I play a lot of online games. I have had UPnP disabled on every network gateway I've owned precisely because it is ridiculously insecure. I have yet to find one that doesn't work properly with UPnP disabled.
The only exception to this is when I was running a CS:GO server awhile back I had create port forwarding rules so clients could connect, but setting up dedicated servers on residential networks isn't something non-advanced users do.
It was at Jabara airport in Kansas, and the 747 in question was a Dreamlifter which is a heavily modified 747 Boeing uses for cargo hauling it is manufacturing process. It has been determined that the runway in question is long enough for it to take off again, although it seems just barely.
The resulting investigation itself would be enough of a deterrent. Having your equipment seized for examination and possibly interrogated yourself is one hell of an inconvenience, not to mention paying a lawyer. Even if you do end up being let go, it will still cost you time and money, and lots of both.
AES GCM is already in TLS 1.2 and acts as a stream cipher, I'd like to see more AEAD modes in TLS though. The way TLS was using IV's in CBC mode cipher suites has already been fixed.
RC4 is NOT FIPS compliant. Never has been. RSA has never published a spec for RC4. The code just showed up one day on a mailing list from an anonymous source.
You seemed to have missed the point. I was proposing that the insider in a hypothetical inside job doesn't care that inputs.io crashes and burns because they just made off with 4100 BTC. As the summary mentions some people could not "panic and pull their coins out" as there were no coins to pull out.
To be clear, I'm not saying that this is what happened, merely floating it as a possibility, given the nature of BTC it wouldn't be hard to pull off.
Could have been an inside job. Collect $1.2 million in BTC from "depositors". Take all the money and run. Blame it on hackers. Profit. No one is going to investigate, there are no consequences, there is nothing to audit, and no way to seize back the funds even if some legal action were taken.
Power abhors a vacuum. There will always be a government analog (even if it just your local warlord) wherever you go as long as there are other people. This is also the reason why weakening governments simply allows corporate power grabs, I'm sure there are some who'd love to return to the days of the East India Trading Company private armies and all.
Until the OS is actually released, that is the best evidence available. I see no reason why Valve would deviate from that, given there long history of embracing the homebrew, modding and indie communities.
Unfortunately, it does appear that RC4 is broken at this point (see other commenters). The upside is that this will hopefully speed the adoption of TLS1.2 and people can start using AES in GCM mode (basically turns AES in to stream cipher with authenticated encryption as well).
Where you will see under the (corny named) header 'Cooperating System' the line.
Users can alter or replace any part of the software or hardware they want. Gamers are empowered to join in the creation of the games they love. SteamOS will continue to evolve, but will remain an environment designed to foster these kinds of innovation.
al Libi will probably stand trial in Federal court for his alleged involvement in the embassy bombings. He has an standing Federal indictment (over a decade old at this point) in the Southern District of New York related to those events.
If they suspect your cheating, among other things, the house might start saving your mucked hands, set them aside basically, for analysis. The house always plays by set rules, so there is no advantage to them looking at your cards.
It is not unjustified to inquire about a source no matter what you may feel about the subject. For all your accusations of people being rude all you had to reply with is "I don't have a source", instead you went on a defensive rant about it.
chroot is not a security measure and you shouldn't be using it as one, but yes there some counter measures you can take to combat things like this but it all adds to the 'hassle' part of the equation I mentioned.
You can see this same phenomenon at work on Android. There are lots of GPL apps that are sold on the Play store and earn the maintainer a couple of bucks an install for the work they did in the port. However, being GPL software you can download the source and build the.apk for free and sideload it.
People still buy the Play store version even though there is a free and (unlike in the Steam case) legal alternative. Make it easy and they will come, and likely pay you.
Slashdot Mirror
I play a lot of online games. I have had UPnP disabled on every network gateway I've owned precisely because it is ridiculously insecure. I have yet to find one that doesn't work properly with UPnP disabled. The only exception to this is when I was running a CS:GO server awhile back I had create port forwarding rules so clients could connect, but setting up dedicated servers on residential networks isn't something non-advanced users do.
Yeah I saw it too. Blame it on lack of an edit button.
It was at Jabara airport in Kansas, and the 747 in question was a Dreamlifter which is a heavily modified 747 Boeing uses for cargo hauling it is manufacturing process. It has been determined that the runway in question is long enough for it to take off again, although it seems just barely.
Allows them to edit content pursuant to terms and conditions.
The resulting investigation itself would be enough of a deterrent. Having your equipment seized for examination and possibly interrogated yourself is one hell of an inconvenience, not to mention paying a lawyer. Even if you do end up being let go, it will still cost you time and money, and lots of both.
Which they wouldn't know until after they confiscate your gear and otherwise walk all over your life. No thanks.
AES GCM is already in TLS 1.2 and acts as a stream cipher, I'd like to see more AEAD modes in TLS though. The way TLS was using IV's in CBC mode cipher suites has already been fixed.
RC4 is NOT FIPS compliant. Never has been. RSA has never published a spec for RC4. The code just showed up one day on a mailing list from an anonymous source.
You seemed to have missed the point. I was proposing that the insider in a hypothetical inside job doesn't care that inputs.io crashes and burns because they just made off with 4100 BTC. As the summary mentions some people could not "panic and pull their coins out" as there were no coins to pull out.
To be clear, I'm not saying that this is what happened, merely floating it as a possibility, given the nature of BTC it wouldn't be hard to pull off.
Could have been an inside job. Collect $1.2 million in BTC from "depositors". Take all the money and run. Blame it on hackers. Profit. No one is going to investigate, there are no consequences, there is nothing to audit, and no way to seize back the funds even if some legal action were taken.
Mailing address as in a physical address that people send things to like things you bought online.
This is why we tell people to not roll there own crypto systems (particularly rolling your own cipher) if they are serious about security. http://crypto.stackexchange.com/questions/2601/is-xor-in-a-cbc-like-mode-secure
Power abhors a vacuum. There will always be a government analog (even if it just your local warlord) wherever you go as long as there are other people. This is also the reason why weakening governments simply allows corporate power grabs, I'm sure there are some who'd love to return to the days of the East India Trading Company private armies and all.
Until the OS is actually released, that is the best evidence available. I see no reason why Valve would deviate from that, given there long history of embracing the homebrew, modding and indie communities.
Unfortunately, it does appear that RC4 is broken at this point (see other commenters). The upside is that this will hopefully speed the adoption of TLS1.2 and people can start using AES in GCM mode (basically turns AES in to stream cipher with authenticated encryption as well).
Ah the good old [citation needed] as a cover up for lack of basic research. Allow me point you to the SteamOS announcement page.
http://store.steampowered.com/livingroom/SteamOS/
Where you will see under the (corny named) header 'Cooperating System' the line.
Users can alter or replace any part of the software or hardware they want. Gamers are empowered to join in the creation of the games they love. SteamOS will continue to evolve, but will remain an environment designed to foster these kinds of innovation.
Flip-phone comeback? I loved flip-phones.
al Libi will probably stand trial in Federal court for his alleged involvement in the embassy bombings. He has an standing Federal indictment (over a decade old at this point) in the Southern District of New York related to those events.
If they suspect your cheating, among other things, the house might start saving your mucked hands, set them aside basically, for analysis. The house always plays by set rules, so there is no advantage to them looking at your cards.
Mozilla has a bug open about it. There has apparently been lots of discussion about pros/cons of using key continuity.
https://bugzilla.mozilla.org/show_bug.cgi?id=398721
It is not unjustified to inquire about a source no matter what you may feel about the subject. For all your accusations of people being rude all you had to reply with is "I don't have a source", instead you went on a defensive rant about it.
Did you know they also get to speed, run red lights and cross medians in the course of their duties where normal people can't. THE OUTRAGE I TELL YOU.
If SteamOS creates better or more enthusiastic support from hardware manufactures for Linux, that is a net win for everyone.
chroot is not a security measure and you shouldn't be using it as one, but yes there some counter measures you can take to combat things like this but it all adds to the 'hassle' part of the equation I mentioned.
You can see this same phenomenon at work on Android. There are lots of GPL apps that are sold on the Play store and earn the maintainer a couple of bucks an install for the work they did in the port. However, being GPL software you can download the source and build the .apk for free and sideload it.
People still buy the Play store version even though there is a free and (unlike in the Steam case) legal alternative. Make it easy and they will come, and likely pay you.