, which is engaging and critically-important to the whole game experience, would we still call it a "video game" (a label I've never been fond of attaching to, say, RPGs)? Seems like "video game" refers to a game which is mainly about, er, the video. In this sense, it's an oxymoron to have a "video game" with a strong and central storyline.
Seriously people, the government did not screw this guy over, the newspaper dude (even though I think calling the school is jerky) did not screw the guy out of a job, the school principal didn't fire him.... HE/SHE QUIT! They felt their actions were profoundly wrong enough that they left there job.
Well, we don't know for sure exactly what was said to this guy, that might have caused him to quit, but it might have amounted to http://en.wikipedia.org/wiki/Constructive_dismissal. Don't get too hung up on who -- employer or employee -- formally initiated the "separation of employment", since oftentimes the law is actually capable of looking beyond formalities to the truth of the situation. It's quite possible that he was threatened with consequences that would have made his continued employment at the school unbearable and/or intolerable.
We may disclose personal information if we or one of our affiliated companies is required by law to disclose personal information, or if we believe in good faith that such action is necessary to comply with a law or some legal process, to protect or defend our rights and property, to protect against misuse or unauthorized use of our web sites or to protect the personal safety or property of our users or the public.
BZZZZZT! Wrong. That verbiage is found in the "Compliance with Legal Process" section, and it is stated previously that they would only disclose the information to "legal officials" if necessary for "Compliance with Legal Process". So, unless you want to argue that the network admin of the school qualifies as a "legal official", your point is invalid
The claims presented on their web page do not conflict with sudo.
sudo works in a very different way: sudo is about the user saying "i need to be a different user so I can run command Y"
This feature is about the operating system saying "user X, in order to do Y, you need more privilege."
No, read the claims. The patent covers actually authenticating the user and then elevating their privilege to invoke the command. It's a superset of sudo, that kicks in automatically on an "insufficient privilege" condition and has a GUI frontend. Groklaw got it essentially correct.
Dennis Ritchie patented the setuid bit in what was probably the first software patent ever, and released the patent to the public domain. I think that counts as a slam dunk prior art, no?
Not even close. setuid/setgid automatically raises the user's privilege to a specific UID/GID when it is invoked. The patent covers presenting a GUI to the user when they try to execute something, and have insufficient privilege, having them pick a user/account with sufficient privileges to execute the command, authenticating, and then executing the command with the temporarily-elevated privileges. It's only roughly similar to setuid/setgid in the last part of the process -- running a command with temporarily-elevated privileges.
"sudo" is the closest analogy, but still not really the same thing, since it doesn't pop up with a GUI every time you try to run something with insufficient privileges...
IANAL, but it seems to me that Cindy Cohn of the EFF has already laid the groundwork for dismissal of this kind of action in Ilinois:
...an lllinois court will apply a three part test to determine whether or not Doe's statements reasonably implies the existence of a provably false fact. Hopewell v. Vitullo. 299 Ill.App.3d 513, 518-19 (1998). Cohn. Decl., Exh. W. First the court will "consider whether the language of the statement has a precise and readily understood meaning, while bearing in mind that the first amendment protects overly loose, figurative, rhetorical, or hyperbolic language, which negates the impression that the statement actually presents facts." Id. Second, the
court will consider "whether the general tenor of the context in which the statement appears
negated the impression that the statement has factual content." Id.Third, the court will consider
"whether the statement is susceptible of being objectively verified as true or false." Id
This is from a Motion to Quash submitted by EFF, against the CEO of an Illinois company who, as plaintiff in a libel suit, was trying to "unmask" one of their anonymous critics on a Yahoo! message board . EFF ultimately prevailed, and the John Doe remained anonymous. See http://www.eff.org/cases/e-van-cullens-v-john-doe
First test: "Seems like you're very willing" obviously conveys a subjective opinion
Second test: general tenor is confrontational, emotional, rather than a cool, impassionate relating of fact
Third test: Arguably fails, since the "facts" alleged are actually susceptible to objective verification (although "willingness" per se is perhaps somewhat more subjective).
I believe, however (again, IANAL), that if any of the tests pass, then the underlying libel suit is "obviously without merit" and does not entitle the plaintiff to unmask the defendant.
So, a bunch of "stream-of-consciousness" musing from Bennett Haselton on a federal court ruling, complete with two (2) cites to admittedly-contradictory law-review articles by the same law professor, and this is what passes as "legal analysis" on Slashdot?
I have nothing personally against Bennett Haselton, but being a "frequent contributor" frankly doesn't qualify him for such endeavors. I've read thorough and rigorous analyses of federal court decisions before. This ain't one of those.
Yes, but by using GTA as an example of the current "state of the art" in the violence and/or immorality level of modern gaming, you are vindicating the "slippery slope" arguments that folks like Jack Thompson make ad nauseam. Does GTA represent the outer level of violence/immorality that we accept in computer gaming? The normal level? The minimum level? See how that slope curves downwards, in the minds of some?
I think we do better against the self-styled "guardians of morality" if we treat each of these games that push the controvery envelope as sui generis, rather than comparing them to each other and making it look like a general trend towards total depravity in computer gaming
It's completely beyond my comprehension why anyone would think it's ok to surf for porn at work. Clearly common sense is no longer a factor in hiring.
For some, it might not be so much a matter of lacking common sense, it might actually be a form of protest against the lingering Puritanism that labels "surfing porn" as such a special category in the first place.
I would wager that far more workplace productivity is lost by people who waste their company's time by checking up on their personal finances via the web, than those few who "surf porn".
And I would also wager that far more workplace peace and harmony is shattered by hearing objectionable political and/or social commentary from the next cube over, than could possibly be caused by the occasional glimpse of unsavory pornographic content on a coworker's monitor screen.
"Common sense" would dictate that anything that is disruptive and/or wasteful in the workplace should be combatted and punished where found, but that we shouldn't give special attention to conduct that is sexual in nature, while turning a blind eye to other forms of workplace misconduct that are equally or more draining/damaging.
Never mind, as I read further into TFA, it appears that the larger organisms, such as arthropods, get their foothold from bacteria, and that this new "skin" that's being developed is therefore primarily anti-bacterial. The article summary probably could have been worded to make this connection more obvious, but there's only so much that can be done in the limited space available...
Or a kernel exploit. But face it, the facts are chroot was not designed as a security measure.
And I suppose it's just a coincidence that, as far back as BSD 4.2, chroot(2) was limited to superuser, hmmm?
I think it's a little pedantic to say "not designed as a security measure", since it has been used this way, almost from its inception, and in conjunction with running as an unprivileged user, is actually quite effective (notwithstanding kernel exploits, but that's usually "game over" anyway).
The network effect means that Skye is the only cloud DNS service that has as its foundation half the broadband internet already using the same software. Nominum has 170 million broadband households worldwide that already go through our software.
BIND, like Sendmail, is one of those legacy pieces of Berkeley software from the 1980s that should have been retired a long time ago.
Incorrect. The BIND that people actually run these days, is BIND 9, and shares no code in common with the Berkeley-era BIND. It was completely rewritten. Frankly, I think they should have renamed the package, so that it wouldn't be confused with the old BIND, but ISC chose otherwise.
A basic problem with both of those packages is that they're database applications without a database. Back in the 1980s, there were no good database programs available for UNIX, and some apps had to roll their own. We're way past that.
Let's all raise a glass to one-dimensional thinking! No, we're not "past that". Heavyweight RDBMSes are a good fit for some functions/apps, but not others. Use the right tool for the right job. In the case of DNS, you want to load your database into memory, in a hierarchically-ordered data structure of some sort (because of how DNS uniquely needs to deal with referrals/delegations/glue-records/negative-caching and the like) and serve a lot of queries really fast and efficiently. Making SQL calls for all of that would be ludicrous. Just because RDBMSes became popular for most apps, doesn't mean we're obligated to use them for everything
There are open-source database-based alternatives.
Qmail is a database-based replacement for Sendmail, and it's generally considered to be much more stable and secure. (At this late date, nobody should be running Sendmail.)
More one-dimensional thinking, with a heavy dash of database-fascism. Note that sendmail is capable of using various types of "databases" for its routing, aliasing, address-translation functions, etc., including LDAP, among others. The main config is still a text file (typically auto-generated by some sort of higher-level configuration tool or utility), but why does this bother you so? Are RDBMSes the only way you know of to interact with information technology, the narrow lens through which you view all software components?
There's MyDNS, which is a MySQL-based DNS program, but that's never really caught on. The big commercial DNS systems are all database-based.
"Database-based" only in the sense that they "publish" the data from a more conventional "database" to a specialized nameserver frontend which is, more often than not, BIND 9. If "big commercial DNS systems" are your only reference, you haven't really made the case for using an RDBMS as the DNS server
Note that BIND 9 has an API/abstraction-layer/whathaveyou, that allows the use of various backends, including RDBMSes. But most folks don't bother implementing that. BIND 9, fed from some other high-level tool or utility (which may or may not have an RDBMS at its core) serves their needs just fine.
Hopefully, you understand that Fadeyev and Anderson are different people, and therefore might have slightly different opinions on how/why Microsoft's website sucks?
Point? Determining whether a given substance should be restricted or not, is obviously a line-drawing exercise, and reasonable people may disagree with the determinations one way or the other.
But, the majority of prescription-only substances are not psychotropic in nature, and the majority are not particularly susceptible to addiction. In most cases, the substances are restricted because the dosage needs to be controlled carefully (because of toxicity-level concerns) or because there is a high likelihood of bad interactions with other substances. So the Powers That Be want a trained physician involved with each and every course of treatment using that particular substance.
And the fact remains that "drug" is a horribly ill-defined term, and carries with it far too much emotional baggage.
Minor nitpick with the article: WPA is a general wireless security protocol[1] which isn't limited to wireless routers. Regular APs (Access Points) use it, as of course do wireless clients.
[1] Actually, to nitpick myself, WPA isn't even technically a protocol, it's a certification program which confirms that particular devices implement the IEEE 802.11i standard
There's no "respect for law" if it only consists of capricious infliction of violence by sadistic corrections officers. You, Mr. Anonymous Coward, appear to have fallen into the mental trap of considering people to be something less than human just because they wear the label of "convicted criminal". Never mind that what is considered "criminal" at any particular time is itself rather arbitrary and often the result of political expedience/opportunism. Never mind that punishment is only considered to be one of the justifications for incarceration (other justifications including rehabilitation and isolation from the general populace)
As for "blind justice", that refers to a principle of neutrality; I'm not sure how it would apply to your (apparent) hunger for inflicting unnecessary pain and suffering on your fellow man.
Nice job using the ambiguous, emotionally-laden term "drug" in the headline to describe perfectly-normal medications that just so happen to be used by prison inmates, knowing that the immediate knee-jerk reaction of most people when they seem a conjunction of "drug" and "criminal" that something illicit and dangerous must be occurring.
And do we really need the snarky, condescending tone of "If you guessed X you win a prize!" in the article summary? The inevitable, predictable "whatcouldpossiblygowrong" tag is more than sufficient to spread the FUD in this particular context...
Another ridiculous article. Supply will always follow demand. WHo will fix the internet? It doesn't matter, it will always be there as long as there is a demand.
It's not just about demand; there's also the small matter of supply. The supply of remaining IPv4 address address is limited, and disappearing quickly. This is probably the most pressing thing that needs to be "fixed" about the current Internet, but suffers from a "critical mass" problem -- the providers don't invest the time/effort/money to make their gear IPv6 capable/friendly because they don't see a market, and the market hasn't taken off (at least in this country) because businesses are sitting fat, dumb and happy on their IPv4 address ranges and IPv6 is too scary and complicated for them to understand or deal with, especially given the relative dearth of case studies of successful IPv6 migration in the U.S..
As much as it goes against the so-called "conservative" religious tenet, this might be a case where Big Bad Government needs to step into the private sector and force some change. Personally I was hoping that mandatory IPv6 migration would be part of the economic stimulus package (it would have created a lot of jobs), but apparently our policymakers aren't tech-savvy enough for that. Or, maybe it's just because IPv6 migration isn't something Joe Lunchbucket can readily understand, therefore the Republicans can easily get away with calling it "pork"
(Yes, I'm aware of some of the other "creative" solutions to the IPv4 runout, such as aggressively scavenging unused blocks, and/or allowing blocks to be bought and sold as regular property, with the hope that the magical "free market" will take care of everything, but these measures only serve to delay the inevitable, IPv6 is the long-term solution to the problem).
How would YOU implement "figure out if this is an internal or external host"? Without querying both name servers, and seeing which one returns a valid result.
Oh, and the internal one usually DOES return valid results for external hosts too, as it's the one people use to surf at work.
Well, where I work we disable split-tunnel in our VPN client. As inconvenient as that is, it's the best thing to do from a security standpoint anyway.
If split-tunneling were on, I'd provide a view in our DNS infrastructure to those VPN clients, which can resolve the internal versions of domains which are owned by us and used both internally and externally, and Internet resolution of names in external domains. The internal domains also contain the external entries so that the VPN clients (and anything else, for that matter) can resolve external names in the domain(s), regardless of which version of the domain(s) they use. In our case, we don't use NAT between our internal network and the Internet (everything goes through application-level proxies or gateways); if we had a NAT requirement, I might have to re-think that architecture. NAT is evil, though, with respect to far more than just DNS, and I hope we can avoid it.
OK, after reading the article summary, everything linked from there, and all of the comments, it's still not clear to me whether Bell Canada is: a) replacing NXDOMAIN within their own DNS resolvers with address records pointing to the "helpful" web page or b) mangling packets so that any NXDOMAIN response from any nameserver to any client on its network gets its contents replaced with the "helpful" crap.
(a) is relatively easy to deal with, by setting your resolvers to "trusted" ones (perhaps a local caching server running on your own network), instead of the spoofy ones provided by Bell Canada
(b) is much harder to deal with, you'd probably have to either have multiple Internet connections, or to set up an encrypted tunnel through Bell Canada's network to the "trusted" resolvers.
Can anyone confirm/clarify exactly which form of "DNS hijacking" Bell Canada is allegedly perpetrating? "DNS hijacking" by itself is such an imprecise term...
Slashdot Mirror
, which is engaging and critically-important to the whole game experience, would we still call it a "video game" (a label I've never been fond of attaching to, say, RPGs)? Seems like "video game" refers to a game which is mainly about, er, the video. In this sense, it's an oxymoron to have a "video game" with a strong and central storyline.
Discuss
Seriously people, the government did not screw this guy over, the newspaper dude (even though I think calling the school is jerky) did not screw the guy out of a job, the school principal didn't fire him.... HE/SHE QUIT! They felt their actions were profoundly wrong enough that they left there job.
Well, we don't know for sure exactly what was said to this guy, that might have caused him to quit, but it might have amounted to http://en.wikipedia.org/wiki/Constructive_dismissal. Don't get too hung up on who -- employer or employee -- formally initiated the "separation of employment", since oftentimes the law is actually capable of looking beyond formalities to the truth of the situation. It's quite possible that he was threatened with consequences that would have made his continued employment at the school unbearable and/or intolerable.
On the very same page!
We may disclose personal information if we or one of our affiliated companies is required by law to disclose personal information, or if we believe in good faith that such action is necessary to comply with a law or some legal process, to protect or defend our rights and property, to protect against misuse or unauthorized use of our web sites or to protect the personal safety or property of our users or the public.
BZZZZZT! Wrong. That verbiage is found in the "Compliance with Legal Process" section, and it is stated previously that they would only disclose the information to "legal officials" if necessary for "Compliance with Legal Process". So, unless you want to argue that the network admin of the school qualifies as a "legal official", your point is invalid
The claims presented on their web page do not conflict with sudo.
sudo works in a very different way: sudo is about the user saying "i need to be a different user so I can run command Y"
This feature is about the operating system saying "user X, in order to do Y, you need more privilege."
No, read the claims. The patent covers actually authenticating the user and then elevating their privilege to invoke the command. It's a superset of sudo, that kicks in automatically on an "insufficient privilege" condition and has a GUI frontend. Groklaw got it essentially correct.
Dennis Ritchie patented the setuid bit in what was probably the first software patent ever, and released the patent to the public domain. I think that counts as a slam dunk prior art, no?
Not even close. setuid/setgid automatically raises the user's privilege to a specific UID/GID when it is invoked. The patent covers presenting a GUI to the user when they try to execute something, and have insufficient privilege, having them pick a user/account with sufficient privileges to execute the command, authenticating, and then executing the command with the temporarily-elevated privileges. It's only roughly similar to setuid/setgid in the last part of the process -- running a command with temporarily-elevated privileges.
"sudo" is the closest analogy, but still not really the same thing, since it doesn't pop up with a GUI every time you try to run something with insufficient privileges...
...an lllinois court will apply a three part test to determine whether or not Doe's statements reasonably implies the existence of a provably false fact. Hopewell v. Vitullo. 299 Ill.App.3d 513, 518-19 (1998). Cohn. Decl., Exh. W. First the court will "consider whether the language of the statement has a precise and readily understood meaning, while bearing in mind that the first amendment protects overly loose, figurative, rhetorical, or hyperbolic language, which negates the impression that the statement actually presents facts." Id. Second, the court will consider "whether the general tenor of the context in which the statement appears negated the impression that the statement has factual content." Id.Third, the court will consider "whether the statement is susceptible of being objectively verified as true or false." Id
This is from a Motion to Quash submitted by EFF, against the CEO of an Illinois company who, as plaintiff in a libel suit, was trying to "unmask" one of their anonymous critics on a Yahoo! message board . EFF ultimately prevailed, and the John Doe remained anonymous. See http://www.eff.org/cases/e-van-cullens-v-john-doe
I believe, however (again, IANAL), that if any of the tests pass, then the underlying libel suit is "obviously without merit" and does not entitle the plaintiff to unmask the defendant.
So, a bunch of "stream-of-consciousness" musing from Bennett Haselton on a federal court ruling, complete with two (2) cites to admittedly-contradictory law-review articles by the same law professor, and this is what passes as "legal analysis" on Slashdot?
I have nothing personally against Bennett Haselton, but being a "frequent contributor" frankly doesn't qualify him for such endeavors. I've read thorough and rigorous analyses of federal court decisions before. This ain't one of those.
Yes, but by using GTA as an example of the current "state of the art" in the violence and/or immorality level of modern gaming, you are vindicating the "slippery slope" arguments that folks like Jack Thompson make ad nauseam. Does GTA represent the outer level of violence/immorality that we accept in computer gaming? The normal level? The minimum level? See how that slope curves downwards, in the minds of some?
I think we do better against the self-styled "guardians of morality" if we treat each of these games that push the controvery envelope as sui generis, rather than comparing them to each other and making it look like a general trend towards total depravity in computer gaming
Digit envy?
It's completely beyond my comprehension why anyone would think it's ok to surf for porn at work. Clearly common sense is no longer a factor in hiring.
For some, it might not be so much a matter of lacking common sense, it might actually be a form of protest against the lingering Puritanism that labels "surfing porn" as such a special category in the first place.
I would wager that far more workplace productivity is lost by people who waste their company's time by checking up on their personal finances via the web, than those few who "surf porn".
And I would also wager that far more workplace peace and harmony is shattered by hearing objectionable political and/or social commentary from the next cube over, than could possibly be caused by the occasional glimpse of unsavory pornographic content on a coworker's monitor screen.
"Common sense" would dictate that anything that is disruptive and/or wasteful in the workplace should be combatted and punished where found, but that we shouldn't give special attention to conduct that is sexual in nature, while turning a blind eye to other forms of workplace misconduct that are equally or more draining/damaging.
Never mind, as I read further into TFA, it appears that the larger organisms, such as arthropods, get their foothold from bacteria, and that this new "skin" that's being developed is therefore primarily anti-bacterial. The article summary probably could have been worded to make this connection more obvious, but there's only so much that can be done in the limited space available...
as the article summary implies. They're crustaceans (thus related to crabs and lobsters), their phylum is arthropod.
Or a kernel exploit. But face it, the facts are chroot was not designed as a security measure.
And I suppose it's just a coincidence that, as far back as BSD 4.2, chroot(2) was limited to superuser, hmmm?
I think it's a little pedantic to say "not designed as a security measure", since it has been used this way, almost from its inception, and in conjunction with running as an unprivileged user, is actually quite effective (notwithstanding kernel exploits, but that's usually "game over" anyway).
From TFA:
The network effect means that Skye is the only cloud DNS service that has as its foundation half the broadband internet already using the same software. Nominum has 170 million broadband households worldwide that already go through our software.
In other words, software monoculture is the basis of Nominum's business plan. Even though it is very much a hotly-debated topic in recent years whether software monoculture is actually better or worse than diversity, for security, e.g. http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci991178,00.html
BIND, like Sendmail, is one of those legacy pieces of Berkeley software from the 1980s that should have been retired a long time ago.
Incorrect. The BIND that people actually run these days, is BIND 9, and shares no code in common with the Berkeley-era BIND. It was completely rewritten. Frankly, I think they should have renamed the package, so that it wouldn't be confused with the old BIND, but ISC chose otherwise.
A basic problem with both of those packages is that they're database applications without a database. Back in the 1980s, there were no good database programs available for UNIX, and some apps had to roll their own. We're way past that.
Let's all raise a glass to one-dimensional thinking! No, we're not "past that". Heavyweight RDBMSes are a good fit for some functions/apps, but not others. Use the right tool for the right job. In the case of DNS, you want to load your database into memory, in a hierarchically-ordered data structure of some sort (because of how DNS uniquely needs to deal with referrals/delegations/glue-records/negative-caching and the like) and serve a lot of queries really fast and efficiently. Making SQL calls for all of that would be ludicrous. Just because RDBMSes became popular for most apps, doesn't mean we're obligated to use them for everything
There are open-source database-based alternatives. Qmail is a database-based replacement for Sendmail, and it's generally considered to be much more stable and secure. (At this late date, nobody should be running Sendmail.)
More one-dimensional thinking, with a heavy dash of database-fascism. Note that sendmail is capable of using various types of "databases" for its routing, aliasing, address-translation functions, etc., including LDAP, among others. The main config is still a text file (typically auto-generated by some sort of higher-level configuration tool or utility), but why does this bother you so? Are RDBMSes the only way you know of to interact with information technology, the narrow lens through which you view all software components?
There's MyDNS, which is a MySQL-based DNS program, but that's never really caught on. The big commercial DNS systems are all database-based.
"Database-based" only in the sense that they "publish" the data from a more conventional "database" to a specialized nameserver frontend which is, more often than not, BIND 9. If "big commercial DNS systems" are your only reference, you haven't really made the case for using an RDBMS as the DNS server
Note that BIND 9 has an API/abstraction-layer/whathaveyou, that allows the use of various backends, including RDBMSes. But most folks don't bother implementing that. BIND 9, fed from some other high-level tool or utility (which may or may not have an RDBMS at its core) serves their needs just fine.
Hopefully, you understand that Fadeyev and Anderson are different people, and therefore might have slightly different opinions on how/why Microsoft's website sucks?
Point? Determining whether a given substance should be restricted or not, is obviously a line-drawing exercise, and reasonable people may disagree with the determinations one way or the other.
But, the majority of prescription-only substances are not psychotropic in nature, and the majority are not particularly susceptible to addiction. In most cases, the substances are restricted because the dosage needs to be controlled carefully (because of toxicity-level concerns) or because there is a high likelihood of bad interactions with other substances. So the Powers That Be want a trained physician involved with each and every course of treatment using that particular substance.
And the fact remains that "drug" is a horribly ill-defined term, and carries with it far too much emotional baggage.
Note that IANAMP (MP = medical professional)
Minor nitpick with the article: WPA is a general wireless security protocol[1] which isn't limited to wireless routers. Regular APs (Access Points) use it, as of course do wireless clients.
[1] Actually, to nitpick myself, WPA isn't even technically a protocol, it's a certification program which confirms that particular devices implement the IEEE 802.11i standard
There's no "respect for law" if it only consists of capricious infliction of violence by sadistic corrections officers. You, Mr. Anonymous Coward, appear to have fallen into the mental trap of considering people to be something less than human just because they wear the label of "convicted criminal". Never mind that what is considered "criminal" at any particular time is itself rather arbitrary and often the result of political expedience/opportunism. Never mind that punishment is only considered to be one of the justifications for incarceration (other justifications including rehabilitation and isolation from the general populace)
As for "blind justice", that refers to a principle of neutrality; I'm not sure how it would apply to your (apparent) hunger for inflicting unnecessary pain and suffering on your fellow man.
Nice job using the ambiguous, emotionally-laden term "drug" in the headline to describe perfectly-normal medications that just so happen to be used by prison inmates, knowing that the immediate knee-jerk reaction of most people when they seem a conjunction of "drug" and "criminal" that something illicit and dangerous must be occurring.
And do we really need the snarky, condescending tone of "If you guessed X you win a prize!" in the article summary? The inevitable, predictable "whatcouldpossiblygowrong" tag is more than sufficient to spread the FUD in this particular context...
he invented it, let him fix it
This kind of humor leaves me cold, when it's based on a well-documented misinterpretation/distortion. http://www.snopes.com/quotes/internet.asp
Uh, haven't we had ample evidence lately that free markets fail?. Often.
IPv6 hasn't emerged from the free-market morass yet, perhaps it needs something to pull it forward, since there isn't a lot of space left in IPv4
Another ridiculous article. Supply will always follow demand. WHo will fix the internet? It doesn't matter, it will always be there as long as there is a demand.
It's not just about demand; there's also the small matter of supply. The supply of remaining IPv4 address address is limited, and disappearing quickly. This is probably the most pressing thing that needs to be "fixed" about the current Internet, but suffers from a "critical mass" problem -- the providers don't invest the time/effort/money to make their gear IPv6 capable/friendly because they don't see a market, and the market hasn't taken off (at least in this country) because businesses are sitting fat, dumb and happy on their IPv4 address ranges and IPv6 is too scary and complicated for them to understand or deal with, especially given the relative dearth of case studies of successful IPv6 migration in the U.S..
As much as it goes against the so-called "conservative" religious tenet, this might be a case where Big Bad Government needs to step into the private sector and force some change. Personally I was hoping that mandatory IPv6 migration would be part of the economic stimulus package (it would have created a lot of jobs), but apparently our policymakers aren't tech-savvy enough for that. Or, maybe it's just because IPv6 migration isn't something Joe Lunchbucket can readily understand, therefore the Republicans can easily get away with calling it "pork"
(Yes, I'm aware of some of the other "creative" solutions to the IPv4 runout, such as aggressively scavenging unused blocks, and/or allowing blocks to be bought and sold as regular property, with the hope that the magical "free market" will take care of everything, but these measures only serve to delay the inevitable, IPv6 is the long-term solution to the problem).
How would YOU implement "figure out if this is an internal or external host"? Without querying both name servers, and seeing which one returns a valid result.
Oh, and the internal one usually DOES return valid results for external hosts too, as it's the one people use to surf at work.
Well, where I work we disable split-tunnel in our VPN client. As inconvenient as that is, it's the best thing to do from a security standpoint anyway.
If split-tunneling were on, I'd provide a view in our DNS infrastructure to those VPN clients, which can resolve the internal versions of domains which are owned by us and used both internally and externally, and Internet resolution of names in external domains. The internal domains also contain the external entries so that the VPN clients (and anything else, for that matter) can resolve external names in the domain(s), regardless of which version of the domain(s) they use. In our case, we don't use NAT between our internal network and the Internet (everything goes through application-level proxies or gateways); if we had a NAT requirement, I might have to re-think that architecture. NAT is evil, though, with respect to far more than just DNS, and I hope we can avoid it.
OK, after reading the article summary, everything linked from there, and all of the comments, it's still not clear to me whether Bell Canada is: a) replacing NXDOMAIN within their own DNS resolvers with address records pointing to the "helpful" web page or b) mangling packets so that any NXDOMAIN response from any nameserver to any client on its network gets its contents replaced with the "helpful" crap.
(a) is relatively easy to deal with, by setting your resolvers to "trusted" ones (perhaps a local caching server running on your own network), instead of the spoofy ones provided by Bell Canada
(b) is much harder to deal with, you'd probably have to either have multiple Internet connections, or to set up an encrypted tunnel through Bell Canada's network to the "trusted" resolvers.
Can anyone confirm/clarify exactly which form of "DNS hijacking" Bell Canada is allegedly perpetrating? "DNS hijacking" by itself is such an imprecise term...