And isn't that such a great feeling of accomplishment when you pull out a nice big dry one? When you feel it peel away from the inside of the nose. I almost want to save them to look back on.
The Red Cross is a bit like this. They don't give your number to anyone else, but they will call you regularly and block caller-ID on their numbers when they do. And they won't stop calling even when you ask them to... several times.
No, do not use OpenDNS. They are worse than Comcast. Not only do they hijack DNS, making OpenDNS not a solution at all, but they also hijack your web searches to spy on you.
Ha! That's it, thanks! I ssh'ed home to test out the hijacking. I tried example.com (not literally) with lynx and I got hijacked. Then I checked it nslookup,
Hmm... huh? Tried it links and didn't get hijacked either. And you're right! Lynx was automatically adding "www." after the failure. So they are only hijacking that single subdomain for some reason. I imagine they might expand that in the future. Try again,
Time to blackhole that IP. I hate Comcast more every day.
The opt-out process took me about 5 minutes, but I shouldn't have had to do it at all. Comcast is extremely scummy. Wait until they start redirecting DNS requests to their servers too.
I'm curious if the Pirate Party will start getting enough traction in the U.S. to matter.
You won't see it happen in the US. Our electoral system is fundamentally flawed leaving us permanently with two parties. The powers that be are also strongly against fixing the problem.
I have written every possible permutation of 26 or fewer consecutive words and compressed them into these 242 bytes. Run it through a perl interpreter to decompress (note: it takes a few thousand billion years to decompress).
my $words = '/usr/share/dict/words'; local $, = ' '; sub words { my ($num, @stack) = @_; open my($fd), $words; while (<$fd>) { print @stack, $_ and chomp; words($num - 1, @stack, $_) if $num > 1; } } words(26);
I hereby release all phrases 26 words and under into the public domain. Problem solved!
You made the mistake of applying reason to "think of the children" laws. Remember, in the UK even a drawing of a human that looks underage is usually considered CP.
TPM is good when it gives the user, the owner of the hardware, more control, such as in this case when it could prevent this attack. As in the name, the user can trust their hardware. This is why the military likes it.
TPM is bad then it gives someone else control over the user's computer, like adding restrictions on the way data can be handled (hardware supported DRM). "Treacherous" computing, as its detractors call it.
It is dangerous for normal computer users because it would only be used for the bad reasons, taking freedom away from the user.
I would also assume that the cost of adding Braille is much, much less than the costs of producing and maintaining two different types of ATM (Braille and non-Braille).
My home computer gets pinged with ssh password guessing attempts all day. Not quite as hard as you, but a guess every few seconds. Key-only logins are a bit too inconvenient for me right now, so I take other measures. I have root logins disabled so they have to guess a password and a username, and they've never even guessed a correct username so far. I also used DenyHosts to mitigate attacks by instantly blocking anyone trying root logins, and block anyone else after 3 wrong guesses. (This would inevitably get myself blocked after a couple months, but adding my main IPs to hosts.allow fixed that).
Even with DenyHosts I would still nervously scan my authlogs regularly. So I recently moved ssh to a different port, not even a high numbered one (below 1024), and the attacks completely stopped. 100% gone. Soon after I also threw up a home-crafted* ssh honeypot on port 22 so not only do they not go looking for my real ssh port, but I get them to waste their time as they try to do things in the honeypot.
Wasting time is important, because that's less time they can spend finding and exploiting a real vulnerable system. I think of this as one of my contributions to the Internet.
The honeypot is a very unprivileged user running Qemu running OpenBSD with most of the filesystem flagged schg or sappnd (not even root can modify files), with all outbound networking blocked. Only ssh in is allowed. Qemu is running at nice 20. And it's running in "snapshot" mode, so all writes to disk are temporary. Restart Qemu and it goes back to a fresh honeypot. I haven't done this yet but I will have a cron job restart Qemu every couple hours to wipe it clean (I want to work out better logging first).
I'm still a bit nervous about the honeypot, so I keep a close eye on it. There may something I might have missed that could let them get more control. To help my confidence I have had friends log in and try to break it, or trash it up. So far so good.
So far the attackers that have logged in haven't even tried to do anything. They just log in, and log out. It's really strange. Maybe they'll come back someday and try to send spam or something. Maybe it's an obvious honeypot?
But here's the best part: the password for root is "password" (OpenBSD's passwd was not very happy when I did this) and very few bots ever guess this. What are they guessing? I've even seen bots that properly guess "password", log in, log out, then continue guessing more root passwords (maybe checking if it's a honeypot?). So far these random attackers don't seem very bright.
*Yes, I've heard of Kojoney but I haven't been able to get it working. And I like mine better.
I hate it when I read an article or a blog, want to leave a comment, but its locked behind some registration mechanism. Then I just don't bother. I'm not going to go through a tedious registration process just to leave one comment. Sometimes it's not even obvious how to register (I'm looking at you Wordpress). I imagine this costs these websites a lot of traffic. See The $300 Million Button.
No, anonymous commenting is too important. Throw up a captcha or something that anonymous commenters have to fill out, but registered ones don't (like Slashdot).
Not that I expect this kind of system, but if we did have some universal authentication I would want it to be cryptographically based rather than password login (like OpenID). Though managing keys would probably be too difficult for most people, and the system would be less flexible because users would need to carry their private keys around. With this system a user's identity is really just simply a public key, maybe with a "provider" attached to it like an email address. Once a website trusts your public key, due to a good comment, checking with some identity provider (like OpenID), or getting it from another trusted website, it doesn't need to do any more external verification. (This is how Freenet's forums work, for example.)
BSD has terrible driver support compared to Linux.
My experience has been exactly the opposite.
Especially for wireless card drivers! That's something OpenBSD does really well, and they seem to work right out of the box. Linux usually takes a bit of work. I find this funny because an OpenBSD system, being less flexible as a desktop or laptop, is much less likely to need a wireless card than a Linux system.
According to DaveTRON (a friend of Steven Lisberger, the creator and director of Tron), Tron is the only story that is truly canon. Tron 2.0's storylines differ from Lisberger's original intentions of the characters and the story, therefore, Tron 2.0 should be considered as its own canon. It's likely that TR2N will retcon most of the material shown in Tron 2.0, however it's possible that some parts from Tron 2.0 will be borrowed for TR2N.
Your argument can be summed up with, "Why do you need privacy and anonymous speech if you have nothing to hide?". There is information all over the web about why this is a naive, poorly thought out argument.
Remember that when you deal with the average member of the population you're dealing with someone who reads and writes somewhere between a grade 7-10 level.
To add some data since a lot of people forget this, the 2003 National Assessment of Adult Literacy found that 43% of the 16+ U.S. population had low literacy. The web population is probably fairly close to this, but lower.
From the one link: "People with lower literacy can read, but they have difficulties doing so. [...] They must read word for word and often spend considerable time trying to understand multi-syllabic words. [...] Lower-literacy users tend to satisfice -- accept something as "good enough" -- based on very little information because digging deeper requires too much reading."
So around 1 in 3 browser users will fit that description, and error/warning dialogs need to be written with this in mind.
It's not completely useless. Security is a measure of effort needed by an attacker to get into a system. Tossing in a self-signed cert increases the effort from passive eavesdropping to an active MITM attack. It really is a moderate increase in security.
Regardless, I do agree with you that browsers should scream loudly at self-signed certs. Otherwise it gets users into habits that make MITM trivial, and gives them a false sense of security that might cause them to let their guard down. Self-signed certs are like weak encryption.
Slashdot Mirror
And isn't that such a great feeling of accomplishment when you pull out a nice big dry one? When you feel it peel away from the inside of the nose. I almost want to save them to look back on.
The Red Cross is a bit like this. They don't give your number to anyone else, but they will call you regularly and block caller-ID on their numbers when they do. And they won't stop calling even when you ask them to ... several times.
Ah, I linked to the wrong article, so you don't see the severity: OpenDNS redirects www.google.com to it's own servers to capture any Google search. It's not just about doing searches in the address bar.
OpenDNS and Comcast may have different goals, but they both break Internet standards and behave poorly in order to meet them.
No, do not use OpenDNS. They are worse than Comcast. Not only do they hijack DNS, making OpenDNS not a solution at all, but they also hijack your web searches to spy on you.
Ha! That's it, thanks! I ssh'ed home to test out the hijacking. I tried example.com (not literally) with lynx and I got hijacked. Then I checked it nslookup,
Hmm... huh? Tried it links and didn't get hijacked either. And you're right! Lynx was automatically adding "www." after the failure. So they are only hijacking that single subdomain for some reason. I imagine they might expand that in the future. Try again,
Time to blackhole that IP. I hate Comcast more every day.
The opt-out process took me about 5 minutes, but I shouldn't have had to do it at all. Comcast is extremely scummy. Wait until they start redirecting DNS requests to their servers too.
Here you go,
http://miscellanea.wellingtongrey.net/2007/08/27/wellington-grey-gets-married/
Seems exactly the sort of thing you are looking for.
I'm curious if the Pirate Party will start getting enough traction in the U.S. to matter.
You won't see it happen in the US. Our electoral system is fundamentally flawed leaving us permanently with two parties. The powers that be are also strongly against fixing the problem.
You aren't buying material. You are paying for a license to use the material in a certain way.
Bzzt. Wrong.
I hereby release all phrases 26 words and under into the public domain. Problem solved!
You made the mistake of applying reason to "think of the children" laws. Remember, in the UK even a drawing of a human that looks underage is usually considered CP.
TPM is not necessarily bad.
TPM is good when it gives the user, the owner of the hardware, more control, such as in this case when it could prevent this attack. As in the name, the user can trust their hardware. This is why the military likes it.
TPM is bad then it gives someone else control over the user's computer, like adding restrictions on the way data can be handled (hardware supported DRM). "Treacherous" computing, as its detractors call it.
It is dangerous for normal computer users because it would only be used for the bad reasons, taking freedom away from the user.
It's also unlike humans in that it's digitigrade.
I'm sure the money saved by printing non-Braille keys is much less than the cost of managing two type of keys.
I would also assume that the cost of adding Braille is much, much less than the costs of producing and maintaining two different types of ATM (Braille and non-Braille).
I've give you a coupon for one free internets, but I can't find the image.
This is an area of interest to me.
My home computer gets pinged with ssh password guessing attempts all day. Not quite as hard as you, but a guess every few seconds. Key-only logins are a bit too inconvenient for me right now, so I take other measures. I have root logins disabled so they have to guess a password and a username, and they've never even guessed a correct username so far. I also used DenyHosts to mitigate attacks by instantly blocking anyone trying root logins, and block anyone else after 3 wrong guesses. (This would inevitably get myself blocked after a couple months, but adding my main IPs to hosts.allow fixed that).
Even with DenyHosts I would still nervously scan my authlogs regularly. So I recently moved ssh to a different port, not even a high numbered one (below 1024), and the attacks completely stopped. 100% gone. Soon after I also threw up a home-crafted* ssh honeypot on port 22 so not only do they not go looking for my real ssh port, but I get them to waste their time as they try to do things in the honeypot.
Wasting time is important, because that's less time they can spend finding and exploiting a real vulnerable system. I think of this as one of my contributions to the Internet.
The honeypot is a very unprivileged user running Qemu running OpenBSD with most of the filesystem flagged schg or sappnd (not even root can modify files), with all outbound networking blocked. Only ssh in is allowed. Qemu is running at nice 20. And it's running in "snapshot" mode, so all writes to disk are temporary. Restart Qemu and it goes back to a fresh honeypot. I haven't done this yet but I will have a cron job restart Qemu every couple hours to wipe it clean (I want to work out better logging first).
I'm still a bit nervous about the honeypot, so I keep a close eye on it. There may something I might have missed that could let them get more control. To help my confidence I have had friends log in and try to break it, or trash it up. So far so good.
So far the attackers that have logged in haven't even tried to do anything. They just log in, and log out. It's really strange. Maybe they'll come back someday and try to send spam or something. Maybe it's an obvious honeypot?
But here's the best part: the password for root is "password" (OpenBSD's passwd was not very happy when I did this) and very few bots ever guess this. What are they guessing? I've even seen bots that properly guess "password", log in, log out, then continue guessing more root passwords (maybe checking if it's a honeypot?). So far these random attackers don't seem very bright.
*Yes, I've heard of Kojoney but I haven't been able to get it working. And I like mine better.
I hate it when I read an article or a blog, want to leave a comment, but its locked behind some registration mechanism. Then I just don't bother. I'm not going to go through a tedious registration process just to leave one comment. Sometimes it's not even obvious how to register (I'm looking at you Wordpress). I imagine this costs these websites a lot of traffic. See The $300 Million Button.
No, anonymous commenting is too important. Throw up a captcha or something that anonymous commenters have to fill out, but registered ones don't (like Slashdot).
Not that I expect this kind of system, but if we did have some universal authentication I would want it to be cryptographically based rather than password login (like OpenID). Though managing keys would probably be too difficult for most people, and the system would be less flexible because users would need to carry their private keys around. With this system a user's identity is really just simply a public key, maybe with a "provider" attached to it like an email address. Once a website trusts your public key, due to a good comment, checking with some identity provider (like OpenID), or getting it from another trusted website, it doesn't need to do any more external verification. (This is how Freenet's forums work, for example.)
If it's a Google search, you can report the site here, though I don't think they look at these reports very often.
BSD has terrible driver support compared to Linux.
My experience has been exactly the opposite.
Especially for wireless card drivers! That's something OpenBSD does really well, and they seem to work right out of the box. Linux usually takes a bit of work. I find this funny because an OpenBSD system, being less flexible as a desktop or laptop, is much less likely to need a wireless card than a Linux system.
There's a third one that's a radio personality. This was the first of three Alan Cox's I have heard of.
According to DaveTRON (a friend of Steven Lisberger, the creator and director of Tron), Tron is the only story that is truly canon. Tron 2.0's storylines differ from Lisberger's original intentions of the characters and the story, therefore, Tron 2.0 should be considered as its own canon. It's likely that TR2N will retcon most of the material shown in Tron 2.0, however it's possible that some parts from Tron 2.0 will be borrowed for TR2N.
Where "TR2N" is "Tron Legacy".
I've been really wanted to see this but it won't be showing in any theaters reasonably close to me. And so far no torrents to be found.
Your argument can be summed up with, "Why do you need privacy and anonymous speech if you have nothing to hide?". There is information all over the web about why this is a naive, poorly thought out argument.
Remember that when you deal with the average member of the population you're dealing with someone who reads and writes somewhere between a grade 7-10 level.
To add some data since a lot of people forget this, the 2003 National Assessment of Adult Literacy found that 43% of the 16+ U.S. population had low literacy. The web population is probably fairly close to this, but lower.
From the one link: "People with lower literacy can read, but they have difficulties doing so. [...] They must read word for word and often spend considerable time trying to understand multi-syllabic words. [...] Lower-literacy users tend to satisfice -- accept something as "good enough" -- based on very little information because digging deeper requires too much reading."
So around 1 in 3 browser users will fit that description, and error/warning dialogs need to be written with this in mind.
It's not completely useless. Security is a measure of effort needed by an attacker to get into a system. Tossing in a self-signed cert increases the effort from passive eavesdropping to an active MITM attack. It really is a moderate increase in security.
Regardless, I do agree with you that browsers should scream loudly at self-signed certs. Otherwise it gets users into habits that make MITM trivial, and gives them a false sense of security that might cause them to let their guard down. Self-signed certs are like weak encryption.