Cat and mouse
on
Window Pain
·
· Score: 2, Interesting
Generally speaking, bad actors will counter any move you make. Talking about miscreants who might respond with innocent content for requests from the ad network's IP space is naive; this has been happening for years already. It is quite common to see a lot of different defenses deployed to protect the bad actors, and accurately tracking them is rarely simple. It's part of the power and part of the problem that is HTML.
There's been a lot of propaganda on both sides of this issue, and a lot of reasons to be skeptical.
Since the jury's still out on the dangers of cell tower radiation, the big questions here would seem to be:
1) Do you feel like being a guinea pig?
2) If you do something like making your apartment into a Faraday cage, are you opening up a different can of worms, such as, can the cell carrier take action against you? Probably not, but for a purchase as major as this, you'd probably want to check with a lawyer...
3) How much time and expense do you put into something like this?
In this case, the VPN system is specifically designed to emulate an actual ethernet (courtesy of OpenVPN, which is what we use for our corporate network). The interface appears for all intents and purposes to be the primary ethernet, and has 0/1 and 128/1 forcibly routed out to the gateway on the VPN network at a high priority just to be safe.
The hotel is using 10.0.0.1/24 for its network (ethostream). The laptop can still reach that specific network prefix (including 10.0.0.1) locally, but any attempt to determine the external IP address of the hotel's service through normal discovery mechanisms would fail; traffic sent to non-10.0.0.0/24 addresses would go via the VPN (STUN, etc., style methods).
The gateway at 10.0.0.1 could certainly be running some sort of new service that allows a request to be placed to it and then it reports its location; if so, this represents an interesting new challenge.
The web browser itself was started in a different location, and wasn't used to accept the T&C of the local internet access, so whatever happened is rather interesting and unexpected.
The VPN system was designed and implemented a long time ago, and we've never seen a leak, so the really interesting point here is that through this location mechanism, however it actually happened, an unintended leakage did happen. It just goes to show you that there are competing interests at work here; those who desire privacy (even for unrelated purposes such as VPN policy) are at odds with ever-evolving and ever-more-complex attempts to derive location information.
It's probably a good fight to fight, but remember it'll keep getting harder.
I was connected via VPN last night (all IP connectivity except the VPN itself runs over the VPN) from a hotel. Pulled up Google Maps to look up some local destinations. It offered me the option to use Firefox's location services. Curious, I let it, and despite being logged in via VPN, it accurately pulled up my location to within a few hundred feet.
Still not exactly sure what it's doing to figure that out, but boy, that's scary...
The day of the static web page is indeed drawing to a close. With Facebook rewriting PHP into HipHop, other middleware products becoming capable of also serving content, and the general transition to "Web 2.0", the largely static Web of the '90's is nearer than ever to its eventual end.
Apache 1 has been an absolutely fantastic tool over the years, and even though it's well past its "sell-by" date, the fact that many have continued to use it says a lot about the overall quality and robustness. Thanks to every Apache author, contributor, bug-fixer, administrator, and even user who has made this one rockin' Web server. It's been amazing to watch, NCSA httpd becoming Apache, and constantly evolving...
i
Am I the only one who is reminded of "Judge Dredd", with the Judges carrying smart guns that kill anyone else who pick them up? Is that the next evolution in gun control?
I don't remember the exact wording, but I remember the scene in Dredd where Rico is being told "Don't pick that up, it's a Judge's gun!" and Rico grabs it and shoots the guy, saying, "Well, then, I must be a Judge."
If we assume a generalized policy of allowing interference with traffic where piracy is suspected, the logical evolution is that end-to-end communications on the Internet is eventually doomed. BitTorrent is just one technology used to get information directly from my IP to your IP. What happens when an ISP realizes that IRC DCC SEND exists, and that some piracy happens that way? Or that encrypted VPN's have been used for this purpose? What happens as encryption becomes ever more prevalent? Do ISP's block all encrypted traffic between end-user endpoints just because there might be piracy going on?
The best spam block... still comes in a can.
And thanks to Top Gear and their arctic special for permanently engraving in my memory the image of a shotgun blasting a can of spam.
"Dr. David Banner: physician; scientist. Searching for a way to tap into the hidden strengths that all humans have. Then an accidental overdose of gamma radiation alters his body chemistry. And now when David Banner grows angry or outraged, a startling metamorphosis occurs..."
Apparently they misspelled "rigor morphosis." Bah.
Navigon for the iPhone is currently weighing in at about 1.5GB, and most roads are accurate and may even include posted speed data. On the down side, it has very few POI's, especially compared to our Toyota built-in navs (runs off a DVD).
No Linux? Big deal. There are plenty of alternatives. Perhaps we would have ended up without a GPL-encumbered OS - maybe something like NetBSD or FreeBSD - doing these things. Nothing to see here.
Poor logic.
It is not much more complicated. You should be able to determine the digits given a very small sample set. Probably no more than three or four times. Possibly twice. You can eliminate many digits with just a single sample. Anyone who's ever decoded crypto using elimination knows this.
While it is better than plain old passwords, it is being billed as an alternative to secure ID schemes, so you have to compare it on those merits. It completely fails. If you're going to mail someone a plastic card, then you might as well just send them a list of one-time passwords, indexed by number, and commit to resending them once in a while. This solves the guessability problem completely.
This sort of problem is addressed in basic crypto courses, and there's a reason that a "one time pad" has the words "one time" included in the name. It's only secure one time.
Anyone who's broken into your PC and has spyware installed can fairly easily observe several login attempts with this, and then derive what your PassWindow is. This is worse than poor security, as it gives people an illusion that it is something that it isn't.
Your boss is clueless.
Commercially made cables can be marginal or bad. Buy a Fluke and test them all.
Custom cut cables are a pain to make for various reasons, and there is a lot of overhead associated with paying someone to make one. A good quality cable will take about five minutes to assemble and test, be sure to figure that into your costs. It'll take more like ten or fifteen minutes if you haven't done a few dozen of them.
That said, custom-cut cable is a godsend in a dense rack environment, and when you need an odd length that you don't have "in stock". Anytime slack is an issue.
We've been using the EZ-RJ45 crimps and tools for some time. These have the unique ability to maintain twist right up to the pins in the crimp, if you are careful. Combined with a cable tester after crimping, and a willingness to simply discard any that fail testing, we've found building cables in house to be just as reliable as the prebuilt, injection-molded cables we used to get for Cat6 cables, without the inconveniences of not having the right length.
Slashdot Mirror
Generally speaking, bad actors will counter any move you make. Talking about miscreants who might respond with innocent content for requests from the ad network's IP space is naive; this has been happening for years already. It is quite common to see a lot of different defenses deployed to protect the bad actors, and accurately tracking them is rarely simple. It's part of the power and part of the problem that is HTML.
There's been a lot of propaganda on both sides of this issue, and a lot of reasons to be skeptical. Since the jury's still out on the dangers of cell tower radiation, the big questions here would seem to be: 1) Do you feel like being a guinea pig? 2) If you do something like making your apartment into a Faraday cage, are you opening up a different can of worms, such as, can the cell carrier take action against you? Probably not, but for a purchase as major as this, you'd probably want to check with a lawyer... 3) How much time and expense do you put into something like this?
In this case, the VPN system is specifically designed to emulate an actual ethernet (courtesy of OpenVPN, which is what we use for our corporate network). The interface appears for all intents and purposes to be the primary ethernet, and has 0/1 and 128/1 forcibly routed out to the gateway on the VPN network at a high priority just to be safe. The hotel is using 10.0.0.1/24 for its network (ethostream). The laptop can still reach that specific network prefix (including 10.0.0.1) locally, but any attempt to determine the external IP address of the hotel's service through normal discovery mechanisms would fail; traffic sent to non-10.0.0.0/24 addresses would go via the VPN (STUN, etc., style methods). The gateway at 10.0.0.1 could certainly be running some sort of new service that allows a request to be placed to it and then it reports its location; if so, this represents an interesting new challenge. The web browser itself was started in a different location, and wasn't used to accept the T&C of the local internet access, so whatever happened is rather interesting and unexpected. The VPN system was designed and implemented a long time ago, and we've never seen a leak, so the really interesting point here is that through this location mechanism, however it actually happened, an unintended leakage did happen. It just goes to show you that there are competing interests at work here; those who desire privacy (even for unrelated purposes such as VPN policy) are at odds with ever-evolving and ever-more-complex attempts to derive location information.
It's probably a good fight to fight, but remember it'll keep getting harder. I was connected via VPN last night (all IP connectivity except the VPN itself runs over the VPN) from a hotel. Pulled up Google Maps to look up some local destinations. It offered me the option to use Firefox's location services. Curious, I let it, and despite being logged in via VPN, it accurately pulled up my location to within a few hundred feet. Still not exactly sure what it's doing to figure that out, but boy, that's scary...
The day of the static web page is indeed drawing to a close. With Facebook rewriting PHP into HipHop, other middleware products becoming capable of also serving content, and the general transition to "Web 2.0", the largely static Web of the '90's is nearer than ever to its eventual end. Apache 1 has been an absolutely fantastic tool over the years, and even though it's well past its "sell-by" date, the fact that many have continued to use it says a lot about the overall quality and robustness. Thanks to every Apache author, contributor, bug-fixer, administrator, and even user who has made this one rockin' Web server. It's been amazing to watch, NCSA httpd becoming Apache, and constantly evolving... i
I can't get Jim Cramer's cameo on Iron Man out of my mind. "It's a car company... that doesn't make cars! Sell! Sell! Sell!"
Am I the only one who is reminded of "Judge Dredd", with the Judges carrying smart guns that kill anyone else who pick them up? Is that the next evolution in gun control? I don't remember the exact wording, but I remember the scene in Dredd where Rico is being told "Don't pick that up, it's a Judge's gun!" and Rico grabs it and shoots the guy, saying, "Well, then, I must be a Judge."
If we assume a generalized policy of allowing interference with traffic where piracy is suspected, the logical evolution is that end-to-end communications on the Internet is eventually doomed. BitTorrent is just one technology used to get information directly from my IP to your IP. What happens when an ISP realizes that IRC DCC SEND exists, and that some piracy happens that way? Or that encrypted VPN's have been used for this purpose? What happens as encryption becomes ever more prevalent? Do ISP's block all encrypted traffic between end-user endpoints just because there might be piracy going on?
The best spam block ... still comes in a can.
And thanks to Top Gear and their arctic special for permanently engraving in my memory the image of a shotgun blasting a can of spam.
"Dr. David Banner: physician; scientist. Searching for a way to tap into the hidden strengths that all humans have. Then an accidental overdose of gamma radiation alters his body chemistry. And now when David Banner grows angry or outraged, a startling metamorphosis occurs..." Apparently they misspelled "rigor morphosis." Bah.
And with the Space Shuttles being retired, and no replacement available in the immediate future, what do they suggest? Maybe a giant slingshot?
Navigon for the iPhone is currently weighing in at about 1.5GB, and most roads are accurate and may even include posted speed data. On the down side, it has very few POI's, especially compared to our Toyota built-in navs (runs off a DVD).
Sorry. My bad.
"Microsoft: A Decade of Failure"
Seriously, I wouldn't consider it indestructible at least until you can try to nail it to the wall WITH a hammer and nail - and it still works.
Walt Disney would be proud.
No Linux? Big deal. There are plenty of alternatives. Perhaps we would have ended up without a GPL-encumbered OS - maybe something like NetBSD or FreeBSD - doing these things. Nothing to see here.
Poor logic. It is not much more complicated. You should be able to determine the digits given a very small sample set. Probably no more than three or four times. Possibly twice. You can eliminate many digits with just a single sample. Anyone who's ever decoded crypto using elimination knows this. While it is better than plain old passwords, it is being billed as an alternative to secure ID schemes, so you have to compare it on those merits. It completely fails. If you're going to mail someone a plastic card, then you might as well just send them a list of one-time passwords, indexed by number, and commit to resending them once in a while. This solves the guessability problem completely. This sort of problem is addressed in basic crypto courses, and there's a reason that a "one time pad" has the words "one time" included in the name. It's only secure one time.
Anyone who's broken into your PC and has spyware installed can fairly easily observe several login attempts with this, and then derive what your PassWindow is. This is worse than poor security, as it gives people an illusion that it is something that it isn't.
Your boss is clueless. Commercially made cables can be marginal or bad. Buy a Fluke and test them all. Custom cut cables are a pain to make for various reasons, and there is a lot of overhead associated with paying someone to make one. A good quality cable will take about five minutes to assemble and test, be sure to figure that into your costs. It'll take more like ten or fifteen minutes if you haven't done a few dozen of them. That said, custom-cut cable is a godsend in a dense rack environment, and when you need an odd length that you don't have "in stock". Anytime slack is an issue. We've been using the EZ-RJ45 crimps and tools for some time. These have the unique ability to maintain twist right up to the pins in the crimp, if you are careful. Combined with a cable tester after crimping, and a willingness to simply discard any that fail testing, we've found building cables in house to be just as reliable as the prebuilt, injection-molded cables we used to get for Cat6 cables, without the inconveniences of not having the right length.