The kiddies are that dumb. In times past, they'd be stealing booze and porn from convenience stores. These days, they make botnets. Neither one takes a great deal of imagination, given the prewritten botnet tools floating around.
Why would he even unofficially condone it? It's only effect will be to make some sysadmins work overtime keeping an eye on the server. These corporations treat their web site as a form of advertising, and they aren't going to go away just by taking it down.
As others have mentioned, sslstrip already handles any redirects you do. The user would have to explicitly type 'https://' every time. Further, there are certain things that are just no good over SSL. For instance, caching proxies aren't supposed to cache SSL connections. Doing everything over SSL sounds nice, but doesn't really work in practice.
The first use of of sslstrip was against implementations that didn't do enough checking on a chain of certificates. Some implementations still don't do it right, and I question the usefulness of the feature in the SSL standard.
The current version handles existing session cookies held by the client by sending a 302 request back with a Set-Cookies header that blanks them out, forcing the client to reload them. The MITM can then get the new session cookie.
In this case, the server will notice a client it's seen before getting new cookies. The client notices the server setting a new session cookie when it had already sent good ones. This could be used to build a signature of the attack, but on its own, there are too many ligitamate reasons on both sides for it to be a reliable attack signature.
There's a more general problem here, which is that we've taught people that the little padlock means the site is secure. This isn't necessarily the case, of course, but how do we teach people otherwise? It's unfair to say they need to be more careful when people have a larger life to live. How can we get users to verify the security of a site in a way that's almost as easy as looking for the padlock?
SSL keys have to change regularly with expiration. This isn't just for repeat business for the CAs (although that is part of it); there are good cryptographic reasons why you want to be changing your keys every 2-5 years, depending on how paranoid you are. Technically, you should be doing the same with SSH keys, too.
Also, OpenBSD might have a good security track record, but OpenSSH does not.
There's no reason Microsoft can't say "we'll provide this as part of a bundle, but there's no further customer support on it". Or they just pass it to the OEM, which is what they do anyway in off-the-shelf computers.
A key limitation with "computer code" that does NOT apply to physical goods is the copyability. Who's to say that the XP license would be used INSTEAD of the Vista license? It may very well be used in addition to it. MS and OEMs are not retarded, thus, it is not free.
Besides a legal fiction, what's stopping people from doing this anyway? Technical limiations (e.g. DRM) don't stop people from making illicit copies. They're just problematic for ligitimate customers.
Does buying Half Life 2 get me Half Life 1? Oh, wait, it actually did.
The PS3/PS2 example demonstrates a problem inheirent with physical products. Computer code doesn't have these limitations, except via a legal fiction. It costs Microsoft nothing to let you use your Vista license on XP, so why not just do it? As Valve demonstrates, you can increase your sales by throwing it in as one big bundle, so it makes good business sense to do so.
That'll only bring attention to the casino. Even if they have good lawyers, spending money fighting a lawsuit isn't as lucritive as spending money on more slot machines. It's much easier to send over a busty waitress with a free drink (distracting you enough to loose the count). Or do nothing. It's likely the big winner is attracting a lot of losers, and the casino will win out in the end.
So I trust that they are, to a point, a clean cut business, because it's in their best interest to be so.
Getting rid of the chaff. Tags are for simple notification purposes (e.g. 'dup' for duplicates) or for search engines. They're not there to give glib compound word opinions, like 'wealreadyknewthat'.
If you want to get rid of cruft, you don't start with x86. Many assembly programmers have weaped themselves to sleep over its backwards memory address model.
More seriously, can you attribute oceanic acidification to something other than CO2? Can you attribute the rise in CO2 to something other than human activity? If you say "volcanos", I'm going to laugh at you.
Desterification is happening in California, Africa, and Madagascar. Lake Chad drying up is directly attributable to human activity, though not necessarily due to CO2. It's a form of anthropogenic climate change, in any case. And it's also happening to Lake Superior.
Meanwhile, Oceans are acidifying all over (the chemistry involved is directly attributable to CO2). Polar caps are melting, putting pressure on the polar bear population. Being the alpha predator of the region, this will remove the ecosystem's ability to keep prey species in check, causing far-reaching problems elsewhere.
None of this is from some sketchy model formed up by some graduage student as a doomsday scenario. It's stuff we can go out and directly observe right now.
The article points out Indium in some of the better solar cells in the lab (40% efficient), and Platinum as an important catylist in a hydrogen fuel cells. Both of these are already valuable metals for existing applications, and will easily see minable reserves dry up if you add on renewable energy applications.
However, this is why you don't focus on one and only one solution to this problem. Solar reflectors, wind, tidal, and nuclear all have roles to play.
Not only will it dramatically change the nature of the Internet, it'll do so with no benefit at all. Most spammers send their mail with botnets. The people paying won't be the spammers, but the people who's machines have been infected.
Exactly. Most of the best Russian programmers are currently either making botnets or breaking DRM. During the late stages of the Cold War, they spent most of their time buying or stealing code from the West. A fact that the CIA once exploited to cause one of the largest non-nuclear man made explosions.
While you might like the DRM breakers, nothing here is much to get excited about.
Again, where are you getting all this hydrogen in the first place? Right now, it's mostly coming from methane produced as a side effect of oil wells, but I can't see that continuing if hydrogen-based cars cause a huge spike in demand. It's almost certainly going to come from water already in the atmosphere. Unless you intend to havest it from Jupiter's atmosphere. Even then, I'm not sure we could possibly use enough to cause torrential downpours.
It's more likely that they don't ship on the same install media (at least in this case), since they're likely compiled with different options. For instance, desktops want low latency premptive multitasking, while servers and (sometimes) workstations want high throughput, which could be done with a different config at compile time (it is on Linux, though the Windows kernel is a bit further towards the microkernel side of things).
It also used to be that a lot of closed source software for servers limited how many CPUs they could run on, which I'm sure was usually done with a #define in the code. Once you can run on 2 CPUs, it's usually pretty easy to run on 4 or 8, so this was purely a marketting ploy. This has gone out of style since multicore CPUs started becoming common.
The vapor will condense into clouds, increasing the Earth's albedo. In other words, more energy is reflected into space. Water is not something to be concerned about as a greenhouse gas.
Also, the hydrogen you'd use in a car almost certainly came from water that already existed. Or worse, it came from methane produced from oil wells (which is where most of the current hydrogen production comes from). Not only that, but current cars already put out lots of H2O as a result of the normal combustion process.
They should keep overlooking it. H20 is a greenhouse gas, but it's close to saturated nearly everywhere on the planet already. If you put a little more in, it'll just rain out. In the places where it's not saturated (which is pretty much only near the poles), it'll freeze out.
European cars are generally more efficient by means of lighter weight and less regulations on saftey and particulate emissions. This makes for a lot of 1.3 to 1.5 liter engines available, along with diesels, wheras it's unheard of to find something below 1.9 in the US, and diesels are uncommon in anything that isn't a truck.
Slashdot Mirror
The kiddies are that dumb. In times past, they'd be stealing booze and porn from convenience stores. These days, they make botnets. Neither one takes a great deal of imagination, given the prewritten botnet tools floating around.
Why would he even unofficially condone it? It's only effect will be to make some sysadmins work overtime keeping an eye on the server. These corporations treat their web site as a form of advertising, and they aren't going to go away just by taking it down.
As others have mentioned, sslstrip already handles any redirects you do. The user would have to explicitly type 'https://' every time. Further, there are certain things that are just no good over SSL. For instance, caching proxies aren't supposed to cache SSL connections. Doing everything over SSL sounds nice, but doesn't really work in practice.
The first use of of sslstrip was against implementations that didn't do enough checking on a chain of certificates. Some implementations still don't do it right, and I question the usefulness of the feature in the SSL standard.
The current version handles existing session cookies held by the client by sending a 302 request back with a Set-Cookies header that blanks them out, forcing the client to reload them. The MITM can then get the new session cookie.
In this case, the server will notice a client it's seen before getting new cookies. The client notices the server setting a new session cookie when it had already sent good ones. This could be used to build a signature of the attack, but on its own, there are too many ligitamate reasons on both sides for it to be a reliable attack signature.
There's a more general problem here, which is that we've taught people that the little padlock means the site is secure. This isn't necessarily the case, of course, but how do we teach people otherwise? It's unfair to say they need to be more careful when people have a larger life to live. How can we get users to verify the security of a site in a way that's almost as easy as looking for the padlock?
SSL keys have to change regularly with expiration. This isn't just for repeat business for the CAs (although that is part of it); there are good cryptographic reasons why you want to be changing your keys every 2-5 years, depending on how paranoid you are. Technically, you should be doing the same with SSH keys, too.
Also, OpenBSD might have a good security track record, but OpenSSH does not.
There's no reason Microsoft can't say "we'll provide this as part of a bundle, but there's no further customer support on it". Or they just pass it to the OEM, which is what they do anyway in off-the-shelf computers.
A key limitation with "computer code" that does NOT apply to physical goods is the copyability. Who's to say that the XP license would be used INSTEAD of the Vista license? It may very well be used in addition to it. MS and OEMs are not retarded, thus, it is not free.
Besides a legal fiction, what's stopping people from doing this anyway? Technical limiations (e.g. DRM) don't stop people from making illicit copies. They're just problematic for ligitimate customers.
Does buying Half Life 2 get me Half Life 1? Oh, wait, it actually did.
The PS3/PS2 example demonstrates a problem inheirent with physical products. Computer code doesn't have these limitations, except via a legal fiction. It costs Microsoft nothing to let you use your Vista license on XP, so why not just do it? As Valve demonstrates, you can increase your sales by throwing it in as one big bundle, so it makes good business sense to do so.
People don't. Businesses do. That's where Microsoft makes their real money.
That'll only bring attention to the casino. Even if they have good lawyers, spending money fighting a lawsuit isn't as lucritive as spending money on more slot machines. It's much easier to send over a busty waitress with a free drink (distracting you enough to loose the count). Or do nothing. It's likely the big winner is attracting a lot of losers, and the casino will win out in the end.
So I trust that they are, to a point, a clean cut business, because it's in their best interest to be so.
What's up with the tag-slaying lately?
Getting rid of the chaff. Tags are for simple notification purposes (e.g. 'dup' for duplicates) or for search engines. They're not there to give glib compound word opinions, like 'wealreadyknewthat'.
Democrats, at least certain members, are as tied to the entertainment industry as much as Republicans are to oil companies.
If you want to get rid of cruft, you don't start with x86. Many assembly programmers have weaped themselves to sleep over its backwards memory address model.
Hmm? The Over Nine Thousand meme stopped being funny the first time it was used.
Are Mars' oceans also acidifying?
More seriously, can you attribute oceanic acidification to something other than CO2? Can you attribute the rise in CO2 to something other than human activity? If you say "volcanos", I'm going to laugh at you.
Desterification is happening in California, Africa, and Madagascar. Lake Chad drying up is directly attributable to human activity, though not necessarily due to CO2. It's a form of anthropogenic climate change, in any case. And it's also happening to Lake Superior.
Meanwhile, Oceans are acidifying all over (the chemistry involved is directly attributable to CO2). Polar caps are melting, putting pressure on the polar bear population. Being the alpha predator of the region, this will remove the ecosystem's ability to keep prey species in check, causing far-reaching problems elsewhere.
None of this is from some sketchy model formed up by some graduage student as a doomsday scenario. It's stuff we can go out and directly observe right now.
That's some top notch marketing tactics, there, Dave.
Back in reality, lakes are drying up and deserts expanding due to human activities.
The article points out Indium in some of the better solar cells in the lab (40% efficient), and Platinum as an important catylist in a hydrogen fuel cells. Both of these are already valuable metals for existing applications, and will easily see minable reserves dry up if you add on renewable energy applications.
However, this is why you don't focus on one and only one solution to this problem. Solar reflectors, wind, tidal, and nuclear all have roles to play.
Not only will it dramatically change the nature of the Internet, it'll do so with no benefit at all. Most spammers send their mail with botnets. The people paying won't be the spammers, but the people who's machines have been infected.
Exactly. Most of the best Russian programmers are currently either making botnets or breaking DRM. During the late stages of the Cold War, they spent most of their time buying or stealing code from the West. A fact that the CIA once exploited to cause one of the largest non-nuclear man made explosions.
While you might like the DRM breakers, nothing here is much to get excited about.
Again, where are you getting all this hydrogen in the first place? Right now, it's mostly coming from methane produced as a side effect of oil wells, but I can't see that continuing if hydrogen-based cars cause a huge spike in demand. It's almost certainly going to come from water already in the atmosphere. Unless you intend to havest it from Jupiter's atmosphere. Even then, I'm not sure we could possibly use enough to cause torrential downpours.
Your ability to get hung up on an obvious typo inspires us all.
It's more likely that they don't ship on the same install media (at least in this case), since they're likely compiled with different options. For instance, desktops want low latency premptive multitasking, while servers and (sometimes) workstations want high throughput, which could be done with a different config at compile time (it is on Linux, though the Windows kernel is a bit further towards the microkernel side of things).
It also used to be that a lot of closed source software for servers limited how many CPUs they could run on, which I'm sure was usually done with a #define in the code. Once you can run on 2 CPUs, it's usually pretty easy to run on 4 or 8, so this was purely a marketting ploy. This has gone out of style since multicore CPUs started becoming common.
The vapor will condense into clouds, increasing the Earth's albedo. In other words, more energy is reflected into space. Water is not something to be concerned about as a greenhouse gas.
Also, the hydrogen you'd use in a car almost certainly came from water that already existed. Or worse, it came from methane produced from oil wells (which is where most of the current hydrogen production comes from). Not only that, but current cars already put out lots of H2O as a result of the normal combustion process.
It's a fact overlooked by many.
They should keep overlooking it. H20 is a greenhouse gas, but it's close to saturated nearly everywhere on the planet already. If you put a little more in, it'll just rain out. In the places where it's not saturated (which is pretty much only near the poles), it'll freeze out.
European cars are generally more efficient by means of lighter weight and less regulations on saftey and particulate emissions. This makes for a lot of 1.3 to 1.5 liter engines available, along with diesels, wheras it's unheard of to find something below 1.9 in the US, and diesels are uncommon in anything that isn't a truck.