When Schwarzenegger was elected Governor of California people here (including those that usually vote for the "best looking guy") were stunned with disbelief. What? How's he a politician? Only thing he accomplished is movies. And movies are NOT taken serious around here. As much as we like celebrities, they have NO place in politics. Politics is serious matter. Movies are entertainment. They don't mix.
At least here in Finland we have been getting more and more celebrities as politicians. OK, maybe it's just one a year but some of them (ex Miss Finland) even made it to a minister post. There's plenty of ex-Olympic athletes and others who have made it to the parliament.
What does that mean? We've had children launch 10gbit/s dos attacks against our service and all that was needed was a small payment via paypal. Attack starts and ends with 1s precision...
All you need is a connection to somebody with a big enough botnet, and will to use it for DOS attacks. Even then he will be using less then 1% of it's capacity.
There's a lot of different ways to do an attack. Pushing 10gbit/s traffic is what you use when you don't want to bother figuring out what vectors something is vulnerable to.
Does it have to be an uber-dos tool? My employers services have been hit by 10gbit/s dos attacks for no obvious reason, and later studies have shown somebody initiated them for fun (and it was cheap).
The US funded Saddam Hussein, and I don't think that was an isolated case. Not that I'd really like to defend Iranians very much, I'd rather live under a totalitarian American then Iranian world government.:D
In this case you have no idea how much it has previously rained, somebody (selling umbrellas) has just predicted it will probably rain even more next year.
I'm not saying you are wrong, just saying it's probably already far more common then one would assume (given how little it's talked about).
To know there is a rise you would need to have some kind of baseline on the current situation. I don't think anyone knows how much state sponsored cyber attacks are currently going around, but I would imagine quite a bit. Most states will have quite a high level of technology and far more motivation to keep things secret then your average cyber criminal. Maybe one (kind of) exception is Russia where the cyber criminals are state friendly to a level where they will (with or without actual concent) do cyber attacks for the states benefit (look at ddos attacks at estonia as an example).
It seems that Phoronix needs a faster kernel on their server...
Seriously though, Some of the performance drops (and how they have been sustained in later kernel versions) makes me wonder if there is adequate load testing as part of the kernel QA process.
Why is it a problem that it complains in this situation?
IMO sending warnings that 99% of users (statistics made up) don't understand is bad, especially if it's only a potential problem.
Sending a page half-encrypted is a big security problem -
It may be a big problem, and it may not. If everything that requires encryption from a privacy point of view is encrypted, then I don't see what the big problem is.
not the least of which is t hat the user has no reasonable way to know which information was sent securely.
The users can use something like firebug to see if they are really interested, a lot of other tools are also available. The current situation where everything is sent unencrypted is a far bigger problem. Even if they get the warning that part of the content was unencrypted, they will still need some tool to see what it was.
And there are a lot of cases where there can be a good reason to only encrypt session and account related data. While browsers do have better caching support of content sent over https, it's still not perfect and differs from one browser to another. So for somebody serving a site which is full of rich content which is public (ie. the only private data is the session data and account information) you might be looking at substantial differences in page load time (depending on how well caching ends up working on the client end). Ad networks can also be a problem. For the server end it's not a problem since you can encrypt the data from the load balancer.
Why is there a big discussion about session hijacking now? Hasn't this sort of thing been around for years? Granted in the past an attacker would be using something like Wireshark and some other fancy networking tools to nab your cookie rather than a Firefox addon that even the lowliest of script kiddies can run.
You answered the question yourself. While nothing changed in the security of all these services, and your account could have been hijacked just as easily a year ago, now the probability of it happening to a random open wifi user just went up.
But what really happened is that now clueless reporters actually found a tool so simple that even they understand how session hijacking works (ok, they probably still don't understand, but do see how easy it is). When everybody see's just how fragile the foundation is, it raises discussion.
And the funny thing is, there is some thanking to Microsoft and Internet Exploder for this situation. If older IE versions didn't always bitch when you load secure and insecure components on the same page we would probably have long running best practices of sending all session related data over https even for sites where (client) caching prevents usage of https.
It can be mitigated, however, if you are VPN connected to a secure network, because your traffic will be nothing but inscrutable VPN noise, even if the site in question is sloppy.
Even with a split tunnel? And who would not be using a split tunnel these days?
I would imagine Nokia feels ditching their own OS would just make them hardware manufacturers, not so different from a large portion of their competition. Add to this that in a certain sense Google has probably partially made Android to ensure that no one manufacturer has a dominating position in the mobile market, and Nokia will suffer from that (Google can ensure products follow standards better when there are a lot of small players vs. one big one).
Which is a good point. For some reason our company has 10's of photoshop licenses, mainly for people who just resize pictures occasionally. It would be very easy to do with gimp "but it's always been done with photoshop". Probably the main reason Adobe does so little to fight against piratism - if people where accustomed to using gimp at home (due to not being able to buy photoshop) most would find it adequate. Sure there will be some who are actually requiring the features in photoshop, but not very many.
. Currently price stability only shows how much inflation there is, because in real terms there should have been deflation happening, but because there is so much inflation the prices are stable.
It's not good enough for the Fed, they want prices to increase! They think they'll take away your purchasing power and make you more competitive, but that's only a small part of a competitive economy - your purchasing power as it is related to your nominal salary. The other parts of it are (in no particular order): income taxes, payroll taxes, regulations, wage controls, price controls, subsidies to monopolies, laws that make it too difficult to start businesses, high costs of insurance, medical insurance costs, high costs of education, high cost of labor, high cost of rent/ownership of land/buildings. All of those prices are high because of gov't holding them hostage.
I guess that's one view, but I would imagine the main reason why the government will be happy about inflation is that it also reduces the amount of debt you have. If you are so far in debt that you will never be able to pay for it, you can work on making that debt worse less. In theory this will piss of the people who loaned the money to you, but if their economy is also dependent on you using the borrowed money to buy stuff from them then they may not have a choice.
Yup, and as far as I'm aware they have not really broken the treaty? Most of the discussion seems to revolve around them having nuclear facilities that are allowed by the treaty - but people being worried they might be able to take that further. I get a feeling they are being pushed to limit their production even further then the treaty would actually require them to.
I'm not saying this is right or wrong, personally I would prefer that they don't have nuclear weapons. This whole case smells of politics more then anything else though, and personally I find Israel not signing the treaty and already having nuclear weapons to be a big problem too (once again politics is what is causing them not to be pressured about it as much).
NT was pretty stable, only lacking in multimedia and gaming (though I made music with a NT 4 workstation at the end of the 90's). I remember a friend buying a tricked out G4 when they where first released, it cost shitloads of money. It was crashing daily while my computer (running Generator on NT4) was rock solid.
It's kind of a pity that OS9 was my only mac experience at a time, it left such a sour taste in my mouth that I had to be practically forced to try a mac again when switching to a new job 5 years later. Kudos to Apple for having the balls to start so fresh again.
For a *nix admin it's far more difficult to clean up after somebody who had root access rather then somebody who did not. I expect 99.9% of everybody (assuming there where others then the one server mentioned in the headline) who had their machine rooted over this was hosting providers / universities offering shell's to users. Yes, this could also be exploited via other mechanisms (some not so serious remote exploit used to get local access, then this to gain root), but this is the most likely scenario.
Also from somebodies point of view who has worked as both an admin and in security teams, I've seen plenty of cases where vulnerabilities such as this where downplayed (as nobody untrusted will have local access). I've also seen cases where some trivial vulnerability in a library was used to upload and run code that used another exploit to gain root... Actually I would imagine lots's of companies are still running vulnerable versions of Apache Struts - or at least where for months while waiting for the maintainers to get their head out of their ass and release a patch (few weeks ago) for a vulnerability which was being actively exploited during the months it took to get through the users voting process.
Yup, and not only your collection - the kids collection. Around the time 30% of the 100 dvd's my kids have where jumping and jittering I decided something had to be done, and ripped them all onto disk on a HTPC. Now according to content producers I think it would not be enough to buy the DVD, I would need to buy another one when it's scratched. Using the HTPC is more convenient in the first place, with the added benefit that the shelf is empty (dvd's are in a box in storage) and nothing get's scratched.
Slashdot Mirror
>
When Schwarzenegger was elected Governor of California people here (including those that usually vote for the "best looking guy") were stunned with disbelief. What? How's he a politician? Only thing he accomplished is movies. And movies are NOT taken serious around here. As much as we like celebrities, they have NO place in politics. Politics is serious matter. Movies are entertainment. They don't mix.
At least here in Finland we have been getting more and more celebrities as politicians. OK, maybe it's just one a year but some of them (ex Miss Finland) even made it to a minister post. There's plenty of ex-Olympic athletes and others who have made it to the parliament.
What does that mean? We've had children launch 10gbit/s dos attacks against our service and all that was needed was a small payment via paypal. Attack starts and ends with 1s precision...
All you need is a connection to somebody with a big enough botnet, and will to use it for DOS attacks. Even then he will be using less then 1% of it's capacity.
There's a lot of different ways to do an attack. Pushing 10gbit/s traffic is what you use when you don't want to bother figuring out what vectors something is vulnerable to.
Does it have to be an uber-dos tool? My employers services have been hit by 10gbit/s dos attacks for no obvious reason, and later studies have shown somebody initiated them for fun (and it was cheap).
The US funded Saddam Hussein, and I don't think that was an isolated case. Not that I'd really like to defend Iranians very much, I'd rather live under a totalitarian American then Iranian world government. :D
In this case you have no idea how much it has previously rained, somebody (selling umbrellas) has just predicted it will probably rain even more next year.
I'm not saying you are wrong, just saying it's probably already far more common then one would assume (given how little it's talked about).
To know there is a rise you would need to have some kind of baseline on the current situation. I don't think anyone knows how much state sponsored cyber attacks are currently going around, but I would imagine quite a bit. Most states will have quite a high level of technology and far more motivation to keep things secret then your average cyber criminal. Maybe one (kind of) exception is Russia where the cyber criminals are state friendly to a level where they will (with or without actual concent) do cyber attacks for the states benefit (look at ddos attacks at estonia as an example).
It seems that Phoronix needs a faster kernel on their server...
Seriously though, Some of the performance drops (and how they have been sustained in later kernel versions) makes me wonder if there is adequate load testing as part of the kernel QA process.
Somehow I get a feeling that this was mainly a problem with the employer, or the way they implemented agile programming.
Why is it a problem that it complains in this situation?
IMO sending warnings that 99% of users (statistics made up) don't understand is bad, especially if it's only a potential problem.
Sending a page half-encrypted is a big security problem -
It may be a big problem, and it may not. If everything that requires encryption from a privacy point of view is encrypted, then I don't see what the big problem is.
not the least of which is t hat the user has no reasonable way to know which information was sent securely.
The users can use something like firebug to see if they are really interested, a lot of other tools are also available. The current situation where everything is sent unencrypted is a far bigger problem. Even if they get the warning that part of the content was unencrypted, they will still need some tool to see what it was.
And there are a lot of cases where there can be a good reason to only encrypt session and account related data. While browsers do have better caching support of content sent over https, it's still not perfect and differs from one browser to another. So for somebody serving a site which is full of rich content which is public (ie. the only private data is the session data and account information) you might be looking at substantial differences in page load time (depending on how well caching ends up working on the client end). Ad networks can also be a problem. For the server end it's not a problem since you can encrypt the data from the load balancer.
Why is there a big discussion about session hijacking now? Hasn't this sort of thing been around for years? Granted in the past an attacker would be using something like Wireshark and some other fancy networking tools to nab your cookie rather than a Firefox addon that even the lowliest of script kiddies can run.
You answered the question yourself. While nothing changed in the security of all these services, and your account could have been hijacked just as easily a year ago, now the probability of it happening to a random open wifi user just went up.
But what really happened is that now clueless reporters actually found a tool so simple that even they understand how session hijacking works (ok, they probably still don't understand, but do see how easy it is). When everybody see's just how fragile the foundation is, it raises discussion.
And the funny thing is, there is some thanking to Microsoft and Internet Exploder for this situation. If older IE versions didn't always bitch when you load secure and insecure components on the same page we would probably have long running best practices of sending all session related data over https even for sites where (client) caching prevents usage of https.
Lately java has been exploited more, but yes.
The username is Robert');DROP TABLE news;--, you won't need a password.
It can be mitigated, however, if you are VPN connected to a secure network, because your traffic will be nothing but inscrutable VPN noise, even if the site in question is sloppy.
Even with a split tunnel? And who would not be using a split tunnel these days?
I would imagine Nokia feels ditching their own OS would just make them hardware manufacturers, not so different from a large portion of their competition. Add to this that in a certain sense Google has probably partially made Android to ensure that no one manufacturer has a dominating position in the mobile market, and Nokia will suffer from that (Google can ensure products follow standards better when there are a lot of small players vs. one big one).
Wow. Around half of the comments in this thread are for "lynching" Assange and Wikileaks.
Well if there is a character assassination going on I guess it's working. :D
Which is a good point. For some reason our company has 10's of photoshop licenses, mainly for people who just resize pictures occasionally. It would be very easy to do with gimp "but it's always been done with photoshop". Probably the main reason Adobe does so little to fight against piratism - if people where accustomed to using gimp at home (due to not being able to buy photoshop) most would find it adequate. Sure there will be some who are actually requiring the features in photoshop, but not very many.
. Currently price stability only shows how much inflation there is, because in real terms there should have been deflation happening, but because there is so much inflation the prices are stable.
It's not good enough for the Fed, they want prices to increase! They think they'll take away your purchasing power and make you more competitive, but that's only a small part of a competitive economy - your purchasing power as it is related to your nominal salary. The other parts of it are (in no particular order): income taxes, payroll taxes, regulations, wage controls, price controls, subsidies to monopolies, laws that make it too difficult to start businesses, high costs of insurance, medical insurance costs, high costs of education, high cost of labor, high cost of rent/ownership of land/buildings. All of those prices are high because of gov't holding them hostage.
I guess that's one view, but I would imagine the main reason why the government will be happy about inflation is that it also reduces the amount of debt you have. If you are so far in debt that you will never be able to pay for it, you can work on making that debt worse less. In theory this will piss of the people who loaned the money to you, but if their economy is also dependent on you using the borrowed money to buy stuff from them then they may not have a choice.
No, it's actually guilty of both. Iran wouldn't have this capability without the intrusive policy pushed by the government.
Now that is something you can only assume, but without the policy Nokia would have a lot more explaining to do.
Yup, and as far as I'm aware they have not really broken the treaty? Most of the discussion seems to revolve around them having nuclear facilities that are allowed by the treaty - but people being worried they might be able to take that further. I get a feeling they are being pushed to limit their production even further then the treaty would actually require them to.
I'm not saying this is right or wrong, personally I would prefer that they don't have nuclear weapons. This whole case smells of politics more then anything else though, and personally I find Israel not signing the treaty and already having nuclear weapons to be a big problem too (once again politics is what is causing them not to be pressured about it as much).
NT was pretty stable, only lacking in multimedia and gaming (though I made music with a NT 4 workstation at the end of the 90's). I remember a friend buying a tricked out G4 when they where first released, it cost shitloads of money. It was crashing daily while my computer (running Generator on NT4) was rock solid.
It's kind of a pity that OS9 was my only mac experience at a time, it left such a sour taste in my mouth that I had to be practically forced to try a mac again when switching to a new job 5 years later. Kudos to Apple for having the balls to start so fresh again.
For a *nix admin it's far more difficult to clean up after somebody who had root access rather then somebody who did not. I expect 99.9% of everybody (assuming there where others then the one server mentioned in the headline) who had their machine rooted over this was hosting providers / universities offering shell's to users. Yes, this could also be exploited via other mechanisms (some not so serious remote exploit used to get local access, then this to gain root), but this is the most likely scenario.
Also from somebodies point of view who has worked as both an admin and in security teams, I've seen plenty of cases where vulnerabilities such as this where downplayed (as nobody untrusted will have local access). I've also seen cases where some trivial vulnerability in a library was used to upload and run code that used another exploit to gain root... Actually I would imagine lots's of companies are still running vulnerable versions of Apache Struts - or at least where for months while waiting for the maintainers to get their head out of their ass and release a patch (few weeks ago) for a vulnerability which was being actively exploited during the months it took to get through the users voting process.
I have lived in one, and it's not rare to hear shots fired. It is somewhat rare to have them fired at you (and even that has happened to me).
Yup, and not only your collection - the kids collection. Around the time 30% of the 100 dvd's my kids have where jumping and jittering I decided something had to be done, and ripped them all onto disk on a HTPC. Now according to content producers I think it would not be enough to buy the DVD, I would need to buy another one when it's scratched. Using the HTPC is more convenient in the first place, with the added benefit that the shelf is empty (dvd's are in a box in storage) and nothing get's scratched.
But that's the Windows way vs. the Linux way. The catch is, with the Linux way you have to figure out which directory it's copied to.