Not to sound too important, but I'm pretty sure they scrapped the idea after I sent them an e-mail asking why they are ignoring the security flaws in the system.
Another option would be to have a service listening on port 22 that wasn't SSH at all and sent back ICMP messages indicating the port is closed, even though it's listening to what you send. A packet with a special payload could temporarily turn the port 22 service in to a tunnel to ssh which is listening on a port accessible by 127.0.0.1 only. The idea has been around but this is the first real implementation I've heard of; would make port scanning completely useless. The problem is relying on additional client-side tools. I guess you could manually telnet to a series of ports quickly, then opening the ssh connection but the special packet idea wouldn't work unless you had proper tools on the client side.
I think the parent poster meant upstream as in higher up in the chain of your wide area network, rather than the upstream capabilities of your connection. If all your traffic routes through a traffic shaping box before connecting to a mainline, you could build your own super modem for all the ISP cares and the traffic would still be limited at the ISP level. The reason uncapping works is because a lot of cable providers do all the bandwidth limitation in the cable modems themselves. Cable providers: what have we learned about placing trust in the client side today?
Turntables were mentioned briefly in the article, but I think they deserve a spot on the top 10. For live DJ events there is no replacement, though manufacturers have been trying for over a decade. You have quick seek access to the entire song by picking up the needle and moving it left or right, and fine-grain control of position by rotating the vinyl by hand, as well as quick start and stop (with direct drive tables), speed control, sometimes reverse playback, and analog sound (critical if you are a hip hop DJ or turntablist for scratching). There's a lot of downsides; the vinyl is fairly fragile, susceptible to dust and scratches and is worn slightly every time you play it, the stylus can easily break, vibrations can cause the needle to jump, the motor can burn out, etc. Even with all the negative elements of this aging technology it's still the only way to go.
If it takes voodoo magic to get Gentoo running I must be living in a voodoo doctor's hut because my roommate and I are looking at over a dozen systems running from Gentoo; from desktops to servers to home theater PCs, laptops, routers... I've spent a decent amount of time with RedHat, Mandrake, Debian, SuSe, Caldera, and Gentoo and the latter is where I ended up and stayed.
Maybe someday someone will make a Gentoo install CD on par with Mandrake 9.2 or the latest Fedora, but if you're queasy about compiling the occasional package from source maybe Gentoo isn't the right option, as I've done an emerge --inject for several packages (didn't have the version I need in Portage, the super-ultra-beta-~x86.ebuild doesn't work yet, whatever).
Your privacy in a public Internet Cafe, right? Seriously, people think that store owners shouldn't have the right to monitor their own premises. Noone is forcing you to use the Internet Cafe. Protest by going home and getting online, or go to the library. Should it be unconstitutional for you to install security cameras, because you might invade privacy rights of visitors and solicitors?
As far as them being required, I don't disagree because the anonymous nature of the cafes make them prime ground zero for hacking, carding, illegal porn trading, etc. But how hard is it to go wardriving for a few minutes and find your own truly anonymous hotspot? Seems like an unnecessary burden put on store owners.
Actually it turns out sound cards are just easier to reverse engineer than video cards. Creative is supposedly playing nicely with the OSS community, but getting ALSA support for the latest Audigy2 card features (especially USB like the Audigy2 NX) is happening very slowly.
To provide an example of a superior driver in Linux, my D-Link DWL-650 (Intersil firmware). In Windows, with both the Microsoft and all versions of the D-Link driver I get frequent disconnects, I have to unplug and plug the card in sometimes several times to get a connection in the first place, CPU usage spikes severely when the connection is being made. In Linux I pop the card in, it blinks three times and I have a signal that doesn't drop until I move out of range. How about USB mice? In Windows I patiently wait while the hard drive grinds away and the system tray informs me I've plugged a mouse in, eventually letting me use it. In X11 it works no more than three seconds after plugging it in with no CPU spike. What about those horrible HP all-in-one drivers in Windows that are half driver and half system tray program, and a couple more processes in the system tray that are anyone's guess as to what their purpose is. The drivers have been released and re-released for months and months, every time fixing a nice bug like "prevents USB from randomly disconnecting" or "no longer floods the network with traffic" but yet it never gets to a point that doesn't make you want to throw it out the window. Unless you're running Linux, where CUPS handles it exactly like a printer should be handled, and the scanning is quick and efficient with SANE.
At 46 pages x 2 ads per page that's 92 ads for the entire article. Figured at the standard rate of one cent per impression, the site makes almost a dollar every time someone reads the article. What are the chances review sites would release their reviews in pdf or a similar format for offline (ad-free) reading? Zero.
1) Lots of people listen to mp3s from their computer, which might be hooked up to a high fidelity audio system or a receiver with SPDIF-in. In either of those situations using an AC97 chipset is hurting your audio quality severely.
2) People who do video editing on their computers who would rather put their money in video equipment than a hifi soundcard will welcome the addition of quality audio the next time they are dubbing the video.
That's in addition to the big market you already mentioned, gamers. I think people who mess around with audio will still go for solutions that use offboard DAC/ADC solutions, 5ms ASIO and have MIDI controllers. You can't please everyone but I'd say this is an important step forward.
The important feature to look for is AC3 Passthrough. This takes the raw stream from (lets say) a DVD, whether it's Dolby Digital or DTS, and sends it directly to the soundcard. No DAC or ADC is ever used until the signal reaches your receiver. It gets kind of tricky though because some lower end cards will support AC3 passthrough, but you can't send analog audio (an MP3 or game that goes through the DAC on the card) to the SPDIF channel at the same time. You want a card that does everything, that's why people recommend going for an Audigy. The Creative cards are all you need unless you get in to recording or sound engineering.
I've read a lot of comments saying "NAT is false security" but never the technical reasoning behind it. I run NAT in several locations as the only way to get multiple computers online, and as an added benefit it has saved a few Windows machines' hides. For example if someone runs an attachment from an e-mail containing a SubSeven virus, which opens up a backdoor port then advertises the connection on IRC, noone is able to connect to that backdoor port without breaking the password on the NAT machine and opening the port. A real firewall might have caught the outgoing IRC advertisement, or logged incoming connection attempts, but the NAT provided a basic level of protection for the internal computers. Am I missing something?
I don't think it needs random access to the entire DVD volume at any given time, only a drive with a low seek time and variable speed along with enough RAM for a few seconds ahead and behind. If it's anything like the Pioneer CDJs I used to own you can't randomly "drop the needle" anywhere on the disc like with turntables. You have to fast-forward or rewind with the jog dial (although it can fly through a CD) and then use more fine-grained control and queing in a small area on the disc.
Also, they don't need 4.7GB of RAM to cache an entire DVD, it's very likely not outputting full DVD quality. When I was running visuals at shows I could get away with 320x240 output depending on the projector/lighting/projecting surface/etc. That was pretty extreme, but lots of projectors can't handle more than NTSC interlaced anyways.
I must be the only person running a vulnerable version, but this vulnerability is affecting my Firebird 0.7 (win32). It shows the http://www.microsoft.com in the status bar, then goes to the other website. Has anyone tested this on other things like AIM?
Ebuilds can point anywhere on the web to binaries, the attacker could have changed the portage ebuild to point to a malicious emerge binary. It would have said "there is a portage update available" and would recommend downloading it immediately. Of course if this happened the Gentoo folks would have made a note of it, but it's not an implausible situation.
Putting WiFi technology on the motherboard seems like the next logical leap, but hopefully they keep the RF transmitter hardware outside the box. Otherwise say goodbye to HiFi soundcard quality.
I think Gardiner's argument holds perfect ground. You personally may not take advantage of the benefits of digital media, but I use them to the fullest extent possible. All of my CDs are archived in OGG/MP3 for streaming across the network, and possibly burned to CD hundreds at a time for listening to in the car on the MP3/CD player. How can this justifiably be considered illegal? The legal system doesn't work by banning everything that could lead to a crime (until now?).
If they simply stopped buying instead of illegally copying we wouldn't have this mess.
So the illegal file sharing of music has countered the market correction expected by the music industries reported losses? How does that work? A few high profile suits against college kids doesn't even begin to recoup for the losses they are claiming.
Everyone assumes you get a state appointed lawyer in a criminal case, but if you fall in to the huge demographic of "have had some form of income recently and own at least one major material possession, but can't shell out several hundred for a lawyer" you will find yourself without a public defender or private attorney.
Not everyone can afford a firewall that does hardware based filtering AND a top of the line IDS. By putting the hardware scanner first in line you eliminate a lot of bandwidth hitting your firewall that (usually) needs to be dealt with in software.
In other words, the FPX could scan every word in the entire works of Shakespeare in about 1/60th of a second.
Yes, but how many Libraries of Congress can it scan per second?
This is a tough decision; personally I feel kids deserve a little leeway. Growing up on the Internet, most of what I did was interacting with friends. Do you think it's necessary to sit in on the lunch table conversations with your child and her friends? Reading the notes she passes back and forth with the boy that sits in front of her?
As far as censoring proxies, I'd say go for it. One of the best teaching tools I had growing up was subverting restrictive technology. Make them work for their questionable content!
Slashdot Mirror
Not to sound too important, but I'm pretty sure they scrapped the idea after I sent them an e-mail asking why they are ignoring the security flaws in the system.
;-)
Another option would be to have a service listening on port 22 that wasn't SSH at all and sent back ICMP messages indicating the port is closed, even though it's listening to what you send. A packet with a special payload could temporarily turn the port 22 service in to a tunnel to ssh which is listening on a port accessible by 127.0.0.1 only. The idea has been around but this is the first real implementation I've heard of; would make port scanning completely useless. The problem is relying on additional client-side tools. I guess you could manually telnet to a series of ports quickly, then opening the ssh connection but the special packet idea wouldn't work unless you had proper tools on the client side.
I think the parent poster meant upstream as in higher up in the chain of your wide area network, rather than the upstream capabilities of your connection. If all your traffic routes through a traffic shaping box before connecting to a mainline, you could build your own super modem for all the ISP cares and the traffic would still be limited at the ISP level. The reason uncapping works is because a lot of cable providers do all the bandwidth limitation in the cable modems themselves. Cable providers: what have we learned about placing trust in the client side today?
Turntables were mentioned briefly in the article, but I think they deserve a spot on the top 10. For live DJ events there is no replacement, though manufacturers have been trying for over a decade. You have quick seek access to the entire song by picking up the needle and moving it left or right, and fine-grain control of position by rotating the vinyl by hand, as well as quick start and stop (with direct drive tables), speed control, sometimes reverse playback, and analog sound (critical if you are a hip hop DJ or turntablist for scratching). There's a lot of downsides; the vinyl is fairly fragile, susceptible to dust and scratches and is worn slightly every time you play it, the stylus can easily break, vibrations can cause the needle to jump, the motor can burn out, etc. Even with all the negative elements of this aging technology it's still the only way to go.
If it takes voodoo magic to get Gentoo running I must be living in a voodoo doctor's hut because my roommate and I are looking at over a dozen systems running from Gentoo; from desktops to servers to home theater PCs, laptops, routers... I've spent a decent amount of time with RedHat, Mandrake, Debian, SuSe, Caldera, and Gentoo and the latter is where I ended up and stayed.
.ebuild doesn't work yet, whatever).
Maybe someday someone will make a Gentoo install CD on par with Mandrake 9.2 or the latest Fedora, but if you're queasy about compiling the occasional package from source maybe Gentoo isn't the right option, as I've done an emerge --inject for several packages (didn't have the version I need in Portage, the super-ultra-beta-~x86
I want to see this cluster take on IBM's system!
Your privacy in a public Internet Cafe, right? Seriously, people think that store owners shouldn't have the right to monitor their own premises. Noone is forcing you to use the Internet Cafe. Protest by going home and getting online, or go to the library. Should it be unconstitutional for you to install security cameras, because you might invade privacy rights of visitors and solicitors?
As far as them being required, I don't disagree because the anonymous nature of the cafes make them prime ground zero for hacking, carding, illegal porn trading, etc. But how hard is it to go wardriving for a few minutes and find your own truly anonymous hotspot? Seems like an unnecessary burden put on store owners.
Actually it turns out sound cards are just easier to reverse engineer than video cards. Creative is supposedly playing nicely with the OSS community, but getting ALSA support for the latest Audigy2 card features (especially USB like the Audigy2 NX) is happening very slowly.
To provide an example of a superior driver in Linux, my D-Link DWL-650 (Intersil firmware). In Windows, with both the Microsoft and all versions of the D-Link driver I get frequent disconnects, I have to unplug and plug the card in sometimes several times to get a connection in the first place, CPU usage spikes severely when the connection is being made. In Linux I pop the card in, it blinks three times and I have a signal that doesn't drop until I move out of range. How about USB mice? In Windows I patiently wait while the hard drive grinds away and the system tray informs me I've plugged a mouse in, eventually letting me use it. In X11 it works no more than three seconds after plugging it in with no CPU spike. What about those horrible HP all-in-one drivers in Windows that are half driver and half system tray program, and a couple more processes in the system tray that are anyone's guess as to what their purpose is. The drivers have been released and re-released for months and months, every time fixing a nice bug like "prevents USB from randomly disconnecting" or "no longer floods the network with traffic" but yet it never gets to a point that doesn't make you want to throw it out the window. Unless you're running Linux, where CUPS handles it exactly like a printer should be handled, and the scanning is quick and efficient with SANE.
At 46 pages x 2 ads per page that's 92 ads for the entire article. Figured at the standard rate of one cent per impression, the site makes almost a dollar every time someone reads the article. What are the chances review sites would release their reviews in pdf or a similar format for offline (ad-free) reading? Zero.
The front page has a link to send them your feedback (javascript required). Let them know what you think.
http://www.serveusa.gov/public/aca.aspx
Unless it's a business cell phone. If I'm wrong please let me know, and I have a bone to pick with a lot of telemarketers!
1) Lots of people listen to mp3s from their computer, which might be hooked up to a high fidelity audio system or a receiver with SPDIF-in. In either of those situations using an AC97 chipset is hurting your audio quality severely.
2) People who do video editing on their computers who would rather put their money in video equipment than a hifi soundcard will welcome the addition of quality audio the next time they are dubbing the video.
That's in addition to the big market you already mentioned, gamers. I think people who mess around with audio will still go for solutions that use offboard DAC/ADC solutions, 5ms ASIO and have MIDI controllers. You can't please everyone but I'd say this is an important step forward.
The important feature to look for is AC3 Passthrough. This takes the raw stream from (lets say) a DVD, whether it's Dolby Digital or DTS, and sends it directly to the soundcard. No DAC or ADC is ever used until the signal reaches your receiver. It gets kind of tricky though because some lower end cards will support AC3 passthrough, but you can't send analog audio (an MP3 or game that goes through the DAC on the card) to the SPDIF channel at the same time. You want a card that does everything, that's why people recommend going for an Audigy. The Creative cards are all you need unless you get in to recording or sound engineering.
I've read a lot of comments saying "NAT is false security" but never the technical reasoning behind it. I run NAT in several locations as the only way to get multiple computers online, and as an added benefit it has saved a few Windows machines' hides. For example if someone runs an attachment from an e-mail containing a SubSeven virus, which opens up a backdoor port then advertises the connection on IRC, noone is able to connect to that backdoor port without breaking the password on the NAT machine and opening the port. A real firewall might have caught the outgoing IRC advertisement, or logged incoming connection attempts, but the NAT provided a basic level of protection for the internal computers. Am I missing something?
I don't think it needs random access to the entire DVD volume at any given time, only a drive with a low seek time and variable speed along with enough RAM for a few seconds ahead and behind. If it's anything like the Pioneer CDJs I used to own you can't randomly "drop the needle" anywhere on the disc like with turntables. You have to fast-forward or rewind with the jog dial (although it can fly through a CD) and then use more fine-grained control and queing in a small area on the disc.
Also, they don't need 4.7GB of RAM to cache an entire DVD, it's very likely not outputting full DVD quality. When I was running visuals at shows I could get away with 320x240 output depending on the projector/lighting/projecting surface/etc. That was pretty extreme, but lots of projectors can't handle more than NTSC interlaced anyways.
I must be the only person running a vulnerable version, but this vulnerability is affecting my Firebird 0.7 (win32). It shows the http://www.microsoft.com in the status bar, then goes to the other website. Has anyone tested this on other things like AIM?
Ebuilds can point anywhere on the web to binaries, the attacker could have changed the portage ebuild to point to a malicious emerge binary. It would have said "there is a portage update available" and would recommend downloading it immediately. Of course if this happened the Gentoo folks would have made a note of it, but it's not an implausible situation.
Putting WiFi technology on the motherboard seems like the next logical leap, but hopefully they keep the RF transmitter hardware outside the box. Otherwise say goodbye to HiFi soundcard quality.
Software is nothing in the enterprise without support.
I was about to delve in more detail, but that says it perfectly.
I think Gardiner's argument holds perfect ground. You personally may not take advantage of the benefits of digital media, but I use them to the fullest extent possible. All of my CDs are archived in OGG/MP3 for streaming across the network, and possibly burned to CD hundreds at a time for listening to in the car on the MP3/CD player. How can this justifiably be considered illegal? The legal system doesn't work by banning everything that could lead to a crime (until now?).
If they simply stopped buying instead of illegally copying we wouldn't have this mess.
So the illegal file sharing of music has countered the market correction expected by the music industries reported losses? How does that work? A few high profile suits against college kids doesn't even begin to recoup for the losses they are claiming.
Everyone assumes you get a state appointed lawyer in a criminal case, but if you fall in to the huge demographic of "have had some form of income recently and own at least one major material possession, but can't shell out several hundred for a lawyer" you will find yourself without a public defender or private attorney.
Not everyone can afford a firewall that does hardware based filtering AND a top of the line IDS. By putting the hardware scanner first in line you eliminate a lot of bandwidth hitting your firewall that (usually) needs to be dealt with in software.
In other words, the FPX could scan every word in the entire works of Shakespeare in about 1/60th of a second.
Yes, but how many Libraries of Congress can it scan per second?
This is a tough decision; personally I feel kids deserve a little leeway. Growing up on the Internet, most of what I did was interacting with friends. Do you think it's necessary to sit in on the lunch table conversations with your child and her friends? Reading the notes she passes back and forth with the boy that sits in front of her?
As far as censoring proxies, I'd say go for it. One of the best teaching tools I had growing up was subverting restrictive technology. Make them work for their questionable content!
Not just their name, but any e-mail addresses and aliases they've used around the net. A geek's life is archived and indexed on the net.