I seem to remember M$ pulled a stunt with Windows NT 4.0 Workstation that limited the number of listens you can post to the IP stack. People were pissed that they couldn't effectively run Apache on that OS and I believe a patch came forth some time later. What is to stop M$ from doing the same thing in the xBox? I mean, you only need about 4 listen buffers to effectively play a game on the net. Apache needs many more, especially if the server is getting bogged down, the listen is not returned until Apache enters the response phase. I suppose this could be worked around with some data movement immediately as a packet arrives.
Now, what would be a cool "game" is a Perl port with an interactive workbench. Teach them kiddies some Perl.
Obviously, we are each looking at the issue from a different perspective. I apologize for the Go read the article, because I now see that you could have both read the article and drawn a correct conclusion based upon what you know/what you are familiar with. It seems we are both speaking from our known reference points.
Now, about your use of PPPoE and the "Since you need to access the LAN via the VPN tunnel your UDP packets"
You are correct but only in the case of running PPPoE. If you have a static IP (like me), then your Alcatel is accessible from the Internet and that attack will work. The ECHOed UDP packets never reach your firewall (unless you've homebrewed a super l33t DSLAM firewall that sits on the Telco side) because the Alcatel is kind enough to ECHO them for you (back to itself) before it gets on the Ethernet. There goes your spoof detection too. Nope haven't tried it myself yet. Yep it sounds doable if you ask me.
I believe it is significant because all the PacBell DSL rolled out in the first year is static, and on Alcatel 1000. PacBell "enhanced" services are static too. It also appears by reading specs that Alcatel has cross-licensed its stuff to other vendors. Westell for sure (see: http://www.dslreports.com/forum/remark,658656;root =equip,36;mode=flatand scroll down a bit).
Well, it may have been a slighlty heated discussion here. I am glad you wrote back so I could learn a little from you. PPPoE == protection in this case. Now, if I could just convince myself that the ASI guys are capable of reprovisioning my line with PPPoE on the WAN side, and keep my/29 CIDR block on the DMZ. Nope, don't think they can handle it...
In this example, one can send packets to the TFTP server from the
outside by sending TFTP UDP packets with a source address of
255.255.255.255 and a source port of TFTP to the UDP ECHO port of any
system on the internal network with a functioning UDP ECHO server.
When the "ECHO server" replies to the request, it will interpret the
(now) destination address of 255.255.255.255 as local broadcast, and
the packet will be broadcast on the Ethernet with the destination port
set to UDP TFTP.
Many networking devices (including the Speed Touch) provide a UDP ECHO
service, and in many cases (again, including the Speed Touch) there is
no way to disable the service.
This attack is available over IP. Don't need inside access. Don't need to crack any of your boxes inside. Just need the IP of your DSL modem and some spoofing.
They're just grabbing the name early so they can trademark it and then become the company with "True Teleport[tm] Technology or maybe just sell the trademark to FedEx. Teleport[tm] When it absolutely positively has to be there in 30 minutes or less.
Let Ariston Know... or not. Seems this/. story has resulted in a nice little DoS on the Ariston site. That's what I call Poetic Justice. Now, to get this article re-run once a week or so.
"The businesses and households cut off by NorthPoint probably won't be able to get hooked up to another high-speed online connection for at least a week if Northpoint doesn't restore the service, according to Pacific Bell, a DSL rival and California's main phone company."
Who do they think they're kidding? Last August-October, it took Pacific Bell 7 weeks to simply move my DSL service from one house to another. The new house was even connected to the same phone switch as the old house.
When I read this on a different site, I thought something like at least MLB isn't as bull-headed as the music industry. Calling a corporate entity in the United States "criminal" is a little like calling the sky "blue". Really, I don't care, I don't like sports anyway, except for a good hockey game and even that is starting to suck with all the do-gooders whining about the violence. If you don't like to see a little boxing at a hockey game, don't watch. Same goes if you don't want to pay $9.95 a year to listen to MLB - don't pay it. Show me where it says in the Constitution that Major League Baseball is a right. GET FUCKING REAL!
Thanks for that. I looked it up on LawCrawler. Seems I stand corrected. It is significant to note that the Appeals Court hearing the case you cited rendered a split decision.
Justice White's opinion, while concurring with the court to overturn the lower court's decision, contained this quote: I [515] cannot share the Court's uncritical assumption that, school discipline aside, the First Amendment rights of children are co-extensive with those of adults. Indeed, I had thought the Court decided otherwise just last Term in Ginsberg v. New York, 390 U.S. 629. I continue to hold the view I expressed in that case: "[A] State may permissibly determine that, at least in some precisely delineated areas, a child--like someone in a captive audience--is not possessed of that full capacity for individual choice which is the presupposition of First Amendment guarantees.
It seems to me that this issue is far from the black and white line that both of us have attempted to present here.
If this is such a hot idea that you would consider going out on your own to market it, perhaps they would be willing to buy it from you to get the jump on the market. Remember, with this choice, they are making a build-or-buy decision. Depending on the lead time to develop the product, it may be worth more money than it would cost to develop, and then again, maybe not. If there is no great rush to get it to market, it is probably worth less than or equal to the actual development cost.
You probably could also try to leverage a raise/options/office with door/other perks in exchange for giving them a boost.
IANAL but probably the issue you will face even though they signed away on your personal IP developed on your own time is the NDA you likely signed to get the job with them. This could enable them to argue that your project was based upon knowledge that you obtained only by working for them. I don't think it will matter if this is true or not, or who thought of it first, all they need to do is a sufficient Jedi Mind Trick on the judge and game over.
Mr. Berger, a telecommunications lawyer, was serving his second term on the Washington Suburban Sanitary Commission. "I was looking up at the water, washing the shampoo out of my hair, and said: `Oh, my gosh! I'm a water and sewer commissioner -- it's the one infrastructure that goes everywhere.' "
Either that or a latent memory of the 3 Stooges episode where our boys are plumbers. Turn on the lights and the chandelier turns into a sprinkler system.
And don't forget about a shipment to Guam that accidentally included some tree snakes. The snakes managed to eradicate Guam's entire bird population (they like to eat the eggs) in a matter of a few years. The place is lousy with tree snakes (from what I hear) because they have no natural enemies in that environment.
The real reason they dumped BSD in favor of W2K is because their boxes could not play enterprise with the proprietary Kerberos found in W2K. Of course, Maxtor cannot go public with the truth, lest their W2K licensing deal gets caught up in some lengthy "contract review". We've seen this time and again: Embrace, Extend, Extinguish.
Yeah, and if I recall correctly, Epstein wasn't the smartest guy in "Welcome Back Kotter", either.
The broadcast compatibility between Color and B/W didn't stop my grandmother from telling me (as a 3 yr old) that I could only watch the programs that had the (C) in the listing (indicating a color broadcast), otherwise I would ruin her new color TV. Maybe she was one of the original "Sweathogs".
The article clearly says "Source Code" not "access codes". All this means is the military (and Exigent) will getting their first lesson is Systems Security 101: Obscurity != Security.
It's not about laying off of RMS. This piece is one of the best-written, most inspiring works of his that I have ever read. What it is about is tact.
The last paragraph does not help the cause, at least not when seen in the eyes of the common man. It only served to make RMS somewhat petty, and pettiness, IMO, is in direct conflict the ideals written about earlier in the piece. Sometimes it is wiser for one to accept a victory in principle, and ignore the small stuff. We need to have a keen awareness that the battles against non-free software are won by gaining mindshare.
Listening to Jim Allchin talk lately, if M$ thought the GPL was weak, I'm pretty sure they would simply infringe it, brag about it and let their army of lawyers extinguish it. Instead, they have taken the tack of lobbying for legislation to outlaw it. I think it is better than "anyone's best guess" GPL will stand up. If the IRS can tax Barter transaction, then license fees can be collected in terms of sharing your technology.
Slashdot Mirror
Now, what would be a cool "game" is a Perl port with an interactive workbench. Teach them kiddies some Perl.
Now, about your use of PPPoE and the "Since you need to access the LAN via the VPN tunnel your UDP packets"
You are correct but only in the case of running PPPoE. If you have a static IP (like me), then your Alcatel is accessible from the Internet and that attack will work. The ECHOed UDP packets never reach your firewall (unless you've homebrewed a super l33t DSLAM firewall that sits on the Telco side) because the Alcatel is kind enough to ECHO them for you (back to itself) before it gets on the Ethernet. There goes your spoof detection too. Nope haven't tried it myself yet. Yep it sounds doable if you ask me.
I believe it is significant because all the PacBell DSL rolled out in the first year is static, and on Alcatel 1000. PacBell "enhanced" services are static too. It also appears by reading specs that Alcatel has cross-licensed its stuff to other vendors. Westell for sure (see: http://www.dslreports.com/forum/remark,658656;root =equip,36;mode=flatand scroll down a bit).
Well, it may have been a slighlty heated discussion here. I am glad you wrote back so I could learn a little from you. PPPoE == protection in this case. Now, if I could just convince myself that the ASI guys are capable of reprovisioning my line with PPPoE on the WAN side, and keep my /29 CIDR block on the DMZ. Nope, don't think they can handle it...
In this example, one can send packets to the TFTP server from the outside by sending TFTP UDP packets with a source address of 255.255.255.255 and a source port of TFTP to the UDP ECHO port of any system on the internal network with a functioning UDP ECHO server. When the "ECHO server" replies to the request, it will interpret the (now) destination address of 255.255.255.255 as local broadcast, and the packet will be broadcast on the Ethernet with the destination port set to UDP TFTP.
Many networking devices (including the Speed Touch) provide a UDP ECHO service, and in many cases (again, including the Speed Touch) there is no way to disable the service.
This attack is available over IP. Don't need inside access. Don't need to crack any of your boxes inside. Just need the IP of your DSL modem and some spoofing.
They're just grabbing the name early so they can trademark it and then become the company with "True Teleport[tm] Technology or maybe just sell the trademark to FedEx. Teleport[tm] When it absolutely positively has to be there in 30 minutes or less.
Let Ariston Know... or not. Seems this /. story has resulted in a nice little DoS on the Ariston site. That's what I call Poetic Justice. Now, to get this article re-run once a week or so.
Who do they think they're kidding? Last August-October, it took Pacific Bell 7 weeks to simply move my DSL service from one house to another. The new house was even connected to the same phone switch as the old house.
Yo momma is so fat, she fell down the stairs and broke her leg, and gravy started seeping out.
When I read this on a different site, I thought something like at least MLB isn't as bull-headed as the music industry. Calling a corporate entity in the United States "criminal" is a little like calling the sky "blue". Really, I don't care, I don't like sports anyway, except for a good hockey game and even that is starting to suck with all the do-gooders whining about the violence. If you don't like to see a little boxing at a hockey game, don't watch. Same goes if you don't want to pay $9.95 a year to listen to MLB - don't pay it. Show me where it says in the Constitution that Major League Baseball is a right. GET FUCKING REAL!
You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
But then again, you were trolling, weren't you?
Yeah and Newton discovered gravity because an apple fell on his head, not because he fell down the stairs.
that's like someone who has a CS degree claiming that they're "a programmer".
Justice White's opinion, while concurring with the court to overturn the lower court's decision, contained this quote: I [515] cannot share the Court's uncritical assumption that, school discipline aside, the First Amendment rights of children are co-extensive with those of adults. Indeed, I had thought the Court decided otherwise just last Term in Ginsberg v. New York, 390 U.S. 629. I continue to hold the view I expressed in that case: "[A] State may permissibly determine that, at least in some precisely delineated areas, a child--like someone in a captive audience--is not possessed of that full capacity for individual choice which is the presupposition of First Amendment guarantees.
It seems to me that this issue is far from the black and white line that both of us have attempted to present here.
everyone seems to forget in the united states that the bill of rights does not apply to individuals under the age of 18
Challenge, yes. How about the convenience of being able to play your games while your DSL connection is down?
You probably could also try to leverage a raise/options/office with door/other perks in exchange for giving them a boost.
IANAL but probably the issue you will face even though they signed away on your personal IP developed on your own time is the NDA you likely signed to get the job with them. This could enable them to argue that your project was based upon knowledge that you obtained only by working for them. I don't think it will matter if this is true or not, or who thought of it first, all they need to do is a sufficient Jedi Mind Trick on the judge and game over.
Either that or a latent memory of the 3 Stooges episode where our boys are plumbers. Turn on the lights and the chandelier turns into a sprinkler system.
And don't forget about a shipment to Guam that accidentally included some tree snakes. The snakes managed to eradicate Guam's entire bird population (they like to eat the eggs) in a matter of a few years. The place is lousy with tree snakes (from what I hear) because they have no natural enemies in that environment.
The real reason they dumped BSD in favor of W2K is because their boxes could not play enterprise with the proprietary Kerberos found in W2K. Of course, Maxtor cannot go public with the truth, lest their W2K licensing deal gets caught up in some lengthy "contract review". We've seen this time and again: Embrace, Extend, Extinguish.
The broadcast compatibility between Color and B/W didn't stop my grandmother from telling me (as a 3 yr old) that I could only watch the programs that had the (C) in the listing (indicating a color broadcast), otherwise I would ruin her new color TV. Maybe she was one of the original "Sweathogs".
The article clearly says "Source Code" not "access codes". All this means is the military (and Exigent) will getting their first lesson is Systems Security 101: Obscurity != Security.
The last paragraph does not help the cause, at least not when seen in the eyes of the common man. It only served to make RMS somewhat petty, and pettiness, IMO, is in direct conflict the ideals written about earlier in the piece. Sometimes it is wiser for one to accept a victory in principle, and ignore the small stuff. We need to have a keen awareness that the battles against non-free software are won by gaining mindshare.
cat >a.out
Listening to Jim Allchin talk lately, if M$ thought the GPL was weak, I'm pretty sure they would simply infringe it, brag about it and let their army of lawyers extinguish it. Instead, they have taken the tack of lobbying for legislation to outlaw it. I think it is better than "anyone's best guess" GPL will stand up. If the IRS can tax Barter transaction, then license fees can be collected in terms of sharing your technology.
You could see him knocking down a smirk right at the beginning.
Technically, that's not slanderous at all... =)