Slashdot Mirror


User: Lennie

Lennie's activity in the archive.

Stories
0
Comments
3,689
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,689

  1. Re:The Book Of Internets, Chapter Three, Verse Twe on Attack Code Published For DNS Vulnerability · · Score: 1

    If you set up your own caching server and point it to the ISP-caching server, yes. But that would kinda defeat the point of using your own caching server. If you were doing it for your security.

  2. Re:We had a POC Report Designer on Is Anyone Using the Google Web Toolkit? · · Score: 1

    Blame IE, it is what keeps the web moving forward

  3. Re:CACert on What Would It Take To Have Open CA Authorities? · · Score: 1

    Do you have any idea how easy it is to get a domain ? Pretty much the only thing they check is your creditcard number. And I have my doubts they will do any checks before setup of DNSSec.

  4. Re:CACert on What Would It Take To Have Open CA Authorities? · · Score: 1

    I think this is were CACert has it's advantage, it's about building real trust, people seeing people with real passports, etc.

  5. Re:The idealistic young become the cynical old. on Linux's Security Through Obscurity · · Score: 1

    I think this illustrates it even better:
    "Because I see no point. Quite often, we don't even realize some random bug could have been a security issue."

    "The issue is that I think it's then _misleading_ to mark that kind of commit specially, when I actually believe that it's in the minority.

    If people think that they are safer for only applying (or upgrading to) certain patches that are marked as being security-specific, they are
    missing all the ones that weren't marked as such. Making them even _believe_ that the magic security marking is meaningful is simply a lie.
    It's not going to be.

    So why would I add some marking that I most emphatically do not believe in myself, and think is just mostly security theater?"

  6. Re:Who Cares... on Firefox 3.0.1 Fixes 'Carpet Bombing' Issue · · Score: 4, Informative

    no, Safari isn't open source, WebKit is open source, because it is based on khtml.

  7. Re:How to download freely in Server 2008 on Making the Switch To Windows "Workstation" 2008 · · Score: 1

    7. The smile on your face - priceless

  8. Re:Unfortunately, what else is new? on Paul Vixie Responds To DNS Hole Skeptics · · Score: 1

    There is no real fix, other than changing than protocol in a backwards incompatible way. Port randomisation is a workaround and but it will give us some more years.

    And that last part is just me guessing.

  9. Re:The back-biting is shameful on Paul Vixie Responds To DNS Hole Skeptics · · Score: 3, Interesting

    Not in this case, in this case seeing the source changes doesn't really help, it's more like a protocol-design-flaw. And the bugfix is just a workaround.

  10. Re:The back-biting is shameful on Paul Vixie Responds To DNS Hole Skeptics · · Score: 3, Informative

    It was because of forethought of one man, DJB (Bernstein).

  11. Re:Not so simple. on Paul Vixie Responds To DNS Hole Skeptics · · Score: 1

    And where you got the IP-address for the whois (hint it uses several hosts for different TLD/regions).

  12. Re:I'm not worried on Paul Vixie Responds To DNS Hole Skeptics · · Score: 4, Funny

    That's why 'smart' people use /etc/hosts. That solves the problem of remembering and of the HTTP-host-header.

  13. Re:... and if you leave your car key in the igniti on Estimating the Time-To-Own of an Unpatched Windows PC · · Score: 1, Troll

    I'm sorry, but if you take your average Linux distribution, you will see this won't happen.

    For a company with so many resources (read: money) they keep messing up in a big way.

  14. Re:Finally on IBM's Eight-Core, 4-GHz Power7 Chip · · Score: -1, Troll

    Exactly, Vista doesn't have any usefull features.

  15. Re:Easy... on 20 Features Windows 7 Should Include · · Score: 1

    So you are saying they should start selling DirectX for Linux ? ;-)

  16. Re:Let's not forget... on 20 Features Windows 7 Should Include · · Score: 4, Informative

    It's not a devil, it's a daemon.

  17. Re:n00by question on Package Managers As Achilles Heel · · Score: 1

    I guess you mean Wubi in this case ? ;-)

  18. Re:BLASPHEMY! on Linux For Housewives. XP For Geeks. · · Score: 1

    I think he means it's been running for a year without problems.

    But I'm not a mind reader of course.

  19. Re:Oh cool! on Massive, Coordinated Patch To the DNS Released · · Score: 1

    Totally agree.

    I also don't want to get answers for things that don't exist, something they do or atleast have done.

  20. Re:The Death of BIND on Massive, Coordinated Patch To the DNS Released · · Score: 1

    There is PowerDNS. I suggest you use that.

  21. Re:My first response is to call Bullshit on Massive, Coordinated Patch To the DNS Released · · Score: 2, Insightful

    It is known for years that it's less secure, if you don't use proper randomization. Now it turns out, it's _really_ insecure. Duh.

  22. Re:My first response is to call Bullshit on Massive, Coordinated Patch To the DNS Released · · Score: 1

    Vendors that don't implement proper randomization are just lazy. Don't buy/download there software.

    It has been known for years, that it makes your DNS-implementation safer to use, they have been warned again and again. And now they needed a year to implement it.

  23. Re:Finally...! on Massive, Coordinated Patch To the DNS Released · · Score: 1

    In dutch SOA (DNS-record or service-oriented architectures) is actually the abbreviation of STD (sexually transmitted disease). That always cracks me up.

  24. Re:DJBDNS not affected. on Massive, Coordinated Patch To the DNS Released · · Score: 1

    Did I say PowerDNS is faster too ?

    </commercial> ;-)

  25. Re:DJBDNS not affected. on Massive, Coordinated Patch To the DNS Released · · Score: 1

    Who cares ? PowerDNS together with the implementation in Juniper 'hardware' were the only other 2 implementations that were not vulnerable as far as I can see from the document (by skimming through it). Although a lot had 'status unknown'. For example OpenBSD's heavily (?) patched bind.

    I use PowerDNS, it has any feature you might want.

    It runs on all the modern hardware. And a lot of operating systems.

    OK, DNSSec is the only feature it doesn't have complete support for.

    But until someone creates a sane specification, I doubt we'll get sane implementations which means the cure is worse then the problem (complicated code means lots of security bugs).

    Let me just say: DJB, Bert (PowerDNS) and Dan K. you are my DNS heros. :-)