No matter what the implementation, it is still possible to reset TCP sessions
Slight correction: It is still possible to reset TCP sessions that do not use some kind of authentication. There is such a thing as the TCP MD5 signature option - an extension to TCP - which eliminates this possibility. BGP speakers are supposed to use this.
(As I understand it, this idea could also protect any arbitary TCP session, but I doubt anyone's done this, and this feature would require the TCP impelementation to understand these MD5 signatures.)
http://www.ietf.org/rfc/rfc2385.txt
It explictly documents how this defends against "connectionless resets".
However, this option uses pre-shared keys, which is why it would be difficult in practice for many protocols. Works fine for BGP, because it's usually admins setting up BGP sessions and they want to secure them.
Mindnummingly common for Asian immigrants to New Zealand to pick up an "English" name to go with their "Chinese" name. (At least, with immigrants that want to get into 'mainline' NZ culture.)
Unfortunatly, they usually don't get the help of a native English speaker to help them, and often pick rather odd names, or names that aren't very common in their generation (eg: a name that was in fashion 30 years ago.)
Usually it's an effort to fit on, or they simply give up trying to get non-Chinese speakers to pronounce their name anywhere near right.
"As Louis Armstrong once said when asked to explain jazz: "Man, if you gotta ask you'll never know." (Feminists please note Fats Waller's explanation of rhythm: "Lady, if you got to ask, you ain't got it.")"
Xtra in New Zealand certainly does. You can see their stats on the right hand side of that linked page. It was a godsend when they implemented it - the number of email borne viruses in this country plummeted. As a consequence of this, most of the ISP's in New Zealand followed suit (as Xtra is the largest ISP here) and implement some form of virus scanning.
I think they just use a more conventional virus scanner than any 'quick checks' you describe.
Beyond me why this isn't the norm for ISP's and corporates - anyone running a mail server not scanning email is almost incompetent in this day and age.
And what happens when Server A sends to Alice at Server B. But Alice is really a redirector for Bob at Server C, so it forwards it on.
Server C takes a look at the message. It has a From address of user@servera.com; but it came from Server B. Thus, it's apparently a forgery and gets rejected.
What if Server B rewrites the from address, so it's "user-at-server-a@serverb.com" - Server C will accept it fine. But if server C bounces the email (ie: accept and later generate the bounce), Server B would have to accept this bounce and send it on to the original sender..
Oh wait.. does this mean that spammer on server D could send email to user-at-server-a@serverb.com" ? Oh look, open relay.
Anyway, this is a few of the issues that spf.pobox.com has been dealing with.
The word really is "twee", and it means "sweet" and young and childlike and feel good and cute and precious, but overdone to the point of irritating normal people.
Tweeness would mean something affectly badly with being twee.
Do you want a phone and headset combination that only works with an 11b access point around to arbitrate things?
Or a laptop that can't talk to the phone because it's set to the SSID of the LAN instead of the phone's own private LAN?
Exactly *how* are you supposed to configure your headset so it only works with your phone, and not your cubical neigbours? And vice versa - you don't really want your neighbours headset picking up your call.
Yes, you'd need a standard on top of it all to achieve this - but BlueTooth has all this specified already. There are chips out there you can buy that do most of the hard work already.
11b is overcompilcated to set up in this situation. (Program a SSID into a headset?) Bluetooth is "discover and pair" devices.
(grr, I wish the North American's would realise that bluetooth is already ubiqutious among cellphones. Right as I write, my boss uses a laptop-USB-bluetooth to GSM cellphone link for high-speed data access over GPRS. Which cellphone supported 11b access? But of course, it tends to only be GSM phones that support this kind of thing, and GSM isn't popular over there... heh.)
What cellpadding? What on earth are you talking about?
There's no reference to CELLPADDING in the Geronimo source in the PDF, only in the JBoss source. And anyway, that's in the embedded API documentation - JavaDoc - it's not a varable name at all.
And, it's CELLPADDING because they're embedding HTML into the source - so it's got to be the HTML spec. (You do know what HTML is, right?)
Secondly, you're factually wrong - the class names are different - it's "ThreadNDCConverter" in JBoss and "NamedNDCConverter" in Geronimo.
You do realise the source code in the PDF is side by side? You're supposed to be comparing the left column against the right?
(As proof that I'm not misintepreting the PDF, if you actually pull the source you'll see that that is not present in the Apache code
I didn't say it was a good idea. And you're right, these are problems, but they're only problems to thinking consumers. The companies themselves wouldn't care about what happens after they're gone, and they'd just assume that DSL (or whatever the next-generation will be) will be there.
I'm sure that some marketdroid is drooling over the possible DRM "advantages".:-)
I can think of only one: If there's no other reason for the DVD-ROM drive.
Imagine a console that had no storage at all, but used a big fat fast broadband connection to play games you rented.
Save games could be stored server side.
Heck, even Video-on-Demand becomes possible if the bandwith glut arrives on time.
What might happen is the next generation not being very good at TiVo functionality - it's one thing to be able to play DVD's, but to act as a recording device? Can it record while you play a game? What if you punch the reset button while it's recording? (Especially if you were playing a game and merely wanted to change games.) Or if it crashes or something. (Not a problem at the moment - it's fair to say that you can play a DVD (exclusive) *or* watch a game. DVD playback isn't really that hard to get the user interface right, or close enough.)
If they get TiVo-alike functionality right, maybe, but I wouldn't want to count on it.
which applies the delegation-only to everything but "de", "lv", "museum" and "us". Personally, I would consider removing.museum from this list because it contains a wildcard. (.de contains valid, non-wildcard, non-delgate data, I think.us does too, and I don't know about.lv)
You might want two USB cables - one holding USB2.0 HiSpeed devices only (eg: the CD Writer, if it's hispeed) and the other carrying USB1.1/FullSpeed devices. (Otherwise the CD Writer will be limited to USB1.1 speeds, which wouldn't be as reliable.)
It should in theory work. If you want to do this sort of thing in a big way, look at BlackBox ServSwitch gear - if you want to remotely manage a whole farm of computers.
As others point out, there's no need for your admin to disconnect the remote keyboard when in the server room - just have another USB hub in there or use another usb port - or a conventional ps/2 keyboard.
However, it's listed as non-commercial only - which means (extracting from the license agreement) "If you are using the Materials under the control of a Noncommercial-Use license, you as an individual may use the Materials for only personal, noncommercial and research purposes"
But to a commercial entity, the fees aren't really that steep anyway, and it is a Fortran 95 Compiler, with all kinds of high-performance features that will make you drool. (For example, it can use SIMD/SIMD-II/MMX parellelizing instructions for the loops in your code without any explicit parallelization instructions in the code.)
There's an equilivent version of the Intel C++ compiler too.
I would imagine (well, hope) that ComCast and AOL are filtering by IP Address rather than by domain from. (Either the From: header or the SMTP sender.) I'm hope the mail admins there know full well that from addresses in email are trivially faked. (And usually are in the case of spam and today's mass-mailing viruses.)
If they're filtering you, double check you're not infected with it perhaps? (And you're not an open relay and all those other normal things.) (You do virus scan incoming and outgoing email, right? You should. Scanning outgoing alerts you to any infections you have. And scanning incoming goes without saying.)
I know I've had to place a few IP based blocks on to reduce the incoming flood of Sobig. (100% of which was being delt to by (or at least defanged by) McAfee Webshield, but the notifications were getting annoying.)
And Sobig gets addresses from many many many places - not just Outlook lists.
Of course, there's no reason to think these undeliverable messages are actually in reply to your outgoing mail. In all probability, they're from various third parties infected and sending out apparently from your address and dumbass virus scanners send a "you've got a virus" message to the apparent from address.
Hint for mail admins running virus scanners: Do not notifiy the sender on reciept of a virus. You're sending it to the wrong person and only making things worse. Check the IP of the computer that sent it instead, and contact that administrator.
I wonder how long before you see "intro" ink cartridges (with only like 25% filled) being supplied with the original printer?
HP have been doing this for a while. 20mL cartridges with the printer instead of the normal 40 mL
Re:Cringley, Linus, and Christoph Hellwig
on
Today's SCO News
·
· Score: 1
It matters because it suggests that Cygwin doesn't use (or doesn't have to use) the subsystem.:-)
Re:Cringley, Linus, and Christoph Hellwig
on
Today's SCO News
·
· Score: 1
As far as I understand, it doesn't use the POSIX subsystem at all, and uses cygwin32.dll for everything. (And is thus, from NT's point of view, a Win 32 application)
I could be wrong - and it's something of a pity not to use the subsystem as it's a "better" emulation. (Like files have owning groups stored properly in NTFS, I think filenames are case sensitive.)
But, of course, the subsystem isn't available on Win 95 and 98.
I'm unfamilar with this game and set up, but presumably people paid for these accounts. Are all the members of this Guild Invicitus guilty of abusing such features? I can imagine that various members are innocents that thought they were just joining a powerful team.
If there's no reasonable evidence that all of that guild are guilty, it seems harsh (no comeback?) (Perhaps they are and I'm just ignorant - I can't tell.)
Anyway, the servers were not attacked. "UPDATE: It has been brought to my attention that the Shadowbane servers were not compromised in any way. The "hack" was only client side, our fears regarding the security issues for our Credit Cards and accounts have been put at ease." states the updated report. Good greif, is this another game depending on client security? (Design flaw - the client will be hacked by somebody in this kind of game and your game should be designed to cope.)
I *hope* for the players of this game that there was a bug in the server side validation of what the clients were sending, rather than a blatent design flaw.
Re:Cringley, Linus, and Christoph Hellwig
on
Today's SCO News
·
· Score: 1
Actually.. all that exists already.
It's called the Posix Runtime. And it's been around, but little publised since NT has existed. It's sitting there in NT4, W2k and later version.
(Since it's not bound by running in the Win32 subsytem like most other programs, using rm running in the posix subsystem is a MS recommended way of deleting certain tricky filenames.)
You have NT Native programs - and these are rare. (AUTOCHK and certain "guts" of NT are such). You have the Win32 subsystem - running the majority of programs. Win16 Subsystem - for those poor souls that have to run such. OS/2 Subsystem - OS/2 character mode binaries. Posix subsystem.
etc etc
And a few years back, someone did take the Posix runtime and expand it right out into a usable environment.
This reminds me of a quote by Terry Prachett. (paraphrased from memory) Everyone agrees that freezing at 0 degrees and boiling at 100 is nice and logical but doesn't stop them believing in their hearts that 70 is a nice warm temprature.
However, for me, my first reaction was 70 degrees was an inferno - simply because I have been brought up with degrees C, and degrees F have no meaning to me. (I am exactly opposite to you - 25 deg C is nice and rather warm, 70 degrees F means nothing.)
As for reciepies? Well, yes, our (NZ) recipies often have cups and teaspoons and suchlike in them. But they're metric cups and metric teaspoons.
1 cup = 250 mL 1 tablespoon = 20 mL 1 teaspoon = 5 mL:-)
I'm in NZ, but we have the same currency setup as you guys (mulitcolour multisized plastic notes; 5c as smallest coin, except that our $2 coin is larger than our $1.)
Yeah.. it was a pain going back to those 1 cent coins touring the states. I eventually realised that I was going to have to go with the flow and leave them as tips. (Good greif I hate that too.)
It also infurated me that there's no point working out ahead of time what you're going to pay - if the sign says $8.07 and you count out $8.07, you'll only get Random Sales Tax meaning you'll just give up and give the person a $10 note and end up with more accursed pennies.)
Oh, and while I never encountered a human with $1 US coins, several public-transport-ticket-vending machines gave them as change. With big, "This gives out $1 coins as change" warnings..
Slashdot Mirror
No matter what the implementation, it is still possible to reset TCP sessions
Slight correction: It is still possible to reset TCP sessions that do not use some kind of authentication. There is such a thing as the TCP MD5 signature option - an extension to TCP - which eliminates this possibility. BGP speakers are supposed to use this.
(As I understand it, this idea could also protect any arbitary TCP session, but I doubt anyone's done this, and this feature would require the TCP impelementation to understand these MD5 signatures.)
http://www.ietf.org/rfc/rfc2385.txt
It explictly documents how this defends against "connectionless resets".
However, this option uses pre-shared keys, which is why it would be difficult in practice for many protocols. Works fine for BGP, because it's usually admins setting up BGP sessions and they want to secure them.
Mindnummingly common for Asian immigrants to New Zealand to pick up an "English" name to go with their "Chinese" name. (At least, with immigrants that want to get into 'mainline' NZ culture.)
Unfortunatly, they usually don't get the help of a native English speaker to help them, and often pick rather odd names, or names that aren't very common in their generation (eg: a name that was in fashion 30 years ago.)
Usually it's an effort to fit on, or they simply give up trying to get non-Chinese speakers to pronounce their name anywhere near right.
Why? Simple. The pure value of simply hacking something together.
Hack Value.
"As Louis Armstrong once said when asked to explain jazz: "Man, if you gotta ask you'll never know." (Feminists please note Fats Waller's explanation of rhythm: "Lady, if you got to ask, you ain't got it.")"
Xtra in New Zealand certainly does. You can see their stats on the right hand side of that linked page. It was a godsend when they implemented it - the number of email borne viruses in this country plummeted. As a consequence of this, most of the ISP's in New Zealand followed suit (as Xtra is the largest ISP here) and implement some form of virus scanning.
I think they just use a more conventional virus scanner than any 'quick checks' you describe.
Beyond me why this isn't the norm for ISP's and corporates - anyone running a mail server not scanning email is almost incompetent in this day and age.
And what happens when Server A sends to Alice at Server B. But Alice is really a redirector for Bob at Server C, so it forwards it on.
Server C takes a look at the message. It has a From address of user@servera.com; but it came from Server B. Thus, it's apparently a forgery and gets rejected.
What if Server B rewrites the from address, so it's "user-at-server-a@serverb.com" - Server C will accept it fine. But if server C bounces the email (ie: accept and later generate the bounce), Server B would have to accept this bounce and send it on to the original sender..
Oh wait.. does this mean that spammer on server D could send email to user-at-server-a@serverb.com" ? Oh look, open relay.
Anyway, this is a few of the issues that spf.pobox.com has been dealing with.
The word really is "twee", and it means "sweet" and young and childlike and feel good and cute and precious, but overdone to the point of irritating normal people.
Tweeness would mean something affectly badly with being twee.
This is /.
A typical human here is mostly fat and not much lean tender muscle..
You could just think Object Oriented and do it that way.
... ...
//NOP - unkillable ...
The code to cause damage should be:
monster.takeDamage(damageAmount);
And then you have:
class Monster {
public void takeDamage(int damageAmount){
hitpoints = hitpoints - damageAmount;
}
}
class SomeUnkillableMonster extends Monster {
public void takeDamage(int damageAmount) {
}
}
Why not? Because 11b is a bit tricky to set up.
Do you want a phone and headset combination that only works with an 11b access point around to arbitrate things?
Or a laptop that can't talk to the phone because it's set to the SSID of the LAN instead of the phone's own private LAN?
Exactly *how* are you supposed to configure your headset so it only works with your phone, and not your cubical neigbours? And vice versa - you don't really want your neighbours headset picking up your call.
Yes, you'd need a standard on top of it all to achieve this - but BlueTooth has all this specified already. There are chips out there you can buy that do most of the hard work already.
11b is overcompilcated to set up in this situation. (Program a SSID into a headset?) Bluetooth is "discover and pair" devices.
(grr, I wish the North American's would realise that bluetooth is already ubiqutious among cellphones. Right as I write, my boss uses a laptop-USB-bluetooth to GSM cellphone link for high-speed data access over GPRS. Which cellphone supported 11b access? But of course, it tends to only be GSM phones that support this kind of thing, and GSM isn't popular over there... heh.)
What cellpadding? What on earth are you talking about?
There's no reference to CELLPADDING in the Geronimo source in the PDF, only in the JBoss source. And anyway, that's in the embedded API documentation - JavaDoc - it's not a varable name at all.
And, it's CELLPADDING because they're embedding HTML into the source - so it's got to be the HTML spec. (You do know what HTML is, right?)
Secondly, you're factually wrong - the class names are different - it's "ThreadNDCConverter" in JBoss and "NamedNDCConverter" in Geronimo.
You do realise the source code in the PDF is side by side? You're supposed to be comparing the left column against the right?
(As proof that I'm not misintepreting the PDF, if you actually pull the source you'll see that that is not present in the Apache code
cvs checkout from the attic
)
I didn't say it was a good idea. And you're right, these are problems, but they're only problems to thinking consumers. The companies themselves wouldn't care about what happens after they're gone, and they'd just assume that DSL (or whatever the next-generation will be) will be there.
:-)
I'm sure that some marketdroid is drooling over the possible DRM "advantages".
I can think of only one: If there's no other reason for the DVD-ROM drive.
Imagine a console that had no storage at all, but used a big fat fast broadband connection to play games you rented.
Save games could be stored server side.
Heck, even Video-on-Demand becomes possible if the bandwith glut arrives on time.
What might happen is the next generation not being very good at TiVo functionality - it's one thing to be able to play DVD's, but to act as a recording device? Can it record while you play a game? What if you punch the reset button while it's recording? (Especially if you were playing a game and merely wanted to change games.) Or if it crashes or something. (Not a problem at the moment - it's fair to say that you can play a DVD (exclusive) *or* watch a game. DVD playback isn't really that hard to get the user interface right, or close enough.)
If they get TiVo-alike functionality right, maybe, but I wouldn't want to count on it.
Please pay better attention to isc.org. You have a rather messy syntax there full of needless typing. A better syntax is:
.museum from this list because it contains a wildcard. (.de contains valid, non-wildcard, non-delgate data, I think .us does too, and I don't know about .lv)
options {
root-delegation-only exclude { "de"; "lv"; "museum"; "us"; };
};
which applies the delegation-only to everything but "de", "lv", "museum" and "us". Personally, I would consider removing
You might want two USB cables - one holding USB2.0 HiSpeed devices only (eg: the CD Writer, if it's hispeed) and the other carrying USB1.1/FullSpeed devices. (Otherwise the CD Writer will be limited to USB1.1 speeds, which wouldn't be as reliable.)
It should in theory work. If you want to do this sort of thing in a big way, look at BlackBox ServSwitch gear - if you want to remotely manage a whole farm of computers.
As others point out, there's no need for your admin to disconnect the remote keyboard when in the server room - just have another USB hub in there or use another usb port - or a conventional ps/2 keyboard.
It's kinda buried - you have to click the "list of evaulation editions" link. But it most certainly exists.
f lin/noncom.htm
http://www.intel.com/software/products/compilers/
However, it's listed as non-commercial only - which means (extracting from the license agreement) "If you are using the Materials under the control of a Noncommercial-Use license, you as an individual may use the Materials for only personal, noncommercial and research purposes"
But to a commercial entity, the fees aren't really that steep anyway, and it is a Fortran 95 Compiler, with all kinds of high-performance features that will make you drool. (For example, it can use SIMD/SIMD-II/MMX parellelizing instructions for the loops in your code without any explicit parallelization instructions in the code.)
There's an equilivent version of the Intel C++ compiler too.
I would imagine (well, hope) that ComCast and AOL are filtering by IP Address rather than by domain from. (Either the From: header or the SMTP sender.) I'm hope the mail admins there know full well that from addresses in email are trivially faked. (And usually are in the case of spam and today's mass-mailing viruses.)
If they're filtering you, double check you're not infected with it perhaps? (And you're not an open relay and all those other normal things.) (You do virus scan incoming and outgoing email, right? You should. Scanning outgoing alerts you to any infections you have. And scanning incoming goes without saying.)
I know I've had to place a few IP based blocks on to reduce the incoming flood of Sobig. (100% of which was being delt to by (or at least defanged by) McAfee Webshield, but the notifications were getting annoying.)
And Sobig gets addresses from many many many places - not just Outlook lists.
Of course, there's no reason to think these undeliverable messages are actually in reply to your outgoing mail. In all probability, they're from various third parties infected and sending out apparently from your address and dumbass virus scanners send a "you've got a virus" message to the apparent from address.
Hint for mail admins running virus scanners: Do not notifiy the sender on reciept of a virus. You're sending it to the wrong person and only making things worse. Check the IP of the computer that sent it instead, and contact that administrator.
I wonder how long before you see "intro" ink cartridges (with only like 25% filled) being supplied with the original printer?
HP have been doing this for a while. 20mL cartridges with the printer instead of the normal 40 mL
It matters because it suggests that Cygwin doesn't use (or doesn't have to use) the subsystem. :-)
As far as I understand, it doesn't use the POSIX subsystem at all, and uses cygwin32.dll for everything. (And is thus, from NT's point of view, a Win 32 application)
I could be wrong - and it's something of a pity not to use the subsystem as it's a "better" emulation. (Like files have owning groups stored properly in NTFS, I think filenames are case sensitive.)
But, of course, the subsystem isn't available on Win 95 and 98.
I'm unfamilar with this game and set up, but presumably people paid for these accounts. Are all the members of this Guild Invicitus guilty of abusing such features? I can imagine that various members are innocents that thought they were just joining a powerful team.
If there's no reasonable evidence that all of that guild are guilty, it seems harsh (no comeback?) (Perhaps they are and I'm just ignorant - I can't tell.)
Anyway, the servers were not attacked. "UPDATE: It has been brought to my attention that the Shadowbane servers were not compromised in any way. The "hack" was only client side, our fears regarding the security issues for our Credit Cards and accounts have been put at ease." states the updated report. Good greif, is this another game depending on client security? (Design flaw - the client will be hacked by somebody in this kind of game and your game should be designed to cope.)
I *hope* for the players of this game that there was a bug in the server side validation of what the clients were sending, rather than a blatent design flaw.
Actually.. all that exists already.
It's called the Posix Runtime. And it's been around, but little publised since NT has existed. It's sitting there in NT4, W2k and later version.
(Since it's not bound by running in the Win32 subsytem like most other programs, using rm running in the posix subsystem is a MS recommended way of deleting certain tricky filenames.)
You have NT Native programs - and these are rare. (AUTOCHK and certain "guts" of NT are such). You have the Win32 subsystem - running the majority of programs. Win16 Subsystem - for those poor souls that have to run such. OS/2 Subsystem - OS/2 character mode binaries. Posix subsystem.
etc etc
And a few years back, someone did take the Posix runtime and expand it right out into a usable environment.
Have you even seen what Services for Unix can do?
This reminds me of a quote by Terry Prachett. (paraphrased from memory) Everyone agrees that freezing at 0 degrees and boiling at 100 is nice and logical but doesn't stop them believing in their hearts that 70 is a nice warm temprature.
:-)
However, for me, my first reaction was 70 degrees was an inferno - simply because I have been brought up with degrees C, and degrees F have no meaning to me. (I am exactly opposite to you - 25 deg C is nice and rather warm, 70 degrees F means nothing.)
As for reciepies? Well, yes, our (NZ) recipies often have cups and teaspoons and suchlike in them. But they're metric cups and metric teaspoons.
1 cup = 250 mL
1 tablespoon = 20 mL
1 teaspoon = 5 mL
Even in NZ you can order a pint of beer at a pub with no problem - and we've been fully metric for decades.
:-)
(Although, by law, it has to be at least 598mL from memory
Nope, it's a lot more complex than that. The printing (of face value and all else) is done at manufacture time.
0 1. html#P75_4429
http://www.rbnz.govt.nz/currency/money/0060617-
details NZ notes - but we to source our notes from Australia, and I imagine other countries have similar production systems.
I'm in NZ, but we have the same currency setup as you guys (mulitcolour multisized plastic notes; 5c as smallest coin, except that our $2 coin is larger than our $1.)
Yeah.. it was a pain going back to those 1 cent coins touring the states. I eventually realised that I was going to have to go with the flow and leave them as tips. (Good greif I hate that too.)
It also infurated me that there's no point working out ahead of time what you're going to pay - if the sign says $8.07 and you count out $8.07, you'll only get Random Sales Tax meaning you'll just give up and give the person a $10 note and end up with more accursed pennies.)
Oh, and while I never encountered a human with $1 US coins, several public-transport-ticket-vending machines gave them as change. With big, "This gives out $1 coins as change" warnings..