When doing land surveying with laser measuring tools and electronic data collectors in the pouring rain, its really good when your equipment is waterpoof.
Although not everyone does that, but the target audience would be people in jobs like that tend to be working in conditions potentially very hazarous to electronic devices.
Also, the IP allocation should be totally redone...no organization should be allowed more than one IP number, let them use NAT internally to make up the difference. If they need to go to IPv6, then that's fine.
Another thing... It would also be a logistics nightmare since an orginization like ibm has locations all over the world that need internet access, why have a single entry point to their entire network as well as a single point of failure?
Also, what makes you think that you could just drop in ipv6 and everything will be good and fine? Most of the hardware/software around doesn't support ipv6 out of the box (think the $30 dlink NAT routers from compusa and what about windows 98?). It will be a very very long time before every single bit of networking hardware produced will support ipv6 out of the box.
Also, the IP allocation should be totally redone...no organization should be allowed more than one IP number, let them use NAT internally to make up the difference. If they need to go to IPv6, then that's fine.
Ever hear of internet based apps requiring end to end connectivity as in something like netmeeting or various other similar apps. NAT just would not work with such things. Port forwarding is just a hack to get around NAT which is a hack in itself (a pretty good hack I will admit).
With the current designs as they are, things like ssl web servers MUST run on a seperate ip than the main web server because the domain name needs to be known before ssl negotiation takes place. This means that you can only run one ssl server per ip.
And similarly no organization should be allowed more than one web... sorry, forgot the terminology, but when I look up I see http://yro.slashdot.org/... the part I mean is the.slashdog.org.
This is silly comment because you can have a million subdomains point to the same ip and things like web servers work just fine. In fact, that exact method is used by thousands of servers all over to save on ips. Its called name based virtual hosting.
I realize that in this context "organization" is a bit difficult to define, but with names like://yro.slashdot.org/comments.pl?sid=... now being common, there's no need to let people monopolize anything that sounds like the name they want. Perhaps there are legitimate reasons to assure that people aren't being fooled, but that's a separate matter (fraud).
Are you talking about someone taking joe.com which prevents someone else named joe from using that domain? If so, with the current domain name system it would be a complete mangled mess if we were to implement some sort of forced domain management so that multiple people could use the same domain under the same tld.
Domains like co.uk already exist for more orginization, but trying to split up joe.com into mr.joe.com and harry.joe.com would not prevent any of the problems that currently exist in the current domain name system. someone would register harry.joe.com and someone else would still not be able to use that domain.
In terms of the://yro.slashdot.org/comments.pl?sid= type url locations, I have no idea what your talking about, but what ever it is, it probably wouldn't work since that only applies to web and weblike services (like ftp, gopher, etc, etc).
My post isn't just about not making mistakes, everyone makes mistakes when programming, but its developing with a particular mindset that will help prevent as many mistakes as possible.
Here is my methodology: You accept a piece of input, be it a packet, a pointer to something, someones username, or anything.
You thihk to yourself, what are my limits with this piece of data. What is the size limit, what elements can or can't it contain, what memory location ranges will we allow this pointer to point.
You have a buffer with X number of bytes to store an incomming packet, so what you do is get the size of the data, if its too big its an invalid packet and you drop it, no sense to continue.
If you are being passed an offset into a data segment, make sure that offset is withen the proper range of memory.
Its all about validating your data. If you follow the simple rule of validating any and every bit of input that your program will accept you have just gained a huge plus in software security.
Many people code in such a way that they assume all chunks of data will be valid and then later add validation, that approach works as long as can keep in your head all the places that need validation.
Once you know that a specific piece if data can have an arbitrary value, you must make sure that value is withen the right limits otherwise bad things can happen.
It's not "lets hope and pray we made no mistakes" it's all about sticking to a strict game plan to make sure you don't make mistakes, or limit them to a minimum.
Having to be root to bind to ports under 1024. Yes, it's very silly. Why can't we get rid of that hangover now?
Because on multiuser systems where you for example don't run a web server you don't want random people poping up a server on port 80 pretending to be you. Of course you could firewall it off, but why not let the kernel take care of it?
Someday, people will realize that unsafe data (anything that comes in over the net) really can't be safely manipulated in a language like C.
People like you who don't understand that any software written in any language can be exploited should be shot. Your post is just painful to read.
Rule #1: Unsafe data should be handled in sandboxed languages.
Rule #1 is actually: VALIDATE ALL USER INPUT
This holds true for any language, c, java, php, brainfuck, or anything else. You can just as easily exploit a php script to insert sql statements and destroy a database as you could write code to crash a server using openssl assumeing the target apps do poor validation and you (the attacker) know what you're doing.
Many things that communicate over the are safely handled in c, java, php, etc etc because they are written to validate the input given to them and never do operations on data that hasn't been validated. You can write a secure implementation of openssl in c or java, it doesn't matter as long as the underlieing methods include validating all of your input.
Rule #2: Programs that are exposed to unsafe data (server processes) should run at some minimum and constrained privilege level, not as root. The "must be root to bind to ports less than 1024" rule on Unix is almost exactly the opposite of what the rule should be.
This is another bullshit rule, if you have an app that properly validates all of its data then you can run the process with any level of permissions and not worry. The problem is, most apps aren't written with the idea to validate everything (the number one reason is because it adds overhead). Apps like openssl are written by more than one developer so its even harder to make sure everything is validated properly because of differing programming styles and methods, etc etc.
I'm sure many people who don't understand these issues will flame me or say I am trolling, but oh well, someone needs to keep bringing this up until it sinks in.
In the US if the corperation is found to be guilty of something there is something called "piercing the corperate veil" (see groklaw, http://radio.weblogs.com/0120124/2003/07/09.html) which means that the directors of the company will be held liable for their actions. In civil cases it can only be used if the company can't fully pay the amount of the judgement against them. In criminal cases it means the directors can face jail time.
Your post is so pathetic I don't even want to explain why it is, but I will anyway. Any bandwidth increase from any cablemodem will cost the cable company more money.
Its simple: You use up more bandwidth, you pay more (Unless you are withen your allocated limit that you are already paying for). Thats how it works in the real world.
As far as advertizing/mail fraud? Roadrunner advertizes their services as UP TO 50 times faster. If you have say, a 56k dialup maxing out at about 6k/sec and you switch to a cablemodem that you can max out at 300k/sec then you have gotten yourself a line that is 50 times faster. But if you only get a cable hookup that gives you 100k/sec, it still meets the advertizement since
your getting speeds UP TO 50 times faster.
So, if you want to uncap your modem, go right ahead, you should hopefully like dialup because thats all you will be able to get after they ban you.
I am no windows expert here. But I tried disabeling as many services as possible for a win2k server i built for someone. When I disabled RPC and rebooted, the machine no longer functioned. Apartently RPC is a critical service that needs to be running in order for windows to function properly.
I had to boot up in safe mode and do some registry hacking to get RPC back up and running, because everything from windows explorer to control panel, to msie would fail to load. After managed to turn RPC back on, the machine worked "perfectly". As perfect as a windows machine can operate, hah.
Another option would be to restrict the screener to a booth so no passing peepers can see the image, said Randal Null, the agency's chief technology officer.
So what they're saying is that there will be private booths for airport security to monitor passengers who walk through this machine that look completely naked? I can see how this would lead to abuse of the system.
"Uhhh sorry mam we need you to stand right there for a few minutes our machine seems to be broken, yeah that's it, broken"
Journaling filesystems have existed in the *nix world for quite some time. And FAT is *not* a journaling filesystem. Why do you think your fs gets horribly mangled when your favorite app locks your machine when it had 20 files open. On your next boot you run scandisk to find 50kB in lost clusters.
These lost clusters are bits and pieces of files that were open that didnt make their way to the proper place on the filesystem before the lockup.
If you don't run scandisk after a lockup like that then what happens is you get crosslinked files if you lock again because the new lost clusters get mixed in somehow with the old ones. And if you keep locking over and over without running scandisk, eventually most of your fs will be trashed. This is not a symptom of a journaled fs.
Microsoft, Apple, etc etc, all our favorite companies to pick on have trademarked names. I haven't once seen ms or apple send cease and desist letters to someone who wrote a comic making a parody of ms or bashing apple using one of their precious trademarks.
Monolythic is the type of kernel that linux is. Monolithic means all commincation is done by funtion calls. You can load modules because its designed for it. Removing module support does not make linux non-monolithic.
Maybe companies like apple and other competing operating systems and computer companies profited because when joe schmoe turned on his computer that he bought at 2am saterday night he couldnt activate his new improved windows ex pee advanced super wonderful edition release 5, he went back to the store and got a mac, or a mandrake box, or a lindows box.
My point wasnt that SQL was *required* for dns, it just makes it super easy. Sure, bind doesn't use SQL and it works perfectly fine (although management is hell with thousands of domains).
My argument was that a purly/etc/hosts style nameserver is a BAD IDEA.:)
Do you know many thousands of.org domains are out there? With/etc/hosts, when you go to look up a domain name, it loads up/etc/hosts, and checks, line by line if the domain is in there.
Imagine that your/etc/hosts file has 50,000 hosts in it (which is NOT ALOT, considering the amount of existing domains out there). Now imagine the 2 billion people that are on the internet are hitting your/etc/hosts based nameserver to look up aolsucks.org.
SQL servers, good ones, do table indexing and cacheing enableing lightning fast lookups even when there are hundreds of thousands of people accessing database (assumeing a fast enough server).
DNS does ALOT more then just mapping names to numbers. If you are interested head over to the dns rfc over here
The majority of email addresses used for spam come from mostly personal and buisness websites (that share your damn email and home address with the rest of the world), web fourms (like slashdot), and nntp newsgroups. If email addresses were randomly generated, you would have much less of a chance at actually reaching someone. Web email grabbers have been sucking up people's email addresses since spam was invented.
A great way to get as little spam is possible is never sign up for anything on the web, or mail order with your email address, never post your email address on a newsgroup or on the web. Only give your email address to friends who you wish to enable to contact you.
ANY encrypted password hash is only as secure as the machine/environment its in. This is why shadow passwords are very nice, the world doesn't have access to your password hashes. Same with password hashes stored in a backend database.
If an outsider can get access to your password hashes, there are other problems to be delt with than the possibility of a distributed brute force md5 cataloging network.
I do agree though that with faster computers hashed passwords will be more quickly found, and especially with distributed applications. The future is probebly longer and more complex hashes to compete with the growing speed of computers.
The engineers also tell the legislators if their laws need adjusting
Explain to me again why similar logic should not apply to these stanford computer scientists?
The same logic does apply. There are no laws against p2p networks, so why shouldnt these standford computer scientists be free to build their "missiles" of p2p network defense.
If they are indeed working on systems to which the law does not apply, then that's one thing. That's scientific progress and appropriate technology policy needs to be formulated. But trying to tell legislators "we know better than you" is immoral.
The ability to tell legislators that "we know better then you" is a right given to us by the people that founded our country, which is sole reason why we still do have freedoms here in the US.
IMMORAL YOU SAY?? So was it immoral for the millions of people who basicly told legislators that that the people know better them them throughout our history to gain various rights we now take for granted today?
Slashdot Mirror
When doing land surveying with laser measuring tools and electronic data collectors in the pouring rain, its really good when your equipment is waterpoof.
Although not everyone does that, but the target audience would be people in jobs like that tend to be working in conditions potentially very hazarous to electronic devices.
Another thing... It would also be a logistics nightmare since an orginization like ibm has locations all over the world that need internet access, why have a single entry point to their entire network as well as a single point of failure?
Also, what makes you think that you could just drop in ipv6 and everything will be good and fine? Most of the hardware/software around doesn't support ipv6 out of the box (think the $30 dlink NAT routers from compusa and what about windows 98?). It will be a very very long time before every single bit of networking hardware produced will support ipv6 out of the box.
Ever hear of internet based apps requiring end to end connectivity as in something like netmeeting or various other similar apps. NAT just would not work with such things. Port forwarding is just a hack to get around NAT which is a hack in itself (a pretty good hack I will admit).
With the current designs as they are, things like ssl web servers MUST run on a seperate ip than the main web server because the domain name needs to be known before ssl negotiation takes place. This means that you can only run one ssl server per ip.
This is silly comment because you can have a million subdomains point to the same ip and things like web servers work just fine. In fact, that exact method is used by thousands of servers all over to save on ips. Its called name based virtual hosting.
Are you talking about someone taking joe.com which prevents someone else named joe from using that domain? If so, with the current domain name system it would be a complete mangled mess if we were to implement some sort of forced domain management so that multiple people could use the same domain under the same tld.
Domains like co.uk already exist for more orginization, but trying to split up joe.com into mr.joe.com and harry.joe.com would not prevent any of the problems that currently exist in the current domain name system. someone would register harry.joe.com and someone else would still not be able to use that domain.
In terms of the
So where did you get your voodoo optimized athlon mozilla build, I'd like to try it out.
whats wrong with pl-sql?
My post isn't just about not making mistakes, everyone makes mistakes when programming, but its developing with a particular mindset that will help prevent as many mistakes as possible.
Here is my methodology:
You accept a piece of input, be it a packet, a pointer to something, someones username, or anything.
You thihk to yourself, what are my limits with this piece of data. What is the size limit, what elements can or can't it contain, what memory location ranges will we allow this pointer to point.
You have a buffer with X number of bytes to store
an incomming packet, so what you do is get the size of the data, if its too big its an invalid packet and you drop it, no sense to continue.
If you are being passed an offset into a data segment, make sure that offset is withen the proper range of memory.
Its all about validating your data. If you follow the simple rule of validating any and every bit of input that your program will accept you have just gained a huge plus in software security.
Many people code in such a way that they assume all chunks of data will be valid and then later add validation, that approach works as long as can keep in your head all the places that need validation.
Once you know that a specific piece if data can have an arbitrary value, you must make sure that value is withen the right limits otherwise bad things can happen.
It's not "lets hope and pray we made no mistakes" it's all about sticking to a strict game plan to make sure you don't make mistakes, or limit them to a minimum.
Because on multiuser systems where you for example don't run a web server you don't want random people poping up a server on port 80 pretending to be you. Of course you could firewall it off, but why not let the kernel take care of it?
People like you who don't understand that any software written in any language can be exploited should be shot. Your post is just painful to read.
Rule #1 is actually: VALIDATE ALL USER INPUT
This holds true for any language, c, java, php, brainfuck, or anything else. You can just as easily exploit a php script to insert sql statements and destroy a database as you could write code to crash a server using openssl assumeing the target apps do poor validation and you (the attacker) know what you're doing.
Many things that communicate over the are safely handled in c, java, php, etc etc because they are written to validate the input given to them and never do operations on data that hasn't been validated. You can write a secure implementation of openssl in c or java, it doesn't matter as long as the underlieing methods include validating all of your input.
This is another bullshit rule, if you have an app that properly validates all of its data then you can run the process with any level of permissions and not worry. The problem is, most apps aren't written with the idea to validate everything (the number one reason is because it adds overhead). Apps like openssl are written by more than one developer so its even harder to make sure everything is validated properly because of differing programming styles and methods, etc etc.
You *are* trolling.
In the US if the corperation is found to be guilty of something there is something called "piercing the corperate veil" (see groklaw, http://radio.weblogs.com/0120124/2003/07/09.html) which means that the directors of the company will be held liable for their actions. In civil cases it can only be used if the company can't fully pay the amount of the judgement against them. In criminal cases it means the directors can face jail time.
Your post is so pathetic I don't even want to explain why it is, but I will anyway. Any bandwidth increase from any cablemodem will cost the cable company more money.
Its simple: You use up more bandwidth, you pay more (Unless you are withen your allocated limit that you are already paying for). Thats how it works in the real world.
As far as advertizing/mail fraud? Roadrunner advertizes their services as UP TO 50 times faster. If you have say, a 56k dialup maxing out at about 6k/sec and you switch to a cablemodem that you can max out at 300k/sec then you have gotten yourself a line that is 50 times faster. But if you only get a cable hookup that gives you 100k/sec, it still meets the advertizement since your getting speeds UP TO 50 times faster.
So, if you want to uncap your modem, go right ahead, you should hopefully like dialup because thats all you will be able to get after they ban you.
hamburgers don't claim to have ham, french fries don't claim to be french, and dr pepper has no mention of any pepper in the ingrediants.
The silver crayons don't claim to have 99% silver contained in them. The compusa compound and the ocz compound claimed they did.
mtrg
/
http://people.ee.ethz.ch/~oetiker/webtools/mrtg
I am no windows expert here. But I tried disabeling as many services as possible for a win2k server i built for someone. When I disabled RPC and rebooted, the machine no longer functioned. Apartently RPC is a critical service that needs to be running in order for windows to function properly.
I had to boot up in safe mode and do some registry hacking to get RPC back up and running, because everything from windows explorer to control panel, to msie would fail to load. After managed to turn RPC back on, the machine worked "perfectly". As perfect as a windows machine can operate, hah.
You are very correct, IE is completely broken with respect to displaying transparent pngs.
Another option would be to restrict the screener to a booth so no passing peepers can see the image, said Randal Null, the agency's chief technology officer.
So what they're saying is that there will be private booths for airport security to monitor passengers who walk through this machine that look completely naked? I can see how this would lead to abuse of the system.
"Uhhh sorry mam we need you to stand right there for a few minutes our machine seems to be broken, yeah that's it, broken"
Journaling filesystems have existed in the *nix world for quite some time. And FAT is *not* a journaling filesystem. Why do you think your fs gets horribly mangled when your favorite app locks your machine when it had 20 files open. On your next boot you run scandisk to find 50kB in lost clusters.
These lost clusters are bits and pieces of files that were open that didnt make their way to the proper place on the filesystem before the lockup.
If you don't run scandisk after a lockup like that then what happens is you get crosslinked files if you lock again because the new lost clusters get mixed in somehow with the old ones. And if you keep locking over and over without running scandisk, eventually most of your fs will be trashed. This is not a symptom of a journaled fs.
Microsoft, Apple, etc etc, all our favorite companies to pick on have trademarked names. I haven't once seen ms or apple send cease and desist letters to someone who wrote a comic making a parody of ms or bashing apple using one of their precious trademarks.
Monolythic is the type of kernel that linux is. Monolithic means all commincation is done by funtion calls. You can load modules because its designed for it. Removing module support does not make linux non-monolithic.
Maybe companies like apple and other competing operating systems and computer companies profited because when joe schmoe turned on his computer that he bought at 2am saterday night he couldnt activate his new improved windows ex pee advanced super wonderful edition release 5, he went back to the store and got a mac, or a mandrake box, or a lindows box.
My point wasnt that SQL was *required* for dns, it just makes it super easy. Sure, bind doesn't use SQL and it works perfectly fine (although management is hell with thousands of domains).
/etc/hosts style nameserver is a BAD IDEA. :)
My argument was that a purly
Do you know many thousands of .org domains are out there? With /etc/hosts, when you go to look up a domain name, it loads up /etc/hosts, and checks, line by line if the domain is in there.
/etc/hosts file has 50,000 hosts in it (which is NOT ALOT, considering the amount of existing domains out there). Now imagine the 2 billion people that are on the internet are hitting your /etc/hosts based nameserver to look up aolsucks.org.
Imagine that your
SQL servers, good ones, do table indexing and cacheing enableing lightning fast lookups even when there are hundreds of thousands of people accessing database (assumeing a fast enough server).
DNS does ALOT more then just mapping names to numbers. If you are interested head over to the dns rfc over here
The majority of email addresses used for spam come from mostly personal and buisness websites (that share your damn email and home address with the rest of the world), web fourms (like slashdot), and nntp newsgroups. If email addresses were randomly generated, you would have much less of a chance at actually reaching someone. Web email grabbers have been sucking up people's email addresses since spam was invented.
A great way to get as little spam is possible is never sign up for anything on the web, or mail order with your email address, never post your email address on a newsgroup or on the web. Only give your email address to friends who you wish to enable to contact you.
ANY encrypted password hash is only as secure as the machine/environment its in. This is why shadow passwords are very nice, the world doesn't have access to your password hashes. Same with password hashes stored in a backend database.
If an outsider can get access to your password hashes, there are other problems to be delt with than the possibility of a distributed brute force md5 cataloging network.
I do agree though that with faster computers hashed passwords will be more quickly found, and especially with distributed applications. The future is probebly longer and more complex hashes to compete with the growing speed of computers.
Legislators make laws. Engineers build missiles.
The engineers also tell the legislators if their laws need adjusting
Explain to me again why similar logic should not apply to these stanford computer scientists?
The same logic does apply. There are no laws against p2p networks, so why shouldnt these standford computer scientists be free to build their "missiles" of p2p network defense.
If they are indeed working on systems to which the law does not apply, then that's one thing. That's scientific progress and appropriate technology policy needs to be formulated. But trying to tell legislators "we know better than you" is immoral.
The ability to tell legislators that "we know better then you" is a right given to us by the people that founded our country, which is sole reason why we still do have freedoms here in the US.
IMMORAL YOU SAY?? So was it immoral for the millions of people who basicly told legislators that that the people know better them them throughout our history to gain various rights we now take for granted today?