vs. compromise)
10.) I've seen DNS servers that run in far, Far, FAR SLOWER Ring 3/RPL 3/usermode as well vs. kernelmode & the IP stack as noted in point #9" - by Anonymous Coward on Wednesday January 30, @07:55AM (#42736495)

* I had to 'school' one of your fellow 'naysayers' on that too: UAC, & MS Security Essentials/Windows Defender (part of Windows 8) protect hosts... and?

My app does too via applying read-only/write-protect attributes to hosts as well, supplementing more security via the best thing we have going vs. online threats: "layered-security"/"defense-in-depth"... period!

(It does so, every 500ms, & NO programs' or malware-in-general that's NOT a driver powered rootkit's going to get past that, since the timer registered with the OS is as 'fast as it gets' in usermode, period!)

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

---

* Courtesy of "yours truly" - "Ghost in the Machine" & "LAST OF THE 'V8-Interceptors'": A piece of history..." :)

AGAIN - As far as MS bypassing hosts?

Again - It's for GOOD SECURITY MEASURES, so that things like Windows update, work (& that's great for security).

APK

P.S.=> Better luck next time - you FAIL... learn more before you & YOURS even *try* to "take me on", especially on THIS point/issue...

... apk

Re:DNS servers can be bypassed (see article)... ap

[Stalks]

(It does so, every 500ms, & NO programs' or malware-in-general that's NOT a driver powered rootkit's going to get past that, since the timer registered with the OS is as 'fast as it gets' in usermode, period!)

Oh, you opened yourself up for being owned now :)

Any other process capable of writing to the hosts file is running as administrator. Therefore it kills your applications PID, and disables any service. The end.

Large diff. in devs like me, & techs like you

WTF? Disprove my points - I've been a highly awarded decorated professional dev longer than you've been ALIVE & on many platforms...

All I am pointing out is what ANY DEVELOPER KNOWS, & you by way of comparison? Obviously, are not a developer!

(No imo, you're just a techie/admin type, that's helpless, without guys like ME building tools for you to merely USE, user with a better password!)

Sorry - that's just "how it really is"... & you know it!

---

The caching 'tricks' as you call them, work... this is merely a product of myself having HIGHER KNOW-HOW than mere techies do, as well as experience building tools "your kind" merely uses, user... lol!

---

LOL, speed's NOT the topic, but look up how binary trees & hashtable indexing actually works... & do the math I noted!

My 'trick' works... & yes, beats even btriee seeks/binary search methods AND hashtable indexing up to 2++ million records & the math ALONE proves it.

Coders, know this... techies, obviously don't (therein lies the difference). After all/again: I show you what to look up & test, the math proves it alone (and yes, computers use algorithms based on this type of mathematics)...

Your "kind"? Merely USERS of what guys like me BUILD FOR YOU TO USE... & it shows in our discussion!

APK

P.S.=> 3 layers of protection are afforded the hosts, especially via my app, in modern versions of Windows (ones your DNS doesn't have NOR by that many layers either - this very ARTICLE shows you its problems, my original posts shows TONS more @ its termination too)

AND lastly/again: Yes, my app overcomes this issue per this article, via "hardcodes" & bypassing compromised or compromisable redirectable DNS poisoned DNS servers and it resolves hosts-domains FASTER than remote DNS servers do too (which also lightens their load of requests too, bonus for admins of them)... apk

"Rinse, Lather, & Repeat" troll... apk

What's DNS & its data got? ZERO protection... this article proves it in fact, lol... fact/period!

Additionally, again per this -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42738641 reply of mine that 'schooled you' easily!

I.E./E.G.-> YOU? You're obviously MERELY a techie only & it shows!

You're merely a USER of what guys like ME create for "your low kind" to merely USE, user - without us, & what WE know? YOU ARE HELPLESS & YOU KNOW IT!)

Fact! One you MAY not like, but fact!

You didn't & don't even UNDERSTAND how binary trees & b-tree seeks + hashtable indexing works, & how my smart placement of hosts data for favorites hardcoded (which again, mind you, solved this DNS issue easily, fact again) works to beat them!

That is funny but then again, it's not... it's the big diff. between guys like me & guys like you!

AGAIN:

My app does too via applying read-only/write-protect attributes to hosts as well, ONTOP of UAC & MS Security Essentials PROTECTING THE HOSTS FILE!

What's protecting YOUR dns & data? ZERO!

Thus, again - My app ends up supplementing more security via the best thing we have going vs. online threats: "layered-security"/"defense-in-depth"... period!

(It does so, every 500ms, & NO programs' or malware-in-general that's NOT a driver powered rootkit's going to get past that, since the timer registered with the OS is as 'fast as it gets' in usermode, period!)

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

---

* Courtesy of "yours truly" - "Ghost in the Machine" & "LAST OF THE 'V8-Interceptors'": A piece of history..."

APK

P.S.=> There is a WORLD of difference between guys like me, software engineers, & techs like you... this discussion is showing it on MANY levels - learn by it!

... apk

Same goes for your DNS servers too (touche)... apk

VULNERABLE TO THE SAME THINGS (rootkits, impersonation API's & MORE since it's not 'triumvirate protected' as hosts are by UAC, MS Security Essentials, & my app additionally layering on more defense in depth) - any program, is!

Plus, it can't be done - Not every 1/2 ms while my app runs... no way, no how!

(That makes it LOCKED vs. access - normal access that is...)

Works - again - unless driver powered rootkits hit, or, impersonation API's are used (frowned upon but a malware uses it). THAT CAN "HIT" YOUR UNPROTECTED AT ALL DNS TOO!

See - unlike you?

I will be HONEST here... & tell it how it REALLY is... hence, my usage of layered security/defense in depth! I have the kind of knowledge as a software dev, & as I said repeatedly here? You don't!

Hell, you didn't even UNDERSTAND how btree seeks/binary search patters & hashtable indexing works & how my smart placement of hosts file favs BEAT IT FOR SPEED... do the math, you'll see (& Yes - that's what devs learn, & computers DO USE THIS TYPE OF MATH!).

Lastly - face it: My method of favorites hardcoded DOES indeed protect one from this Karminsky flaw by bypassing the NEED to call out to remote or local DNS servers... period!

It works!

APK

P.S.=> By the way? SAME GOES FOR YOUR DNS SERVER TOO, & it doesn't HAVE those layers of protection hosts do... you FAIL!

... apk

Re:Large diff. in devs like me, & techs like y

[Stalks]

Please don't turn this into an e-peen competition. My kids are into that sort of thing. I have been writing software for over 35 years, so lets just put that to rest, it's immature.

Indexing vs "favourites at top" has no argument. Indexing was designed to speed up search, linear searching is the base at which indexing is compared to. Sure, for those at the top, its faster, for those at the bottom its slower, you can't predict the browsing habits of your users, so this sorting won't work. Overall, indexing is faster. If you are what you claim, then you know this.

Re:Same goes for your DNS servers too (touche)...

[Stalks]

Yes I understand it is the same. You are now desperate enough that instead of claiming APK is superior, that you are now happy enough to say that it has the same protection as other software. The very point I was making.

Also, you are now slipping up on some important parts..
You just stated:

Plus, it can't be done - Not every 1/2 ms while my app runs... no way, no how!

but then you argued that DNS is:

Wasteful of CPU cycles due to more parts

I can guarentee that an idle DNS server doesn't waste time checking its database for errors every 500ms. This now puts your software way out of reach of my proposed system (dns server running on localhost) in terms of CPU usage, and as you claimed, electricity usage. Try again.

Re:DNS servers can be bypassed (see article)... ap

[Stalks]

Please respond to the fact hosts file cannot handle wildcards as you claim they do.

You failed vs. my DNS inefficiency points... apk

You don't disprove or dispute them -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42736287 fully or even EFFECTIVELY (this may not be YOUR fault due to less know-how, since guys like me DO build what you merely 'use', user)... but then again: YOU limited yourself, not I!

PLUS:

Do the math on 2++ million records in a hosts with my fav sites I only keep 20 favorites in a custom hosts file cached in RAM for speed with those favs @ the top, beating DNS indexing or even btree seeks too... do the math!

(Plus the VERY thing that cures this is hardcoding in hosts files, as to the issue in this article, by BYPASSING THE NEED TO CALL OUT TO THESE UNPATCHED MAJORITY OF VULNERABLE DNS SERVERS OUT THERE! Period!)

Plus, again a fact per that math I outlined:

I resolve FASTER locally from disk than remote DNS servers do, especially if NXDOMAIN happens!

(Especially how I load it from a TRUE SSD based on DDR2 ram, the gigabyte IRAM by redirecting my hosts file sort of like how *NIX etc shadow passwords work in fact), once loaded thus (faster, zero seek access almost) & cached into RAM (1 of 2 ways I noted, 1 of which I use to overcome the limited faulty DNS clientside cache service in Windows with no less)).

I merely state facts that mathematics prove & yes, again, computers DO use that type of math in code and hardware too...

Yes, and? Yes:

Due to my 'tricks' as you called them?

Yes, know-how you clearly do NOT possess as a 'techie' or even "mighty admin" type Lol...

Honestly?

I shit on guys like you, everyday, because you LIMITED YOURSELVES, not I, by only being that - I've been brought into corporate Fortune 100/500 for consultation or on the job vs. contractors trying to take payroll away from my staff to SHOOT YOU DOWN on grounds like these (I am VERY good @ it & this post shows it also)... & by the way?

I'm a VERY proficient security pro & admin myself - I wrote THE VERY FIRST SECURITY GUIDE FOR WINDOWS:

http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Submit&gbv=1&sei=1VoJUbXKMbCC0QHKg4GQAg

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a con

NO, not the same... apk

Since DNS program are NOT 'triumvirate protected' as hosts are by UAC, MS Security Essentials, & my app additionally layering on more defense in depth... fact!

You said if my app gets "killed" in RAM... ok granted, but try that on Microsoft Security Essentials (it has protections vs. it... for hosts, does your DNS? NO!)

* You fail, again...

APK

P.S.=> Sorry but you do, & you didn't effectively dispute & disprove my DNS inefficiency points either -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42736287

(AND you did some blowing it BADLY on your end on hashtables indexing or btrees even vs. how I smart place my favorites hardcoded... period).

Funniest part & AGAIN, fact?

Those SAME hardcodes my app affords, CURE THIS ISSUE by circumventing the very need to call out to the majority of the world's unpatched DNS servers (even @ the ISP level, very, Very, VERY BAD)... fFact, period you don't deny it either...

You FAIL/you lose!

... apk

Re:NO, not the same... apk

[Stalks]

Did you miss the memo? "MS Security Essentials" is no longer trusted anti-virus software in the eyes of independent AV researchers. You look silly.

Notepad++ can edit hosts file and bypass the "MSSE protections", so um, yeah ... just, wow. Notepad++ must be awesome.

Re:NO, not the same... apk

[Stalks]

I have to leave the internets now :( I'm glad my afternoon appointment had been cancelled so I had the chance to make you sweat.

However at night I am a father and a husband and don't have time for these unimportant discussions.

Good day!

Re:You failed vs. my DNS inefficiency points... ap

[Stalks]

Whoa, your e-peen is massive! I'm not worthy! I'm not worthy!

I also don't care. I did a TLDR from "I shit on guys like you, everyday", not worth my time.

You're cracking at the seems with the rambling!

Right, back to the APK crap you keep going on about. You should place a notice on the software page that it requires an SSD in order to benefit.

I did - mainly in this... apk

What good are they though, when DNS is bypassable worldwide per the majority of DNS servers worldwide (especially @ the ISP level, VERY bad) are unpatched?

They aren't even as WELL layered security/defense in depth protected as hosts are via UAC, MS Security Essentials, & my app ontop of that!

CLUE: Hosts are not subject to the Kaminsky flaw & actually SUPPLEMENT them to protect you vs. it... & hosts aren't thus, easily REDIRECT poisoned!

(hosts can't be thus).

You fail... sorry, but you do!

APK

P.S.=> Plus/Again - Your DNS data is also larger, by FAR look @ the DNSBL I posted, and it IS correct!

DNSBL is how a DNS server 'protects' users, but not vs. this bug & article! Period!

(Additionally, remember:: You're the one that posted BOGUS incorrect hosts data too here mind you attempting to MISLEAD others imo -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42737625 lol! THAT was hillarious & a HUGE BLUNDER on YOUR end... bigtime!)

Give up your "geek angst"! Sooner or later, you run into a "bad motor scooter" in life (even in street fights, even though you *think* you're 'tough as a nail' there's always someone bigger, faster, stronger & better... that's me!)

To quote my namesake, Mr. Kowalski, from the film "Grand Torino":

EVER NOTICE THAT EVERY ONCE IN AWHILE, YOU COME ACROSS SOMEONE YOU SHOULDN'T HAVE FUCKED WITH? THAT'S ME!

Fact - You have failed vs. "yours truly" on TONS of levels (even speed in hashtable indexing or btree seeks vs. my smart placement in hosts files)... & of course?

There's NO QUESTION hardcoded hosts file entries bypass these compromisable DNS servers... most important point of all, as it can "proof" a user vs. this type of exploit... period!

I've schooled them too, fact (you'll like this)

To wit: Regarding "antivirus researchers" (ask malwarebytes own Mr. Steven Burn in fact http://hosts-file.net/?s=Contact - he HELPED me do it):

The very app I am posting here?

Protects itself via this method I outlined & was modded up for (for starters & that was a technique I've used for DECADES in apps as a rudimentary form of BUILT IN ANTIVIRUS PROTECTION that everyone should use, but doesn't):

CODING FOR DEFCON (my compressed/packed exe + sizecheck @ startup technique): 2005 -> http://it.slashdot.org/comments.pl?sid=158231&cid=13257227

That all said & aside?

In the 64-bit world this year. I had to & DID, disprove McAfee, Norton/Symantec, Comodo, ArcaVir & others that my app was NOT a 'malware''... again, write a security pro on it, as I had to show him this too & he agreed!

I use an executable compression scheme in 64-bit for the CODING FOR DEFCON reasons above, rightfully so, it works, & they did NOT UNDERSTAND IT, & immediately "flagged me" as a malware!

GUESS WHO CAME OUT RIGHT IN THE END? "Lil' Ole' ME"... not a 1st, I did the same YEARS ago to Computer Associates too on another app!

---

STILL,what's your point? The program STILL does protect the hosts file vs. damage and also itself... lol, you fail again.

APK

P.S.=> All fact, verify it yourself with Mr. Burn of Malwarebytes above -> http://hosts-file.net/?s=Download if you like!

YOUR "experts"? Have been REPEATEDLY SCHOOLED by this expert (a real one)...

... apk

Re:I've schooled them too, fact (you'll like this)

You had to prove to the virus vendors that it wasn't malware? That shows how much the industry trusts your work. (ie. zero)

You lmited yourself, not I, techie... apk

Especially here with your "last ditch effort" in vain -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42739787

AND your massive screwup in erroneous hosts data you posted too -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42737625

That was BAD & misleading others possibly!

THAT, as well in your lack of understanding how hastable indexing or btrees can be outdone via my 'trick' as you called it... it's fact, math back it, "do the math" & you'll see (that is, if you even COMPREHEND it that is)...

Sorry man... you FAIL!

Just learn by it!

"Here endeth the lesson..."

APK

P.S.=> As I said earlier? QUOTING a namesake of mine from film (since I love using film as an analogy, it's the finest artform man has, everyone sees them, & it's better than quoting classical literature or scripture (since not everyone knows those as well)):

Give up your "geek angst"!

Sooner or later, you run into a "bad motor scooter" in life (even in street fights, even though you *think* you're 'tough as a nail' there's always someone bigger, faster, stronger & better... that's me!)

To quote my namesake, Mr. Kowalski, from the film "Grand Torino":

EVER NOTICE THAT EVERY ONCE IN AWHILE, YOU COME ACROSS SOMEONE YOU SHOULDN'T HAVE FUCKED WITH? THAT'S ME!

Fact - You have failed vs. "yours truly" on TONS of levels (even speed in hashtable indexing or btree seeks vs. my smart placement in hosts files)... & of course?

MOST IMPORTANTLY:

There's NO QUESTION hardcoded hosts file entries bypass these compromisable DNS servers & protects a user from this unpatched for 1/2 a decade BUG...

That's most important point of all, as it can "proof" a user vs. this type of exploit... period!

... apk

Re:You failed vs. my DNS inefficiency points... ap

With an attitude like yours I find it difficult to understand how anyone can take you seriously.

Alexander Peter Kowalski right? Just so google can index this conversation and more people can read your comments and come to the same conclusion: you are insane.

Write Mr. Burn of malwarebytes to verify... apk

They all do now: I am now one of them featured on the malwarebytes hphosts website & for years per those guides I showed you earlier as well (1st & best of their kind for Windows users, bar-none).

Are you?

No... & if you keep up your attitude & lack of drive + understanding of this field... you NEVER will be!

Face it, lol: YOU WISH YOU WERE ME!

A little 'factoid' for you too - they TRUST NO ONE, until they prove themselves... & I did, by "beating your experts asses" badly!

APK

P.S.=> You're free to verify this all... again, do so... & "eat my dust" on that too again... apk

Facts are facts, & you failed... apk

Insanely better than you are - my app solves this DNS issue, period:

---

APK Hosts File Engine 5.0++ 32/64-bit::

http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

---

FACT, since it's hardcoding of favorite sites bypasses DNS compromisable servers (the majority of which are STILL unpatched per this article)...

Also/yes: That allows FASTER resolutions as well as protection vs. remote DNS (& uses less resources than local ones & certainly less moving parts for breakdown) & especially using my "math trick" as you called it... another FACT!

You couldn't dispute that, or any of it, & did yourself in... beating me? Hey - it's be IMPOSSIBLE to do & especially on this topic!

APK

P.S.=> You can *try* all you like to "shit" on me, but you defeating yourself shit on you... did that to yourself here in this exchange, I merely schooled you, as I did those "antivirus pro experts" you noted, and you are welcome to verify it... it's fact!

AGAIN & FOR THE 4th TIME NOW SO IT SINKS IN (& you realize you are NOT in my league):

Remember:: You're the one that posted BOGUS incorrect hosts data too here mind you attempting to MISLEAD others imo -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42737625 lol!

(THAT was hillarious & a HUGE BLUNDER on YOUR end... bigtime!)

Give up your "geek angst"!

Sooner or later, you run into a "bad motor scooter" in life (even in street fights, even though you *think* you're 'tough as a nail' there's always someone bigger, faster, stronger & better... that's me!)

To quote my namesake, Mr. Kowalski, from the film "Grand Torino":

EVER NOTICE THAT EVERY ONCE IN AWHILE, YOU COME ACROSS SOMEONE YOU SHOULDN'T HAVE FUCKED WITH? THAT'S ME!

Fact - You have failed vs. "yours truly" on TONS of levels (even speed in hashtable indexing or btree seeks vs. my smart placement in hosts files)... & of course?

There's NO QUESTION hardcoded hosts file entries bypass these compromisable DNS servers... most important point of all, as it can "proof" a user vs. this type of exploit... period!

DDOS problem

[snsh]

My DNS provider was planning to deploy DNSSEC signing several years ago, but they still haven't.

They claim the reason is that since DNSSEC responses are 75x the size of vanilla DNS responses, this makes DNSSEC providers more vulnerable to DDOS attacks.

After this discussion? See ya! apk

Here onwards on down -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42737625

* Really don't blame you for RUNNING... NOW, "get off my lawn"!

(LMAO!)

APK

P.S.=> "Ever notice that every once in awhile you come across somebody you shouldn't have fucked with? That's me..." - Mr Kowalski, Grand Torino...

... apk

Re:After this discussion? See ya! apk

Regardless of whether he got the host and IP the wrong way round, he has a point. You can't stop a wildcard entry with a hosts file, you need to handle the name request more intelligently, the easiest is with another wildcard DNS entry to counter with.

"Reading IS fundamental", troll... apk

Strongly suggest you read & get your "hooked on phonics" out -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42733823

* Since the "best you've got" is libel (& there are laws against it)...

You clearly 'cavalierly dismiss' obeying laws, & thus? Again, per my reply on you on this note here before:

http://it.slashdot.org/comments.pl?sid=3417867&cid=42733823

You demonstrate you do NOT consider consequences of your actions (a definition of insanity), & addtionally in that you keep repeating a mistake over & over again, expecting DIFFERENT results (another commonly used definition of insanity also).

YOU also lack the qualifications, & documentation + facts to call others mental etc., as shown in the link above.

AND YOU CALLED ME "mentally troubled" (or whatever)? Please... lmao!

You FAIL!

YOU aren't even a good 'troll' for Pete's sake - that old 'tired' silly 'you're crazy' crap? People don't fall for it anymore, & it's unimaginative too, & stale, like you!

APK

P.S.=> Especially since the "best you've got" is fails via illogical off-topic failed ad hominem attacks on myself, INSTEAD of you disproving my technical points in computing, validly, here -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731025

Then again?

I am SURE by now, especially by now in my replies in this discussion vs. naysayer trolls I truly HAVE 'dusted' on actual technical data discussions DNS vs. HOSTS?

(Especially here on downwards -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42737625 where I will give stalks 1 credit - AT LEAST HE TRIED but failed badly on many points from that link on down )

By now, I am sure that you KNOW it cannot be done - as to disproving my points on hosts!

(Especially since they 'cure' this issue, by hardcodes in hosts, vs. this issue in DNS servers that's been unpatched for 1/2 a decade)...

Hence, your trolling b.s. & me, as-is-per-my-usual? UNASSAILABLE & inviolate, vs. trollish attacks... lol!

MAN, you've FORCED me to say it & you KNOW I've just GOTTA SAY IT:

THIS? This was just "too, Too, TOO EASY - just '2ez'" & it always is, since you make it so!

Especially vs. trolls like yourself that do what you have (off topic illogical failing ad hominem attacks directed my way)!

... apk

PhD in psychiatry - would figure (if it were true)

1.) A PhD in the psychiatric sciences

And the #1 reason students go into psychiatry? In an attempt to understand what is wrong with themselves.

Not that I believe you actually completed a PhD (or if you truly did, it was before your mental health deteriorated so much). It is quite obvious that you are incapable of maintaining a rational, coherent approach even for a sentence, much less a thesis. I can readily believe that you would like a qualification in a mental-health related sphere (see para 1 above). You could easily prove me wrong by writing a single, coherent paragraph in rebuttal. Just one paragraph, with regular grammar and punctuation, and a demonsration of rationality and reason. But you are unable to do that, not because you don't want to, but because your mental health makes it impossible.

Do you have a rational answer to the question of why you expend so much effort on incoherent ramblings? Note that the claim that your "style" is a subtle troll fails - to continue in the way you do, over an extended period, is a clear sign of mental health troubles. Again, get yourself under professional care.

Did I once say you could? No!... apk

However, again: What good's it if DNS servers worldwide = unpatched & vulnerable

FACT.... period!

They ARE compromisable - & I merely offer a cure that helps you on FAR MORE LEVELS (including monies you spend to be online monthly & many more), here:

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

---

What DOES stop that though?

See above!

The output from that app does - Custom hosts files via hardcodes of favorite sites for bypassing DNS do and many other things, see that link, it enumerates them...

(NO questions asked, because they bypass DNS servers!)

Fact/Period!

PLUS - Hey - I am ONLY here trying to help (but as usual, with techie geeks *trying* to take on guys like me that build the tools you merely USE, & are helpless without? I was attacked... & that's ok too - I triumph as always in the end!).

Geeks have TROUBLE with 'geek angst' when dusted by facts, & his name tossing showed it directed my way - the 1st sign of FAIL usually & proof of my points when theirs are in grave error!

(Oh, I toss a few but only after I floored his points... rightfully!)

Bottom-line: This entire discussion, proves it, along with my providing a working solution vs. it until servers are patched (but 1/2 a decade later vs. the Kaminsky flaw? Doubt they will be, ever... sad!)

Now, Stalk? Above ALL else:

I just KNOW it's you replying by ac instead of your registered 'luser' account here... lol, you're not fooling me on that account either!

APK

P.S.=> He made SO many mistakes here on down (especially here right off the bat -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42737625 with BOGUS hosts data misleading others & FAR MORE later?)

HOWEVER - At least you tried Stalk! I'll give you that, nobody else had the balls... you just ran into "Mr. Kowalski" ala Gran Torino (lol, per my quote I used) is all!

HEY: At first, I thought it was funny, but...it's not funny - you are welcome to read & verify (I think you did, since none of my other points are disputed by you on various things in this exchange).... apk

All you have is boring off topic b.s.? Please...

"And the #1 reason students go into psychiatry? In an attempt to understand what is wrong with themselves." - by Anonymous Coward on Wednesday January 30, @02:20PM (#42740697)

A rule of thumb in psychiatry is never self analyze. You fail and so do those students.

Why? From what I understand, primarily, one has issues identifying one's own faults is why due to inbuilt defenses.

It's like trying to cut your own hair if you haven't been trained too. You'll mess it up odds are, and usually in the back. Not the best analogy, but I do know that rule above holds true & is recommended to NOT do for shrinks.

APK

P.S.=> Enough of the boring, stale off-topic illogical ad hominem attack attempts though - get on topic!

So, that said - why not instead DISPROVE MY POINTS -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731025

?

Flat out bottom-line & obvious truth?? YOU CAN'T... & I know it, YOU KNOW IT, & anyone else reading with 1/2 a brain knows it as well! Fact... lol!

I love it - Especially by now! I suppose I should thank you all for making ME look GOOD, without even trying!

Stalks @ least *tried* to below this part of this debate, & failed BADLY, here downwards -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42737625 very, Very, VERY BADLY on a number of grounds, but also "right outta the starting gate"...

HOWEVER - I *will* give "Stalks" 1 credit: At least HE TRIED & stayed on topic...

(The rest of you? LOL, I shit on you... you make it possible to do, because you're naught but off-topic trolls... and you KNOW it!).

How you can live with yourselves & call yourselves 'men', I will never know... personally? I call "your kind" (the lowest of the low online & in the real world too) the 'not men' that act worse than women... lol!

... apk

Re:How custom hosts files help vs. DNS flaws... ap

[Sardaukar86]

Hahahahhaa APK, what a surprise - here you are, regurgitating the same tired old rubbish.

Get this through your thick skull, nobody wants to read your shite about the fucking hosts file any more.

We've seen you spew this crap over and over and over and over again, don't you think it's time to give it a rest? Face it APK, you're a fifty-year-old man-child with an obsessive pattern of behaviour and a compulsion to make an annoyance of yourself that you should have gotten under control by your age.

For Pete's sake enough (you're non-sequitur)

I understand that bypassing DNS via hosts avoids poisoned DNS servers... how's that?

YOU FAIL ON THAT ALONE!

Care to disprove &/or dispute that? You already ADMIT I "get some" security... certainly MORE THAN YOU in recursive mode... I can't BELIEVE You'd even *try* to act in a condescending manner to me pal, especially after that admission quoted below from you no less!

Besides - I pinged in arpa addr, most reliable source there is!

SO, as you said?

Yes, it buys me SOME added 'security' vs. this issue especially (since hosts do bypass VERY possibly unsecured for 1/2 a decade DNS servers vs. the Kaminsky bug since most worldwide are NOT PATCHED, get it?).

YOU DON'T DENY IT!

"the reverse entries are delegated to the IP space owners, so it's just as likely that the in-addr.arpa records are being poisoned, and so your reverse lookup check doesn't buy you much" - /quote>

WTF? As I said before "every bit helps" & even YOU are conceding, right there, it buys me SOME!

Man... wtf, again! Good enough for me, since it DEFINITELY bypasses DNS & solves this in an easy manner!

---

NOW on the DNS end:

Pointing DNS @ the 'big name sources' or even Root 13 DNS servers (better actually), or other "reliable sources", and if THEY go down?

We're all fucked!

Besides that, recursive mode has issues (hence the dns poisoning & odds are you HAVE to do it since you're not in arpa addr or a root 13 server).

All of which doesn't matter since my method DOES solve this issue... no questions asked.

APK

P.S.=> Please - above ALL else? Don't even *try* to "condescend" to me, especially when you even ADMIT I do get better security via my methods... methods via hosts that bypass this DNS issue, & solve the problem!

Period... apk

Re:For Pete's sake enough (you're non-sequitur)

[ilikejam]

"...you even ADMIT I do get better security via my methods"
Umm, I didn't. I said quite specifically that your security is likely worse than just using DNS. But hey. If that's how you choose to configure your hosts, then that's great. Good luck to you.

I'll be out here in the badlands running with an empty hosts file, javascript switched on, frames enabled, cookies allowed, and Flash installed. Living the dream, baby.

Peace out, much love, etc.

"Run, Forrest: RUN!!!" especially you vs. hosts

How many times have YOU personally run from disproving my points on hosts & what was your "FoaMiNg-@-TeH-MouTh" profanity-laden response when you failed @ it?

Let's see:

This ALL stems from these challenges I made to him to disprove my points on the benefits of custom hosts files to end users of them (for better speed, security, reliability, & even anonymity):

---

HOSTS FILES #1 of 5 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38415774

HOSTS FILES #2 of 5 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38415816

HOSTS FILES #3 of 5 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38415874

HOSTS FILES #4 of 5 -> http://yro.slashdot.org/comments.pl?sid=2356916&cid=36938204

HOSTS FILES #5 of 5 -> http://slashdot.org/comments.pl?sid=2356916&cid=36938240

(Where "the best you had" was profanity, but you did not disprove my points on custom hosts files' value to end users of them for a plethora of valuable things)

---

YOUR PRICELESS "ReAcTiOnS"? Let's see those too:

---

---

Sardaukar86 profanity "FoaMiNg-@-The-MouTh" priceless "ReAcTioN" #1 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38414922

Sardaukar86 profanity "FoaMiNg-@-The-MouTh" priceless "ReAcTioN" #2 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38414888

Sardaukar86 off-topic illogical failed ad hominem attack attempt -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38414906

I found it HIGHLY AMUSING and yes, you FAILED!

---

* Glad you showed up troll, so I can show EVERYONE how effete & ineffectual you are... as are all the other 'naysayer trolls' here, no questions asked (especially the off topic ones like you).

So, you can also quit "stalking me" too, Sardaukar86... you only fail vs. myself, every single time shown above.

APK

P.S.=> FACT - Bypassing these 1/2 decade unpatched DNS servers via hosts files hardcodes properly reverse DNS resolved against in arpa addr works to not get "hit" by this problem - nobody denied it in 100's of replies either (as usual, not a 1 can disprove my points)...

... apk

Re:"Run, Forrest: RUN!!!" especially you vs. hosts

[Sardaukar86]

Thanks for the laugh APK, I just checked out the last of your three lower links in your post. It provides a beautiful example of your technique:

I wrote:

Oh, what a surprise, someone mentioned the hosts file and look.. not half a day later(snip)

APK's response:

".denwaps t'nevah uoy em llet esaelP >= .S.P .erif a ni ylwols eid ot *UOY* etivni *I* :reffo-retnuoc a ekam ot referp I sa noitativni ruoy tcejer I .god eiriarp elttil ylgu na ekil pu spop KPA dellac toggam sseldnim ,taf a dna retal yad a flah ton ..kool dna elif stsoh eht denoitnem enoemos ,esirprus a tahw ,hO" - by Sardaukar86 - ANOTHER 'off-topic' total "ne'er-do-well" troll on /. (850333) on Sunday July 31, @02:50AM (#36937434) Homepage "???" Uhm... Could we get a translation of that off-topic "troll-speak/trolllanguage" of yours, please?

That's right - he reversed my words then complained he couldn't read the resulting text.

Just gorgeous, a purer example of Straw Man in the wild than this would be a rare treat indeed.

APK, I take my hat off, the fail is strong with you.

Re:"Run, Forrest: RUN!!!" especially you vs. hosts

[Sardaukar86]

How many times have YOU personally run from disproving my points on hosts

How many times have you had it pointed out to you that I don't give a fuck about your hosts stuff, I just want you to shut the fuck up about it?
Hosts files may be just as shiny, wonderful and stay-sharp as you say they are - I don't take any issue with that, get it? I just don't fucking care! Stop conflating that with a technical objection already, I simply don't care enough about the hosts file to argue the point! Is that so hard to understand?

My overall point about you stands: on balance, you are not a worthwhile contributor to Slashdot. No, I don't need to be the highest-rated user here to say that. No, a list of times your jumbled dross managed to get moderated to +1 from 0 does not prove anything and certainly not without a corresponding list of down-mods.

What about all the other inanities of yours I've responded to that you've failed to understand and replied with more lists and garbage? Did I 'run' from those too? Why, yes I did, in APK parlance. Because APK automatically 'wins' everything and won't let reality get in the way of a nice imagined victory or two.

was your "FoaMiNg-@-TeH-MouTh"

What the fuck is this shit supposed to be anyway? This is something I'd expect to see on a site for tweenies. Grow up, you fifty-year-old manchild.

how effete & ineffectual you are

Hmm, effete eh? That's a nice word from a spineless yellow-belly who can't address a simple argument, APK. Goodness knows I've offered you plenty but you've cowardly avoided them all; now you accuse me of same, hypocrite.

Re:"Run, Forrest: RUN!!!" especially you vs. hosts

[Sardaukar86]

You're seriously deranged. I've looked over those posts of yours and they say nothing about your worthless stinking hosts file. My comments were a response to seeing your goddamn Church of the Hostfile proselytising again and being sick of the sight of it and sick of seeing poorly-formatted rubbish from you.

Somehow you pea-brained this into a technical complaint about your hosts file sputum. I mean, how can you misconstrue a statement as simple as this one I posted in response to yet another mindless spewing of massive, mis-formatted Hostfile horseshit with typical APK evangelical fervour:

Oh fuck off, fuck off FUCK OFF ALREADY!!

Nevertheless, APK managed to fuck it up again.

Re:"Run, Forrest: RUN!!!" especially you vs. hosts

You're ruining this topic Sardaukar86. Leave or get on topic. You are clearly a troll and have mental problems and quite clearly act like a mental case with no dignity.

Re:"Run, Forrest: RUN!!!" especially you vs. hosts

For someone that doesn't give a fuck you sure seem to. Go away. I told you that already.

Re:Logon scripts & my app I posted... apk

[Sardaukar86]

P.S.=> Ever heard of a logon script? Migrating custom hosts to 1000's of client rigs on a LAN/WAN is cake because of logon scripts...

... apk

I think people here know about logon scripts, you arrogant little snot. How do you find yourself wondering why your posts are modded down? It should be pretty obvious to even a half-wit such as yourself by now. There are plenty of intelligent people on /. who would run rings around you at a technical level so try to dial back your condescension and self-importance a bit, mmmkay?

Now's probably a great time for one of your whiny APK 'poor me' post by now. Don't forget to put a bunch of links to the handful of worthwhile up-moderations you've managed to accumulate over the eight years you've polluted this forum with your immature man-child behaviour. Why do you bang on about this rubbish so frequently? Perhaps you're just too self-absorbed to understand that most of the world moved away from host file management years ago, and with good reason. I'd hate to be one of your clients with your one-eyed approach to network security.

Now's probably a good time to post your list again, or even better, a list of your most recent failed arguments that you can claim as victories.

WRONG again on THIS too... apk

"Even if your hosts file _is_ OK, you still can't protect yourself from resolving xyz.domain.com entries, because hosts files can't use *.domain.com so you can't stop your PC from resolving rapidly changing subdomains." -

OMG - I already EXPLAINED this part, but here goes again: 1st - Did you note my sources?

They're all reputable, reliable, & QUITE GOOD AT SECURITY! Especially since that IS what they DO!

(Ala malwarebytes hpHosts, Norton/Symantec, & others I noted like ZeusTracker, SpyEye Tracker & more...)

---

SECONDLY:

My application gets its feed from those reputable, reliable EXCELLENT sources, automatically or manually (it doesn't GET better than that)

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

---

My hosts file data for blocking WILL be ok - as that's what those sites do - track online threats, and yes:

EVEN ALGORITHMICALLY GENERATED NAMES THAT YOU USE WILDCARDING FOR IN DNS!

---

Problem being in DNS, since the Kaminsky bug IS UNPATCHED ON MOST DNS SERVERS WORLDWIDE, & 1/2 a decade later? All the wildcarding in the world doesn't matter... especially @ the ISP level!)

Get it?

APK

P.S.=> You also ADMIT that my reverse DNS resolves of my favorites, helps:

"our reverse lookup check doesn't buy you much. It's better than not checking," - by ilikejam (762039) on Wednesday January 30, @04:12PM (#42742349) Homepage

You admit it right there, and? Well, for sure, it's BETTER THAN RELYING ON A WORLD FULL OF UNPATCHED DNS SERVERS VS. THE KAMINSKY BUG when they're SET IN RECURSIVE MODE, for sure...

Which doing hardcodes avoiding DNS simply solves having to depends on potentially compromised DNS servers due to be unpatched vs. the Kaminsky bug, bypasses them completely!

AVOIDING BEING MISDIRECTED BY THEM, PERIOD!... apk

Re:WRONG again on THIS too... apk

[ilikejam]

1) Symantec is the only one of those sources I would even remotely trust, and I'd still be checking every single entry, even with them.
2) You _are_ relying on "ON A WORLD FULL OF UNPATCHED DNS SERVERS", unless you only ever visit the _exact_ hostnames _specifically_ entered in your hosts file, and _only_ if those site _only_ have links and included references (javascript sources, etc) which are _exactly_ listed in your hosts file.

Do me a favour - run wireshark on your PC, filter for port 53. See how often your host with its massive hosts file still relies on DNS. In terms of the problem the Fine Article talks about, you're no more protected than anyone else.

Re: APK demonstrates his mental illness again

[Sardaukar86]

APK, you asked for it, you got it, now you cry.

Poor man-child, wipe away your tears! You received a polite and genuine response from someone, there's no need to roll around on the floor screaming in fury, leaving urine-stains on the carpet.

It's hard to believe you are (by your own admission) something like fifty years old. I can't say I've met anyone over the age of about twenty who'd be as shameless as to behave the way you do, APK, you immature little sniveller.

Have YOU done more, better, & earlier?... apk

"Wow, you're quite the coder there, APK. Some have wondered where exactly all the power goes from the ongoing harvest of Moore's law's rich yield. Others may have speculated but what now seems apparent is that the additional power we gain is squandered away by chumps like APK who think 'program optimisation' means running the software with a faster CPU." - by Sardaukar86 (850333) on Wednesday January 30, @05:34PM (#42743645) Homepage

See subject-line above, & answer that question I ask you, troll, & keep running away from challenges I make to you on hosts files!

(LMAO - this, I gotta see... mainly since I know you, a mere forums troll "ne'er-do-well" & "armchair quarterback" just hasn't & NEVER will!)

* :)

Yes, dealing with YOU especially is very, Very, VERY EASY, since you fail (see below, constantly vs. myself on this very topic) & ESPECIALLY on hosts files' benefits to end users of them in added speed, security, reliability, & even anonymity to an extent!

Very simple to do, via your fails before on that very note (and of your repeated fails vs. myself on hosts)... in fact, let's review those, shall we?

---

This ALL stems from these challenges I made to Sardaukar86 to disprove my points on the benefits of custom hosts files to end users of them (for better speed, security, reliability, & even anonymity):

---

HOSTS FILES #1 of 5 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38415774

HOSTS FILES #2 of 5 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38415816

HOSTS FILES #3 of 5 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38415874

HOSTS FILES #4 of 5 -> http://yro.slashdot.org/comments.pl?sid=2356916&cid=36938204

HOSTS FILES #5 of 5 -> http://slashdot.org/comments.pl?sid=2356916&cid=36938240

(Where "the best you had" was profanity AND ad hominem attacks which are off topic & illogical + effete, but you did not disprove my points on custom hosts files' value to end users of them for a plethora of valuable things)

---

YOUR PRICELESS "ReAcTiOnS"? Let's see those too:

---

Sardaukar86 profanity "FoaMiNg-@-The-MouTh" priceless "ReAcTioN" #1 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38414922

Sardaukar86 profanity "FoaMiNg-@-The-MouTh" priceless "ReAcTioN" #2 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38414888

Sardaukar86 off-topic illogical failed ad hominem attack attempt -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38414906

Yes - I found it HIGHLY AMUSING and yes, you FAILED!

---

* As I said before to YOU already in this thread? Glad you showed up troll!

Just so I can show EVERYONE how effete & ineffectual you are by letting your own FAILS do it for you!

(Fails... as are all the other 'naysayer trolls' here, no questions asked (especially the off topic ones like you)).

So, you can also quit "stalking me" too, Sardaukar86... you only fail vs. myself, every single time shown above.

APK

P.S.=> FACT - Bypassing these 1/2 decade unpatched DNS servers via hosts files hardcodes properly reverse DNS resolved

Re:Have YOU done more, better, & earlier?... a

[Sardaukar86]

No, APK, I don't need to have done better personally to call you out on your stupidity. When is that going to sink into your thick, thick head? One does not need to be a chicken to know a bad egg!

Furthermore, I note you fail to respond to my assertion. You make a bone-headed statement that shows up your myopic world-view, get yourself called on it then respond with irrelevances, lists of junk and childish name-calling. In other words, you say anything to ignore or otherwise cowardly avoid the point.

In your arrogance you then go on to issue nonsense 'challenges' and deem anyone who doesn't want their time wasted with your drivel to have 'run from the challenge'. Real logic at work there, pal.

As it happens, I am a hobby programmer. I enjoy writing and tweaking tight code and I wouldn't trouble myself with your jumble of source given the quality of your disjointed, rambling, barely-coherent posts. Get on to some meds, buddy, you're in orbit.

Why'd I have to suggest it then (it works)?... apk

"I think people here know about logon scripts, you arrogant little snot." - by Sardaukar86 (850333) on Wednesday January 30, @05:11PM (#42743339) Homepage

See subject-line above & so does another suggestion of mine NOBODY "hit on" amongst all you "/. wannabe geniuses" (fact)!

---

"There are plenty of intelligent people on /. who would run rings around you at a technical level so try to dial back your condescension and self-importance a bit, mmmkay?" - by Sardaukar86 (850333) on Wednesday January 30, @05:11PM (#42743339) Homepage

You're NOT one, that's certain... lol, see below!

By the way? WHERE ARE THEY THEN?? WHY DO I HAVE TO MAKE THE SUGGESTIONS FOR THEM???

Especially ones that work, & silenced them? Hmmmm??

(Plus - Not a one has disproved my points on custom hosts files just like you, or that they help vs. this KNOWN DNS ISSUE too!)

"Funny that", eh? Not... lol!

---

By the way - another suggestion of mine that works:

AD admin level priveleges rights to shares another way... by the way:

---

ANSWER THIS QUESTION -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743855

Going to "run, forrest, run" from that too?

* :)

Man, seriously:

Call me ALL THE NAMES YOU WANT, it only shows you're "FruStRateD" into stalking me here... lol!

(Due to your repeated numerous fails vs. myself on this very subject shown as proof thereof in the link above, lol!)

---

LMAO!

This "takes the cake" because I dusted you on it already this week in your earlier stalkings of myself:

"How do you find yourself wondering why your posts are modded down?" - by Sardaukar86 (850333) on Wednesday January 30, @05:11PM (#42743339) Homepage

"EAT YOUR WORDS", flavored with the bitter taste of SELF-DEFEAT, & YOUR FOOT IN YOUR MOUTH!

Got more than 242++:1 of them? No, you do not, but, I do in "upmods"!

When I put that out?

LOL, you RAN from that too -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

Unable to backup your b.s. vs. 100's of your /. peers opinions contrary to your own or better still, disprove them!

Sardaukar86, please, do tell us: (since you said my posts suck but I produced 242++:1 odds vs. your b.s. from your /. peers that outnumbers & contradicts you badly as well as disproving that statement from you before):

HOW DOES EATING YOUR WORDS TASTE?

LMAO!

APK

P.S.=> You? You never "fail to FAIL" vs. myself, & I know it, YOU KNOW IT, + when others read the link above? Well... it's "your funeral" but they will too... apk

LMAO - you FAIL again, "ne'er-do-well" troll...

"No, APK, I don't need to have done better personally" - by Sardaukar86 (850333) on Wednesday January 30, @06:08PM (#42744007) Homepage

LMAO - When I challenge you to it? You do, and you failed -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743855 & YOU brought it on yourself, nobody else!

How? See next - mind you: Others see it too, lol, & eventually?? SO WILL GOOGLE!

Of course, since you also FAILED vs. myself on custom hosts files' benefits to end users of them for added speed, security, reliability, & even anonymity to an extent + more?

Well, you FAILED there too, TONS of times -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095

* QUESTION - what is it LIKE, being so "FruStrAteD" & humiliated by me (you only bring it on yourself by stalking me repeatedly thus mind you) that you stalk me nigh endlessly?

APK

P.S.=> I suppose your "new diet" I read about (lol, that was funny) of "eating your words" flavored with 'the bitter taste of SELF-DEFEAT' does that to a person, eh? After all - you PROVE that much, since you never fail to FAIL vs. myself as shown above... lol!

... apk

Re:LMAO - you FAIL again, "ne'er-do-well" troll...

[Sardaukar86]

LMAO - When I challenge you to it? You do, and you failed

No, APK, I wasn't replying to you about your fucking hosts file rubbish and you know it. You are welcome to clumsily switch my answers around in a childish little pantomime but it just shows you up for the dishonest intellectual weakling you are.
We were talking about code, if you recall. Surely you can't be that ill as to involuntarily conflate the two concepts in that nutty little head of yours?

Why can't you make even a single argument that stands on its own without the need of your typical methods of relying on spam, irrelevant and delusional commentary, public self-preening and screeched insults for support? I can hold my own without any of that, why are you so damn weak?

Ooooh, look, a bird flew overhead, that'll be another 'victory' for APK then. Ah, now a car just beeped its horn, another clear 'victory' for the mighty APK.

Too bad man, you really blew it this time... apk

Not much, did THAT long ago (hence my favorites) - I figured out long ago WHERE I SPEND MY TIME ONLINE & put them in as favorites!

Favorites which also avoid DNS, & this issue in them (point-blank)...

Which is also why I use this news aggregator sites - it consolidates the news for me into 1 spot instead of 100's... get it?

I also don't do many DNS queries partially because long ago again - I figured out where I spend my time online for 99.999 % of it, & from what I've seen per your very test no less (great minds think alike & all that)??

Perhaps 1 in 100 journeys online in fact...

HOWEVER:

When I DO? I use secured filtered DNS servers vs. online exploits that I listed in my initial post too!

On javascript & other potentially exploitable online "things":

Would you like to see what I personally recommended in the VERY 1st WIDELY RECOGNIZED & DONE VERY WELL ONLINE SECURITY GUIDE FOR WINDOWS I AUTHORED, 1st of its kind too since 1997 online-> http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Submit&gbv=1&sei=3KsJUaP6Kqfy0QG3m4HIBg

As to what it says on that?

I block it out!

That's right - & how do I do it?

Via Opera's "By Site" preferences...

E.G.-> I set a GLOBAL policy as default, for ALL DOMAINS in fact, of no cookies, no javascript, no java (I don't use it & don't use it on the job for development anymore thank goodness, I prefer Delphi &/or C++), no frames/iframes, & no plugins active (only on demand when I set an "ok" on certain sites only for that).

Get that too? GOOD... because personally unless you DO do that & other layered security measures online? You're "a hit WAITING TO HAPPEN" for malware makers.

Sorry but... YOU FAIL, again... sorry, but you do!

APK

P.S.=> At least YOU had some potential points, but you nuke yourself in the end & on this very point: Funny, it's also the one that makes you AVOID these 1/2 decade long unpatched DNS serviers too, acting as a fix... lol!

... apk

I'd call it you since you stalk me... lol! apk

This from you -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095

AND this -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42744043

HOWEVER, most importantly this -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

* It's often said that "repeating the same mistakes and expecting different results" is a symptom of insanity, so is LIBELING others, which is ILLEGAL!

(Which you've done shown repeatedly in the link above, showing you DO NOT CONSIDER THE CONSEQUENCES OF YOUR ACTIONS either (especially illegal ones like libel)... again, another definitions of insanity!)

* Those links though, lol, they made my bookmarks/favorites for you, yet again... with many others... why?

You NEVER fail to FAIL vs. myself on any grounds (and you always end up off topic, stalking me, calling me names & more as well as failing on technicals... lol, YOU have issues man, seriously!)

Get over your "StRanGe-AnGst" regarding me, it's obsessive & the above proves it... so does this very thread!

APK

P.S.=> Sardaukar86, when you get your PhD in the psychiatric sciences, a license to practice in them, and most importantly a FORMAL EXAMINATION of my "alleged mental state" given in a licensed professional psychiatric environs? Get back to us... it won't be libel then (why do you think courts of law bring in shrinks to court in matters of insanity pleas? They're the ONLY folks that can do that, & literally have certificates proving they're 'sane')...

... apk

Re:I'd call it you since you stalk me... lol! apk

[Sardaukar86]

Well, of course you'd call me the same thing. It's the meat of your argument: "I know you are, I said you are, but what am I?"
Some big guns you've got there buddy!

It's often said that "repeating the same mistakes and expecting different results" is a symptom of insanity

Definitely. They were thinking of behaviour like yours when they said that.

..so is LIBELING others, which is ILLEGAL!

(Which you've done shown repeatedly in the link above, showing you DO NOT CONSIDER THE CONSEQUENCES OF YOUR ACTIONS either (especially illegal ones like libel)

Oooooh, goody! Is this the bit where you threaten me with lawyers? I especially enjoyed when you got some sand in your vagina, puffed yourself up to the full extent of your pomposity and did just that here. Look at that APK, you behave like enough of a prick for someone to make a page to warn others about people like you!

I especially enjoyed the summary later where, as expected, you wriggled away with your pride in tatters and your tail between your legs:

Thor Schrock said on June 10th, 2008 at 8:56 am
Case and point. No lawsuits, no communications from lawyers, and the eventual 'I wasn’t really going to sue you'.

You later came back with:

That’s right, you keep your mouth shut alright: You have NOTHING to say, & no backup vs. my questions here – some “computer expert” you are Thor lol!

Yeah, APK - you're a real class act.

P.S.=> Sardaukar86, when you get your PhD in the psychiatric sciences, a license to practice in them, and most importantly a FORMAL EXAMINATION of my "alleged mental state" given in a licensed professional psychiatric environs? Get back to us... it won't be libel then (why do you think courts of law bring in shrinks to court in matters of insanity pleas? They're the ONLY folks that can do that, & literally have certificates proving they're 'sane')...

APK, if you were under court order to undergo such an examination and were found to be mentally ill, it is obvious that you wouldn't believe the doctor anyway. You're just too arrogant.

Better than your numerous fails & stalking me

Which for a week's listed here -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42744373 and from before that also!

* YOU HAVE "ISSUES" pal... serious ones!

(Do get over your 'angst' & "StRaNgE" obsession in stalking me, libeling me, & who knows what else is coming outta you!)

LMAO! Above ALL else? YOU bring it on yourself, everytime, see link above everyone, lol, it's HILARIOUS!

APK

P.S.=> I'll give you 1 thing though - you're consistent: IN FAILING vs. me, every single time you post (@ least you make ME look GOOD, thank you)...

... apk

Sardaukar86: Reduced to illogical off topic

Ad hominem attacks... oh the pity of it!

* ROTFLMAO!

They say that repeating the same mistakes over & over expecting different results is a defining quality of insanity... see below on how many times you've done this in your stalking of me, & failing (especially on this topic, hosts, which actually STOPS this DNS issue from hitting users).

APK

P.S.=> You KNOW what you must do to 'redeem' yourself, don't you? Face the music here -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095

The very challenge I put to ALL of my 'naysayers' here to disprove my points with valid critique on the value custom hosts files yield in better speed, security, reliability,& even anonymity to an extent!

(You failed that, many times over time shown in that very link, before this, lol)....

You are consistent, I'll give you that - you never FAIL, to fail, vs. myself... lol!

... apk

Re:Sardaukar86: Reduced to illogical off topic

[Sardaukar86]

Hey, APK, how long to you intend to stay asleep at the keyboard? You've got it into your pointy little head that you need to convince me about your goddamn hosts file. I don't care about your technical drivel, I have no interest in countering it or even reading it completely; you could be completely right or completely wrong and it wouldn't make any difference to me at all. You can claim you 'won' the argument because I won't engage with regard to your hosts crap but I can play that game just as easily, by demanding you read through a local phone book (or something equally irrelevant) first and claim my own 'victory'. It would be just as Phyrric a victory and just as childish as the basis for all your arguments. All you are capable of is regurgitate-and-spit-insults. If there's anything more to you than that I've not seen any evidence.

Any real argument and you're the first to turn tail and flee, you gutless retard.

Re:Sardaukar86: Reduced to illogical off topic

[Sardaukar86]

Ad hominem attacks... oh the pity of it!

It seems to be the only level you are capable of operating at, or perhaps you hypocritically missed that part where most of what you have posted is precisely that. I've noticed that reasoned arguments appear to somehow bounce off your little noggin. Nothing sinks in. It leaves precious little room for much else when people like you, APK, face even the most basic of arguments by sticking your fingers in your ears and shouting "LA LA HOSTS HOSTS LA LA" by way of rebuttal.

You are consistent, I'll give you that - you never FAIL, to fail, vs. myself... lol!

... apk

Yeah, you're one hell of a badass. You're a real Internet toughguy, I know, you say so all the time so it must be true, right?
Did you actually have a basis to your argument after all that?

Seek help

I didn't read your reply. Seek professional help, you really need it.

Re:Have YOU done more, better, & earlier?... a

[Sardaukar86]

It now occurs to me that you didn't understand what I was saying to you in the earlier post, so let me spell it out so there's no confusion:

I don't care what you are coding, be it hosts-related or something to do with the dead poodle in your chest freezer. It's irrelevant to me, because I've seen how you post, how you argue, how you reason and how erratic you are. That's enough to know I have no interest in anything you produce; it is valueless to me.

Please keep detailed records of all the times other people find themselves exasperated at seeing the same tired old shite popping up from you. The same boring crap that gets posted and sometimes repeatedly posted the moment anyone mentions anything which could possibly be construed by an OCD manchild as fair game for squeezing in a mention of his own cure-all hosts file solution.

Hey, you can only blame yourself Sardaukar86

You opened your mouth & inserted your foot -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42744143 as always... you DID bring it on yourself, case-closed!

* Get on topic why don't you? Is it because you CAN'T, especially on THIS topic??

ABSOLUTELY -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095

(In fact, it's OBVIOUS that is what caused your stalking of nyself & is @ the root of your "StRaNgE" obsessive angst & behavior that way! Again - you only did it, to yourself...)

APK

P.S.=> Sardaukar86 - you have issues, serious ones, in your constant stalking of myself & other reprehensible behavior in what you always degrade to - the off-topic illogical ad hominem attack that fails & failing vs. technical points I introduced you & others simply cannot disprove... See above!

... apk

Re:Why'd I have to suggest it then (it works)?...

[Sardaukar86]

You're NOT one, that's certain... lol, see below!
By the way? WHERE ARE THEY THEN?? WHY DO I HAVE TO MAKE THE SUGGESTIONS FOR THEM???

It is another clear example of your egocentricity and arrogance that you feel you have to make the suggestions for them. Grow up, man-child and stop shouting.

Oh and you've got some real clever reasoning going on there, pal. You obviously think that 'because no expert in networking got a post in before me (as I camped out hoping for a first post), there can't possibly be anyone with any networking knowledge on the forum!'
Yup, that's right APK, we were all just sitting out there in our ignorance until APK the Hostfile Hero came along to lay a fat Mr. Whippy information-turd into our collective gaping mouths.

Hoooray! Thanks goodness for our Hostfile Hero! Another 'victory' for APK the Anonymous Assclown!

Get on topic troll... apk

Quit the illogical off topic ad hominem attacks also - you need to do that, instead of being a waste of life & space on this forums!

* :)

---

AGAIN: DO YOU HAVE THE FOLLOWING ITEMS TO YOUR NAME/CREDIT:

---

1.) A PhD in the psychiatric sciences

2.) A license to practice said psychiatric sciences professionally

3.) A formal examination of myself as to my "alleged mental state" (according to you, an AC troll) given in a professional psychiatric environs

---

No, OF COURSE YOU DON'T!

* New NEWS/NewsFlash/Clue" Without them, you're guilty of libeling myself!

That is also showing us you're:

---

A.) NOT considering the consequences of your actions here

&

B.) That you're repeating the same mistake over & over again too!

---

(Both are often said to be signs of insanity!)

SO, Please - if ANYONE's "insane" here, per the above, it is clearly yourself...

APK

P.S.=> Lastly - Quit projecting your own issues onto me, & grow up (or take your meds, lol)...

... apk

Re:Get on topic troll... apk

I didn't read your reply. Seek help. If you were in my community, I'd be calling the authorities to insist you get help.

Re:Get on topic troll... apk

Get out your remedial reading lessons & "hooked on phonics". Your community is obviously the nuthouse since you project that constantly, lol!

It's just fact, disprove it... apk

Did they suggest them to me? No! BOTH in logon scripts & AD level rights + abilities (to access nodes/disks/shares to copy over hosts to any LAN/WAN network node) - show me otherwise.

* IN FACT, on AD material? I was ASKED to 'solve' a downside of logon scripts & did so, easily, as usual (even though that is not a problem, lol!).

APK

P.S.=> Just "face the music" here, & disprove my points on hosts files (which cure this problem with DNS servers no less by not having to access them the way my program allows) -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095

Then again - that very link SHOWS how effete, childish, & reprehensible you are (pot calling the kettle black hypocrite too, with your "fits" of profanity when you failed it numerous times... doubtless - the source of your "StRaNgE" frustration & stalking me all over this forums, lol... yes, you have issues, you caused them for yourself!)

... apk

Re:It's just fact, disprove it... apk

[Sardaukar86]

Did they suggest them to me? No! BOTH in logon scripts & AD level rights + abilities (to access nodes/disks/shares to copy over hosts to any LAN/WAN network node) - show me otherwise.

What is this drivel? What has this even got to do with what I just said? What are you replying to? A question that only you heard perhaps? Re-read my post and try to understand it this time.

There's a reason you get lots of advice to 'seek help', both here and across the various boards on the Internet. How's it feel to a global laughing-stock, man-child? Whenever I see a post from you on the net, little exchange between you and someone else is required before they (and others usually) query you as to whether you're off your meds that day.

What's it like to be a living piece of Internet comedy? What's it like, having to lie to yourself so you won't have to face the truth?

Just "face the music" here, & disprove my points on hosts files (which cure this problem with DNS servers no less by not having to access them the way my program allows) blah blah blah blah

What is this drivel? Are you still convinced you can successfully defend yourself from any attack with your limp-wristed wittering about something nobody really gives a shit about?

lol... yes, you have issues, you caused them for yourself!)

... apk

Oh, I've got issues alright, but they're not too dissimilar from most people's issues. They tend toward the mundane; I have issues over being Here when I need to be There and vice versa, however like most people I mitigate these issues with conventional means. In the case of this example, I drive a vehicle to get from Here to There.

Your issues, however - yes, the ones lots of people mention when you post on Internet forums - are a little deeper-seated than mine, I'm afraid. The fact that your responses to people questioning your mental health is so well-rehearsed tells a story all of its own. Nothing like the overwhelming anecdotal evidence of a thousand strangers observing your behaviour and calling you crazy, huh? Don't worry APK, it's going to be alright, they're wrong and you're right, shhhh, there there, it's going to be alright.

You've tried it & failed it 5x or more... apk

"No, APK, I wasn't replying to you about your fucking hosts file rubbish and you know it. " - by Sardaukar86 (850333) on Wednesday January 30, @08:44PM (#42745721) Homepage

This clearly shows otherwise, & WHY you won't, many times -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095

Where YOU are trapped in yet another lie here, no less! Man, you have NO shame, & are a stalker... no questions asked!

Call me a dishonest weakling, lol... well, "face the music" in that link above then, prove YOU aren't... oh, that's right - you can't, you've tried, & FAILED many times vs. it, lol!

AND, mainly because of your own "ReAcTiOnS" quoted there, lol!

* Really seriously CHILDISH 'hissy fit' ones, tantrums & profanity galore... but as-per-your-FAIL-troll-usual?

No disproving my points on hosts either! You never stay on topic either... ah, you're just an amusement to me, a diversion @ this point - one that makes ME, look GOOD too (thanks, lol).

(LMAO - just like you can't show us you've done a damned thing in the art & science of computing when you gave me shit on a program that CURES the PROBLEM here in DNS issues!)

APK

P.S.=> Seriously? I would *hate* to be a "ne'er-do-well" talker like you I mean, how can you call yourself a MAN, for Pete's sake, after this -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743855

(Since the very START of that shows how & WHY I let you, destroy you... you do such a good job of it, lol!)

You bring it on yourself, every single time when you stalk me all over the place: BOY did I 'do a job' on you... pity you can't handle what you bring on yourself!

... apk

Sardaukar86: Who's fleeing from THIS?

"Any real argument and you're the first to turn tail and flee, you gutless retard." - by Sardaukar86 (850333) on Wednesday January 30, @07:26PM (#42744851) Homepage

See subject-line above: You are, lol ( in fact, I've noticed that it's the 1 post in this thread you avoid like hell, lmao) -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095

GOSH - "why's that"? LOL...

* Keep calling me names, stalking me, acting reprehensibly, & projecting YOUR issues onto me, clearly... lol!

The post above & you running from it? Proves my points & better yet, it takes what you called me & shows YOU ARE, indeed, "projecting"... lmao!

APK

P.S.=> Buddy - get a set of balls, face the music there, & get an intelligent brain (you need it)...

... apk

LMAO - "Pot calling the kettle black", or what??

1st of all, you show you can't face the music -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095

Funny - THAT is the 1 post I note you avoid like hell in this thread - why's that?

(LMAO... anyone can see why in the link!)

As to ad hominem attacks from YOU?

Well... lol, since we're here, I'll point out what YOU 'degrade' to, every single time - WITH YOUR OWN WORDS QUOTED showing your hypocrisy!

"Any real argument and you're the first to turn tail and flee, you gutless retard." - by Sardaukar86 (850333) on Wednesday January 30, @07:26PM (#42744851) Homepage

No name tossing ad hominem attacks there too, right? LMAO... please: Again - Why are you running from this single post next in the link next:

I've noticed that it's the 1 post in this thread you avoid like hell (lmao) -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095

Gee - wonder WHY? Not... lol!

APK

P.S.=> What a hypocrite & pot calling the kettle black - seriously: Either you are the dumbest person I've ever met, who can't even recall what they JUST said only minutes before, or... you DO have serious issues (ones you attempt to "project" onto others... amusing @ least!)

... apk

Thank you VERY much! apk

You doubtless read this -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095 and understand this "troubled person" Sardaukar86's odd behavior only happened because of his replies there, quoted, profanity laden & off topic as usual.

Want more? See his post history... you'll see a LOT more, along the same lines, illogical off topic ad hominem attacks ALL THRU THIS THREAD no less, & hypocritical as hell too... lol, it's unbelievable!

However, there it is... he's literally been STALKING me all week, maybe more, lol! Yes, he has issues, clearly!

APK

P.S.=> Again thank you... apk

Do YOU like "the Rolling Stones" Sardaukar?

" I don't give a fuck about your hosts stuff, I just want you to shut the fuck up about it?" - by Sardaukar86 (850333) on Wednesday January 30, @08:47PM (#42745763) Homepage

Why? It offers a viable working solution to the TOPIC, whereas your trolling doesn't... That's FOR SURE!

* :)

Now, to the subject-line above, in regards to your quoted statement above? A little tune for you, that applies, as to your profane request:

---

"Rolling Stones You can't always get what you want"

http://www.youtube.com/watch?v=PkGrkNu6mDg

---

Especially when you're NOT contributing here, and being a reprehensible off topic illogical ad hominem attack utilizing troll ( that others even TOLD YOU OFF already for, lol, & I THANKED THEM!)

APK

P.S.=>

"What the fuck is this shit supposed to be anyway?" - by Sardaukar86 (850333) on Wednesday January 30, @08:47PM (#42745763) Homepage

Good question: Let's let YOU answer it, shall we? Ok, here goes:

---

Sardaukar86 profanity "FoaMiNg-@-The-MouTh" priceless "ReAcTioN" #1 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38414922

Sardaukar86 profanity "FoaMiNg-@-The-MouTh" priceless "ReAcTioN" #2 -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38414888

Sardaukar86 off-topic illogical failed ad hominem attack attempt -> http://news.slashdot.org/comments.pl?sid=2579684&cid=38414906

I found it HIGHLY AMUSING and yes, you FAILED!

---

Have YOU ever read yourself when you have your profanity riddled ravings always usually off topic & failing?

Please - do, above, lol... they're HILARIOUS!

... apk

Again: THANK YOU VERY MUCH!

http://it.slashdot.org/comments.pl?sid=3417867&cid=42746065

APK

P.S.=> I don't *think* you understand though - Sardaukar86 has issues... serious ones - look at his "foaming at the mouth" profanity riddled replies now & in the original post you doubtless read, lol... amazing!

... apk

Hosts work vs. the DNS issue (hardcodes)

IF you don't like what I write? DON'T READ IT - it's that simple. See subject-line too - fact is all that is!

* Also: Hate to break it to you - I don't take YOUR orders, and I will post as I like, where I like, how much I like...

Especially when it's actually effective on the topic!

Yes, hosts hardcodes properly reverse DNS resolved AVOID DNS SERVERS that are MORE than just potentially infested & redirected by NOT being patched, sadly enough, vs. the Kaminsky bug redirect poisoning exploit!

That's all!

APK

P.S.=> Methinks YOU don't know what being on topic, actually is, lol... you certainly haven't been the entire time here!

...apk

You're blind then troll... apk

Again - I was ASKED to provide an easy way to mass migrate hosts files across many nodes on a LAN/WAN (meaning servers & workstations) - logon scripts can do it, or running batches, or powershell scripts, can also!

APK

P.S.=> Face it - you? You can't HELP but fail, & you said others here are "so bright" well... if they KNEW about logon scripts as you said earlier, why didn't THEY state it? It works... also on the AD stuff, again - I was ASKED literally to "solve a problem" with logon script usage, I did via that measure as well (basic networking stuff)

Anyone can read a few posts above & see what I mean -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42731531

Funny, (not) you can't!... apk

Re:You're blind then troll... apk

[Sardaukar86]

Not blind, quite observant actually.

You were not asked a question - you simply unloaded your bowels all over this thread before anyone had a chance to get a word in. You're doing the world a real favour there, jackass.

Or, perhaps you were referring to this, a comment from someone who values your contribution about as much as I do:

Yes, fine for a few machines... but how about 5000? You really want to make 5000 hosts file entries every time you want to lock down a domain name? idk, running your own DNS server, and locking that down, sounds shittons easier.

Let me clue you in: this is a literary technique known as rhetoric. You demonstrate your conceit, pathetic over-eagerness and power the mammoth chip on your shoulder has over you when you respond.

Oh, and can I assume you're going to ignore the -1 mod you got on your 'solution', posted above? You can't very well include it, can you, because this wouldn't help your argument.

APK: always ready to overlook the truth in your campaign to claim everything as a 'victory'.

Did you see the topic of this article?

"Umm, I didn't. I said quite specifically that your security is likely worse than just using DNS." - by ilikejam (762039) on Wednesday January 30, @09:48PM (#42746277) Homepage

Worse than unpatched DNS servers the world over vs. Kaminsky bug? Which is the MAJORITY of them, 5++ yrs. later per this article??

Come on man...

Fact - Hardcoded hosts file favorites, properly reverse DNS resolved vs. the ACTUAL STORAGE CENTRAL POINT FOR THEM (in arpa addr) avoids those more than potentially dns poisoned redirecting DNS servers & getting 'hosed' by their bogus results IF redirected... you know it, I know it, anyone with 1/2 a brain does too!

APK

P.S.=> You also DID say this, quoted verbatim:

"our reverse lookup check doesn't buy you much. It's better than not checking," - by ilikejam (762039) on Wednesday January 30, @04:12PM (#42742349) Homepage

Ahem/again: Well - It does "buy me" avoiding these unpatched DNS servers subject to the Kaminsky bug exploit since they are unpatched & have REMAINED SO, for over 5++ yrs. now... no questions asked!

... apk

Re:Did you see the topic of this article?

[ilikejam]

"ACTUAL STORAGE CENTRAL POINT FOR THEM"
Again, there is _no_ central storage for in-addr.arpa. The reverse records are delegated just like the A records are. Do you honestly think the root servers hold every single PTR record on the public internet?

You know, for someone who makes a lot of noise about hosts files and DNS, I'd expect you to at least understand how DNS works.

Re:Did you see the topic of this article?

It's its own TLD - which I DID note (a specialized one in fact, Address Routing Parameter Area ), I guess I didn't phrase it so YOU could understand it & tried to use more "mundane" terms is all.

APK

P.S.=> THIS "takes the cake" though:

"You know, for someone who makes a lot of noise about hosts files and DNS, I'd expect you to at least understand how DNS works." - by ilikejam (762039) on Thursday January 31, @08:32AM (#42749827) Homepage

Ok, bigshot - what have YOU ever done in the art & science of computing that was noted in respected publications, highly esteemed trade shows in computing, commercial software code to YOUR name & credit, & more?

(I've done all of the above MULTIPLE TIMES, & since you "shot your big mouth off", now, let's see how much you can show for it...)

I'd almost wager you have done ZERO, but, we'll see!

... apk

Re:Did you see the topic of this article?

[ilikejam]

You read the wikipedia page! Good for you!

Yes, it is it's own TLD. It's also delegated out from the root nameservers, so there's still no central storage point and you're still vulnerable if you're relying on reverse lookups.

Ad hominem attacks are illogical

"Oh, what a surprise, someone mentioned the hosts file and look.. not half a day later and a fat, mindless maggot called APK pops up like an ugly little prairie dog. I reject your invitation as I prefer to make a counter-offer: *I* invite *YOU* to die slowly in a fire. P.S. => Please tell me you haven't spawned." - by Sardaukar86 (850333) on Sunday July 31 2011, @01:50AM (#36937434) Homepage FROM -> http://slashdot.org/comments.pl?sid=2356916&cid=36937434

See subject-line - YOU complain of "straw man" after the above quote?

"Just gorgeous, a purer example of Straw Man in the wild than this would be a rare treat indeed." - by Sardaukar86 (850333) on Wednesday January 30, @08:45PM (#42745733) Homepage

You're so full of it, as usual, it's not funny - pot calling the kettle black hypocrite & all!

APK

P.S.=> You have issues, serious issues...

... apk

243++:1 odds are against you... apk

"My overall point about you stands: on balance, you are not a worthwhile contributor to Slashdot." - by Sardaukar86 (850333) on Wednesday January 30, @08:47PM (#42745763) Homepage

Your off-topic illogical ad hominem attacks are? See subject-line & these upward modded posts of mine from your /. peers' counter-opinions:

---

Roughly 243++ of them & I post as AC (hard to get even +1, as /. hides our posts & we "AC"'s start @ ZERO/0 points, unlike registered "lusers", lol!):

+5 'modded up' posts by "yours truly" (8):

HOSTS & BGP:2010 -> http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450
FIREFOX IN DANGER: 2011 -> http://news.slashdot.org/comments.pl?sid=2559120&cid=38268580
TESLA:2010 -> http://science.slashdot.org/comments.pl?sid=1872982&cid=34264190
TESLA:2010 -> http://tech.slashdot.org/comments.pl?sid=1806946&cid=33777976
NVIDIA 2d:2006 -> http://hardware.slashdot.org/comments.pl?sid=175774&cid=14610147
Ubuntu Linux sends back local disk query strings to CANONICAL: 2012 -> http://news.slashdot.org/comments.pl?sid=3304601&cid=42234351
Question to Mr. Mark Shuttleworth @ UBUNTU/CANONICAL: 2012 -> http://news.slashdot.org/comments.pl?sid=3304725&cid=42243467
COMPUTER ASSOCIATES BUSTED FOR ACCOUNTING FRAUD:2010 -> http://news.slashdot.org/comments.pl?sid=1884922&cid=34350102

----

+4 'modded up' posts by "yours truly" (5):

APK SECURITY GUIDE:2005 -> http://developers.slashdot.org/comments.pl?sid=167071&cid=13931198
INFO. SYSTEMS WORK:2005 -> http://slashdot.org/comments.pl?sid=161862&cid=13531817
WINDOWS @ NASDAQ 7++ YRS. NOW:2009 -> http://tech.slashdot.org/comments.pl?sid=1290967&cid=28571315
CARMACK'S ARMADILLO AEROSPACE:2005 -> http://science.slashdot.org/comments.pl?sid=158310&cid=13263898
What I admire about Theo DeRaadt of BSD fame: 2012 -> http://linux.slashdot.org/comments.pl?sid=3007641&cid=40785151

----

+3 'modded up' posts by "yours truly" (8):

APK MICROSOFT INTERVIEW:2005 -> http://developers.slashdot.org/comments.pl?sid=155172&cid=13007974
Linux security failures 2011-2012: 2012 -> http://it.slashdot.org/comments.pl?sid=3319303&cid=42306663
APK MS SYMBOLIC DIRECTORY LINKS:2005 -> http://it.slashdot.org/comments.pl?sid=166850&cid=13914137
APK FOOLS IE7 INSTALL IN BETA HOW TO:2006 -> http://slashdot.org/comments.pl?sid=175857&cid=14615222
PROOFS ON OPERA SPEED & SECURITY:2007 ->

Re:How custom hosts files help vs. DNS flaws... ap

Your post history shows you're projecting since you stalk him endlessly and obsessively.

Re:You've tried it & failed it 5x or more... a

[Sardaukar86]

You're too self-obsessed to understand. You ignorantly conflate my contempt for you with a criticism of the technical validity of your hostfile gibberish. So, in effect, you are setting up a straw man argument that has nothing to do with what I am attacking you for, just so you can knock it down triumphantly and claim another 'victory' for APK the Dean of Delusion.

BOY did I 'do a job' on you... pity you can't handle what you bring on yourself!

Can you show me even one example where you actually engaged my argument enough to 'do a job' on me? You haven't addressed any of my points, you've just barfed hostfile crap and a bunch of links to the wrong comments (I'd proof your links before posting if I were you - all your links go to your own wafflings). You like to claim this stuff but you still fail to understand over and over that you are simply cowering behind your hostfile screeds to yap at me like a small dog when the argument is something completely different.

You're reactionary and dull-witted, lifting up your 'Hostfile manifesto' placard as a universal argument in an attempt to silence your critics, regardless of the nature of their criticism. You fail on so many levels it's quite extraordinary.

Case in point:

No disproving my points on hosts either! You never stay on topic either... ah, you're just an amusement to me, a diversion @ this point - one that makes ME, look GOOD too (thanks, lol).

No, APK, I've said numerous times that I don't take issue with the technical details of your hostfile postings, because I don't read them.

Why are you so incapable of simple reasoning? Why do you consistently attempt to re-frame the argument into something it is not? When are you going to get it that your hostfile stuff isn't the problem, YOU are?

Go crawl back into your hole, troll... apk

I'll post what I want, where I want, & how ever much I want - got that? Good.

* Get over yourself - you don't give ME, orders... & you're certainly not qualified on anything else (hence your psycho off topic stalkings of myself).

APK

P.S.=> Now, do us all a big favor: Crawl back into the hole you came from, alright? LOL... apk

Re:Go crawl back into your hole, troll... apk

[Sardaukar86]

If what you say is true, why are there no examples of people jumping up to your defence during our discussion?

Why haven't other people told me off for giving you a hard time?

It is because people know you are a jerk.

I also know this, per this article, lol... apk

" I'd expect you to at least understand how DNS works." - by ilikejam (762039) on Thursday January 31, @08:32AM (#42749827) Homepage

DNS doesn't work TOO well, & is vulnerable + faulty as hell...

How's that?

In fact, here's a NICE list of that to top this article off:

A DNS FLAWS LIST OVER TIME FOR REFERENCE (only partial):

---

DNS flaw reanimates slain evil sites as ghost domains:

http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/

---

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack, because the 1st thing your system refers to, by default, IS your HOSTS file (over say, DNS server usage). There are decent DNS servers though, such as OpenDNS, ScrubIT, or even NORTON DNS (more on each specifically below), & because I cannot "cache the entire internet" in a HOSTS file? I opt to use those, because I have to (& OpenDNS has been noted to "fix immediately", per the Kaminsky flaw, in fact... just as a sort of reference to how WELL they are maintained really!)

---

DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit:

https://threatpost.com/en_us/blogs/dns-hijacks-now-being-used-serve-black-hole-exploit-kit-121211

---

DNS experts admit some of the underlying foundations of the DNS protocol are inherently weak:

http://it.slashdot.org/story/11/12/08/1353203/opendns-releases-dns-encryption-tool

---

Potential 0-Day Vulnerability For BIND 9:

http://it.slashdot.org/story/11/11/17/1429259/potential-0-day-vulnerability-for-bind-9

---

Five DNS Threats You Should Protect Against:

http://www.securityweek.com/five-dns-threats-you-should-protect-against

---

DNS provider decked by DDoS dastards:

http://www.theregister.co

Re:I also know this, per this article, lol... apk

[ilikejam]

None of that shows that you know anything about DNS. You're ranting into the abyss.

What have I done? Like you, noting of note. If we're waving our dicks about, though, I have a BSc in Computing Science, an RHCSA and an SCSA. I administer Unix, DNS and LDAP for a FTSE100 company.

And yet, here I am on Slashdot arguing with APK for some reason.

APK fails again

[Sardaukar86]

I'll post what I want, where I want, & how ever much I want - got that? Good.

* Get over yourself

Oh, I'm quite content with myself, thank you for asking. I believe it is you who is suffering personality issues and delusions of grandeur, not myself, as I'm not the one who gets asked to take his meds by other people on a regular basis (your feeble attempts at this notwithstanding)

- you don't give ME, orders... & you're certainly not qualified on anything else (hence your psycho off topic stalkings of myself).

APK

I love your confidence in stating obvious nonsense.. unless, of course, you are fully privy to my educational and industry qualifications somehow? No? Thought not. Another APK logic fail. You're not really very good at this, are you?

P.S.=> Now, do us all a big favor: Crawl back into the hole you came from, alright? LOL... apk

No, APK. That would do only you a favour. I don't do favours for retards.

Please continue to call me a troll though, when the evidence is there for all to see: I am simply responding to your cry-baby "why does everyone mod poor old APK down?" post and have used your mindless spewing of hostfile crap on other threads as an example to help you understand your own idiocy a little better. So don't call me a troll when you have brought this upon yourself, man-child.

Evidence 242++:1 as the ratio against you... apk

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

Where you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42698875

In response in the link above, I replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

* Easily utterly dusting you by letting you dust yourself, lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

APK

P.S.=> And, there you go - rotlflmao!

... apk

You wanted evidence? You got it (you provided it)

http://it.slashdot.org/comments.pl?sid=3417867&cid=42756181

* :)

LMAO!

APK

P.S.=> You did that to yourself too, troll, lol - tell us: How does it taste, eating your words, flavored with the 'bitter taste of SELF-DEFEAT' & spiced with your FOOT IN YOUR MOUTH? lol... apk

He asked for evidence & he got it to his disma

Nobody defends you & 100's of upmods did me -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42756181

* :)

That was hilarious - answer this question:

How do your words taste, since you HAD to "eat them" flavored with 'the bitter taste of SELF-DEFEAT' & YOUR FOOT IN YOUR MOUTH?

APK

P.S.=> This is too easy... you made it so, for me!

... apk

Re:Evidence 242++:1 as the ratio against you... ap

[Sardaukar86]

You're just too stupid to understand that your list is meaningless. Simply observe the general reaction of /. posters to your drivel and you'll see what I mean. Well, maybe not, on second thought. Perhaps if you weren't suffering a superiority complex that prevents you from interacting with reality, but before then, probably not.

I'll repeat: you are too stupid to understand that your list is meaningless without a corresponding list of your down-mods. Understand? No, I didn't think so. It's very hard to get a person to understand a thing when the basis for his argument is dependent upon not understanding a thing.

Easily utterly dusting you by letting you dust yourself, lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

Very colourful, keep dreaming. You are obviously deranged if you think you can 'dust' me by failing to respond to my points. No, spewing nonsense lists that have long since been debunked doesn't help your case. Only an ignorant child would claim victory in this circumstance.

After YOUR words? It was PERFECT, lol... apk

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself...

APK

P.S.=> And, there you go - rotlflmao!

... apk

APK further demonstrates his lack of understanding

[Sardaukar86]

The fact that you think this is 'evidence' to prove your point simply confirms mine: you have no argument and a list of up-mods (over an eight year period for goodness sake, how pathetic can you be) is all you have by way of support for your case. Your list provides evidence that most of what you say is barely worth reading, especially as fully two thirds only received a +1.

Yet, you still think this is a 'win' for you. How them critical thinking skills, APK?

Now, it would be relatively easy to discredit you further if I had the time to gather up every example of your repeated down-modding. I'm sure you would agree my list would be much larger than yours.

However my argument is that such a list is quite unnecessary for most thinking people. You are a pariah here on Slashdot and everybody knows it; no amount of list-spewing from anyone will change that.

Sardaukar86 demonstrates "eating his words" lol

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself...

APK

P.S.=> And, there you go - rotlflmao!

... apk

Re:He asked for evidence & he got it to his di

[Sardaukar86]

No, APK, the point was nobody defends YOU, or did that terribly complex distinction sail over your head as well?

How do your words taste, since you HAD to "eat them" flavored with 'the bitter taste of SELF-DEFEAT' & YOUR FOOT IN YOUR MOUTH?

A very colourful fantasy, for sure. I'm pretty sure you're the only one who agrees with you.
I'm curious; where are all your AC 'friends' who always seem to be around to write in your style and back you up when you're feeling cornered? Such childishness, APK, fits neatly onto your own definition of 'reprehensible behaviour' you frequently accuse me of.

I don't need TV comedy, I've got APK to keep me chuckling! :-)

APK claims 'victory', fails to understand AGAIN

[Sardaukar86]

You can keep posting your silly list as much as you like, it proves nothing except that over the course of eight years, even a stopped clock like yourself can be right twice a day. Your list does you more harm than good, so keep posting it!

Claim another hollow victory, man-child.

Every time you post that shit you prove to everyone that you just don't have a clue and can't make a reasoned argument.

242++:1 odds against you - eat your words

You do an AWFUL job of defending yourself, lol, as shown here:

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Re:242++:1 odds against you - eat your words

[Sardaukar86]

Am I correct in my understanding that you are seriously suggesting your coveted 244 up-moderations are evidence for the quality of your postings?

If so, am I also correct in my understanding that you do not believe your myriad down-moderations over the same period count against you in the same way as the up-moderations count for you?

If this really is the case, perhaps you can further explain the methodology you employed to reach this conclusion?

Sardaukar claims his defeat, eating his words

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

APK's life is just one 'victory' after another!

[Sardaukar86]

In other news, the Pope delivered an afternoon sermon, prompting APK to claim 'victory'.

Later on, APK crapped his pants and claimed a 'crushing defeat' for all his enemies.

That evening, in bed, APK cracked a fart and found himself immediately rushing to his computer to claim another 'victory' for APK and his list of upmods.

In the morning, the birds began singing. You guessed it - this is a sure sign that APK's detractors just 'ate their words' and suffered the 'bitter taste of self-defeat', resulting in another clear 'victory' for APK and his powers of reasoning.

Re:APK's life is just one 'victory' after another!

from what I read above from you, yours is 1 failure after another http://it.slashdot.org/comments.pl?sid=3417867&cid=42744007

Re:You've tried it & failed it 5x or more... a

[Sardaukar86]

This clearly shows otherwise, & WHY you won't, many times -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42743095 [slashdot.org]

No, it doesn't. It simply shows you attempting to defend yourself with more lists. You just don't seem to get that I don't care about your hosts rubbish. My beef is with you and your inflated self-opinion that results in you attempting to 'educate' everyone about your little pet subject at every opportunity even when you've already posted it hundreds of times.

You are a profoundly arrogant man.

You were incorrect in stating what you did here

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

"If this really is the case, perhaps you can further explain the methodology you employed to reach this conclusion?" - by Sardaukar86 (850333) on Thursday January 31, @06:35PM (#42756753) Homepage

OH, just basic mathematics, lol... & using your BIG mouth against you, where you SET YOURSELF UP LIKE A BOWLING PIN!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

No, it shows you EATING YOUR WORDS, lol

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Re:No, it shows you EATING YOUR WORDS, lol

[Sardaukar86]

It's very telling of your cognitive and reasoning abilities that you think your list provides evidence to the contrary.

It's a pity you can't seem to understand simple concepts. Despite your vanity list (66% of which are lame +1 posts), it is clear to all that you are modded down with much greater frequency than you are modded up. I'm sorry that you don't get that.

If through some miracle you finally managed to understand this, you'd also understand that posting your list (again) doesn't magically prove your point for you.

Not exactly holding my breath waiting for your 'Aha!' moment.

Sardaukar86: How does eating your words taste?

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

APK's responds: "I know you are I said you are.."

[Sardaukar86]

Please elucidate.

What you have is a bunch of twaddle and a long-running claim of my 'failure' and your 'victory'. You don't seem to be able to address my actual arguments nor have you made any compelling points. No, posting an unbalanced and unscientific list in support of your claim is not considered a 'compelling point' by most people.

Post another list, claim another 'victory', goto 10. This is your method of debate, visible nearly every time you end up in an argument. Weak, APK, really really weak.

Sardaukar86: Eating your words != a good diet

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Sardaukar86 eatin yer words != good nutrition

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Let's have some more angry, bold, upper-case text!

[Sardaukar86]

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

Statistics: you fail it.

Who's blind, APK?

[Sardaukar86]

you said others here are "so bright" well... if they KNEW about logon scripts as you said earlier, why didn't THEY state it?

I'm feeling charitable, I'll help: probably because you are a bore and most people skip over your comments.
Contrary to your pompous, arrogant opinion on the matter, this is not evidence that you are the only knowledgeable person here. Your simplistic reasoning skills have left you high and dry again. I don't suffer from your flavour of mental illness, which is a shame really because I could then maintain a list of your down-moderation incidents throughout your posting history and post them to you in long lists as answer to any question you posed me.

However, I fully expect you to consider this as cast-iron evidence for your own high level of popularity on this board. You are deluding yourself; your defence is toilet tissue.

Even if every Slashdotter posted in unison to this effect you still wouldn't believe them. In fact, I could very easily see you trying to counter by sending your lists of 'evidence' to each an every one of them; you're just that nutty.

APK has difficulties with the truth, read on;

[Sardaukar86]

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

No, you missed it again APK. I'd like to counter your last tirade by taking a moment to explore your 'logic'.
Let's make up a little scenario: say you have infinite time and over the course of a number of years, you make three hundred thousand /. posts. Let's also assume, for the sake of the example, that nearly every one of these posts earns itself a -1 down-modding by members of the community.

I put it to you that your only counter is to post your list of 244 up-mods in a disingenuous attempt to frame this as the full story. ("No, see, 244 people modded me up, so you are wrong")

It is not the full story, APK, and I believe you know it is not, for these reasons:

• 1. 244 people did not mod you up. Your list shows up-moderation instances, not unique moderators. You are wilfully distorting the truth by omitting this information.
• 2. Claiming "No, see, 244 people modded me up, so you are wrong" is also disingenuous, because you are failing to account for the other 299,756 posts that were down-modded. You are therefore passing yourself off as something you are not, every time you pull out that list. Once again you are wilfully distorting the truth by omitting this information.
• 3. You fail to respond to arguments that seek to address these discrepancies. Your only counter is to scream obscenities in bold, caps and WaReZ (it's been a while since I saw that in the wild) and post your list again. You are wilfully avoiding the matter because you know you are telling lies.

• I don't imagine you see how this applies to your current behaviour, however I can assure you that it most certainly does. Your list proves nothing other than APK is a liar, because the entire list is a lie by omission intended to distort the truth and paint a false picture of the value of your contributions. You are a liar and a fake and a very sore loser. You lost when you first trotted that list out and you've done nothing but squirm and wriggle to avoid facing it in every post to me since.

  Childish claims of 'dusting me' etc. are just a smokescreen to avoid answering the question.

Re:APK has difficulties with the truth, read on;

[Sardaukar86]

Hey look APK! I missed closing the (ul) tag in my last post!

Guess that means you win the argument, huh?

APK needs much repetition before he learns

[Sardaukar86]

You just proved the point of my other post:

Your only counter is to post your list of 244 up-mods in a disingenuous attempt to frame this as the full story. ("No, see, 244 people modded me up, so you are wrong")

It is not the full story, APK, and I believe you know it is not, for these reasons:

1. 244 people did not mod you up. Your list shows up-moderation instances, not unique moderators. You are wilfully distorting the truth by omitting this information.

2. Claiming "No, see, 244 people modded me up, so you are wrong" is also disingenuous, because you are failing to account for the vast majority of your posts that were down-modded. You are therefore passing yourself off as something you are not, every time you pull out that list. Once again you are wilfully distorting the truth by omitting this information.

3. You fail to respond to arguments that seek to address these discrepancies. Your only counter is to scream obscenities in bold, caps and WaReZ (it's been a while since I saw that in the wild) and post your list again. You are wilfully avoiding the matter because you know you are telling lies.

How can nobody care about my hostfile wank? ..apk

[Sardaukar86]

If your contributions are so valuable, why is this most informative post of yours still modded as Troll?

Why hasn't it managed to do anything more than languish at the bottom? Maybe the bottom is where it belongs?

Poor APK, I'm sure the gang here at /. just has you all wrong.

Re:How custom hosts files help vs. DNS flaws... ap

[Sardaukar86]

Your post history shows you're projecting since you stalk him endlessly and obsessively.

Your madness shows itself by forcing you to pretend to be someone unrelated, solely to post remarks in support of your own non-argument, APK.

BTW if you weren't so self-deluded you wouldn't need to tell lies about me 'stalking endlessly and obsessively'; I have responded to precisely one question you asked in a public forum and I have referred you to one or two places to illuminate to you that a) I understand your strategy and it stinks of fail and b) you are demonstrating my point for me as your other poorly-received postings get the down-moderation they deserve.

If you are going to post pathetic, whinging, immature rants phrased as questions against your perceived ill-treatment, do expect to get called on it and don't cry like a little bitch when it happens.

Re:How custom hosts files help vs. DNS flaws... ap

[Sardaukar86]

Oh, I almost forgot to call you out on posting AC in a shallow pretence of support for your post. Again.

Grow up, you pathetic old fool.

Sardaukar86 never learns & repeats his mistake

You prove you like to eat your words flavored with the bitter taste of SELF-DEFEAT & YOUR FOOT IN YOUR MOUTH (there's no obscenities from me here, but your replies are full of them, hypocrite - anyone can see that in your post history too, but per my subject-line - see below):

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk/b

Sardaukar86's "telling" us he likes to...

EAT HIS WORDS, flavored with the bitter taste of SELF-DEFEAT & HIS FOOT IN HIS MOUTH:

You prove you like to eat your words flavored with the bitter taste of SELF-DEFEAT & YOUR FOOT IN YOUR MOUTH:

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Re:Sardaukar86's "telling" us he likes to...

[Sardaukar86]

What was all that about?

Ah, of course, more smokescreen to prevent you from actually tackling the points I make, idiot.

Statistics show you "eating your words"

It's not good nutrition (lol) & you do like "eating your words" flavored with 'the bitter taste of SELF-DEFEAT' & YOUR FOOT IN YOUR MOUTH:

You prove you like to eat your words flavored with the bitter taste of SELF-DEFEAT & YOUR FOOT IN YOUR MOUTH:

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk/b

Re:Statistics show you "eating your words"

[Sardaukar86]

Post your same non-arguments again - you're a retarded robot with the personality and reasoning skills of an escapee mental patient.

Re:Statistics show you "eating your words"

[gmhowell]

Post your same non-arguments again - you're a retarded robot with the personality and reasoning skills of an escapee mental patient.

There ya go. I was wondering when you would come around to the conclusion that APK is an eliza-bot. A poorly (or brilliantly) coded one at that.

Re:Statistics show you "eating your words"

[Sardaukar86]

There ya go. I was wondering when you would come around to the conclusion that APK is an eliza-bot. A poorly (or brilliantly) coded one at that.

Yeah, I'm a bit slow on the uptake. I've wondered at my own continuation of the debate with him (it?) and can only conclude it must be some sort of grim fascination on my part. He's something all right.

Re:Statistics show you "eating your words"

[gmhowell]

I can't fault you. It can be entertaining to engage with it. The biggest problem is when it gets broken and starts replying to EVERY post you make.

Re:Statistics show you "eating your words"

read em and weep while you eat your words http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

Re:Statistics show you "eating your words"

[Sardaukar86]

Oh Jebus, I think I must have enraged it. Sorry you got caught in the crossfire. :-(

Re:Statistics show you "eating your words"

How'd yer words taste since ya hadda eat 'em Sardaukar86 http://it.slashdot.org/comments.pl?sid=3417867&cid=42756893 ?

Re:Statistics show you "eating your words"

How'd yer words taste since ya hadda eat 'em Sardaukar86 http://it.slashdot.org/comments.pl?sid=3417867&cid=42756893 ?

Wishful thinking doesn't make a thing true, APK, it merely shows you up as a childish weirdo who should have grown out of that sort of behaviour many years ago.

PS, love this post here, where you take on the full haughtiness of a professor with your "I'm right and you're wrong nyah nyah" argument that you're so fond of: http://it.slashdot.org/comments.pl?sid=1743902&cid=33149194. Nice job of pointing out just what a childish little cunt you really are.

Re:Statistics show you "eating your words"

Eat apk's dust "Superman" http://www.youtube.com/watch?v=gzdoa5ToWYU lol then, Think of him waving at you the same way per that video, lol, then try to disprove apk's points backed by reputable sources' facts on hosts files over adblock, ghostery, & dns http://it.slashdot.org/comments.pl?sid=3445509&cid=42831729 then. You always run from completely fair challenges in "run, forrest: RUN!" style fashion, and when you don't? Well, How'd yer words taste when ya hadda eat 'em Sardaukar86 http://it.slashdot.org/comments.pl?sid=3417867&cid=42756893 on that very same sentiment from you only to have yourself outnumbered nearly 250 to 1? ROTFLMAO!

Re:Statistics show you "eating your words"

[gmhowell]

Oh Jebus, I think I must have enraged it. Sorry you got caught in the crossfire. :-(

Nah, I step in its line of fire every once in a while when I get bored.

Sardaukar86 has difficulties "eating his words"

Flavored with 'the bitter taste of SELF-DEFEAT' & HIS FOOT IN HIS MOUTH:

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Re:Sardaukar86 has difficulties "eating his words"

[Sardaukar86]

Posting your list again proves my point, not yours my mentally-incompetent friend.

We can all be observant too, lol... apk

As we observe Sadaukar86 "eating his words" flavored with 'the bitter taste of SELF-DEFEAT' & HIS FOOT IN HIS MOUTH:

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Re:We can all be observant too, lol... apk

[Sardaukar86]

If this repetitive shit is the best you can do, you've proven yourself too stupid to engage in a rational discussion.

Ya don't eat meat - ya "eat yer words" lol

Sardaukar86 proves he likes to eat your his words flavored with the bitter taste of SELF-DEFEAT & his FOOT IN HIS MOUTH:

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Sardaukar86 shows us he "eats his words"

Flavored w/ 'the bitter taste of SELF-DEFEAT' & his FOOT IN HIS MOUTH:

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Sardaukar86 called out on "eating his words"

Flavored w/ 'the bitter taste of SELF-DEFEAT' & his FOOT IN HIS MOUTH:

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

I know this much from this article

DNS = flawed. So does anyone reading this -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42756021 , lol... since it's chock full of documented proofs of my statement thereof now, above & BEYOND the scope of this article's flaw (very bad, especially @ the ISP level worldwide):

* Thus, I know plenty about it and HOW TO AVOID IT successfully!

(I also know that I am using a technique that successfully avoids THIS particular DNS flaw, & others, simply by using hosts file hardcoded favorite entries TO AVOID DNS AS MUCH AS POSSIBLE since it is worldwide VULNERABLE to the Kaminsky flaw, and 1/2 a decade later MOST DNS SERVERS ARE STILL UNPATCHED vs. it...

APK

P.S.=> You FAIL, period... apk

DNSSEC & Root 13 DNS servers... apk

"Yes, it is it's own TLD. It's also delegated out from the root nameservers," - by ilikejam (762039) on Thursday January 31, @09:17PM (#42757807) Homepage

See subject-line above, & NOT if they weren't redirect poisoned @ the time of my check of my hosts file hardcoded favorites via reverse DNS testings I do, & what I use IS SECURED better than the worldwide mess of ISP & business DNS servers that are NOT!

Unbelievable really - 1/2 a decade, & the bulk of DNS servers worldwide are NOT patched vs. the Kaminsky flaw, AND, do not use DNSSEC either!

PERIOD!

* :)

"so there's still no central storage point and you're still vulnerable if you're relying on reverse lookups." - by ilikejam (762039) on Thursday January 31, @09:17PM (#42757807) Homepage

See above, and the link below, & you FAIL, yet again, lol... the root 13 DNSSEC SECURED dns servers ARE the 'central storage' area along with the in arpa addr special 'tld', for them...

(Get it? Good... )

* Now, see link below, & "eat your words", boy, because @ least THEY are secured better!

I am correct on that much, & yes - I REFER TO THEM & THE SPECIAL TLD in arpa addr also, & again:

They're secured BETTER than worldwide numbers of UNPATCHED dns servers (especially @ the ISP level, very bad that) vs. the Kaminsky flaw FOR 1/2 a DECADE, no less!

APK

P.S.=> Since the "root 13" DNS servers ARE @ LEAST dnssec SECURED, & others aren't -> http://www.root-dnssec.org/ ... apk

Re:DNSSEC & Root 13 DNS servers... apk

[ilikejam]

I'm at a loss here. You think when you do a reverse lookup you're only hitting the DNSSEC secured root servers? You really, genuinely don't understand how DNS works.

Well, it's been weird. I'm out. I hope your hosts file providers are never compromised, and your reverse lookups always return valid hostnames. Good luck. You'll need it.

Sardaukar86 didn't miss "eating his words"

LMAO -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42756905

* You NEVER "fail to FAIL", do you? LOL, @ least you're consistent in that, AND @ the same time, make ME look GOOD too... bonus! :)

APK

P.S.=> Yes, I agree - I won that one, because you blundered by shooting your mouth off & I had 100's of counter-opinions from your /. peers in their good opinions of my posts here that DO contribute well on /., per their upward mods of my posts by the hundreds, vs. your "trolling so-called 'opinion'"... your "reactions" show us that much, clearly... lol, thank-you!

... apk

Re:Sardaukar86 never learns & repeats his mist

[Sardaukar86]

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

No, you didn't. Your 'evidence' proves nothing, retard, that's the whole point that you're wilfully missing.

Re:"Eating your words" makes ya feel charitable?

[Sardaukar86]

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Why are you having so much trouble with this simple concept, APK? You're not even bothering to comprehend the argument I just made, you are only capable of kindergarten-level squealing without a shred of rational thought.

So, counter my point: you have far more down-mods than you do up-mods. Thus, your list proves only your insanity, not your popularity.

You're at another loss (2 of them)... apk

I know 1 other thing you can't deny: I avoid unpatched DNS servers WORLDWIDE vs. the Kaminsky flaw, totally - thus, I avoid being redirected by DNS poisoned DNS servers!

FACT!

In response to what you wrote though: No, I hit the in arpa addr TLD as I stated initially which works with what ICANN & VERISIGN worked out for the root 13 DNS servers (which YOU pointed out).

APK

P.S.=> Lastly - I also note you avoid the question I asked here bigshot (attempting to 'condescend' to me in almost all of your posts) -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755813

A repetitive FAIL = best you can do... apk

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Why're ya having trouble "eating your words"?

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

Here too:

"So, counter my point: you have far more down-mods than you do up-mods." - by Sardaukar86 (850333) on Friday February 01, @05:40PM (#42766349) Homepage

Where are they? I see no list from you - you are full of it, & that's that, with no evidence to back you... lol, especially when you're outnumbered 243++:1 as shown above!

And, there you go - rotlflmao!

... apk

Re:Why're ya having trouble "eating your words"?

Don't worry Sardukar86, this guy is a known psychopath. His full name is Alexander Peter Kowalski, and he lives with his mom at:
903 East Division St.
Syracuse, NY 13208
DOB: 01/31/1965

He is also suspected to be a faux terrorist. The FBI is looking for this guy, so I encourage everyone to give them details of APK if they have any. This guy's sick reign of terror must stop. Check out this link:
http://video.foxnews.com/v/1843962156001/fbi-asks-for-help-solving-15-year-old-anthrax-mystery/
As soon as I saw that video, I thought: "Wow! That's APK described exactly!" It seems that a 35+ man with mental issues, living in Syracuse, NY has been sending out threatening letters with white powder in them to people. It's not actually anthrax, but it is claimed to be in the letters. This guy is high up on the FBI's most wanted list.

More info here: http://www.syracuse.com/news/index.ssf/2012/09/fbi_wades_through_tips_that_co.html
You can report info on APK by calling 1-800-CALL-FBI or submitting the form at tips.fbi.gov. Please help stop this guy.

APK: Watch your ass, sicko, I've reported you.

Sardaukar86's new diet = "eating his words", lol

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Sardaukar86 "eating his words", again

Off-Topic illogical failing ad hominem attacks & eating your words is no argument - it's your FAIL, lol!

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Sure - Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

Sardaukar86 proves he had to "eat your words"

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

It's about ya "eating your words" Sardaukar86

YOU "tackled yourself":

"Can you show me even one example where you actually engaged my argument enough to 'do a job' on me?" - by Sardaukar86 (850333) on Thursday January 31, @04:45PM (#42755547) Homepage QUOTED VERBATIM FROM -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42755547

Where you're outnumbered 244++:1 -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 by the thoughts of your own /. peers no less, in their up mods of my posts, vs. your usual b.s. quoted above!

---

Especially when you said this, quoted verbatim:

"You have had it repeatedly explained to you that your posts are long-winded, unpleasant to read" - by Sardaukar86 (850333) on Saturday January 26, @01:06AM (#42698875) Homepage QUOTED VERBATIM FROM YOU HERE -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491

In response in the link above, I merely easily replied WITH EVIDENCE TO THE CONTRARY, when I posted nearly 250 contrary opinions of your /. peers in my upward moderations from them, easily, to THAT rubbish from YOU, quoted above!

---

* Easily utterly dusting you (by letting you dust yourself), lol, & making you "EAT YOUR WORDS", flavored with "the bitter taste of SELF-DEFEAT" & YOUR FOOT IN YOUR MOUTH!

As usual? You did it, to yourself... rotflmao!

---

Thus?

Well, you're MAKING me just HAVE to say this (& you know what's coming now, don't you? Of COURSE you do):

THIS?? This was just "too, Too, TOO EASY - just '2ez'" & it always is, vs. Sardaukar86, the always off-topic troll & forums "ne'er-do-well"!

APK

P.S.=> This puts the "icing on the cake" in another "choice vintage quote" outta you, lol:

"Simply observe the general reaction of /. posters to your drivel and you'll see what I mean" - by Sardaukar86 on Thursday January 31, @05:43PM (#42756289) QUOTED VERBATIM FROM -> http://slashdot.org/comments.pl?sid=3417867&cid=42756289

Well, see your sentiments there, outnumbered by /. posters regarding my posts as NOT being 'drivel' in the link above - you FAIL, as always & to the tune of nearly 250:1 against you!

And, there you go - rotlflmao!

... apk

George M. Howell the admitted stalking troll

"I've been trolling people for 36 years. Why would I stop now? I've also never denied trolling you. Why would I?" - by gmhowell (26755) on Sunday April 17, @05:03AM (#35846218) Homepage

QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=2087330&cid=35846218

---

"I never denied trolling you" - by gmhowell (26755) on Tuesday December 14 2010, @01:55AM (#34543612) Homepage Journal

QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=1907528&cid=34543612

---

gmhowell posts journal on trolling myself, years ago now -> http://slashdot.org/journal/266768/the-best-thing-about-trolling-apk

PERTINENT QUOTE/EXCERPT:

"The best thing about trolling APK?" - http://slashdot.org/journal/266768/the-best-thing-about-trolling-apk

QUOTED VERBATIM FROM -> http://slashdot.org/journal/266768/the-best-thing-about-trolling-apk

---

gmhowell says he will stop next below (after I got on his case) too:

"But seriously, I may stop" - by gmhowell on Thursday June 16, @09:38PM (#36470452) Attached to: The best thing about trolling APK?

and

"Hmm... Maybe oughta lay off for a while." - by gmhowell (26755) on Thursday June 16, @09:38PM (#36470452) Homepage

I took him @ his word, & then laid off on retrolling he, but?

gmhowell starts up YET again (now by AC posts only)!

Proof? Ok, before -> http://slashdot.org/journal/276148/now-this-is-entertaining

AND, of course, now also!

---

"I do whatever amuses me at the moment. Sometimes that is trolling." - by gmhowell (26755) on Wednesday April 20, @12:49AM (#35877174) Homepage

Grow up.

APK

P.S.=> GEORGE M. HOWELL (gmhowell) "thrives" on creating hassles for others & apparently do this ON PURPOSE? Please - grow up... apk

Slowly "Read 'em & weep" troll

While you eat your words troll -> http://it.slashdot.org/comments.pl?sid=3406867&cid=42701491 flavored with the "bitter taste of SELF-DEFEAT" & your foot in your mouth!

* You FAIL... lol!

APK

P.S.=> There's no escaping that you defeat yourself everytime... apk

Gmhowell/George M. Howell, known /. troll

Shows his true colors in his own words -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42776589

APK

P.S.=> Grow up gmhowell - seriously!

... apk

You're a libelous stalker Sardaukar86

Idiot, I own my OWN home @ that address & have for ages - did I give you or anyone else permission to post my home address here?

No.

The FBI are LOOKING for me? Yea, right... I'm one of the guys that helps them & their colleagues AGAINST online scumbags ala malwarebytes hosting my application here:

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://www.start64.com/index.php?option=com_content&id=5851:apk-hosts-file-engine-64bit-version&Itemid=74

---

Which SECURES folks vs. known online threats of MANY kinds, and I've done security guides that do the same for Windows users since 1997! To wit:

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008... & here is the IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy:

---

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

"Its 2009 - still trouble free

You're a trolling scumbag George M. Howell

"I've been trolling people for 36 years. Why would I stop now? I've also never denied trolling you. Why would I?" - by gmhowell (26755) on Sunday April 17, @05:03AM (#35846218) Homepage

QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=2087330&cid=35846218

---

"I never denied trolling you" - by gmhowell (26755) on Tuesday December 14 2010, @01:55AM (#34543612) Homepage Journal

QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=1907528&cid=34543612

---

gmhowell posts journal on trolling myself, years ago now -> http://slashdot.org/journal/266768/the-best-thing-about-trolling-apk

PERTINENT QUOTE/EXCERPT:

"The best thing about trolling APK?" - http://slashdot.org/journal/266768/the-best-thing-about-trolling-apk

QUOTED VERBATIM FROM -> http://slashdot.org/journal/266768/the-best-thing-about-trolling-apk

---

gmhowell says he will stop next below (after I got on his case) too:

"But seriously, I may stop" - by gmhowell on Thursday June 16, @09:38PM (#36470452) Attached to: The best thing about trolling APK?

and

"Hmm... Maybe oughta lay off for a while." - by gmhowell (26755) on Thursday June 16, @09:38PM (#36470452) Homepage

I took him @ his word, & then laid off on retrolling he, but?

gmhowell starts up YET again (now by AC posts only)!

Proof? Ok, before -> http://slashdot.org/journal/276148/now-this-is-entertaining

AND, of course, now also!

---

"I do whatever amuses me at the moment. Sometimes that is trolling." - by gmhowell (26755) on Wednesday April 20, @12:49AM (#35877174) Homepage

Grow up.

APK

P.S.=> GEORGE M. HOWELL (gmhowell) "thrives" on creating hassles for others & apparently do this ON PURPOSE? Please - grow up... apk

Re:You're a trolling scumbag George M. Howell

[gmhowell]

P.S.=> GEORGE M. HOWELL (gmhowell) "thrives" on creating hassles for others & apparently do this ON PURPOSE? Please - grow up... apk

I won't grow up,
(I won't grow up)
I don't want to go to school.
(I don't want to go to school)
Just to learn to be a parrot,
(Just to learn to be a parrot)
And recite a silly rule.
(And recite a silly rule)
If growing up means
It would be beneath my dignity to climb a tree,
I'll never grow up, never grow up, never grow up
Not me!
Not I,
Not me!
Not me!
I won't grow up,
(I won't grow up)
I don't want to wear a tie.
(I don't want to wear a tie)
And a serious expression
(And a serious expression)
In the middle of July.
(In the middle of July)
And if it means I must prepare
To shoulder burdens with a worried air,

Then, take your meds George M. Howell

See subject-line above... you forgot your interval of them.

APK

P.S.=> You're a KNOWN troll, & that's that (by your own admittance) -> http://it.slashdot.org/comments.pl?sid=3417867&cid=42857323

... apk

Re:Then, take your meds George M. Howell

[gmhowell]

Interesting, the chatbot APK can take observations about itself and attempt to turn them on others.

George M. Howell in his own words

"I've been trolling people for 36 years. Why would I stop now? I've also never denied trolling you. Why would I?" - by gmhowell (26755) on Sunday April 17, @05:03AM (#35846218) Homepage

QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=2087330&cid=35846218

---

"I never denied trolling you" - by gmhowell (26755) on Tuesday December 14 2010, @01:55AM (#34543612) Homepage Journal

QUOTED VERBATIM DIRECTLY FROM -> http://slashdot.org/comments.pl?sid=1907528&cid=34543612

---

gmhowell posts journal on trolling myself, years ago now -> http://slashdot.org/journal/266768/the-best-thing-about-trolling-apk

PERTINENT QUOTE/EXCERPT:

"The best thing about trolling APK?" - http://slashdot.org/journal/266768/the-best-thing-about-trolling-apk

QUOTED VERBATIM FROM -> http://slashdot.org/journal/266768/the-best-thing-about-trolling-apk

---

gmhowell says he will stop next below (after I got on his case) too:

"But seriously, I may stop" - by gmhowell on Thursday June 16, @09:38PM (#36470452) Attached to: The best thing about trolling APK?

and

"Hmm... Maybe oughta lay off for a while." - by gmhowell (26755) on Thursday June 16, @09:38PM (#36470452) Homepage

I took him @ his word, & then laid off on retrolling he, but?

gmhowell starts up YET again (no 1st either, there's been many times he's done it yet again, years later, such as right now)!

Proof? Ok, before -> http://slashdot.org/journal/276148/now-this-is-entertaining

AND, of course, now also!

---

"I do whatever amuses me at the moment. Sometimes that is trolling." - by gmhowell (26755) on Wednesday April 20, @12:49AM (#35877174) Homepage

Grow up.

APK

P.S.=> GEORGE M. HOWELL (gmhowell) "thrives" on creating hassles for others & apparently do this ON PURPOSE? Please - grow up, or take your meds (take your pick, you need to do both most likely)... apk