I think this is symptomatic of the biggest single problem with so many government powers.
And yet in this case it would be a relatively trivial matter for the defense to parade in front of the jury a set of experts who themselves have cloned these national ID cards, thereby proving that the government's "expert" (who says they're unclonable) is full of crap.
I don't think this is as much of a problem as you're saying it is.
Now, regarding "fixing mistakes quickly", well, it's not as simple as you seem to think it is. "Simple" requires less oversight, less paperwork, which in turn makes it far easier to take advantage of it - just call them up after your assets have been seized and say "you got the wrong guy!" They decide to just trust you - after all, you couldn't possibly have a motive to lie to them, right? I mean, it's not like you just lost all your assets or anything... oh. Right. You did.
You see, it's all well and good to want mistakes to be quick and easy to resolve. Some of them are. Some of them aren't. The ones that aren't, aren't for a reason. It sucks that it was inconvenient for you, but IMO that's better than the alternative.
I don't get why people think they're "forced" to pay taxes. Taxes are simply the fee for receiving a service (or rather, a set of services) which is provided by the government. If you don't pay the fee, you shouldn't receive the service; that's how paid services work.
Now, sure, the government can throw you in jail if you don't pay your taxes. But even then, you're still receiving services you haven't paid for - you're getting free food, free cable TV, free room and board, and so on.
If you don't want to pay taxes, either lobby to get the law changed, or MOVE OUT OF MY COUNTRY.
I don't think it was so much the screw that they charged you for, but the anesthetic (local or otherwise), other shots/IVs/etc, the time you spent in the OR and recovery room, and mostly the time of doctors.
See if you can dig out the itemized insurance claim form for the operation. You'll probably see something like this:
- anesthetic: $70 - titanium screw: $30 - operating room, 2 hours: $400 - recovery room, 6 hours: $200 - doctors' time (sometimes billed separately): $500... you get the idea.
If I'm on-site at work, then I want our internal DNS servers to tell me how to get to google.com. The VPN just uses those same DNS servers.
Besides, how is the VPN going to know who to ask for which domains unless you distribute a list of (sub)domains to your clients? That would sort of defeat the purpose of DNS, I think...
But, there are also VPNs that only connect you to one network at a time, so while the VPN client is active, it is incapable of using the external DNS server. That solves the problem at the expense of routing (most) all traffic over the VPN.
What does being a programmer have to do with his opinion of the paper?
Programmers are far more likely to care about features provided by RSS feeds than your average American. Thus, I was simply providing context for why my neighbor likes those features.
However, once these types of programs become commonplace (my wife uses them now, and she hates computers), there will be very few reasons left to print newspapers.
Also, your "programming staff" example is not at all equivalent:P The average outsourced program ends up suckier than the average locally produced program (as I'm sure we're all aware); however, the average online news source is no suckier than your average newspaper.
I prefer Robert Lund's parody: "It doesn't really matter if my turkey meat is dark or white..."... but I'm not really sure how this relates to the topic. I think we're three or four metaphor-steps away from TFA's topic, by now...
Killing the newspapers is going to make the average person less likely to be informed, both nationally but especially locally.
Two rhetorical questions for you.
1) Do you think it's more likely that the average American gets his or her news from newspapers, or from television? 2) What percentage of news stories do you think the average newspaper subscriber reads?
The last time a paperboy came by my apartment asking me to "subscribe" to an ad-supported paper - that is, receive the paper for free - I said "No, thank you, I can get better news online, and I don't have to find a recycling bin for it."
My neighbor (also a computer programmer) quizzed the same paperboy about the features provided by a newspaper. "Does it update automatically, all day, with new relevant facts? Does it show me only the stories I'm interested in? Does it keep track of which stories I've read and which I haven't?" And so on and so forth.
You know, if newspapers disappeared tomorrow, then a few years from now, I really don't think America would miss them very much.
I can't fathom Comcast actually lowering prices in any way that could be correlated with ad revenue from this domain typo hijacking. This is just a way for Comcast to extract more money from its existing customer base.
Some companies have offices worldwide, but there's lots of VPN traffic to one location. It wouldn't make sense to route all of their worldwide traffic over the VPN. Remember, split-tunnel VPN software uses the information about which DNS server can resolve things to determine which connection to route things through.
A hard-coded IP address in the hosts file is often a bad idea. A simple example: when I'm on-site, company.com resolves to the internal (10.x.x.x) address, but when I'm off-site, company.com resolves to the public address. When employees are on-site, you want traffic to stay on the network, and using the external IP could cause your internal traffic to be routed out of your network and right back in.
Well, as other people are repeatedly pointing out to me (including some via e-mail), Comcast is only doing this for domains that begin with "www." right now.
But no, the only way to opt out is all-or-nothing. Which is fine.
It's not about annoying the techs. You can be quite calm and polite while explaining why this decision hurts things, and simply ask the tech to send your complaint to their supervisors. (As a former customer service rep myself, I have to say, most of them don't hate their jobs, at least no more than they would hate any job.)
Instead, it's about wasting Comcast's money until they understand that we don't like this.
In any case, how is Comcast going to know that their business practices really annoy their customers if their customers just bend over and take it?
They know which MAC address currently has the lease for which IP address, and they know which customer owns which MAC address. They also know which IP addresses belong to them, so they can separate "people opting out from home" from "people trying to opt out from work".
I'll admit, I haven't looked at their site in three weeks (since the first time the story ran). But the first time, it was not the case that only www subdomains were hijacked.
Last time, any invalid domain was hijacked. I know, I tested it.
You have to either register your IP address on the account, or use their dynamic-update client.
I haven't used OpenDNS for several months (since I left my previous employer). It's possible that they've changed it, but I see no reason they would have. We got proper NXDOMAIN responses from OpenDNS.
No, don't call in for the opt-out. Just call in to complain about the fact that they're doing it at all. Preferably including a lengthy technical description about why it's a terrible idea and breaks the internet.
I fail to see, using your scenario, why Comcast's DNS server would effect the company's internal DNS server, thus creating the conflict you alluded to. Since I'm not sure why Comcast would know anything about the company's internal network...
That's because you didn't pay attention to the scenario. We're talking about a split tunnel VPN. DNS resolution uses the following rules:
1) try the usual (external) DNS server first. If it resolves, use that IP address for the communication. 2) try the internal DNS (via the VPN) if step 1 returned NXDOMAIN, and if that resolves, use that IP address for the communication. 3) otherwise, return NXDOMAIN.
So if Comcast's external server returns a valid IP for the internal server, instead of NXDOMAIN, then your internal mail server will never be accessible to anyone using your company's VPN from a Comcast connection.
Slashdot Mirror
I think this is symptomatic of the biggest single problem with so many government powers.
And yet in this case it would be a relatively trivial matter for the defense to parade in front of the jury a set of experts who themselves have cloned these national ID cards, thereby proving that the government's "expert" (who says they're unclonable) is full of crap.
I don't think this is as much of a problem as you're saying it is.
Now, regarding "fixing mistakes quickly", well, it's not as simple as you seem to think it is. "Simple" requires less oversight, less paperwork, which in turn makes it far easier to take advantage of it - just call them up after your assets have been seized and say "you got the wrong guy!" They decide to just trust you - after all, you couldn't possibly have a motive to lie to them, right? I mean, it's not like you just lost all your assets or anything... oh. Right. You did.
You see, it's all well and good to want mistakes to be quick and easy to resolve. Some of them are. Some of them aren't. The ones that aren't, aren't for a reason. It sucks that it was inconvenient for you, but IMO that's better than the alternative.
I don't get why people think they're "forced" to pay taxes. Taxes are simply the fee for receiving a service (or rather, a set of services) which is provided by the government. If you don't pay the fee, you shouldn't receive the service; that's how paid services work.
Now, sure, the government can throw you in jail if you don't pay your taxes. But even then, you're still receiving services you haven't paid for - you're getting free food, free cable TV, free room and board, and so on.
If you don't want to pay taxes, either lobby to get the law changed, or MOVE OUT OF MY COUNTRY.
That is all.
I don't think it was so much the screw that they charged you for, but the anesthetic (local or otherwise), other shots/IVs/etc, the time you spent in the OR and recovery room, and mostly the time of doctors.
See if you can dig out the itemized insurance claim form for the operation. You'll probably see something like this:
- anesthetic: $70 ... you get the idea.
- titanium screw: $30
- operating room, 2 hours: $400
- recovery room, 6 hours: $200
- doctors' time (sometimes billed separately): $500
... *orders a turkey sandwich for lunch*
Exactly. Didn't the Star Trek: TNG episodes about Data's humanity teach us anything?
If I'm on-site at work, then I want our internal DNS servers to tell me how to get to google.com. The VPN just uses those same DNS servers.
Besides, how is the VPN going to know who to ask for which domains unless you distribute a list of (sub)domains to your clients? That would sort of defeat the purpose of DNS, I think...
But, there are also VPNs that only connect you to one network at a time, so while the VPN client is active, it is incapable of using the external DNS server. That solves the problem at the expense of routing (most) all traffic over the VPN.
What does being a programmer have to do with his opinion of the paper?
Programmers are far more likely to care about features provided by RSS feeds than your average American. Thus, I was simply providing context for why my neighbor likes those features.
However, once these types of programs become commonplace (my wife uses them now, and she hates computers), there will be very few reasons left to print newspapers.
Also, your "programming staff" example is not at all equivalent :P The average outsourced program ends up suckier than the average locally produced program (as I'm sure we're all aware); however, the average online news source is no suckier than your average newspaper.
I prefer Robert Lund's parody: "It doesn't really matter if my turkey meat is dark or white..." ... but I'm not really sure how this relates to the topic. I think we're three or four metaphor-steps away from TFA's topic, by now...
Killing the newspapers is going to make the average person less likely to be informed, both nationally but especially locally.
Two rhetorical questions for you.
1) Do you think it's more likely that the average American gets his or her news from newspapers, or from television?
2) What percentage of news stories do you think the average newspaper subscriber reads?
The last time a paperboy came by my apartment asking me to "subscribe" to an ad-supported paper - that is, receive the paper for free - I said "No, thank you, I can get better news online, and I don't have to find a recycling bin for it."
My neighbor (also a computer programmer) quizzed the same paperboy about the features provided by a newspaper. "Does it update automatically, all day, with new relevant facts? Does it show me only the stories I'm interested in? Does it keep track of which stories I've read and which I haven't?" And so on and so forth.
You know, if newspapers disappeared tomorrow, then a few years from now, I really don't think America would miss them very much.
I can't fathom Comcast actually lowering prices in any way that could be correlated with ad revenue from this domain typo hijacking. This is just a way for Comcast to extract more money from its existing customer base.
The blanket on my bed (don't know what it's made of) emits sparks, especially when the air is dry (like winter when I use it)
Erm... that's static electricity.
Relying on a failure and fail-over seems like poor design to me.
I didn't say it was a good design :P
Yeah, I have to agree with my sibling AC's post.
Some companies have offices worldwide, but there's lots of VPN traffic to one location. It wouldn't make sense to route all of their worldwide traffic over the VPN. Remember, split-tunnel VPN software uses the information about which DNS server can resolve things to determine which connection to route things through.
A hard-coded IP address in the hosts file is often a bad idea. A simple example: when I'm on-site, company.com resolves to the internal (10.x.x.x) address, but when I'm off-site, company.com resolves to the public address. When employees are on-site, you want traffic to stay on the network, and using the external IP could cause your internal traffic to be routed out of your network and right back in.
Well, as other people are repeatedly pointing out to me (including some via e-mail), Comcast is only doing this for domains that begin with "www." right now.
But no, the only way to opt out is all-or-nothing. Which is fine.
It's not about annoying the techs. You can be quite calm and polite while explaining why this decision hurts things, and simply ask the tech to send your complaint to their supervisors. (As a former customer service rep myself, I have to say, most of them don't hate their jobs, at least no more than they would hate any job.)
Instead, it's about wasting Comcast's money until they understand that we don't like this.
In any case, how is Comcast going to know that their business practices really annoy their customers if their customers just bend over and take it?
They know which MAC address currently has the lease for which IP address, and they know which customer owns which MAC address. They also know which IP addresses belong to them, so they can separate "people opting out from home" from "people trying to opt out from work".
Therefore, it could (in theory) be automated.
I'll admit, I haven't looked at their site in three weeks (since the first time the story ran). But the first time, it was not the case that only www subdomains were hijacked.
Last time, any invalid domain was hijacked. I know, I tested it.
You don't have to be logged in... my previous employer had it set up. NXDOMAIN responses worked properly, and nobody had to log in to anything.
You do have to register your IP address on your account (or use the dynamic-update client).
You have to either register your IP address on the account, or use their dynamic-update client.
I haven't used OpenDNS for several months (since I left my previous employer). It's possible that they've changed it, but I see no reason they would have. We got proper NXDOMAIN responses from OpenDNS.
No, don't call in for the opt-out. Just call in to complain about the fact that they're doing it at all. Preferably including a lengthy technical description about why it's a terrible idea and breaks the internet.
Interesting. That wasn't the case last time this story ran.
I fail to see, using your scenario, why Comcast's DNS server would effect the company's internal DNS server, thus creating the conflict you alluded to. Since I'm not sure why Comcast would know anything about the company's internal network...
That's because you didn't pay attention to the scenario. We're talking about a split tunnel VPN. DNS resolution uses the following rules:
1) try the usual (external) DNS server first. If it resolves, use that IP address for the communication.
2) try the internal DNS (via the VPN) if step 1 returned NXDOMAIN, and if that resolves, use that IP address for the communication.
3) otherwise, return NXDOMAIN.
So if Comcast's external server returns a valid IP for the internal server, instead of NXDOMAIN, then your internal mail server will never be accessible to anyone using your company's VPN from a Comcast connection.
This long? Slashdot ran this story weeks ago.
They do the same thing.... unless you register an account. Why do people always leave that part out?