You're not going to find any significant amount of open source software that will run on a 6809. I've written code for the 6809, it's less capable than a PDP-11. It's got no MMU. There's no UNIX port for it, if you want to run anything like UNIX on it you'll have to negotiate with Microware for OS/9... and OS/9 is sufficiently far from UNIX to make porting a problem. I suspect you will not find any educational open source software that will run on it that isn't a port of Apple II software.
Most Apple II software is closed-source and copy protected
I had an Apple II. I was using the Apple II back when it was new. Don't tell me what "most Apple II Software" is, I know it. I'm not talking about Visicalc and Electric Pencil... what does a kid want with Visicalc and Electric pencil? They want David Ahl's "101 basic Computer Games" and the beagle Brothers' library. They want Applesoft Basic and Logo: get Terrapin or LCSI to release a version of Logo for it, or write one from scratch. Include FIG-Forth for more advanced kids.
Word Perfect? dBase? What the hell do kids want with that? We're talking about rocket science here: there's more sense-of-wonder and more learning from typing in your own version of "Lunar Lander" than any of the practical stuff you want.
Copyright is metadata. All you're saying is that encrypting a copyrighted work with a one-time-pad doesn't remove the copyright. Which is trivially true, since the copyright is not contained in the data.
Think of copyright like the chain of custody that you have to maintain in a court case. If you use a non-licensed agent to gather data, it weakens your case, even though the data is the same whether the agent is licensed or not... as the RIAA has recently discovered.:)
Because there's an enormous pool of software for the Apple II - a pool of free software, not just commercial software, and free educational software to boot. And it's designed to work well with a standard TV set as the display.
The capabilities of the hardware are a minor issue. None of the alternatives you list are all that much better, and none of them have the huge pool of free and abandoned software. Computers aren't about hardware excellence, or we'd be using Amiga-derived computers now instead of IBM-PC clones. Computers aren't about processors, or the x86 would have died a well deserved death in the '80s. Computers are about running software. You get a computer that runs the software you want to run, and for an educational platform that has to hook up to a TV, the Apple II is probably the best choice.
I would hope that they used the 65C816 instead of the 6502. It's not a great CPU, but it would let them emulate anything up to the Apple IIGS, which gives them more software to choose from.
He's not saying that the Jury's verdict is wrong, he's saying that the decision was made on incorrect information. The fact that they based their decision on were wrong. If a Jury found a man guilty of murder but it turned out that the prosecution had hidden facts that would have exonerated the defendant, would you consider that "unamerican"?
You're not answering the question, because unless the upstream resolver is not doing recursion the stub resolver will not issue queries that the attacker can see and so will not receive packets from the attacker:
Stub resolvers that will issue queries in response to attacker behavior, and may receive packets from an attacker, should be patched.
The original attack is not against a client resolver, it's against a recursive DNS server. If the upstream recursive DNS server is vulnerable, then you are vulnerable. If the upstream is not vulnerable, then you are not vulnerable. Whether the packets passing between your resolver and the upstream recursive server are using sequential or random ports and sequence numbers is irrelevant.
Which has the added effect of causing it to act like a gyroscope and resist further alterations to it's vector.
I don't think rotational and linear momentum are coupled in the way that you seem to imply they are, otherwise it would be a lot easier to build an inertialess drive.
Firefox forces the user to accept the self-signed certificate as an exception before it will let them access the site.
Which would be an improvement over the existing experience with SSL, but apparently the process of doing so is sufficiently daunting to have caused this article to be produced.
The business side explanation is that we want to make sure that Linux remains a first class citizen on the web. As websites start using Silverlight we don't want Linux to be in a position where you can't access those websites. Also we thought Silverlight will be important enough and have enough market share just because it is Microsoft doing it.
Replacing the open-systems UNIX API with the Microsoft controlled.NET API is awfully reminiscent of how IBM made OS/2 such a popular desktop.
It appears that "Vibrant in-text advertising" does not allow end-users to opt out of their pop-ups any more. I would like to encourage story submitters to stop providing links to sites (like the one referenced here) that use Vibrant and other in-page popups.
So, let's throw out everything else and discourage people from providing encrypted access to their servers?
I think that's a bad idea. I've thought that a bad idea for about as long as I've been aware of the way SSL worked.
You would get the majority of the benefits simply by performing the test "is this certificate the same as the one this site provided last time?"... and really, if certificates are cheap... and given that there have been widely publicized examples of fraudulently acquired certificates (including one for a Microsoft domain on one occasion), this test should be applied regardless of whether the certificate is signed.
It doesn't allow me to use a real address that can be crosschecked with my phone number, because my phone service is mobile and will crosscheck to my PO Box, and they won't accept a PO Box. Why my PO Box? Because I've used my PO Box as my billing address for everything for over a decade. Why? Because I've had too much stuff vanish from my kerbside letterbox, and had several thousand dollars worth of problems from someone using stolen bills to take out a credit card in my name.
The SSL model of certificates signed by a CA is a huge contrast to the SSH model, using much of the same underlying technology, of concentrating on whether a certificate has changed.
Browsers should let you know about self-signed certificates, but they should only give you a warning the first time you visit a site with such a certificate, or if the certificate has changed. Warning you over and over again about a certificate that you have chosen to trust is a lousy model that actively discourages people from using SSL.
And, while I'm on the subject, they should probably warn you about certificate changes whether they're signed or not!
If the resolver only contact's the ISP's nameserver, then the attacker can't make the resolver contact a nameserver he controls, so never sees a query, how is he supposed to predict any request so he can send the wrong response?
If the attacker *can* see a query, that means he's already in the path between the resolver and the nameserver, and he doesn't need to predict any queries, so the behavior of the resolver in selecting ports and sequence numbers is irrelevant.
Free Software has a long and healthy tradition of "show me the code". But when someone points out a usability issue, this tradition turns into "patches welcome", which is unhelpful since most designers aren't programmers. And it's not obvious how else usability specialists should help out.
What the hell is he talking about? What's the distinction he's trying to draw between "Show me the code" and "Patches welcome"? I honestly don't get it.
Intuitive? It's still light years ahead of Windows and Gnome/LDE.
Just works? That was always bullshit. Mac OS classic never "just worked", Mac OS classic was *shit*. What it had was that it was all very simple, and the ways it went together were very simple, so you could fix it when it broke without being any kind of geek. OS X, now, that's pretty damn close to "just works".
Printers? I'm still having problems getting Windows to handle printers at work. They just show up on OS X.
Don't lock yourself into dead end applications. And that includes Microsoft Office, which gets changed incompatibly every time a new version comes out. The applications I most depend on are the ones I have the source code to, and some of them are the same ones I was using almost 30 years ago.
Unless the code is doing a full DNS lookup, rather than requesting a lookup from a recursive nameserver, there is no mechanism for a hostile nameserver to receive any packets from the local resolver to guess at the port and sequence number. It does not seem that the local resolver in Tiger or Leopard behaves that way... nor does the local resolver in Linux, nor does the local resolver in Windows, to address some other comments I have seen here and elsewhere.
I remember seeing canned demos like this at least 10 years ago. This really reminds me of the one Apple did.
There's no working code behind those videos, just slideshows.
You're not going to find any significant amount of open source software that will run on a 6809. I've written code for the 6809, it's less capable than a PDP-11. It's got no MMU. There's no UNIX port for it, if you want to run anything like UNIX on it you'll have to negotiate with Microware for OS/9... and OS/9 is sufficiently far from UNIX to make porting a problem. I suspect you will not find any educational open source software that will run on it that isn't a port of Apple II software.
Most Apple II software is closed-source and copy protected
I had an Apple II. I was using the Apple II back when it was new. Don't tell me what "most Apple II Software" is, I know it. I'm not talking about Visicalc and Electric Pencil... what does a kid want with Visicalc and Electric pencil? They want David Ahl's "101 basic Computer Games" and the beagle Brothers' library. They want Applesoft Basic and Logo: get Terrapin or LCSI to release a version of Logo for it, or write one from scratch. Include FIG-Forth for more advanced kids.
Word Perfect? dBase? What the hell do kids want with that? We're talking about rocket science here: there's more sense-of-wonder and more learning from typing in your own version of "Lunar Lander" than any of the practical stuff you want.
Copyright is metadata. All you're saying is that encrypting a copyrighted work with a one-time-pad doesn't remove the copyright. Which is trivially true, since the copyright is not contained in the data.
Think of copyright like the chain of custody that you have to maintain in a court case. If you use a non-licensed agent to gather data, it weakens your case, even though the data is the same whether the agent is licensed or not... as the RIAA has recently discovered. :)
If there is anything less "cool" on this world than the corporate desktop I have yet to find it.
Bagpipes.
This isn't a "proprietary-free" desktop, it's a "Microsoft-free" desktop.
Surprisingly enough there ARE a few other companies that have managed to survive the Microsoft onslaught and remain in the software business.
That was my first job, a summer job in high school. In COBOL.
Because there's an enormous pool of software for the Apple II - a pool of free software, not just commercial software, and free educational software to boot. And it's designed to work well with a standard TV set as the display.
The capabilities of the hardware are a minor issue. None of the alternatives you list are all that much better, and none of them have the huge pool of free and abandoned software. Computers aren't about hardware excellence, or we'd be using Amiga-derived computers now instead of IBM-PC clones. Computers aren't about processors, or the x86 would have died a well deserved death in the '80s. Computers are about running software. You get a computer that runs the software you want to run, and for an educational platform that has to hook up to a TV, the Apple II is probably the best choice.
I would hope that they used the 65C816 instead of the 6502. It's not a great CPU, but it would let them emulate anything up to the Apple IIGS, which gives them more software to choose from.
Because it's all about the software.
He's not saying that the Jury's verdict is wrong, he's saying that the decision was made on incorrect information. The fact that they based their decision on were wrong. If a Jury found a man guilty of murder but it turned out that the prosecution had hidden facts that would have exonerated the defendant, would you consider that "unamerican"?
Please read: http://www.us-cert.gov/cas/techalerts/TA08-190B.html
You're not answering the question, because unless the upstream resolver is not doing recursion the stub resolver will not issue queries that the attacker can see and so will not receive packets from the attacker:
The same way as it does in the original attack.
The original attack is not against a client resolver, it's against a recursive DNS server. If the upstream recursive DNS server is vulnerable, then you are vulnerable. If the upstream is not vulnerable, then you are not vulnerable. Whether the packets passing between your resolver and the upstream recursive server are using sequential or random ports and sequence numbers is irrelevant.
Which has the added effect of causing it to act like a gyroscope and resist further alterations to it's vector.
I don't think rotational and linear momentum are coupled in the way that you seem to imply they are, otherwise it would be a lot easier to build an inertialess drive.
Firefox forces the user to accept the self-signed certificate as an exception before it will let them access the site.
Which would be an improvement over the existing experience with SSL, but apparently the process of doing so is sufficiently daunting to have caused this article to be produced.
You missed the parenthesized word in "No single query will ever bring a (real) RDBMS down."
Replacing the open-systems UNIX API with the Microsoft controlled .NET API is awfully reminiscent of how IBM made OS/2 such a popular desktop.
It appears that "Vibrant in-text advertising" does not allow end-users to opt out of their pop-ups any more. I would like to encourage story submitters to stop providing links to sites (like the one referenced here) that use Vibrant and other in-page popups.
One of the points of SSL is non-repudiation.
Let's change the emphasis, a bit?
Only ONE of the points of SSL is non-repudiation.
So, let's throw out everything else and discourage people from providing encrypted access to their servers?
I think that's a bad idea. I've thought that a bad idea for about as long as I've been aware of the way SSL worked.
You would get the majority of the benefits simply by performing the test "is this certificate the same as the one this site provided last time?"... and really, if certificates are cheap... and given that there have been widely publicized examples of fraudulently acquired certificates (including one for a Microsoft domain on one occasion), this test should be applied regardless of whether the certificate is signed.
It doesn't allow me to use a real address that can be crosschecked with my phone number, because my phone service is mobile and will crosscheck to my PO Box, and they won't accept a PO Box. Why my PO Box? Because I've used my PO Box as my billing address for everything for over a decade. Why? Because I've had too much stuff vanish from my kerbside letterbox, and had several thousand dollars worth of problems from someone using stolen bills to take out a credit card in my name.
Got another alternative?
The SSL model of certificates signed by a CA is a huge contrast to the SSH model, using much of the same underlying technology, of concentrating on whether a certificate has changed.
Browsers should let you know about self-signed certificates, but they should only give you a warning the first time you visit a site with such a certificate, or if the certificate has changed. Warning you over and over again about a certificate that you have chosen to trust is a lousy model that actively discourages people from using SSL.
And, while I'm on the subject, they should probably warn you about certificate changes whether they're signed or not!
If the resolver only contact's the ISP's nameserver, then the attacker can't make the resolver contact a nameserver he controls, so never sees a query, how is he supposed to predict any request so he can send the wrong response?
If the attacker *can* see a query, that means he's already in the path between the resolver and the nameserver, and he doesn't need to predict any queries, so the behavior of the resolver in selecting ports and sequence numbers is irrelevant.
What the hell is he talking about? What's the distinction he's trying to draw between "Show me the code" and "Patches welcome"? I honestly don't get it.
Intuitive? It's still light years ahead of Windows and Gnome/LDE.
Just works? That was always bullshit. Mac OS classic never "just worked", Mac OS classic was *shit*. What it had was that it was all very simple, and the ways it went together were very simple, so you could fix it when it broke without being any kind of geek. OS X, now, that's pretty damn close to "just works".
Printers? I'm still having problems getting Windows to handle printers at work. They just show up on OS X.
Don't lock yourself into dead end applications. And that includes Microsoft Office, which gets changed incompatibly every time a new version comes out. The applications I most depend on are the ones I have the source code to, and some of them are the same ones I was using almost 30 years ago.
How cheaply could you make one, based on (say) an old laptop and webcam?
Maybe one that can keep track of police plates?
Welcome to the Transparent Society.
As I noted in http://it.slashdot.org/comments.pl?sid=633511&cid=24441397 this is a non-issue. Also see
wkcole's article http://it.slashdot.org/comments.pl?sid=633511&cid=24445481 .
Unless the code is doing a full DNS lookup, rather than requesting a lookup from a recursive nameserver, there is no mechanism for a hostile nameserver to receive any packets from the local resolver to guess at the port and sequence number. It does not seem that the local resolver in Tiger or Leopard behaves that way... nor does the local resolver in Linux, nor does the local resolver in Windows, to address some other comments I have seen here and elsewhere.
If it's just forwarding the requests to the ISP's server than it's not vulnerable to this issue.
The UI already is open... people can mod it to create virtually any interface you can imagine.
So Blizzard already supports writing a bot into the UI? So what's the point of Glider?