Forcing an interface to have a forged IP is trivial, so the restrictions do not really inhibit concealing your IP address. With TCP you are basically limited to a SYN flood, however, because you will not be able to finish the 3-way-handshake with a forged sender address.
Sending an IP datagram with your own IP in the header makes you traceable? Inconceiveable!
Why do you have to write a ten page whitepaper for a simple observation that anybody who is able to find out his own IP address and click on two buttons on wireshark could make in about 5 seconds?
This kind of spending is nothing more that a giant stimulus package, but without any hope of secondary beneficial effects. You could simply take all that money and give it to the workers directly. That would be much cheaper,because you don't need to pay fo the materials (not to mention the revenue of the company owners).
Your argument bases upon the assumption that the attacker can not generate a malicious patch the same size as the original patch. That may or may not be true, depending on how the attack works. And in security questions, it's usually better to go with the more pessimistic assumption.
So you have a situation where an attacker may substitute a patch with a malicious patch. That may or may not invalidate other hashes, depending on several circumstances of the attack, which are basically speculation. You can now either simply change the hash function, eliminating the problem, or ignore the problem and hope nothing will go wrong. Which option is better from a security standpoint?
DNS has allways been more or less centralized, and was allways controlled by the US. The US can already disable domains as they please, DNSSEC or not. The only difference with DNSSEC is, that it now impossible to change DNS data without having access to the keys. This makes DNS more secure for everyone, including private individuals.
Ecuador ranks a whooping 101 on the press freedom index, with an annually deteriorating index value. I'm not quite convinced it's the best country to exile to for people publishing inconveniant documents.
Whatever drug you are taking, take less. Or much more.
Also, I can't resist citing my favorite xkcd quote: "While the author's wildly swerving train of thought did at one point flirt with coherence, this brief encounter was more likely a chance event than a result of even rudimentary lucidity"
In my basic military training, I used to work in a position with access to pricing lists (not US, though). I can tell that while most stuff was incredibly expensive, guns and rifles where actually pretty cheap. $800 for an assault rifle sounds pretty reasonable (without any extra accessories, of course).
You know, if you marketed yourself as the man to call if you want to know which store would be best for robbing, that you'd probably go to jail, too.
Its not so much about the technology, but about the clear intend to aid copyright infringment. I don't like the current state of copyrights, but to say TPB is "merely giving directions" is missing the point. (Notice how google has not been successfully sued, even though you can find illegal torrents on google, too?)
I speak assembly, but if I try to read the patent claims my brain implodes somewhere around claim 2.
And IF I understtod the patent and could verify for myself that both are identical, I'd have to prove the identity to a judge, who will probably ask what a "gathering of people" has to do with a computer, and why that is relevant to the patent. I'd rather trust a lawyer with that, thankyouverymuch.
TThen sue the other company for violating the patent, win,
This sounds good in theory, but I've come to the conclusion that it's not neccessary that only because you *shold* win you actually *do* win. If you are unlucky, the process will go like: File for a patent, sue, get your own patent invalidated, get sued by company, and go bankrupt.
The most important step is therefor: Get a good lawyer first before trying anything else. I don't know if the EFF or similar foundations would sponsor a lawsuit, or if you'd find enough money by asking for donations, but without any backing the whole process sounds risky.
If that whole legal thing is not your favorite cup of tea, you could give all evidence to PUBPAT or a similar organisation and let them fight the patent. They have more experience dealing with this stuff.
The IBM laywers are also known by the term of Nazgûl. It has been said they can blacken the sky with their legal arguments, if IBM so desires. So don't mess with them unless you either have a certain ring in your posession, or at least a bunch of enchanted swords.
Have they fixed the idiotic security issue with chip+PIN yet? You know, the one where the chip verifies the PIN? I remember a story where it turns out during PIN verification, the chip sends the reader an "OK" value (0x90, I believe?) if the PIN is OK and the transaction goes through. No, the bank's not checking your PIN at all - it's all done on the card you have. Which means anyone who can clone it doesn't need a PIN.
It is a feature that the card confirms the PIN. This allows offline-transactions, and is not per se insecure, if the protocol between terminal+card would have been designed correctly (which it unfortunately was not). The problem (link) is, that the current protocol allows a man-in-the-middle degradation attack: Ther terminal uses PIN+chip, but the man-in-the-middle tells the card not to use PIN+chip (i.e. to use chip+sign). The confirmation of the card is used to make the terminal think the PIN was accepted.
If the protocol is fixed (i.e. by properly authenticating the data exchange), everything would be perfectly fine. Additionally, they should get rid of the insecure payment methods (i.e. anything not involving a pin), to disable *all* degradation attacs (what use is chip and pin if any fraudster can still use all of the old payment methods with a forged card?)
IC card based authentication is well-kown and established, and is secure against skimming attacks without the need of external devices. Just slip in the card and enter your PIN. Even if your PIN is observed it's useless without the chip, and the chip is not easily readable (and thus, not really copy-able). The technology has been around for years (at least since the 1990), and is widely used. Only missing step is for the credit card companies to 1. adopt them (they are actually in the process of doing this, see EMV), and 2. to disable the old insecure systems. The most important step is step 2, and due to "backwards compatibility", that step will be delayed for years or decades.
The tech has been there for 20 years, but it will probably take abother 20 years until it will make you more secure (if it is not broken in the meantime, that is)
My girlfriend, who is a native German speaker, claims that Unterwasserseebootbeleuchtungsautomatik is a valid word, which is used by a Donaudampfschiffahrtsgesellschaftskapitän.
If you tried to fomalize German language rules, you would find the rule [Noun]:= [Noun] + [filler]? + [Noun]
Thus, you can combine the two words into Donaudampfschiffahrtsgesellschaftskapitänsunterwasserseebootsbeleuchtungsautomatik, and still have a valid German word.
It's true that "Ich bin ein Berliner" is ambiguous. It can refer to someone who is from the city of Berlin, or who feels he is a jelly filled doghnut. As with all ambiguous sentences, you usually assume the meaning that seems correct given the context. Thus, Kennedy's use of the sentence was completely correct. (It's quite possible that your then-teenage German teacher believed it was funny, kids that are trying to misunderstand someone to creaty funny situations are not exactly unusual)
I'm a German. Kenedy's sentence is still pretty famous here, but until now I've never ever heared about anybody who tried to misinterpret that sentence.
You know, in that no-friction-land of yours, travelling on the surface would also basically be free, as you'd only have to accelerate once at the beginning of the journey and break at the end. Unfortunately, back in non-friction-less reality, gravity trains do not work.
You're joking,right? For the average traveller, the curvature of the earth has probably the least impact on the travel time compared to the "avoiding obstacles" or simply "following the road". And for travel where the curvature of the earth really matters, say a flight from Europe to Australia, you'd have that stupid core of molten hot stuff in your way, which will make you follow almost the same detour as on the surface.
I'm not quite sure if you are joking (you probably are, but my irony detector is miscalibrated today), and I can't say anything about the quality of tap water in the US except that it tastes horrible due to the amount of chlorine they put in this stuff, but in some countries tap water is as clean or even cleaner then bottled water. In Europe, at least, tap water is required to be of a drinkable quality; and if your country does not need to chlorinate the water, it's pretty common to drink it. Sometimes, even bottled water is nothing more than bottled tap water (e.g. BonAqua/Dasani).
Slashdot Mirror
So that would not fix the patent system, but make me rich enough to buy enough booze and hookers to not care any more. Sounds good.
Yeah, since when did Slashdot become CmdTaco's blog?
In the unlikely case you are not joking, I'll answer with a citation from Wikipedia:
Slashdot was founded in 1997 as a blog, Chips & Dips, by Hope College computer science student Rob Malda, also known as "Commander Taco".
Dude, you just crashed my irony detector.
Forcing an interface to have a forged IP is trivial, so the restrictions do not really inhibit concealing your IP address. With TCP you are basically limited to a SYN flood, however, because you will not be able to finish the 3-way-handshake with a forged sender address.
Sending an IP datagram with your own IP in the header makes you traceable? Inconceiveable!
Why do you have to write a ten page whitepaper for a simple observation that anybody who is able to find out his own IP address and click on two buttons on wireshark could make in about 5 seconds?
This kind of spending is nothing more that a giant stimulus package, but without any hope of secondary beneficial effects. You could simply take all that money and give it to the workers directly. That would be much cheaper,because you don't need to pay fo the materials (not to mention the revenue of the company owners).
Your argument bases upon the assumption that the attacker can not generate a malicious patch the same size as the original patch. That may or may not be true, depending on how the attack works. And in security questions, it's usually better to go with the more pessimistic assumption.
For extra security, use each of them twice!
So you have a situation where an attacker may substitute a patch with a malicious patch. That may or may not invalidate other hashes, depending on several circumstances of the attack, which are basically speculation. You can now either simply change the hash function, eliminating the problem, or ignore the problem and hope nothing will go wrong. Which option is better from a security standpoint?
DNS has allways been more or less centralized, and was allways controlled by the US. The US can already disable domains as they please, DNSSEC or not. The only difference with DNSSEC is, that it now impossible to change DNS data without having access to the keys. This makes DNS more secure for everyone, including private individuals.
Ecuador ranks a whooping 101 on the press freedom index, with an annually deteriorating index value. I'm not quite convinced it's the best country to exile to for people publishing inconveniant documents.
Whatever drug you are taking, take less. Or much more.
Also, I can't resist citing my favorite xkcd quote: "While the author's wildly swerving train of thought did at one point flirt with coherence, this brief encounter was more likely a chance event than a result of even rudimentary lucidity"
In my basic military training, I used to work in a position with access to pricing lists (not US, though). I can tell that while most stuff was incredibly expensive, guns and rifles where actually pretty cheap. $800 for an assault rifle sounds pretty reasonable (without any extra accessories, of course).
You know, if you marketed yourself as the man to call if you want to know which store would be best for robbing, that you'd probably go to jail, too.
Its not so much about the technology, but about the clear intend to aid copyright infringment. I don't like the current state of copyrights, but to say TPB is "merely giving directions" is missing the point. (Notice how google has not been successfully sued, even though you can find illegal torrents on google, too?)
I speak assembly, but if I try to read the patent claims my brain implodes somewhere around claim 2.
And IF I understtod the patent and could verify for myself that both are identical, I'd have to prove the identity to a judge, who will probably ask what a "gathering of people" has to do with a computer, and why that is relevant to the patent. I'd rather trust a lawyer with that, thankyouverymuch.
TThen sue the other company for violating the patent, win,
This sounds good in theory, but I've come to the conclusion that it's not neccessary that only because you *shold* win you actually *do* win. If you are unlucky, the process will go like: File for a patent, sue, get your own patent invalidated, get sued by company, and go bankrupt.
The most important step is therefor: Get a good lawyer first before trying anything else. I don't know if the EFF or similar foundations would sponsor a lawsuit, or if you'd find enough money by asking for donations, but without any backing the whole process sounds risky.
If that whole legal thing is not your favorite cup of tea, you could give all evidence to PUBPAT or a similar organisation and let them fight the patent. They have more experience dealing with this stuff.
The IBM laywers are also known by the term of Nazgûl. It has been said they can blacken the sky with their legal arguments, if IBM so desires. So don't mess with them unless you either have a certain ring in your posession, or at least a bunch of enchanted swords.
Have they fixed the idiotic security issue with chip+PIN yet? You know, the one where the chip verifies the PIN? I remember a story where it turns out during PIN verification, the chip sends the reader an "OK" value (0x90, I believe?) if the PIN is OK and the transaction goes through. No, the bank's not checking your PIN at all - it's all done on the card you have. Which means anyone who can clone it doesn't need a PIN.
It is a feature that the card confirms the PIN. This allows offline-transactions, and is not per se insecure, if the protocol between terminal+card would have been designed correctly (which it unfortunately was not). The problem (link) is, that the current protocol allows a man-in-the-middle degradation attack: Ther terminal uses PIN+chip, but the man-in-the-middle tells the card not to use PIN+chip (i.e. to use chip+sign). The confirmation of the card is used to make the terminal think the PIN was accepted.
If the protocol is fixed (i.e. by properly authenticating the data exchange), everything would be perfectly fine. Additionally, they should get rid of the insecure payment methods (i.e. anything not involving a pin), to disable *all* degradation attacs (what use is chip and pin if any fraudster can still use all of the old payment methods with a forged card?)
IC card based authentication is well-kown and established, and is secure against skimming attacks without the need of external devices. Just slip in the card and enter your PIN. Even if your PIN is observed it's useless without the chip, and the chip is not easily readable (and thus, not really copy-able). The technology has been around for years (at least since the 1990), and is widely used. Only missing step is for the credit card companies to 1. adopt them (they are actually in the process of doing this, see EMV), and 2. to disable the old insecure systems. The most important step is step 2, and due to "backwards compatibility", that step will be delayed for years or decades.
The tech has been there for 20 years, but it will probably take abother 20 years until it will make you more secure (if it is not broken in the meantime, that is)
Spider-Pork, Spider-Pork,
does whatever the lobbyist says,
Can he introduce
useful laws?
No he can't
he's a pork
LOOK OUT!
He's a spider POOOOOOORK
My girlfriend, who is a native German speaker,
claims that Unterwasserseebootbeleuchtungsautomatik is a valid word, which is used by a Donaudampfschiffahrtsgesellschaftskapitän.
If you tried to fomalize German language rules, you would find the rule := [Noun] + [filler]? + [Noun]
[Noun]
Thus, you can combine the two words into Donaudampfschiffahrtsgesellschaftskapitänsunterwasserseebootsbeleuchtungsautomatik, and still have a valid German word.
It's true that "Ich bin ein Berliner" is ambiguous. It can refer to someone who is from the city of Berlin, or who feels he is a jelly filled doghnut. As with all ambiguous sentences, you usually assume the meaning that seems correct given the context. Thus, Kennedy's use of the sentence was completely correct. (It's quite possible that your then-teenage German teacher believed it was funny, kids that are trying to misunderstand someone to creaty funny situations are not exactly unusual)
I'm a German. Kenedy's sentence is still pretty famous here, but until now I've never ever heared about anybody who tried to misinterpret that sentence.
You know, in that no-friction-land of yours, travelling on the surface would also basically be free, as you'd only have to accelerate once at the beginning of the journey and break at the end. Unfortunately, back in non-friction-less reality, gravity trains do not work.
You're joking,right? For the average traveller, the curvature of the earth has probably the least impact on the travel time compared to the "avoiding obstacles" or simply "following the road". And for travel where the curvature of the earth really matters, say a flight from Europe to Australia, you'd have that stupid core of molten hot stuff in your way, which will make you follow almost the same detour as on the surface.
I'm not quite sure if you are joking (you probably are, but my irony detector is miscalibrated today), and I can't say anything about the quality of tap water in the US except that it tastes horrible due to the amount of chlorine they put in this stuff, but in some countries tap water is as clean or even cleaner then bottled water. In Europe, at least, tap water is required to be of a drinkable quality; and if your country does not need to chlorinate the water, it's pretty common to drink it. Sometimes, even bottled water is nothing more than bottled tap water (e.g. BonAqua/Dasani).