That's what I was expecting - you'll get a RST: the parent claimed it could just not reply at all.
I guess for this to be reliable (especially under a loaded network) you can't "stealth" your ports, or at least not the ones you're using to test with. Sure you could just send the packet and hope it works (as some of the other replies were saying), but you could easily get shut out of your own service under bad conditions (which is probably when you'd least want to be).
Which reminds me of another general problem with this idea. Whats to stop an attacker from sending forged packets to the kock ports? Even a low level spray of packets would add enough random "knocks" to effectively lock you out of your own service.
Then why not just add a protocol wrapper to the port that requires you to send some special plain-text cookie before you can log in using SSH or whatever? Sure it's not secure in itself, but it's still "more secure" than plain SSH - right?
Why stop there even - add another wrapper around the first, add port knocking to that and place it all over a VPN! Of course the VPN will also have port knocking, maybe a wrapper or two, and while were at it some special packet timing checks.
Why we'll all be so very secure then I tell you! Of course each connection will take 15-30 minutes to establish, but hey it's a small price to pay!
That doesn't seem right. If the order of the knocks is important, how do you get around that there's never a guarantee in what order network packets arrive? If no packets are sent back at all, how do you know when to send the next knock or even if the knock made it to the server?
It's pretty hard to grow up without learning to read numbers.:-)
Most learn their numbers before they learn to tell time. After all, to even say "it's three o'clock" you need to know what three is. As far as learning the order of the digits, that's trivial.
As an example, I can remember a joke on some old TV show about a school testing kids on reading digital clocks (they actually do have tests for reading analog clocks) so the concept of "learning" to read digital clocks was considered pretty absurd even back when they were new.
Try teaching a child to read a digital and analog clock and see which they learn first. For most, it'll be the digital one.
I was a kid when digital watches and clocks first became mainstream, and at the time many parents and teachers were in an uproar because many kids were never even learning how to read an plain-old dial clock.
Re:Lets hope that the result is progress
on
Google v. Microsoft
·
· Score: 5, Informative
Think not? Just take a look at their history. They stared very simple, sure, but each year the search gets smaller and smaller while the crap gets deeper and deeper. "Portal mode" peaks around 2000 and starts back down as they try to win back some of the Google converts.
Re:Lets hope that the result is progress
on
Google v. Microsoft
·
· Score: 4, Insightful
People seem to forget how Google became popular in the first place. It came out of nowhere to beat the likes of Altavista, Yahoo, and even Microsoft's built in search.
Why? While everyone else was busy making visitors suffer through "portals" full of annoying crap, Google has a plain bare-bones interface that just did what you came for - search.
I think that even more than it's accuracy was the reason it succeeded; and simple, clean interfaces that don't coat the user with cloying, butterfly-laden, happy, shiny GUI seems to be an anathema to Microsoft.
Think about what you're saying for a second. If you're being redirected to a rogue page, *it* will be supplying that "fingerprint" - not the real site.
SSL in fact already does exactly this. The domain name is part of the signed site certificate, and your browser will alert you if it doesn't match the sites hostname. However, that doesn't help much if the cert actually belongs to the site that hijacked you.
Also don't forget Apache runs on multiple platforms and when made from source, might have countless build variationst. That alone makes many exploits much, much harder to pull off since even if you do manage to overflow a buffer, you can't count on the memory layout being the same.
It's not too unlike how genetic variation limits the spread of real viruses.
Could a computer store sell DDRAM saying it was 512 meg when it was really only 128; or could a gas station could only pump a half-gallon for every gallon of gas you buy?
Sure "buyer beware" is fine, but out-and-out lies are also called fraud, and I'd think the State's Attorney General might eventually have some problems with that sort of thing.
Just why do you think the U.S. keeps pushing China to change that?
Do you honestly believe China would be making any efforts at all without U.S. pressure? Do really think the U.S. would just sit back and say "that's just fine and dandy" if they reversed course and decided to abandoned patents completely?
Of course you seem less interested in facts than masturbating your own inflated ego - didn't your mom teach you not to do that kind of stuff in public?
Er, you're completely missing the point - yes the patent has no legal binding outside of the U.S., but unless you never plan to sell your widgets in the U.S. you can't ignore them.
Also don't forget all the pressure the U.S. Government puts on other countries to adopt similar IP laws - don't think for one minute U.S. corporations (and the government officials they buy) aren't behind the push for software patents in Europe.
Sure a country like say China could declare the concept of patents and even copyright null and void, but how long do you think their "most favored nation" status would last? Corporations do not care that you have to file for a patent in each country - they can easily afford it and it keeps the little fish at bay, but they wouldn't be too happy at all about a country that outlaws patents all together.
This is true to a legal extent, but practically many foreign governments are too heavily dependent on trade with the U.S. to simply ignore its patents.
Like when a small company makes a deal with a corporation like Microsoft and later finds they got the short end of the stick (if any stick at all), most smaller countries simply find they have no choice but to play the game on U.S. terms.
Yes but does "ECMA specified" also mean patent free? That's a common and rather dangerous misdirection put forth by MS supporters. It's not at all uncommon for industry standards to be patent encumbered - just look at DVDs and MPEG4 for example.
99.9999999999999% of the people who never get a formal education become absolutely nothing in their lives and are simply a waste of life.
Hmmm, one could argue the same for 99.9999999999999% that *do* get a formal education. We're all only as important as we proclaim ourselves to be.
From an evolutionary standpoint you could say the only thing that counts is how many rug rats you bring into the world, and "educated" folks aren't exactly leading that pack now are they?:-)
I didn't say computers would die out. I said computer GAMES would die out.
Yes, those record sales are really killing the industry.
After an hour and a half of dicking with the drivers? Is that Bill's vision of the future? Nothing works until you reboot the damned computer?
Yep, better get used to it. As more and more things include a HD, more and more things will need to be rebooted and patched and so on. Otherwise where will they update the DRM once it's been cracked?
CDs became popular precisely because there was no needle scratching and no tape hiss
I really doubt that. Most of the people I knew back then even with the most crappy sounding of K-mart systems wanted a cd. You could go right to the song you wanted with no needle to futz around with or tape to get eaten.
Come now, how many MP3s on how many computers do you think came off of a CD owned by that person? Give me a brake, fellah. I'm not a total idiot.
Ok, I give that to you - you're only 95% an idiot. Where do you think all those ripped songs came from - God in heaven? Plenty of people rip their onw CDs so they can have quick access to them or copy em to a portable player. Don't paint everyone with your own suspect morals.
Who would want to convert all their MP3s back to plain CDs? Who wants to change CDs every 15-20 minutes? A big reason people convert their library to MP3 to begin with is so they can have it all available at once on their HD.
Far from seeing the computer die out, it's becoming an increasingly common part of people's entertainment systems. That's something companies like Microsoft are banking on by the way.
However, that said, audio quality is a red herring. Few people really care beyond a certain point - otherwise no one would be listening to MP3s at all. Look at how many CD are released these days with the sound compressed to the point of clipping just to make it "louder". It's a complete disaster for audio quality, yet if it didn't sell CDs, the industry wouldn't be doing it.
It's all about convince - remember when industry pundits used to wine about "who would need the audio quality of a CD just to listen to Twisted Sister"? They missed the point - CDs didn't become popular because they sounded better. They became popular because they were easier to use and didn't wear out quickly. This new audio standard is all well and fine, but it's mainly just a game of "my specs are better than your specs - nya, nya, nya, nya"
It's not really the same thing - adding extra bits per sample (rather than more samples per second), affects volume representation, not pitch. The pitch ranges of human hearing have been well researched, but I'm not sure what the limits on volume variations are. Add to that the fact that you can turn the volume up on a quiet passage to hear more detail than you normally would (a bit like slowing playback down would let you hear ultrasonic sounds if they were there).
Yes - it comes out as a square wave, but you're forgetting two things. First, a "choppy" wave introduces harmonics *above* the base frequency (which is already at the limits of human hearing). Second, the DAC should also have a filter to smooth out these harmonics, turning it back into a sine wave.
Really, I think the only time sampling at a higher frequency or with more bits per sample really makes sense is during recording and mixing. When your combining up sounds from several different sources, that extra numeric accuracy makes for less error in the final mix. However, the final result doesn't need to keep it at that level. Really, it's not unlike flatbed scanners that go beyond 24bit color.
Of course you'll find "Audiophiles" who swear they can hear the difference, but then again these are some of the same folks who insist sticking foam mats to their cds makes them sound better. What people fail to remember with all these remastered CD re-releases, is all the equipment used for the remastering process is better - it's not just the CD format.
Slashdot Mirror
That's what I was expecting - you'll get a RST: the parent claimed it could just not reply at all.
I guess for this to be reliable (especially under a loaded network) you can't "stealth" your ports, or at least not the ones you're using to test with. Sure you could just send the packet and hope it works (as some of the other replies were saying), but you could easily get shut out of your own service under bad conditions (which is probably when you'd least want to be).
Which reminds me of another general problem with this idea. Whats to stop an attacker from sending forged packets to the kock ports? Even a low level spray of packets would add enough random "knocks" to effectively lock you out of your own service.
Then why not just add a protocol wrapper to the port that requires you to send some special plain-text cookie before you can log in using SSH or whatever? Sure it's not secure in itself, but it's still "more secure" than plain SSH - right?
Why stop there even - add another wrapper around the first, add port knocking to that and place it all over a VPN! Of course the VPN will also have port knocking, maybe a wrapper or two, and while were at it some special packet timing checks.
Why we'll all be so very secure then I tell you! Of course each connection will take 15-30 minutes to establish, but hey it's a small price to pay!
That doesn't seem right. If the order of the knocks is important, how do you get around that there's never a guarantee in what order network packets arrive? If no packets are sent back at all, how do you know when to send the next knock or even if the knock made it to the server?
It's pretty hard to grow up without learning to read numbers. :-)
Most learn their numbers before they learn to tell time. After all, to even say "it's three o'clock" you need to know what three is. As far as learning the order of the digits, that's trivial.
As an example, I can remember a joke on some old TV show about a school testing kids on reading digital clocks (they actually do have tests for reading analog clocks) so the concept of "learning" to read digital clocks was considered pretty absurd even back when they were new.
Try teaching a child to read a digital and analog clock and see which they learn first. For most, it'll be the digital one.
I was a kid when digital watches and clocks first became mainstream, and at the time many parents and teachers were in an uproar because many kids were never even learning how to read an plain-old dial clock.
Think not? Just take a look at their history. They stared very simple, sure, but each year the search gets smaller and smaller while the crap gets deeper and deeper. "Portal mode" peaks around 2000 and starts back down as they try to win back some of the Google converts.
People seem to forget how Google became popular in the first place. It came out of nowhere to beat the likes of Altavista, Yahoo, and even Microsoft's built in search.
Why? While everyone else was busy making visitors suffer through "portals" full of annoying crap, Google has a plain bare-bones interface that just did what you came for - search.
I think that even more than it's accuracy was the reason it succeeded; and simple, clean interfaces that don't coat the user with cloying, butterfly-laden, happy, shiny GUI seems to be an anathema to Microsoft.
Because, as we all know, tabloids have a unwavering commitment to the truth! :-)
Think about what you're saying for a second. If you're being redirected to a rogue page, *it* will be supplying that "fingerprint" - not the real site.
SSL in fact already does exactly this. The domain name is part of the signed site certificate, and your browser will alert you if it doesn't match the sites hostname. However, that doesn't help much if the cert actually belongs to the site that hijacked you.
Also don't forget Apache runs on multiple platforms and when made from source, might have countless build variationst. That alone makes many exploits much, much harder to pull off since even if you do manage to overflow a buffer, you can't count on the memory layout being the same.
It's not too unlike how genetic variation limits the spread of real viruses.
Could a computer store sell DDRAM saying it was 512 meg when it was really only 128; or could a gas station could only pump a half-gallon for every gallon of gas you buy?
Sure "buyer beware" is fine, but out-and-out lies are also called fraud, and I'd think the State's Attorney General might eventually have some problems with that sort of thing.
Never seen Microsoft's idea of XML have you? :-) It reads more like a particularly wordy hex dump.
Well aren't you the complete jackass!
Just why do you think the U.S. keeps pushing China to change that?
Do you honestly believe China would be making any efforts at all without U.S. pressure? Do really think the U.S. would just sit back and say "that's just fine and dandy" if they reversed course and decided to abandoned patents completely?
Of course you seem less interested in facts than masturbating your own inflated ego - didn't your mom teach you not to do that kind of stuff in public?
Er, you're completely missing the point - yes the patent has no legal binding outside of the U.S., but unless you never plan to sell your widgets in the U.S. you can't ignore them.
Also don't forget all the pressure the U.S. Government puts on other countries to adopt similar IP laws - don't think for one minute U.S. corporations (and the government officials they buy) aren't behind the push for software patents in Europe.
Sure a country like say China could declare the concept of patents and even copyright null and void, but how long do you think their "most favored nation" status would last? Corporations do not care that you have to file for a patent in each country - they can easily afford it and it keeps the little fish at bay, but they wouldn't be too happy at all about a country that outlaws patents all together.
This is true to a legal extent, but practically many foreign governments are too heavily dependent on trade with the U.S. to simply ignore its patents.
Like when a small company makes a deal with a corporation like Microsoft and later finds they got the short end of the stick (if any stick at all), most smaller countries simply find they have no choice but to play the game on U.S. terms.
Yes but does "ECMA specified" also mean patent free? That's a common and rather dangerous misdirection put forth by MS supporters. It's not at all uncommon for industry standards to be patent encumbered - just look at DVDs and MPEG4 for example.
Ha! Shows what you know! Atari-STs came with a built-in 3.5" drive - not a 5.25" so I say nya! to your feeble attempt at computer critic criticism.
99.9999999999999% of the people who never get a formal education become absolutely nothing in their lives and are simply a waste of life.
:-)
Hmmm, one could argue the same for 99.9999999999999% that *do* get a formal education. We're all only as important as we proclaim ourselves to be.
From an evolutionary standpoint you could say the only thing that counts is how many rug rats you bring into the world, and "educated" folks aren't exactly leading that pack now are they?
if you want to find out about humans, society and such, serious literature is the way to go.
Really? I always preferred going out and talking to them.
One small point - lawmakers would *never* pass a law making it impossible to speed - never! Speeding tickets are a major source of revenue after all.
Now, I could see them requiring all cars to have something that automatically reports you any time you speed...
I didn't say computers would die out. I said computer GAMES would die out.
Yes, those record sales are really killing the industry.
After an hour and a half of dicking with the drivers? Is that Bill's vision of the future? Nothing works until you reboot the damned computer?
Yep, better get used to it. As more and more things include a HD, more and more things will need to be rebooted and patched and so on. Otherwise where will they update the DRM once it's been cracked?
CDs became popular precisely because there was no needle scratching and no tape hiss
I really doubt that. Most of the people I knew back then even with the most crappy sounding of K-mart systems wanted a cd. You could go right to the song you wanted with no needle to futz around with or tape to get eaten.
Come now, how many MP3s on how many computers do you think came off of a CD owned by that person? Give me a brake, fellah. I'm not a total idiot.
Ok, I give that to you - you're only 95% an idiot. Where do you think all those ripped songs came from - God in heaven? Plenty of people rip their onw CDs so they can have quick access to them or copy em to a portable player. Don't paint everyone with your own suspect morals.
Who would want to convert all their MP3s back to plain CDs? Who wants to change CDs every 15-20 minutes? A big reason people convert their library to MP3 to begin with is so they can have it all available at once on their HD.
Far from seeing the computer die out, it's becoming an increasingly common part of people's entertainment systems. That's something companies like Microsoft are banking on by the way.
However, that said, audio quality is a red herring. Few people really care beyond a certain point - otherwise no one would be listening to MP3s at all. Look at how many CD are released these days with the sound compressed to the point of clipping just to make it "louder". It's a complete disaster for audio quality, yet if it didn't sell CDs, the industry wouldn't be doing it.
It's all about convince - remember when industry pundits used to wine about "who would need the audio quality of a CD just to listen to Twisted Sister"? They missed the point - CDs didn't become popular because they sounded better. They became popular because they were easier to use and didn't wear out quickly. This new audio standard is all well and fine, but it's mainly just a game of "my specs are better than your specs - nya, nya, nya, nya"
It's not really the same thing - adding extra bits per sample (rather than more samples per second), affects volume representation, not pitch. The pitch ranges of human hearing have been well researched, but I'm not sure what the limits on volume variations are. Add to that the fact that you can turn the volume up on a quiet passage to hear more detail than you normally would (a bit like slowing playback down would let you hear ultrasonic sounds if they were there).
Yes - it comes out as a square wave, but you're forgetting two things. First, a "choppy" wave introduces harmonics *above* the base frequency (which is already at the limits of human hearing). Second, the DAC should also have a filter to smooth out these harmonics, turning it back into a sine wave.
Really, I think the only time sampling at a higher frequency or with more bits per sample really makes sense is during recording and mixing. When your combining up sounds from several different sources, that extra numeric accuracy makes for less error in the final mix. However, the final result doesn't need to keep it at that level. Really, it's not unlike flatbed scanners that go beyond 24bit color.
Of course you'll find "Audiophiles" who swear they can hear the difference, but then again these are some of the same folks who insist sticking foam mats to their cds makes them sound better. What people fail to remember with all these remastered CD re-releases, is all the equipment used for the remastering process is better - it's not just the CD format.