Nope, check RFC 3445. The record sub-type is gone, the bits are reserved and FreeS/WAN is trying to use a record type that doesn't exist anymore. Once DNS servers start following the host of MUSTs in that doc their implementation of opportunistic encryption is going to break left and right (luckily it'll fail hard instead of silently becoming insecure). There are better ways to do it, but the FreeS/WAN guys don't seem to care. No amount of bitching on their part is likely to change this - 3445 has now advanced to "PROPOSED STANDARD" status...
This caused massive problems so the DNS Extensions working group has
eliminated it. This has been true since December 2002 and 3445is now a
proposed standard as well as an RFC so the FreeS/WAN guys are making a really
major mistake. The record sub-type bits they're using are now defined
as RESERVED status and "MUST be set to 0 and MUST be ignored by the
receiver". Once enough DNS servers have implemented RFC 3445 the
records won't propagate through the system at all. There are better
ways to do this - take a look the leading underscore system that SRV records
use (synthetic sub-hosts on a per service basis). Special TXT records
are still fully usable or they could simply go to the DNS-EXT working group
and say "Hey, we'd like to define a new record type. What's the best way to
do it?" Opportunistic encryption is a big step forward, but it's
useless if it's broken by design and the arrogance of ignoring the IETF is
the kind of thing that's slowly edging FreeS/WAN towards irrelevance.
Simple, migrating to mutt or VM is way too much work . I've got a.pinerc that's been hacked on continuously for more than ten years (to the extent that it segfaults anything older than a patched 4.44), the entire interface as spinal reflexes (an mild exaggeration, there are a few keystrokes that I realize I'm typing as I do them), and good IMAP support. The latter has changed quite a bit in recent years, but it still seems that mutt and VM lag. No surprise really, IMAP came out of UW in the first place and they're heavily wed to it.
It's a bit frustrating, I've tried mutt/VM/Gnus and I like them but it's too much work for a few nice features.
It's anecdotal evidence only, but I swear by Reiser these days. My Dell Inspiron 7500 has developed a problem that causes it to hang on return ing from suspend a couple of times a week and I haven't lost data once. At this point I've probably had upwards of one hundred hangs and crashes because of the flakey hardware and Reiserfs has saved my data every time. It can't do anything to protect data that hasn't hit disk yet, but once it's there it's pretty good about keeping it intact. After living through crashes that left Ext2 filesystems chiseled spam it's a good feeling to be blase about such things.
It's a really interesting effect and I don't doubt that it's got something to do with the mechanisms of memory, but there's a lot of evidence for the role of changes in gene expression in memory as well. Take a look at Doctor Eric Kandel's research. There's a reason he got the Nobel Prize, the Wolf prize, the Lasker Award, the Gairdner Award, the Harvey Prize, and the National Medal of Science - the man has done an immense amount to elucidate the basis of memory. I know it's more fashionable around here to think of neurons as something to hook up to electrodes, but like just about everything biological it's a little bit more complicated than that. I'd place real money on both effects being part of the process.
I suspect there was a technical limit at about 320Kb. I could consistently get that kind of measured throughput pulling from kernel.org and other large-pipe sites with views of 8-12 poletops and no other mobiles to share with. Maybe it's not RADSL, but it was plenty for anything I ever tried to do. Even if I get a fat pipe in my new place I'll be subscribing as soon as they turn it back up in my area. BTW, the claimed range (0.5 - 1 mile) was way low if you were willing to accept BW down around 100Kb. I managed a stable but slow connection from about 3 miles outside the network indoors with no antenna and a block of townhouse on the LOS.
Not particularly close. Excite@Home may have sucked (especially the Excite portion) but they actually did handle most of the infrastructure and had their own backbone. Of course with AT&T slurping down any parts of the company that look tasty to it that's changing rapidly, but @Home used to do the router-herding etc. to make the system work. The really stupid part of all this is that the @Home portion was still doing okay financially - Excite managed to lose so much money it dragged the rest down with it. Not a broadband failure at all, just another BS "Portal" biting the big Kishko.
My sources? A former @Home Tier-4 Network engineer and a few people who worked in the NOC. No bones to pick there...
Hmm: lspci thinks it's a 'ATI Technologies Inc 3D Rage P/M Mobility AGP 2x (rev 64)'. I've got to agree, 1400x1050 is a great resolution. I'd have bought a non-Dell laptop if I could have gotten better than 1024x768 in December, but at the time the only one I could find that did SXGA was the 7500, and it did SXGA+ (Dell's name for 1400x1050) for just a little bit more money. Well worth it.
BTW, if you're looking at the 5000 (slimmer, not as expandable version of the Inspiron 7500) think very carefully about a Celeron or something else that runs cooler. My 7500 is incredibly stable and stays reasonably cool, but the PIII/650 Inspiron 5000's my company bought have real heat problems. Your lap getting uncomfortably warm is one thing, but having drive and cpu flakiness that trashes a filesystem when you run it too hot is a little outside what I'd consider acceptable. If you can hack the extra weight grab the 7500.
If you do want the 5000 look at Sceptre. They source the chassis from the same manufacturer Dell does.
Metricom seems to be doing it right: low power (side effect of the mesh network, but yet another difficulty in interception), many packet routes from poletop to poletop, frequency hopping, and a halfway decent encryption algorithm. I'd still use FreeS/WAN or OpenSSH over the connection, but that's because I'm paranoid. In common usage it should be far harder to intercept & decrypt than any of the proposed or implemented cell based systems, and would you trust USWest or Bell Atlantic with implementing security correctly?
Hmm, so if you happen to be Mr. Brandenburg "Tom's Diner" should sound the same on CDDA and MP3. Clearly we need an extension to the Napster client to specify not just bitrate but how far the original piece deviates from TD. "Jeannie's Diner" and the reggae version will obviously produce hi-fidelity encodings, but what about the Swedish version?
Not quite fair. Note that they're comparing W2K to 2.2 kernels for greater than 3 processors. They're quite positive on 2.4 being likely to beat out W2K on SMP scaling, and they even make a point of not benchmarking because of how much 2.4 will change the numbers. In fact they largely damn W2K with faint praise as far as its SMP "advantage" goes. No insinuation that Linux can't do SMP, just a belief that it's temporarily behind W2K for >3-way SMP and a statement about that changing soon. No need to get defensive.
Try Costco. A few weeks ago I was amused to see Red Hat Linux Deluxe ($24.99) stacked next to Windows 98 Upgrade ($84.99). If you want to talk about lowest common denominator Costco is barely above WalMart, and I saw a couple of jeans & flannel family men comparing the backs of the two boxes and muttering about "How can it be that cheap?".
Hmm, there's a use for that $20,000 from a few articles back: help fund distribution of preloaded Linux computers (which are getting damned cheap for ~400MHz machines) to economically depressed school districts. What better way to help Open Source projects than to get kids hooked on source early? C'mon, the first one's free...
If you do switch to Linux make very sure that no one can trip over the plug. And make sure the cleaning people don't unplug your server to plug in a vacuum cleaner. (or is that an urban legend?)
Nope, most definitely not an urban legend. We had it happen a few times at my old employers. Of course that wasn't nearly as traumatic as coming in to find that the security guys had left the development lab open and somebody's kid had pryed a CPU heatsink off as a souvenir.
Note as well that ext2 is also reasonably conservative about what it considers corruption. The data loss is definitely an issue with any non-journaling filesystem that caches disk updates, but I've seen data loss & disk corruption with some frequency on high-load NT boxes.
What trends do you forsee in the development of DDoS tools in light of the addition of encryption & remote update capabilities in recent months? Do you believe that tools to scan for clients, masters, and handlers will be able to stay close enough behind the improvements in stealth techniques to remain relevant, and if not what do you expect to replace them as countermeasures? (Other than, of course, the widescale implementation of good security.)
EMS makes (or made, I found them on clearance) a laptop backpack. The straps are thinner than I'd like, but it'll hold an Inspiron 7500, iBook, or Powerbook G3 and the top compartment comfortably takes the Camel book, my AC adapter, a stack of CDs, a water bottle, gloves, some tools, and a shades case. Mine was ~$30 on clearance. They should be able to find if for you, but I can grab the SKU if anyone needs it. Jonathan Conway
Okay, I'll grant that it's slower to make it to consumer devices than many predicted. I'll even grant that for quite a few applications it's overkill.
That's not the point. FireWire is a high-speed high-bandwidth data transfer technology and it's doing quite well exactly where it was originally aimed: digital content capture/creation. There's a reason the iMacDV has FireWire: content users demanded it. I'm less clear on why they're using iMacs, but what the hey, I'm sure they know what they need better than I do. He's not slamming USB for the time it took to take off, and it's much more consumer oriented and had a much greater push for adoption from MS. Bit of a double standard, that.
The L0pht has been involved in independent wireless networking reasonably heavily. What do you see as the most important discoveries/protocols/designs for the next few years? Do you forsee an opportunity for the hardware hacking community to open up the airwaves in the same way Linux & OSS has opened up operating systems and tools?
The certificate business was already incestuous enough. This deal is basically going to leave the whole shebang in the hands of VeriSign and MS, and that can't be good for the rest of us. A system based on trust cannot rely on a small group of organizations known to play fast and loose with the public interest.
"Under the terms of the RSAREF license, changes to the RSAREF code other than porting or performance improvement require written consent. RSA Security hereby gives its consent to implement a patch to RSAREF to address this advisory."
Given that they're an IP-happy organization with a long history of iffy code I'm glad to see that they're doing the obvious thing and giving others permission to fix the problem. Of course if they weren't requiring use of their code for "their" algorithms this wouldn't be an issue.
A web site is basically a network service. It seems like there should be a place for a distributed protocol that actually allows an intelligent* search. If you defined a doc/HOWTO type you could search for sites providing those services with criteria that select the particular issue you're looking for. Try that with a search engine and irrelevant juxtapositions will fill your results with noise.
*Intelligent in the sense that the search method used shares a vocabulary with the providers.
Think about it. Larry Wall took the standard tape / full source distribution method and turned it inside out. One tiny program that cut to the heart of the problem: that code users only care about the changes once they have the source. It made distributed incremental development (and thus the modern Open Source movement) feasible.
The drive is supposedly on only "once every 10 minutes" to read more data into a buffer. The claimed purpose is to increase battery life (and given they're claiming 10 hours with a HDD it seems to work). I'd tend to think that means that except while filling the buffer the shock resistance is that of a non-operating IBM portable drive, which is actually rather high.
I used the book to introduce my girlfriend to UF, but since a significant percentage of strips didn't make the cut (including the origin of Dust Puppy) she's had to reread them online from the beginning to find the missing ones. Still a funny collection, but certainly nowhere near complete.
As one of the stronger voices behind the proposition that only peer reviewed, open, and thoroughly tested algorithms can be trusted you've widely disseminated several algorithms, Solitaire and Yarrow among them. What attacks or interesting analyses have surfaced since their release?
Slashdot Mirror
Nope, check RFC 3445. The record sub-type is gone, the bits are reserved and FreeS/WAN is trying to use a record type that doesn't exist anymore. Once DNS servers start following the host of MUSTs in that doc their implementation of opportunistic encryption is going to break left and right (luckily it'll fail hard instead of silently becoming insecure). There are better ways to do it, but the FreeS/WAN guys don't seem to care. No amount of bitching on their part is likely to change this - 3445 has now advanced to "PROPOSED STANDARD" status...
RFC 3445
This caused massive problems so the DNS Extensions working group has eliminated it. This has been true since December 2002 and 3445is now a proposed standard as well as an RFC so the FreeS/WAN guys are making a really major mistake. The record sub-type bits they're using are now defined as RESERVED status and "MUST be set to 0 and MUST be ignored by the receiver". Once enough DNS servers have implemented RFC 3445 the records won't propagate through the system at all. There are better ways to do this - take a look the leading underscore system that SRV records use (synthetic sub-hosts on a per service basis). Special TXT records are still fully usable or they could simply go to the DNS-EXT working group and say "Hey, we'd like to define a new record type. What's the best way to do it?" Opportunistic encryption is a big step forward, but it's useless if it's broken by design and the arrogance of ignoring the IETF is the kind of thing that's slowly edging FreeS/WAN towards irrelevance.
Simple, migrating to mutt or VM is way too much work . I've got a .pinerc that's been hacked on continuously for more than ten years (to the extent that it segfaults anything older than a patched 4.44), the entire interface as spinal reflexes (an mild exaggeration, there are a few keystrokes that I realize I'm typing as I do them), and good IMAP support. The latter has changed quite a bit in recent years, but it still seems that mutt and VM lag. No surprise really, IMAP came out of UW in the first place and they're heavily wed to it.
It's a bit frustrating, I've tried mutt/VM/Gnus and I like them but it's too much work for a few nice features.
It's anecdotal evidence only, but I swear by Reiser these days. My Dell Inspiron 7500 has developed a problem that causes it to hang on return ing from suspend a couple of times a week and I haven't lost data once. At this point I've probably had upwards of one hundred hangs and crashes because of the flakey hardware and Reiserfs has saved my data every time. It can't do anything to protect data that hasn't hit disk yet, but once it's there it's pretty good about keeping it intact. After living through crashes that left Ext2 filesystems chiseled spam it's a good feeling to be blase about such things.
It's a really interesting effect and I don't doubt that it's got something to do with the mechanisms of memory, but there's a lot of evidence for the role of changes in gene expression in memory as well. Take a look at Doctor Eric Kandel's research. There's a reason he got the Nobel Prize, the Wolf prize, the Lasker Award, the Gairdner Award, the Harvey Prize, and the National Medal of Science - the man has done an immense amount to elucidate the basis of memory. I know it's more fashionable around here to think of neurons as something to hook up to electrodes, but like just about everything biological it's a little bit more complicated than that. I'd place real money on both effects being part of the process.
I suspect there was a technical limit at about 320Kb. I could consistently get that kind of measured throughput pulling from kernel.org and other large-pipe sites with views of 8-12 poletops and no other mobiles to share with. Maybe it's not RADSL, but it was plenty for anything I ever tried to do. Even if I get a fat pipe in my new place I'll be subscribing as soon as they turn it back up in my area. BTW, the claimed range (0.5 - 1 mile) was way low if you were willing to accept BW down around 100Kb. I managed a stable but slow connection from about 3 miles outside the network indoors with no antenna and a block of townhouse on the LOS.
Not particularly close. Excite@Home may have sucked (especially the Excite portion) but they actually did handle most of the infrastructure and had their own backbone. Of course with AT&T slurping down any parts of the company that look tasty to it that's changing rapidly, but @Home used to do the router-herding etc. to make the system work. The really stupid part of all this is that the @Home portion was still doing okay financially - Excite managed to lose so much money it dragged the rest down with it. Not a broadband failure at all, just another BS "Portal" biting the big Kishko.
My sources? A former @Home Tier-4 Network engineer and a few people who worked in the NOC. No bones to pick there...
BTW, if you're looking at the 5000 (slimmer, not as expandable version of the Inspiron 7500) think very carefully about a Celeron or something else that runs cooler. My 7500 is incredibly stable and stays reasonably cool, but the PIII/650 Inspiron 5000's my company bought have real heat problems. Your lap getting uncomfortably warm is one thing, but having drive and cpu flakiness that trashes a filesystem when you run it too hot is a little outside what I'd consider acceptable. If you can hack the extra weight grab the 7500.
If you do want the 5000 look at Sceptre. They source the chassis from the same manufacturer Dell does.
Metricom seems to be doing it right: low power (side effect of the mesh network, but yet another difficulty in interception), many packet routes from poletop to poletop, frequency hopping, and a halfway decent encryption algorithm. I'd still use FreeS/WAN or OpenSSH over the connection, but that's because I'm paranoid. In common usage it should be far harder to intercept & decrypt than any of the proposed or implemented cell based systems, and would you trust USWest or Bell Atlantic with implementing security correctly?
Hmm, so if you happen to be Mr. Brandenburg "Tom's Diner" should sound the same on CDDA and MP3. Clearly we need an extension to the Napster client to specify not just bitrate but how far the original piece deviates from TD. "Jeannie's Diner" and the reggae version will obviously produce hi-fidelity encodings, but what about the Swedish version?
Not quite fair.
Note that they're comparing W2K to 2.2 kernels for greater than 3 processors. They're quite positive on 2.4 being likely to beat out W2K on SMP scaling, and they even make a point of not benchmarking because of how much 2.4 will change the numbers. In fact they largely damn W2K with faint praise as far as its SMP "advantage" goes. No insinuation that Linux can't do SMP, just a belief that it's temporarily behind W2K for >3-way SMP and a statement about that changing soon. No need to get defensive.
Hmm, there's a use for that $20,000 from a few articles back: help fund distribution of preloaded Linux computers (which are getting damned cheap for ~400MHz machines) to economically depressed school districts. What better way to help Open Source projects than to get kids hooked on source early? C'mon, the first one's free...
Nope, most definitely not an urban legend. We had it happen a few times at my old employers. Of course that wasn't nearly as traumatic as coming in to find that the security guys had left the development lab open and somebody's kid had pryed a CPU heatsink off as a souvenir.
Note as well that ext2 is also reasonably conservative about what it considers corruption. The data loss is definitely an issue with any non-journaling filesystem that caches disk updates, but I've seen data loss & disk corruption with some frequency on high-load NT boxes.
What trends do you forsee in the development of DDoS tools in light of the addition of encryption & remote update capabilities in recent months? Do you believe that tools to scan for clients, masters, and handlers will be able to stay close enough behind the improvements in stealth techniques to remain relevant, and if not what do you expect to replace them as countermeasures? (Other than, of course, the widescale implementation of good security.)
Jonathan Conway
EMS makes (or made, I found them on clearance) a laptop backpack. The straps are thinner than I'd like, but it'll hold an Inspiron 7500, iBook, or Powerbook G3 and the top compartment comfortably takes the Camel book, my AC adapter, a stack of CDs, a water bottle, gloves, some tools, and a shades case. Mine was ~$30 on clearance. They should be able to find if for you, but I can grab the SKU if anyone needs it. Jonathan Conway
That's not the point. FireWire is a high-speed high-bandwidth data transfer technology and it's doing quite well exactly where it was originally aimed: digital content capture/creation. There's a reason the iMacDV has FireWire: content users demanded it. I'm less clear on why they're using iMacs, but what the hey, I'm sure they know what they need better than I do. He's not slamming USB for the time it took to take off, and it's much more consumer oriented and had a much greater push for adoption from MS. Bit of a double standard, that.
The L0pht has been involved in independent wireless networking reasonably heavily. What do you see as the most important discoveries/protocols/designs for the next few years? Do you forsee an opportunity for the hardware hacking community to open up the airwaves in the same way Linux & OSS has opened up operating systems and tools?
The certificate business was already incestuous enough. This deal is basically going to leave the whole shebang in the hands of VeriSign and MS, and that can't be good for the rest of us. A system based on trust cannot rely on a small group of organizations known to play fast and loose with the public interest.
Given that they're an IP-happy organization with a long history of iffy code I'm glad to see that they're doing the obvious thing and giving others permission to fix the problem. Of course if they weren't requiring use of their code for "their" algorithms this wouldn't be an issue.
A web site is basically a network service. It seems like there should be a place for a distributed protocol that actually allows an intelligent* search. If you defined a doc/HOWTO type you could search for sites providing those services with criteria that select the particular issue you're looking for. Try that with a search engine and irrelevant juxtapositions will fill your results with noise.
*Intelligent in the sense that the search method used shares a vocabulary with the providers.
Think about it. Larry Wall took the standard tape / full source distribution method and turned it inside out. One tiny program that cut to the heart of the problem: that code users only care about the changes once they have the source. It made distributed incremental development (and thus the modern Open Source movement) feasible.
The drive is supposedly on only "once every 10 minutes" to read more data into a buffer. The claimed purpose is to increase battery life (and given they're claiming 10 hours with a HDD it seems to work). I'd tend to think that means that except while filling the buffer the shock resistance is that of a non-operating IBM portable drive, which is actually rather high.
I used the book to introduce my girlfriend to UF, but since a significant percentage of strips didn't make the cut (including the origin of Dust Puppy) she's had to reread them online from the beginning to find the missing ones. Still a funny collection, but certainly nowhere near complete.
As one of the stronger voices behind the proposition that only peer reviewed, open, and thoroughly tested algorithms can be trusted you've widely disseminated several algorithms, Solitaire and Yarrow among them. What attacks or interesting analyses have surfaced since their release?