This "exploit" isn't very interesting and the author really doesn't seem to have a good grasp of the HTTP protocol design, the end-to-end model, or the internet in general.
I'd be very careful before I blindly changed all my redirects to 301s. The semantics behind a 301 and 302 are VERY different and unless you want people to replace the original URI with the target in your 301s, forever, you might be entering a world of hurt.
The requested resource has been assigned a new permanent URI and any
future references to this resource SHOULD use one of the returned
URIs. Clients with link editing capabilities ought to automatically
re-link references to the Request-URI to one or more of the new
references returned by the server, where possible. This response is
cacheable unless indicated otherwise.
...
10.3.3 302 Found
The requested resource resides temporarily under a different URI.
Since the redirection might be altered on occasion, the client SHOULD
continue to use the Request-URI for future requests. This response
is only cacheable if indicated by a Cache-Control or Expires header
field.
...
This is a common theme in the high-tech world; Joe Hacker figures out a problem and a 'solution'. Problem is, they don't understand all the implications of the solution. That doesn't stop them from yelling loudly about the solution. Without a comprehensive explanation of the impact of the 'solution' you might be just causing yourself harm in other areas down the road.
Education and thorough analysis are always a good idea when you are dealing with complex systems that might have emergent behaviors. This is certainly one of the bigger pet-peeves at the IETF and with the IESG.
Of course this would be because they used autotools to package the directory and forgot to specify non-foriegn non-boilerplate generation. The end result? Empty README and boilerplate in other files.
Someone who really wanted to be objective wouldn't bash them for this.
Someone who really wanted to learn about OpenVXML or VXML in general might want to use a search engine to find some results.:-)
SER is not a PBX, it's a proxy server. A proxy server is a component of a SIP architecture and you would almost certainly (but not absolutely) need one INSIDE a PBX.
SER is a fantastic little proxy though -- just not a PBX.
A PBX includes media processing, voice mail and other 'enterprise' features.
Ironically, I am refering to precisely the Vancouver, BC (Canada) region. The incident was nearly 10 years ago and predates the excellent new digital X-ray systems.
My recent exams for removal of the pins involved getting new X-rays on a 'new' digital system. Much better and much easier for everyone.
My comments about 'fees' were relating strictly to the costs to duplicate the X-ray plates, which are no longer relevant with digital imaging.
I can relate. I have over a kg of chrome, steel and vanadium in my left femur. All hardware leftover after a serious inline-skating commuting accident 8 years ago. I set off the metal detectors if I have so much as a dime in my pocket near the leg. I'd say that 4 in 5 times I get a serious secondary inspection.
With that in mind, I will simply state that there is no benefit to having a card, X-ray, or note from a physician. If there was, a bad guy would simple get a note too. I don't have to travel with my X-rays, but I do require a pat-down and manual inspection. Depending on the screener, I have even had to show the scars. (Running knee to waist).
As for having your own X-rays, most surgeons and physicians are more than happy to make a copy for a fee, assuming that you are making it clear that you just want a copy for your own personal curiosity. If they suspect that you have an adversarial relationship or may seek an opinion or damages from them, don't be surprised if they do not permit you to have a copy. Relationship management is key here; if you're a gruff cookie you aren't going to get as far as someone who has a genuine rapport with the attending physicion.
Now days, it's even easier. My orthopaedic surgeon offered to e-mail me my latest images, no hassles at all since they were digital from the start.
This is interesting because.... ?
I had a direct entry tablet with pen for my TRS-80 Color Computer in 1979 that had a wireless mouse (ok, puck) attachment! Jeeze. You kids don't remember anything !:-)
Or people could just get better support for the emerging secure communication open standards like SIP (RFC3261 et al).
Using TLS and S/MIME with SRTP, your calls are:
open standards based, and;
secure.
As I sit here typing this, the TLS and S/MIME interoperability test is underway at SIPit 15 in Taipei. (Damn the typhoons, full speed ahead.)
I thought it was illegal (and stupid!) to operate electronic equipment while flying...
No, there are rules about commercial flight operations and airlines tend to ban electronics in-flight; however, private pilots use computers of one fashion or another quite frequently. One of the oldest and trusted names in Aviation Charts, Jeppesen sells a product called FlightMap IFR that is intended to be run on a laptop, connected to a GPS to track flight progress along your planned route.
There are a large number of electronic devices that are in use in a typical (high end) aircraft. The rules are different for the people on an airliner; it has to do with liability and assumption of risk vs education and control over the 'systems'.
I believe that Xerox had these machines in the mid-90s.
Graphic Arts Monthly has a nice blurb about the machines too (from 1996!).
Nicholas Negroponte in Being Digital talks all about these and how they will play an important part in the switch from 'Atomic Distribution' to 'Bits-is-Bits' business models.
These machine were either a really slow-burn success, or it's just an insanely slow-news day at OSDN.:-)
And I remember something about how the banking industry isn't that good up there, so you don't get decent interest rates. Or something like that, I can't remember. I just meant to say that it is no "wonderland", they do have their own issues.
Wow, now that's a concrete and profound statement.
Canada has Chartered Banks. This is a wonderful thing. It means that when you travel, you can find a branch of your own Bank! It also means that there is excellent inter-bank co-operation and the level of service is generaly quite good. It's certainly less risky and less confusion than all the Mom & Pop S&Ls that seem to dot the landscape south of 49.
I *think* that Live Communications Server uses "Session Initiation Protocol" which I *think* is a public standard[1]. I would guess that, theoretically any IM client could implement it and connect to Live Communications Server. Although that is purely speculation, there might be licensing fees associated with SIP or Microsoft might have "adjusted"[2] the standard in their own special way.
[2] True, it is a little tweaked. Mostly in that the MESSAGE messages are a bit odd in the MSFT implementation and they don't conform to RFC 3265 as well as they could, but they were an early implementation; and as such much of the standards were still being hashed out.
Surely if you wanted to typeset / author a book these days, Word wouldn't be your first choice of editor. Especially in acadameia. Docbook, LaTeX, even the ROFF family would seem more portable in terms of generating useful output. Oh well.
Once upon a time, Word really stuggled with documents over 256 pages. I'm sure that's fixed, but what about revision control, and single point of truth? Surely it has to be a pain to incorporate all your examples in the Word document as copies of what you were really using.
Does someone have a good place to chuck it in PDF form? I'd be quite happy to render it from Word to PDF. (At least that's slightly less evil).
Real Source Code Management. You can use rcs, sccs, cvs, or subversion.
All of these systems will let you maintain a versioned library of your development. With a little work, you can set it up so that ALL YOUR files (assignments) are under scm control. Got it prototyped, check-it-in, drop-a-label. Got it working, but afraid of the next change? Check it in, drop a label. You can always roll-back to any older version that you checked in.
Check in early, check in often.
There's nothing suckier than losing work that could have been saved in an SCM system.
Google any of these to get started. Subversion and CVS are currently very popular.
I worked for many years on a replacement Air Traffic Control System for Canada and as the project matured, our stage - lab (containing litterally hundreds of machines, a complete lab recreation of the coast-to-coast ATC system) started to experience an MTBF on the power supplies in the equipment that was over an order of magnitude smaller than spec'd by the manufacturer (Hewlett-Packard).
Since this was a long-term contract that included commitments to deliver over an extended period of time (25 years), the material cost of this problem was VERY significant to the equipment vendor, not the customer. (In other words there was no financial motivation to fail to find fault, quite the opposite; the fault was costing them money.)
In the spirit of "old HP" they sent us some senior hardware design guys to look at our lab and our environmentals (humidity, temp, pressures, cycles and power suppy spectra) to see what was causing the problem.
Being about 6 years ago -- I hadn't heard of the Zinc problem yet, and neither had the guys from HP. They took everything back to their labs, including about 6 failed supplies and a couple 'still good ones', some from reserve stock and some from working machines.
A few weeks later they came back; there was a big meeting -- this was an issue with potentially enormous cost -- including the ultimate customer's representatives.
I can remember the Project Manager practically spitting his coffee when informed the underlying cause. The 'special ESD safe A/C'd lab' was part of the problem. Thank fully, the final deployed environment had different flooring, so we didn't have to change the sites, just some modifications to the lab.
This is far from BS -- it's a problem that has cost millions and will likely cost millions more before it's over. But the SEM photos of the failed devices we cool to see.
How do they get 3bits per cycle? Nyquist frequency limits mean 100MHz could optimally carry 50Mbps, not 6 times that in an actual test.
Hmm. Perhaps you should consider the technology name. Much like the old quadrature based encodings, the orthogonal nature of the encoding will permit multiple bits per cycle. Othogonal carriers would be independent of one another, and therefore, be something that could be sampled independently.
Do not confuse what Nyquist has to say about sampling a single signal with the numbers presented. Each orthogonal component is a new axis upon which they can mux a data carrier (in the simplest sense).
This is contemplated in SIP (RFC3261-3265), in particular, RFC 3263 Location of SIP Servers. You can register your SIP URI (sip:user@domain.com) and have a static registration to many contact URIs, like for example:
mailto:user@mailservice.domain.com
sip:mymobilephone.wirelesscarrier.net:5060
tel:+12125551212
When someone 'calls' user@domain.com, they have a choice of how to contact you. Typically the service provider will match caller capabilities to the registrations in the service database.
The end result could be REALLY cool. You might not get my phone, but you could automagically send me email. Or I could divert you (if you calling device was capable) to a blog / presence URI that explained where I was and what I was up to. Never mind the ACTUAL implementation of presence and instant messaging that ALSO leverages this infratstructure.
Every time I hear about proprietary solutions to VOIP (like Skype) or people going on about Jabber I sort of shake my head and wonder why?
SIP provides an amazing opportunity to provide integration rich-content and services over a standard infrastructure. I cannot wait for this to start being deployed.
People who have opinions about NATs, firewalls and connectivity issues haven't done their homework. Commercial solutions exist today that skirt the NAT issues and standards based solutions are nearly RFC'ed at the IETF.
I'm not sure where it says that you'll have to pay Cisco. The IPR statement that I read clearly states:
...any party will be
able to obtain a license from Cisco to use any such patent claims under
reasonable, non-discriminatory terms, with reciprocity, to implement and
fully comply with the standard.
Admittedly, they might charge, but it doesn't say that they will. This is not new, and it might not even be news. Corporations have been doing this for a while. Look through the IETF IPR archives and you'll see plenty of places where standards work has either bumped up against or incorporated a firm's claimed-IPR.
" Khronos is now in charge of further extending OpenGL to cellphones and..."
Why oh why, for the love of a higher reasoning! Doesn't any one make a Simple, Small, Functional mobile phone?!
I don't WANT fancy crap in my phone. I want it to WORK. Good RF, Bluetooth, Multi-band radio (global GSM), EDGE, long battery life and iSync support.
Where is _my_ phone?
Slashdot Mirror
This "exploit" isn't very interesting and the author really doesn't seem to have a good grasp of the HTTP protocol design, the end-to-end model, or the internet in general.
I'd be very careful before I blindly changed all my redirects to 301s. The semantics behind a 301 and 302 are VERY different and unless you want people to replace the original URI with the target in your 301s, forever, you might be entering a world of hurt.
From RFC 2616 -- HTTP/1.1 :
10.3.2 301 Moved Permanently
The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise.
10.3.3 302 Found
The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field.
This is a common theme in the high-tech world; Joe Hacker figures out a problem and a 'solution'. Problem is, they don't understand all the implications of the solution. That doesn't stop them from yelling loudly about the solution. Without a comprehensive explanation of the impact of the 'solution' you might be just causing yourself harm in other areas down the road.
Education and thorough analysis are always a good idea when you are dealing with complex systems that might have emergent behaviors. This is certainly one of the bigger pet-peeves at the IETF and with the IESG.
Of course this would be because they used autotools to package the directory and forgot to specify non-foriegn non-boilerplate generation. The end result? Empty README and boilerplate in other files. Someone who really wanted to be objective wouldn't bash them for this. Someone who really wanted to learn about OpenVXML or VXML in general might want to use a search engine to find some results. :-)
SER is not a PBX, it's a proxy server. A proxy server is a component of a SIP architecture and you would almost certainly (but not absolutely) need one INSIDE a PBX.
SER is a fantastic little proxy though -- just not a PBX.
A PBX includes media processing, voice mail and other 'enterprise' features.
Ironically, I am refering to precisely the Vancouver, BC (Canada) region. The incident was nearly 10 years ago and predates the excellent new digital X-ray systems.
My recent exams for removal of the pins involved getting new X-rays on a 'new' digital system. Much better and much easier for everyone.
My comments about 'fees' were relating strictly to the costs to duplicate the X-ray plates, which are no longer relevant with digital imaging.
I can relate. I have over a kg of chrome, steel and vanadium in my left femur. All hardware leftover after a serious inline-skating commuting accident 8 years ago. I set off the metal detectors if I have so much as a dime in my pocket near the leg. I'd say that 4 in 5 times I get a serious secondary inspection.
With that in mind, I will simply state that there is no benefit to having a card, X-ray, or note from a physician. If there was, a bad guy would simple get a note too. I don't have to travel with my X-rays, but I do require a pat-down and manual inspection. Depending on the screener, I have even had to show the scars. (Running knee to waist).
As for having your own X-rays, most surgeons and physicians are more than happy to make a copy for a fee, assuming that you are making it clear that you just want a copy for your own personal curiosity. If they suspect that you have an adversarial relationship or may seek an opinion or damages from them, don't be surprised if they do not permit you to have a copy. Relationship management is key here; if you're a gruff cookie you aren't going to get as far as someone who has a genuine rapport with the attending physicion.
Now days, it's even easier. My orthopaedic surgeon offered to e-mail me my latest images, no hassles at all since they were digital from the start.
This is interesting because .... ? :-)
I had a direct entry tablet with pen for my TRS-80 Color Computer in 1979 that had a wireless mouse (ok, puck) attachment! Jeeze. You kids don't remember anything !
Using TLS and S/MIME with SRTP, your calls are:
- open standards based, and;
- secure.
As I sit here typing this, the TLS and S/MIME interoperability test is underway at SIPit 15 in Taipei. (Damn the typhoons, full speed ahead.)I thought it was illegal (and stupid!) to operate electronic equipment while flying...
No, there are rules about commercial flight operations and airlines tend to ban electronics in-flight; however, private pilots use computers of one fashion or another quite frequently. One of the oldest and trusted names in Aviation Charts, Jeppesen sells a product called FlightMap IFR that is intended to be run on a laptop, connected to a GPS to track flight progress along your planned route.
There are a large number of electronic devices that are in use in a typical (high end) aircraft. The rules are different for the people on an airliner; it has to do with liability and assumption of risk vs education and control over the 'systems'.
Around 3000' AGL near northern Washington state, from the left front seat of a Cessna 172 over GPRS. Flightplan on the left side, /. on the right.
I believe that Xerox had these machines in the mid-90s.
Graphic Arts Monthly has a nice blurb about the machines too (from 1996!).
Nicholas Negroponte in Being Digital talks all about these and how they will play an important part in the switch from 'Atomic Distribution' to 'Bits-is-Bits' business models.
These machine were either a really slow-burn success, or it's just an insanely slow-news day at OSDN. :-)
Wow, now that's a concrete and profound statement.
Canada has Chartered Banks. This is a wonderful thing. It means that when you travel, you can find a branch of your own Bank! It also means that there is excellent inter-bank co-operation and the level of service is generaly quite good. It's certainly less risky and less confusion than all the Mom & Pop S&Ls that seem to dot the landscape south of 49.
In fact, they look to be in fine shape.
Thanks -- too bad the /. editors didn't decide to post a link to the PDF. That was just asking for trouble. Cheers.
Surely if you wanted to typeset / author a book these days, Word wouldn't be your first choice of editor. Especially in acadameia. Docbook, LaTeX, even the ROFF family would seem more portable in terms of generating useful output. Oh well.
Once upon a time, Word really stuggled with documents over 256 pages. I'm sure that's fixed, but what about revision control, and single point of truth? Surely it has to be a pain to incorporate all your examples in the Word document as copies of what you were really using.
Does someone have a good place to chuck it in PDF form? I'd be quite happy to render it from Word to PDF. (At least that's slightly less evil).
Something even more useful than snapshots:
Real Source Code Management. You can use rcs, sccs, cvs, or subversion. All of these systems will let you maintain a versioned library of your development. With a little work, you can set it up so that ALL YOUR files (assignments) are under scm control. Got it prototyped, check-it-in, drop-a-label. Got it working, but afraid of the next change? Check it in, drop a label. You can always roll-back to any older version that you checked in.
Check in early, check in often.
There's nothing suckier than losing work that could have been saved in an SCM system.
Google any of these to get started. Subversion and CVS are currently very popular.
Well you better start doing your homework.
I worked for many years on a replacement Air Traffic Control System for Canada and as the project matured, our stage - lab (containing litterally hundreds of machines, a complete lab recreation of the coast-to-coast ATC system) started to experience an MTBF on the power supplies in the equipment that was over an order of magnitude smaller than spec'd by the manufacturer (Hewlett-Packard).
Since this was a long-term contract that included commitments to deliver over an extended period of time (25 years), the material cost of this problem was VERY significant to the equipment vendor, not the customer. (In other words there was no financial motivation to fail to find fault, quite the opposite; the fault was costing them money.)
In the spirit of "old HP" they sent us some senior hardware design guys to look at our lab and our environmentals (humidity, temp, pressures, cycles and power suppy spectra) to see what was causing the problem.
Being about 6 years ago -- I hadn't heard of the Zinc problem yet, and neither had the guys from HP. They took everything back to their labs, including about 6 failed supplies and a couple 'still good ones', some from reserve stock and some from working machines.
A few weeks later they came back; there was a big meeting -- this was an issue with potentially enormous cost -- including the ultimate customer's representatives.
I can remember the Project Manager practically spitting his coffee when informed the underlying cause. The 'special ESD safe A/C'd lab' was part of the problem. Thank fully, the final deployed environment had different flooring, so we didn't have to change the sites, just some modifications to the lab.
This is far from BS -- it's a problem that has cost millions and will likely cost millions more before it's over. But the SEM photos of the failed devices we cool to see.
Currently subscribe and read cover-to-cover:
Read frequently:
Bzzt!
SIP (aka RFC3261 et al.) uses SIP to setup calls. The syntax of SIP is clearly inspired by HTTP, but HTTP it ain't.
Location of SIP services is handled through DNS operations as described in RFC 3263 -- Locating SIP Servers.
Why, oh why we don't locate HTTP services using SRV or NAPTR records is really a sad question -- virtual hosting would work so much better.
Most everything else you mention is fairly accurate. There are excellent SIP resources online at Sip Forum.
The NAT problem is over-rated. Service providers routinely solve it with an SBC or special ATA devices.
The Predator that Melville tested is the Rutan / Scaled Model 120 Predator, it's an Ag plane (agricultural applications).
Predator (Model 120) (Scaled) 1984 = Agplane. 1pClwM canard; 400hp Avco Lycoming IO-720; span: 57'0". Gross wt: 7,580#.
Not related to the Predator Global UAV at all I'm afraid.
He still has an excellent and solid record as a test pilot.
Hmm. Perhaps you should consider the technology name. Much like the old quadrature based encodings, the orthogonal nature of the encoding will permit multiple bits per cycle. Othogonal carriers would be independent of one another, and therefore, be something that could be sampled independently.
Do not confuse what Nyquist has to say about sampling a single signal with the numbers presented. Each orthogonal component is a new axis upon which they can mux a data carrier (in the simplest sense).
When someone 'calls' user@domain.com, they have a choice of how to contact you. Typically the service provider will match caller capabilities to the registrations in the service database.
The end result could be REALLY cool. You might not get my phone, but you could automagically send me email. Or I could divert you (if you calling device was capable) to a blog / presence URI that explained where I was and what I was up to. Never mind the ACTUAL implementation of presence and instant messaging that ALSO leverages this infratstructure.
Every time I hear about proprietary solutions to VOIP (like Skype) or people going on about Jabber I sort of shake my head and wonder why?
SIP provides an amazing opportunity to provide integration rich-content and services over a standard infrastructure. I cannot wait for this to start being deployed.
People who have opinions about NATs, firewalls and connectivity issues haven't done their homework. Commercial solutions exist today that skirt the NAT issues and standards based solutions are nearly RFC'ed at the IETF.
Admittedly, they might charge, but it doesn't say that they will. This is not new, and it might not even be news. Corporations have been doing this for a while. Look through the IETF IPR archives and you'll see plenty of places where standards work has either bumped up against or incorporated a firm's claimed-IPR.