I don't agree, they have a SSL-policy to only include CA root-certificates of organisations that have had their procedures, hardware, software and organisation properly audited.
That's not really very strange. Because the browser vendor has to trust the CA to do the right thing.
If you look at CA-cert for example, they are working on making this situation better for everyone else by getting them selfs audited.
These things take time, lots of time. _
If on the other hand you want to create your own certs, create your own organisation-root-CA. So you can import the public-key of that CA all over your organisation.
There is also the --backup --backup-dir options (you'll need both). It keeps a copy of the files that have been deleted or changed, if you use a script to keep it in seperate directories you'll have a pretty good history of all the changes.
No I'm talking about someone trying to spoof answers for your questions to OpenDNS. If your NAT messes up your source-port-randomisation, you'll still be in trouble.
You don't understand, Microsoft does not want to give people choice. They want to create a situation of lock-in. If you understand that, you might understand why these features exist in the first place.
You go to the HP-site, you goto drivers, choose the model number of the PC or laptop, you choose download. And you get one page with all the drivers you need. It does take hours to download and the network- and wireless-card or modem didn't work in XP, so you can't actually get online with the XP-install. But 6 hours to find the drivers ?
DRM actually exists to give the user less control of their computer, adding trust is thus definitly not part of there plan. Because you might add something that invalidated the whole point.
You didn't have be a genius to know bind could have had it's security improved by adding source port randomisation, just like djbdns and PowerDNS were already doing years ago. Even the creator(s) of bind knew this. That's why I didn't use bind, they are not pro-active enough by my standard.
I wouldn't put it like that, the government first poured a lot of money into it, then some students broke the encryption on this chip from the previous century that already had many known problems. Now the government doesn't seem to want to stop with the project, because it was almost ready. Although it maybe have been postponed.
If it has become slower, they are probably using bind9, because it's quick fix. After they've known for 6 months, all they could release was a quick fix. Even though the author/organsation that created/maintainces bind knew about possible problems somewhere in the preview century. I'm sorry, but I've stopped using their software as much as possible.
I don't agree, they have a SSL-policy to only include CA root-certificates of organisations that have had their procedures, hardware, software and organisation properly audited.
That's not really very strange. Because the browser vendor has to trust the CA to do the right thing.
If you look at CA-cert for example, they are working on making this situation better for everyone else by getting them selfs audited.
These things take time, lots of time.
_
If on the other hand you want to create your own certs, create your own organisation-root-CA. So you can import the public-key of that CA all over your organisation.
There is also the --backup --backup-dir options (you'll need both). It keeps a copy of the files that have been deleted or changed, if you use a script to keep it in seperate directories you'll have a pretty good history of all the changes.
No I'm talking about someone trying to spoof answers for your questions to OpenDNS. If your NAT messes up your source-port-randomisation, you'll still be in trouble.
Microsoft isn't about giving people choice, it's about lock-in.
You don't understand, Microsoft does not want to give people choice. They want to create a situation of lock-in. If you understand that, you might understand why these features exist in the first place.
It's thinking ahead with an other reason, they are not interrested in securing your data.
That's what you think.
Why work around them, when you just can stop using it ?
Not it means there is an entry in boot.ini that says Linux, Ubuntu or Grub. And grub was installed on the partition, not in the MBR.
You go to the HP-site, you goto drivers, choose the model number of the PC or laptop, you choose download. And you get one page with all the drivers you need. It does take hours to download and the network- and wireless-card or modem didn't work in XP, so you can't actually get online with the XP-install. But 6 hours to find the drivers ?
Because it also came with the PC/laptop. I've NOT seen any machine that had Vista on it that did not include an XP CD.
Surprising isn't it ? Not.
I hope you don't install any corporate services on Vista, it's meant for the desktop. Not the server.
DRM actually exists to give the user less control of their computer, adding trust is thus definitly not part of there plan. Because you might add something that invalidated the whole point.
Unless you hace a shitty NAT-firewall in between. And if a lot of people use OpenDNS, you'll all be an easy target.
You didn't have be a genius to know bind could have had it's security improved by adding source port randomisation, just like djbdns and PowerDNS were already doing years ago. Even the creator(s) of bind knew this. That's why I didn't use bind, they are not pro-active enough by my standard.
What I don't understand is, why don't they release security fixes.
I think they use bind, there are atleast some patched out (although they are slower than the original bind).
This also happends with a lot of other parts of the system. There is a patch out there but Apple doesn't apply and release it.
I don't know their policy, but this is a really odd way of doing things.
I said _may_ default any randomisation and I said simple DSL-router, Linux is not such a thing.
I wouldn't put it like that, the government first poured a lot of money into it, then some students broke the encryption on this chip from the previous century that already had many known problems. Now the government doesn't seem to want to stop with the project, because it was almost ready. Although it maybe have been postponed.
It's a perfect time to start using PowerDNS, djbdns or Unbound/NSD as well. :-)
Easiest is to temporarily put it in /etc/hosts.
If it has become slower, they are probably using bind9, because it's quick fix. After they've known for 6 months, all they could release was a quick fix. Even though the author/organsation that created/maintainces bind knew about possible problems somewhere in the preview century. I'm sorry, but I've stopped using their software as much as possible.
Don't trust them if yours is behind a simple DSL-router with NAT. The NAT may defeat any randomisation you might have.
dig +short porttest.dns-oarc.net TXT
Ohh, sorry, I misread the parent post.
I guess there is only one solution, pay for your bandwidth double or tripple, by getting an account on a server somewhere.