yeah... Florida Jokes... Marriage is like the hurricanes we have around here. It starts with a lot of sucking and blowing and then you lose your house...
And the Cheap and Cheerfull Stereo Company Goodmans sold in Cheap and Cheerfull UK mail order catalogues has had this for more then a year.
In fact I have one in my spare car. 99 pounds for a bundle - 1 Stereo, 1 USB extension cable and 1 64M USB stick (pretty good one actually, USB2, write protect and slim thickness so it fits anywhere.)
I had to recode my several G of ogg to use it, but with the help of ogg2mp3 and some shell scripting it ended up being considerably less painfull then expected.
It is not bad - 320Kbit variable rate MP3, 255 tracks per volume max, 8 directories per volume (which is a pain in the arse). Standard DIN.
Downsides, does not play anything but MP3s and has a phenomenally ugly late 90-es teenager color scheme. Fluorescent red. Yuck...
But for that price I guess I should not be fussy...
More likely a case of "Beware of Idiots Writing Plugins". The biggest falling of firefox is that plugins are not containerized properly and can crash and burn the browser without any problem.
There may be some good uses for it though. Notifying the user that he must take an anti-RSI break springs to mind as one good use. Possibly a few others.
So would you care explaining to us exactly what is the problem if you have published your source as well? 'cause if you had, that would have counted towards this requirement.
As far as Vonage or Packet8 are concerned they will have easier time implementing this then incumbents. It is dead easy to do this with SIP. All that is necessary is to make the SIP server reply with a different voice endpoint to all SIP invites from persons who are under surveilance. As a result the "snooping" equipment is separate and does not encumber primary network infrastructure.
As far as Skype is concerned I could not care less. It will be dead by that time. Same as Kazaa - supernode to freeload ratio will drop beyond the point where the network is sustainable.
Have a look at an average UK street. 40%+ of private cars are supermini - Clio, Peugeot 106/206/207, Fiesta/Ka/Fusion, Corsa, Yaris, C3, Charade/Sirion and the like. Have a look at an average US suburbia street - at least 60% of private cars are penis extenders with no other function, but to compensate for the sense of inadequacy in their owner.
3 years of same gas prices and they will become very much alike.
Where some trained drones will assemble stuff. Per instructions and blueprints done elsewhere. Some of them may be very qualified and very well trained drones, but still drones.
That is not a research facility.
That is not a development facility.
Those have gone abroad.
To places where people are still not ashamed of studying for a science or engineering degree instead of law or marketing.
Complete and utter bollocks. Rackspace can do real-time backup snapshots to their SAN of any of their standard config machines. They do not offer this is you have a custom config, but this does not mean that they cannot do it. So there was no need for ANY DOWNTIME WHATSOEVER.
They offer this under the name of managed backup service. So, if the order was exactly as unsealed by EFF and they wanted to comply to it literally it would have taken them a few seconds with no downtime. Few minutes at most.
If Indimedia was not a managed backup service customer Rackspace would have had to install the agent first. They are a fully managed service provider and they have root on the box under normal circumstances and can install the agent in a couple of minutes.
If Indimedia was a managed backup service customer Rackspace could have handed all old snapshots outright and initiated a new on the spot with a click of a button on the "fanatical support" console.
In fact, it may be worth it to ask was or was not Indimedia a rackspace managed backup service customer.
Let's assume your cache is poisoned. Someone queries your name server for your authoritative zone. You return the correct answers and for the "extra" records you return poisoned information. As a result someone sending information to a system for which you are authoritative DNS ends up sending it elsewhere. Compared to this if they are split, the authoritative answer does not contain any glue or extra records. The querying name server will have to go fetch these by itself.
Basically by running separate instances for authoritative nameservers and resolvers you mitigate some poisoning scenarios. Not all. And the actual scenarios which are being mitigated may not be of interest to you. They are clearly of interest and importance in an ISP. This is the reason why I am saying that if your ISP does not do it - RUN.
There are places where you would have to use BIND and places where you can get away with a partial implementation. If an ISP is using DJB-DNS I would recommend to stay away from it. There is a number of neat tricks in the bind cache expiration algorithm (from late 8 and early 9 onwards) which DJB has blamed unnecessary (see the BUGTRAQ archives for the discussion). While they are not necessary they are essential to ensure that operational mistakes have a limited life. That does not happen with DJB implementation as well as some other ones. So if you screw up your TTL or serial no on the zone files - this is it. Same for poisoned entries.
Further to this. DNS is the most easily upgradeable service. Clients fallback automatically and a few seconds of downtime are in the "who cares" area. In fact every ISP out there has scheduled daily mandatory reloads which update configs. Do users notice - nope.
Even further to that, there are methods to make any number of dns servers answer the same address and because DNS is stateless this can be done without any clustering crap. ISC which writes bind have done this for 7+ years. Most global telcos and ISPs do it as well.
And, in order for DNS poisoning attacks to be effective name servers usually need to have both recursion turned on and return authoritative answers. Doing this on an internet facing server is an idiocy. If your ISP does that and serves authoritative requests from the same server which is used for name resolution in clients - RUN. They have NO CLUE WHATSOEVER. If they use clustering for resilience - run even faster.
The problem is not that these are not known. They are drilled into the skulls of Joe Average all the way through school and further on. To no avail. Because there is another thought by another great American poet and philosopher which Americans tend to forget:
Those who cannot remember the past are condemned to repeat it. George Santayana, The Life of Reason (1905)
Britain is a signatory to the European convention on human rights which makes the freedom of speech and freedom of expression an essential part of British law.
Bollocks. Here Yahoo is paying 10% under the market average. That is not a reward. That is pittance pay.
Dunno about G, their UK op is very small and even more secretive then the US one.
Well... Dunno about fiber optics, similar non-fiber optics systems have been around for a while. I recall seeing blueprints and formulae for the design of a duct based system like this sometimes around 1985. Some russian magazine, do not remember the name off the top of my head.
1. This processor is 95% MIPS compatible. I understand incompatible, and 100% compatible. What do they mean by this?
.
It does not implement the bits that are patented. IIRC there are patents MIPS equivalent of SIMD instructions and a few others. The chinese were wise enough to skip these so they in fact can export this and MIPS technologies will have to sit and watch.
Do you have any facts about this, or is it your intuition?.
It was one of the design criteria. There was plenty of information about it 1-2 years ago. It was carefully and deliberately designed around MIPS patents. The rest of the architecture and the instruction set is an industry standard and in the public domain.
If the Godson-2 is "pretty much a copy of the MIPS R10000".
It is as far as instruction set is concerned. It is not as far as technology and implementation. While R10000 was not a bad CPU, I would expect "Godson" to be considerably better. It should consume less and scale to higher frequencies. China has manufacturing capability on 150nm (and possibly less) which was not available to anyone in 1995
He was the only one stupid enough to be in the public eye and make a point that he can SPAM as much as he likes including a public pissing matches with major people from the judiciary, Putin administration and the new business elite.
He was asking for it.
And he got it.
There are plenty of others who run phishing rings and counterfeit software rings. If you trace the web sites selling "OEM software" or fake bank sites they nearly universally end up with their strings pulled from somewhere in the middle of nowhere in Russia. At least every single email I have bothered to analyse properly and trace in the last 1 year was in this category. You will never see these guys in the public.
As someone who actually understands what "Zhizn cena kopeika" means, I can only say that this was expected to happen.
Counterfeit software, phishing and the like can deliver the margin to hire the thick necks to protect your arse. Spamming about language courses does not.
Also, this will not make Russian originated SPAM go away, it will just shift it even further into black market territory.
Speaking out of experience. The company I used to work for reported to them a serious security flaw on their switches in 1998 and as a result I ended up filling the boot of a midsize station wagon with kit. The 3Com country rep opened the storage room with the demo gear and told the beancounters who had some objections to shut up. Some of it was new, some of it bargain bin age and quality. Considering that the cost was 0 we did not really care. Most of it got used. They also gave us some better then "normal" discounts from there on purchases.
As an idiot who knows better, your main problem in having more then 20 or so devices on WiFi is that the jitter will go through the roof. Even if there is no data traffic, the probability that more then 2 devices will try to transmit simultaneously and fall back will be sufficient to cause retransmits and even transmit failures. The are two way to fix it:
1. To use Intel and Co (IIRC).11e spec which provides QoS on a more or less good behaviour basis. Well... unfortunately in a realistic environment this spec will not scale to 20+ devices.
2. To use the fact that a 802.11 AP can provide a transmit map. There are two sections - a mandatory assignment section which gives an opportunity to a specific device to transmit (usually empty) and a free-for-all section similar to Ethernet. Well, one problem: the last time I looked into it no AP on the market will do mandatory map allocations for you. Further to that, as it is largely unused most clients software and silicon is not tested properly for this part. So if people start deploying it now things are bound to break.
The reason why 419 continue to be at this level is the extreme corruption in Nigeria, Kongo and a number of other African governments.
Also, while it is not the only reason, it is one of the reasons behind the extreme poverty and famine in Africa. For example when 20%+ of Swazi population is dieing of AIDS the king of Swazilend used international aid money on buying new BMWs for his existing 9 wives, refurbishing their palaces and arranging a wedding ceremony for the 10th.
Frankly shooting people like him may be the right approach when dealing with extreme poverty in Subsaharan Africa.
The best way to use the Live8 money would have been to hire a good gang of contract hitmen and "clean it up".
Multiple times if necessary.
Unfortunately it will be given to the same corrupt genocidal f***heads which are in charge now.
If you took security seriously you would have disabled passwords for ssh in first place. Anyone who allows a conventional password based login on an internet facing system via ssh deserves everything he gets. After all this means that he/she did not bother to learn how to use it. It is the same as buying a Ferrari and driving it only fist gear.
If you want to access your home PC use RSA/DSA keys instead. This cuts out all brute force attacks once and for all.
Alternatively use PAM/RADIUS and SecureID. You can buy managed SecureID service for under 100$ per token per year. Costs money, but works fairly well.
Slashdot Mirror
Don't they read Don Quihote in the US? I guess they do not...
yeah... Florida Jokes... Marriage is like the hurricanes we have around here. It starts with a lot of sucking and blowing and then you lose your house...
And the Cheap and Cheerfull Stereo Company Goodmans sold in Cheap and Cheerfull UK mail order catalogues has had this for more then a year.
In fact I have one in my spare car. 99 pounds for a bundle - 1 Stereo, 1 USB extension cable and 1 64M USB stick (pretty good one actually, USB2, write protect and slim thickness so it fits anywhere.)
I had to recode my several G of ogg to use it, but with the help of ogg2mp3 and some shell scripting it ended up being considerably less painfull then expected.
It is not bad - 320Kbit variable rate MP3, 255 tracks per volume max, 8 directories per volume (which is a pain in the arse). Standard DIN.
Downsides, does not play anything but MP3s and has a phenomenally ugly late 90-es teenager color scheme. Fluorescent red. Yuck...
But for that price I guess I should not be fussy...
BMW does that as well. In fact I think all new ones that are supposed to be sporty are like this.
More likely a case of "Beware of Idiots Writing Plugins". The biggest falling of firefox is that plugins are not containerized properly and can crash and burn the browser without any problem.
Well, that is most idiotic use of the feature.
There may be some good uses for it though. Notifying the user that he must take an anti-RSI break springs to mind as one good use. Possibly a few others.
So would you care explaining to us exactly what is the problem if you have published your source as well? 'cause if you had, that would have counted towards this requirement.
This is not as bad as it seems.
As far as Vonage or Packet8 are concerned they will have easier time implementing this then incumbents. It is dead easy to do this with SIP. All that is necessary is to make the SIP server reply with a different voice endpoint to all SIP invites from persons who are under surveilance. As a result the "snooping" equipment is separate and does not encumber primary network infrastructure.
As far as Skype is concerned I could not care less. It will be dead by that time. Same as Kazaa - supernode to freeload ratio will drop beyond the point where the network is sustainable.
Yes.
And the effects are obvious.
Have a look at an average UK street. 40%+ of private cars are supermini - Clio, Peugeot 106/206/207, Fiesta/Ka/Fusion, Corsa, Yaris, C3, Charade/Sirion and the like. Have a look at an average US suburbia street - at least 60% of private cars are penis extenders with no other function, but to compensate for the sense of inadequacy in their owner.
3 years of same gas prices and they will become very much alike.
Err...
That is a plant.
Where some trained drones will assemble stuff. Per instructions and blueprints done elsewhere. Some of them may be very qualified and very well trained drones, but still drones.
That is not a research facility.
That is not a development facility.
Those have gone abroad.
To places where people are still not ashamed of studying for a science or engineering degree instead of law or marketing.
Nuff said...
Read the last version of the USAF Space Weapons doctrine. You may change your opinion.
OK, here went my moderation.
Complete and utter bollocks. Rackspace can do real-time backup snapshots to their SAN of any of their standard config machines. They do not offer this is you have a custom config, but this does not mean that they cannot do it. So there was no need for ANY DOWNTIME WHATSOEVER.
They offer this under the name of managed backup service. So, if the order was exactly as unsealed by EFF and they wanted to comply to it literally it would have taken them a few seconds with no downtime. Few minutes at most.
If Indimedia was not a managed backup service customer Rackspace would have had to install the agent first. They are a fully managed service provider and they have root on the box under normal circumstances and can install the agent in a couple of minutes.
If Indimedia was a managed backup service customer Rackspace could have handed all old snapshots outright and initiated a new on the spot with a click of a button on the "fanatical support" console.
In fact, it may be worth it to ask was or was not Indimedia a rackspace managed backup service customer.
There is:
Let's assume your cache is poisoned. Someone queries your name server for your authoritative zone. You return the correct answers and for the "extra" records you return poisoned information. As a result someone sending information to a system for which you are authoritative DNS ends up sending it elsewhere. Compared to this if they are split, the authoritative answer does not contain any glue or extra records. The querying name server will have to go fetch these by itself.
Basically by running separate instances for authoritative nameservers and resolvers you mitigate some poisoning scenarios. Not all. And the actual scenarios which are being mitigated may not be of interest to you. They are clearly of interest and importance in an ISP. This is the reason why I am saying that if your ISP does not do it - RUN.
Correct.
Apples and oranges.
There are places where you would have to use BIND and places where you can get away with a partial implementation. If an ISP is using DJB-DNS I would recommend to stay away from it. There is a number of neat tricks in the bind cache expiration algorithm (from late 8 and early 9 onwards) which DJB has blamed unnecessary (see the BUGTRAQ archives for the discussion). While they are not necessary they are essential to ensure that operational mistakes have a limited life. That does not happen with DJB implementation as well as some other ones. So if you screw up your TTL or serial no on the zone files - this is it. Same for poisoned entries.
Further to this. DNS is the most easily upgradeable service. Clients fallback automatically and a few seconds of downtime are in the "who cares" area. In fact every ISP out there has scheduled daily mandatory reloads which update configs. Do users notice - nope.
Even further to that, there are methods to make any number of dns servers answer the same address and because DNS is stateless this can be done without any clustering crap. ISC which writes bind have done this for 7+ years. Most global telcos and ISPs do it as well.
And, in order for DNS poisoning attacks to be effective name servers usually need to have both recursion turned on and return authoritative answers. Doing this on an internet facing server is an idiocy. If your ISP does that and serves authoritative requests from the same server which is used for name resolution in clients - RUN. They have NO CLUE WHATSOEVER. If they use clustering for resilience - run even faster.
The problem is not that these are not known. They are drilled into the skulls of Joe Average all the way through school and further on. To no avail. Because there is another thought by another great American poet and philosopher which Americans tend to forget:
Those who cannot remember the past are condemned to repeat it.
George Santayana, The Life of Reason (1905)
Objection your honour.
Britain is a signatory to the European convention on human rights which makes the freedom of speech and freedom of expression an essential part of British law.
Bollocks. Here Yahoo is paying 10% under the market average. That is not a reward. That is pittance pay. Dunno about G, their UK op is very small and even more secretive then the US one.
Well... Dunno about fiber optics, similar non-fiber optics systems have been around for a while. I recall seeing blueprints and formulae for the design of a duct based system like this sometimes around 1985. Some russian magazine, do not remember the name off the top of my head.
It does not implement the bits that are patented. IIRC there are patents MIPS equivalent of SIMD instructions and a few others. The chinese were wise enough to skip these so they in fact can export this and MIPS technologies will have to sit and watch.
Do you have any facts about this, or is it your intuition?.
It was one of the design criteria. There was plenty of information about it 1-2 years ago. It was carefully and deliberately designed around MIPS patents. The rest of the architecture and the instruction set is an industry standard and in the public domain.
If the Godson-2 is "pretty much a copy of the MIPS R10000".
It is as far as instruction set is concerned. It is not as far as technology and implementation. While R10000 was not a bad CPU, I would expect "Godson" to be considerably better. It should consume less and scale to higher frequencies. China has manufacturing capability on 150nm (and possibly less) which was not available to anyone in 1995
He was the only one stupid enough to be in the public eye and make a point that he can SPAM as much as he likes including a public pissing matches with major people from the judiciary, Putin administration and the new business elite.
He was asking for it.
And he got it.
There are plenty of others who run phishing rings and counterfeit software rings. If you trace the web sites selling "OEM software" or fake bank sites they nearly universally end up with their strings pulled from somewhere in the middle of nowhere in Russia. At least every single email I have bothered to analyse properly and trace in the last 1 year was in this category. You will never see these guys in the public.
Well...
As someone who actually understands what "Zhizn cena kopeika" means, I can only say that this was expected to happen.
Counterfeit software, phishing and the like can deliver the margin to hire the thick necks to protect your arse. Spamming about language courses does not.
Also, this will not make Russian originated SPAM go away, it will just shift it even further into black market territory.
3Com has a long history of it.
Speaking out of experience. The company I used to work for reported to them a serious security flaw on their switches in 1998 and as a result I ended up filling the boot of a midsize station wagon with kit. The 3Com country rep opened the storage room with the demo gear and told the beancounters who had some objections to shut up. Some of it was new, some of it bargain bin age and quality. Considering that the cost was 0 we did not really care. Most of it got used. They also gave us some better then "normal" discounts from there on purchases.
As an idiot who knows better, your main problem in having more then 20 or so devices on WiFi is that the jitter will go through the roof. Even if there is no data traffic, the probability that more then 2 devices will try to transmit simultaneously and fall back will be sufficient to cause retransmits and even transmit failures. The are two way to fix it:
.11e spec which provides QoS on a more or less good behaviour basis. Well... unfortunately in a realistic environment this spec will not scale to 20+ devices.
1. To use Intel and Co (IIRC)
2. To use the fact that a 802.11 AP can provide a transmit map. There are two sections - a mandatory assignment section which gives an opportunity to a specific device to transmit (usually empty) and a free-for-all section similar to Ethernet. Well, one problem: the last time I looked into it no AP on the market will do mandatory map allocations for you. Further to that, as it is largely unused most clients software and silicon is not tested properly for this part. So if people start deploying it now things are bound to break.
Well...
The reason why 419 continue to be at this level is the extreme corruption in Nigeria, Kongo and a number of other African governments.
Also, while it is not the only reason, it is one of the reasons behind the extreme poverty and famine in Africa. For example when 20%+ of Swazi population is dieing of AIDS the king of Swazilend used international aid money on buying new BMWs for his existing 9 wives, refurbishing their palaces and arranging a wedding ceremony for the 10th.
Frankly shooting people like him may be the right approach when dealing with extreme poverty in Subsaharan Africa.
The best way to use the Live8 money would have been to hire a good gang of contract hitmen and "clean it up".
Multiple times if necessary.
Unfortunately it will be given to the same corrupt genocidal f***heads which are in charge now.
If you took security seriously you would have disabled passwords for ssh in first place. Anyone who allows a conventional password based login on an internet facing system via ssh deserves everything he gets. After all this means that he/she did not bother to learn how to use it. It is the same as buying a Ferrari and driving it only fist gear.
If you want to access your home PC use RSA/DSA keys instead. This cuts out all brute force attacks once and for all.
Alternatively use PAM/RADIUS and SecureID. You can buy managed SecureID service for under 100$ per token per year. Costs money, but works fairly well.