DNS-administrators have direct access to their own DNS-servers and can work around the problem.
You might as well say "users have direct access to their own computers and can work around the problem." How, exactly? By ignoring DNSSEC failures, thereby defeating DNSSEC because anyone can delete a record and everyone else will just assume it was SOPA?
All this is still possible if you provide a blacklist to the DNS-resolver of blocked domains that should not be worked around. It's not very nice from a technical point of view, but it's certainly feasible.
Only if you completely ignore scalability. DNS caching only works at all because it's O(n) on the number of transactions the specific DNS server processes rather than O(n) on the number of domains in the entire DNS. You start throwing in memory requirements that are O(n) on the number of blocked domains and scalability is totally destroyed. YouTube receives thousands of DMCA takedown notices an hour. Adding anything even vaguely resembling that number of domains to a block list every hour would quickly result in a list that exceeds the memory installed in the large majority of small DNS servers in operation.
On top of that, if you create a real time publicly available list of blocked domains, you make it totally trivial for pirates to completely bypass the system: Every time a new domain is added to the list, the pirates can automatically add it to MAFIAAFire (or pick your favorite redirector) just by looking up the newly-added domain in a non-US DNS server and the block is bypassed before it even propagates to the majority of DNS servers. The "list of blocked domains" immediately becomes a "list of blocked domains, including their IP addresses" -- you might as well create a directory for "rogue websites" and publish it in the New York Times.
But no end-user ever does. The only people that actually do this are the DNS-adminstrators themselves.
How is that a reason to ignore the problem?
As long as you don't ask for the broken records you will not be affected.
Nonsense.
Let's come back from this for a second and realize what DNSSEC is for. Let's suppose there is an attacker who compromises a webserver, say www2.example.com. It turns out that it's the failover backup for www.example.com, and nobody will use www2 as long as www.example.com is available. So in order to do some damage, the attacker has to divert people from www.example.com. DNS poisoning is a traditional way that attackers do this: If you make www not resolve, clients configured to automatically retry with www2 will do so. So the attacker compromises some upstream DNS server and either deletes the record for www.example.com or makes it point to the compromised server rather than the uncompromised one. DNSSEC prevents this, because the NXDOMAIN record won't be signed and so the next DNS server will detect the attempted fraud and retry against some alternative upstream DNS server or go direct to the authoritative server for that domain. If you mandate blocking by legislation, the DNS server can't do this anymore, because if it does, it will make the blocking ineffective, which the legislation prohibits. So the attacker diverts unsuspecting users to the compromised server, because the user's DNS server is prohibited from taking effective countermeasures against the DNSSEC failure.
End-users do not validate DNSSEC. That could and should change, but will take many years to complete.
That's the problem. The bill would prohibit the things that client software would have to do in order to make DNSSEC effective as a security measure.
In what way does changing 1 record invalidate the entire zone? Nobody tranfers entire zones.
First of all, the capability for zone transfers exists, and some people do it.
But what does that have to do with anything anyway? The problem exists just as much with even a single record. The problem is that the only secure response to a DNSSEC failure must be to raise hell: Warn the user that their DNS server is compromised and that they must change it immediately, take expensive countermeasures such as retrying against a published list of arbitrary alternative DNS servers or going straight to the root servers, etc. Effective countermeasures will be just as effective at defeating the block as at defeating fraudsters. For that reason the bill prohibits such countermeasures, which enables fraud.
Go away, troll. Nobody is going to read a post that long full of one-sided astroturf, so all you're succeeding in doing is inhibiting people from having a discussion about the actual subject of the article.
Yes, SOPA is bad, but it's out there for people to see it, a name to link to their problems, but if it gets shot down, then it will be stealthily replaced over time piece by piece by an even more dangerous version.
That is what the legacy entertainment industry will try to do, yes. How does that in any way justify not opposing it? The price of freedom is eternal vigilance. Fighting them today doesn't get you out of fighting them tomorrow, but you can't win a war by conceding every battle.
More than that, time is on our side. The internet is still being built. It's like a child that hasn't learned how to defend itself yet. Internet companies are full of successful entrepreneurs who are only just now learning how Washington works. The future technologies that Hollywood wants to destroy will only expand and become more economically powerful over time, if we can delay Hollywood now. The longer we can delay SOPA and similar legislation, the more likely it is that they can be defeated permanently, because technologies they seek to destroy will have more opportunity to become entrenched and it allows people to have a taste of the thing Hollywood would have destroyed, which builds a larger and more powerful constituency to oppose its future destruction.
In addition to that, legislation is sticky. If you have two opposing constituencies but one is more mature and experienced at lobbying, that one will be able to more easily push legislation through Congress. As the opponents become stronger and better organized, there comes a point where they can mount a successful opposition to harmful Hollywood legislation. However, it takes more power to repeal a law than to prevent one from passing in the first place. What that means is that there will come a time, which may last for several decades, after which we can stop things from getting any worse but before we are able to swing the pendulum in the other direction. What we determine today is how far we allow the pendulum to swing before it stops. We are deciding what the status quo will look like for the rest of our lives, and most of our children's lives.
So I don't want to hear any of this bullshit about we can't win because they'll just try again next year. They will be trying again next year whether we defeat them now or not -- better that they have to fight for four years to pass SOPA and maybe never than that we let them do it now and then in 2013 they're pushing something even worse.
Use and acquision are two different thing. Bundling is about acquisition, not use. Microsoft did force you to acquire Internet Explorer when getting Windows. You are in no way forced to acquire Google+ with Google Search.
Not only that, it ignores what bundling is all about. The concern with bundling is that, for example, if you're Intel and you have market power in the market for x86 CPUs, you might say that you'll only sell a CPU if the customer also buys an Intel motherboard. No customer is going to pay Intel for a motherboard and then turn around and pay again for a second motherboard from a third party, so all the third party motherboard makers would be out of business.
The problem with applying this to Google is that you aren't forced to buy anything. You aren't required to pay anything extra for personalized results in order to use Google search, which means there is nothing you are forced to pay for that you would have to discard at a loss in order to use a competitor. The lock-in mechanism doesn't exist.
So then you get people talking about Internet Explorer and conveniently ignoring what actually happened in the Microsoft trial: The government accused Microsoft of tying Internet Explorer, the appellate court ruled that the district court screwed up in finding that they had so there would have to be a retrial (although Microsoft was still on the hook for Java and some other things), and the case was settled before the retrial. The only thing that was actually decided about Microsoft tying IE to Windows was that the analysis the district court used in deciding that they had was wrong.
If Microsoft wanted to emulate x86 on ARM, they'd probably do exactly what Apple did when they emulated PowerPC on x86 (which, incidentally, worked remarkably well for most apps): include a complete copy of the actual x86 Windows libraries, run it all in a dynamically recompiling emulator, and translate the few dozen system calls where the apps and libraries actually call down into the kernel. And boom. You're done.
The problem is that most architecture transitions are done for reasons of performance. A 500MHz Alpha running x86 programs under FX!32 could run them faster than the then-competing 200MHz Pentium Pro. Apple replaced PowerBooks with aging single core G4 processors with MacBooks with dual core Core-architecture processors at close to 50% higher clock speeds.
Emulating an x86 processor on a 1GHz ARM processor will yield performance similar to that of a 400MHz Pentium II, and the extra load will cause battery life to suffer significantly. Considering that battery life is the primary purpose in using ARM to begin with, that seems like a non-starter.
Re:How about going back to flat-rate data?
on
Comcast DNSSEC Goes Live
·
· Score: 3, Informative
exposes such attacks for what they are.
It certainly does that, but it still breaks DNSSEC because it makes users expect DNSSEC failures under normal operation, which enables fraud because users will subsequently ignore future warnings. It further prevents client software developers from implementing countermeasures that would thwart a man in the middle attack since doing so would succeed just as well in bypassing the DNS blocking.
For example, client software might be designed so that if a DNSSEC failure occurs, the client first tries all configured DNS servers to try to get a valid response. If any of the servers is outside the country, the blocking fails. If not, the client software might then try to act as its own recursive DNS server. (Clients are normally not supposed to do this because it would put extra load on the authoritative DNS servers, but clients are normally not supposed to encounter DNSSEC failures, and doing it only in that rare circumstance would almost certainly not cause serious performance issues.) If the authoritative DNS server is outside the country (which it would be for a 'rogue site') then the blocking fails.
So either the law prohibits client software from being designed that way and the security benefits of DNSSEC are destroyed, or client software is designed to thwart a man in the middle attack and the law is a dead letter because the operators of intermediary DNS servers cannot prevent end users from receiving a true DNS response since an attempt to do so will only cause the client's DNSSEC implementation to detect and bypass the intermediary DNS server.
It is widely understood that SOPA will break DNSSEC, because it requires intermediaries to modify DNS responses, which looks to DNSSEC like a man in the middle attack (because it is one).
I hear this argument all the time. "Now we've got Criminal X!.. Oh wait, he's encrypted his drive with 1024 bit military grade encryption! It'll cost BILLIONS to crack the key! We're hosed."... More likely it's "Huh. Drive's encrypted. Joey, get the hose."
1) That is not even close to the same argument as the one being made. 2) "Getting the hose" is unconstitutional. It may be that law enforcement does not see fit to follow the constitution, but in that case they have no need for the hose: They can just lock you up on false charges without ever reading the disk.
DNSSEC is no proof against the men with shotguns and a court order saying "You will remove this domain from your server... or else."
Removing the domain would break DNSSEC, since the removal would not be signed and the signing entity may not be subject to US jurisdiction (or may refuse on first amendment grounds etc.)
More than that, the user can trivially work around the removal of the DNS entry merely by using a DNS server in another country. Effectively preventing the user from communicating with servers in other countries would severely break the internet, which is part of the problem that people are concerned about.
Nice, one can get to their absurd caps that much faster. Get rid of the caps and perhaps there might be something worth talking about.
DNSSEC is fine by itself, but it is only a distraction as implemented by Comcast.
Troll rating: 8/10. It was a good, subtle effort. You get people off topic, since data caps are highly contentious and Comcast is unpopular so that will gather several responses, and extra points for getting the first post so that no one with an on-topic post can precede you. In addition to that, you picked a topic that might otherwise have led somewhere productive, because of the tie in between DNSSEC and SOPA (which is an important, relevant, and time-sensitive topic at this point). You may wish to apply for remuneration with pro-SOPA entities if you have not done so already, as they are known to pay compensation for such efforts.
The proverbial grandma logging in weekly to check email and look at her photos should be paying much much less than she is now. An "average" user who uses significant data but never hits the current caps should pay about what he pays now, and these "data hogs" should pay more, but not exponentially more.
The problem is the market doesn't work that way. Grandma's subsidized phone/modem doesn't cost any less just because she only uses it once a week, so she has to pay the hidden cost of the subsidy no matter what, and that is a big chunk of the bill. In addition to that, Grandma has to pay her share of the maintenance on the infrastructure, because a tower damaged by severe weather costs the same amount to fix regardless of how many bits have gone through it.
In addition to that, there is just no way that "data hogs" can be expected to make up the difference, even if the telco was willing to take a loss on Grandma's business, because there are twenty Grandmas for every data hog and there is zero chance that they would all be willing to pay twenty times as much rather than reducing their usage to keep their bill in the same vicinity as it is now.
And even if you did fix the campaign financing issue, there's still a much more insidious type of money in politics that's harder to stop...the move to the private sector.
Not necessarily. Suppose you fix the campaign finance issue, but you have no term limits and therefore you still have career politicians -- it's just that to make it a career they have to do what their constituents want to keep getting reelected. Then you would still have a revolving door for the corrupt candidates, but as soon as you get an honest candidate in office who wants to stay, they do. From then on, every election cycle reduces the number of corrupt candidates because they're the ones who quit in order to take the payday while all the honest candidates stick around.
The reason it can't happen that way now is that if an honest candidate proves they're honest while in office, corrupt money funds their opponents until they lose, which prevents the honest candidates from being consistently reelected.
I still think the best way to do it is at the state level. Have each state pass a law offering state money to fund the campaigns for federal office for that state's senators and representatives. You don't even have to do it all at once that way -- the more states you get to sign on, the less corruption there is. And the people who are voting to do (state legislators) it are not the ones affected (federal legislators). On top of all that, all the big lobbyists are in D.C. Exxon and the MPAA have very few lobbyists in Phoenix or Boise, which limits their ability to stop it.
I had assumed you understood that nobody would actually care about your post because a list of vulnerabilities (or users of a piece of software) is totally meaningless without a comprehensive list of vulnerabilities in and users of the alternative software so as to allow a basis for comparison, which you so blatantly failed to provide.
I've been reading more about SOPA recently, and the list of opponents is actually relatively small. Most of them are internet-based service companies, without tangible products. Google's the biggest of the bunch, followed by Amazon, Ebay, Yahoo, and AOL. Everyone else is tiny--miniscule even--compared to the list of SOPA supporters.
Well who do you expect to oppose it? Chrysler and Home Depot, or some other companies in almost entirely unrelated industries?
Not only that, you're just blatantly wrong that there are only five major companies against it. Is Facebook "miniscule" now? Twitter? Wikipedia? It's basically every "internet-based service company" not in bed with Hollywood plus any company that significantly relies on the internet for their business.
On the other hand, everybody from cosmetics to media support SOPA. Every industry that involves a tangible product has at least one company or lobbying group within it supporting SOPA.
Major legacy media companies support SOPA. It is their stupid bill, is it not? The "cosmetics" industry or whatever you're talking about is providing nominal support if any.
But everyone else is in favor of SOPA. Everyone.
Don't be ridiculous. Most industries have no reason to care about it one way or the other. The only industry putting any resources behind trying to pass it is the legacy entertainment industry; anything else is just Hollywood lobbyists collecting signatures in exchange for a political quid pro quo.
I was wondering, how does Microsoft track your posts so that you can get paid when you post anonymously like that? Can't any of your fellow shills claim that post as their own and take your money? Or do they give you some kind of monitoring software so they can track who posts what or something like that?
I can tell you if I ask teenagers today most won't even know what a VPN is.
You don't have to know how a thing works or even what it is in order to use it. If it comes automatically when you click the link that says "a new version is available, click here to install" then it's the sort of thing "most teenagers" can figure out.
In addition to that, people are talking VPNs because it's the existing technology known to be effective in circumventing SOPA. You can't honestly think that it's the only or even best way to do so once an economic incentive is created to produce one purpose-built to the task. Think about how P2P works for crying out loud: The pirate goes to Pirate Bay to get a 10KB file that provides information about a 4GB file. You don't think that could be modified with no noticeable increase in overhead so that the 10KB file comes through the same way as the rest of the 4GB, by seamlessly using something like onion routing through a non-censoring country for just the.torrent file in the event it can't be accessed directly? (Naturally you could prohibit such software from being distributed, which we all learned was so effective with DeCSS.)
The average Joe won't and will see people being thrown in jail and stop.
Just like the average Joe stopped when they started throwing around $2M fines, right? Right?
4. There are virtually NO U.S. corporations that would not benefit from the enactment of SOPA, in some way. Virtually none would suffer any damages from enactment of SOPA. Even Internet-based corporations would benefit from having clear rules to follow. Ambiguity is not always profitable.
This is just ridiculous. First of all, what about the existing law is supposed to be so ambiguous? New laws almost always produce more ambiguity because there has to be a period of years before the courts have a chance to write decisions interpreting them where any number of the new provisions remain uncertain. This is especially true of SOPA because parts of it are so obviously subject to a constitutional challenge, which means companies won't know whether they have to follow them until it goes to court -- which is the worst kind of uncertainty; the kind that leads to expensive protracted litigation.
I think you'll find that the US Trade Representative's positions are set not based on what US companies want, but rather based on what US companies that do the most lobbying want. The RIAA and MPAA have long been prolific in their employment of lobbyists; tech companies less so until very recently and even there they lack the sort of experience necessary to be as effective as would be expected from their size and economic importance. One can hope that they get it right before it's too late, but I prefer to hope that Americans come to their senses and make it a defense to murder that the victim was an entertainment/fossil fuel/defense/telecommunications industry lobbyist.
Pointing out that Apple uses platform-specific tools, both as a major player (in iOS today) and as a minor player historically. These platform specific tools have not had any impact on Apple's ability to deliver.
That is because Apple uses a completely different strategy. It isn't about "developers developers developers," it's about "users users users." The iPhone was already a huge success before the App Store, and at that point developers will use whatever tools they have available in order to reach that large customer base. The disadvantage of being less portable was overcome by the advantage of a large existing customer base.
The problem for Microsoft is that they're trying to do it the other way around, by attracting developers with supposedly better but platform-specific developer tools, before they have a user base. But what good is that when the applications are being written for other platforms first? Even if you can take an Android application and run it through a meat grinder to make it into C#, the best you can do is minimize the disadvantage caused by having to port it. You get no advantage from the supposedly better Microsoft stuff because you can't use any of it: By the time you have something portable enough to run on both iOS and Android, it almost never makes sense to go back and make any kind of nontrivial changes to it in order to take advantage of proprietary features of a small minority platform.
Which leaves Microsoft still in the chicken and egg situation. WP7 has no significant advantage over Android and iOS that can overcome the user preference for platforms with more apps (and the developer tools don't provide one), yet developers have little incentive to spend many hours rewriting their code for WP7 before there exists any significant customer base.
Are you seriously trying to argue that the reason for the iPhone's success was Apple's developer tools? Because that seem pretty laughable considering that it became popular before the App Store existed.
PCs with Windows 7 Home Premium have Windows Media Center; does that count? If not, then I guess the real problem for a company that wants to sell computers with preinstalled XBMC is getting a distribution deal with nationwide big-box chains, and a startup isn't going to have an easy time of that.
Media Center is better than nothing, but Microsoft had reasons for not making the XBOX UI identical to the Media Center UI. As for a distribution deal, probably the best way to do this is to do it in cooperation with a major company like Dell or Samsung. You make the software, they make the hardware and provide the distribution network. You do it the same way Microsoft sells Windows to OEMs. Or you work with someone like Google and then let them schlep it around to manufacturers like they do with Android.
But apart from the Xbox 360 wired controller, what are the common game controllers? There's no standard for the arrangement of buttons on a USB HID.
So create a standard. Write an RFC. Or create a database of mappings for as many existing controllers as possible, concentrating on those with the highest sales volumes first, and get Microsoft and other OS vendors to include it in their operating systems.
If I were to start such a company reselling PCs as consoles, how would I come by these marketing dollars?
If you're Dell or some other large company then you already have the money. If you're not, you partner with a large company or seek venture capital.
Slashdot Mirror
DNS-administrators have direct access to their own DNS-servers and can work around the problem.
You might as well say "users have direct access to their own computers and can work around the problem." How, exactly? By ignoring DNSSEC failures, thereby defeating DNSSEC because anyone can delete a record and everyone else will just assume it was SOPA?
All this is still possible if you provide a blacklist to the DNS-resolver of blocked domains that should not be worked around. It's not very nice from a technical point of view, but it's certainly feasible.
Only if you completely ignore scalability. DNS caching only works at all because it's O(n) on the number of transactions the specific DNS server processes rather than O(n) on the number of domains in the entire DNS. You start throwing in memory requirements that are O(n) on the number of blocked domains and scalability is totally destroyed. YouTube receives thousands of DMCA takedown notices an hour. Adding anything even vaguely resembling that number of domains to a block list every hour would quickly result in a list that exceeds the memory installed in the large majority of small DNS servers in operation.
On top of that, if you create a real time publicly available list of blocked domains, you make it totally trivial for pirates to completely bypass the system: Every time a new domain is added to the list, the pirates can automatically add it to MAFIAAFire (or pick your favorite redirector) just by looking up the newly-added domain in a non-US DNS server and the block is bypassed before it even propagates to the majority of DNS servers. The "list of blocked domains" immediately becomes a "list of blocked domains, including their IP addresses" -- you might as well create a directory for "rogue websites" and publish it in the New York Times.
But no end-user ever does. The only people that actually do this are the DNS-adminstrators themselves.
How is that a reason to ignore the problem?
As long as you don't ask for the broken records you will not be affected.
Nonsense.
Let's come back from this for a second and realize what DNSSEC is for. Let's suppose there is an attacker who compromises a webserver, say www2.example.com. It turns out that it's the failover backup for www.example.com, and nobody will use www2 as long as www.example.com is available. So in order to do some damage, the attacker has to divert people from www.example.com. DNS poisoning is a traditional way that attackers do this: If you make www not resolve, clients configured to automatically retry with www2 will do so. So the attacker compromises some upstream DNS server and either deletes the record for www.example.com or makes it point to the compromised server rather than the uncompromised one. DNSSEC prevents this, because the NXDOMAIN record won't be signed and so the next DNS server will detect the attempted fraud and retry against some alternative upstream DNS server or go direct to the authoritative server for that domain. If you mandate blocking by legislation, the DNS server can't do this anymore, because if it does, it will make the blocking ineffective, which the legislation prohibits. So the attacker diverts unsuspecting users to the compromised server, because the user's DNS server is prohibited from taking effective countermeasures against the DNSSEC failure.
End-users do not validate DNSSEC. That could and should change, but will take many years to complete.
That's the problem. The bill would prohibit the things that client software would have to do in order to make DNSSEC effective as a security measure.
In what way does changing 1 record invalidate the entire zone? Nobody tranfers entire zones.
First of all, the capability for zone transfers exists, and some people do it.
But what does that have to do with anything anyway? The problem exists just as much with even a single record. The problem is that the only secure response to a DNSSEC failure must be to raise hell: Warn the user that their DNS server is compromised and that they must change it immediately, take expensive countermeasures such as retrying against a published list of arbitrary alternative DNS servers or going straight to the root servers, etc. Effective countermeasures will be just as effective at defeating the block as at defeating fraudsters. For that reason the bill prohibits such countermeasures, which enables fraud.
Go away, troll. Nobody is going to read a post that long full of one-sided astroturf, so all you're succeeding in doing is inhibiting people from having a discussion about the actual subject of the article.
Yes, SOPA is bad, but it's out there for people to see it, a name to link to their problems, but if it gets shot down, then it will be stealthily replaced over time piece by piece by an even more dangerous version.
That is what the legacy entertainment industry will try to do, yes. How does that in any way justify not opposing it? The price of freedom is eternal vigilance. Fighting them today doesn't get you out of fighting them tomorrow, but you can't win a war by conceding every battle.
More than that, time is on our side. The internet is still being built. It's like a child that hasn't learned how to defend itself yet. Internet companies are full of successful entrepreneurs who are only just now learning how Washington works. The future technologies that Hollywood wants to destroy will only expand and become more economically powerful over time, if we can delay Hollywood now. The longer we can delay SOPA and similar legislation, the more likely it is that they can be defeated permanently, because technologies they seek to destroy will have more opportunity to become entrenched and it allows people to have a taste of the thing Hollywood would have destroyed, which builds a larger and more powerful constituency to oppose its future destruction.
In addition to that, legislation is sticky. If you have two opposing constituencies but one is more mature and experienced at lobbying, that one will be able to more easily push legislation through Congress. As the opponents become stronger and better organized, there comes a point where they can mount a successful opposition to harmful Hollywood legislation. However, it takes more power to repeal a law than to prevent one from passing in the first place. What that means is that there will come a time, which may last for several decades, after which we can stop things from getting any worse but before we are able to swing the pendulum in the other direction. What we determine today is how far we allow the pendulum to swing before it stops. We are deciding what the status quo will look like for the rest of our lives, and most of our children's lives.
So I don't want to hear any of this bullshit about we can't win because they'll just try again next year. They will be trying again next year whether we defeat them now or not -- better that they have to fight for four years to pass SOPA and maybe never than that we let them do it now and then in 2013 they're pushing something even worse.
Use and acquision are two different thing. Bundling is about acquisition, not use. Microsoft did force you to acquire Internet Explorer when getting Windows. You are in no way forced to acquire Google+ with Google Search.
Not only that, it ignores what bundling is all about. The concern with bundling is that, for example, if you're Intel and you have market power in the market for x86 CPUs, you might say that you'll only sell a CPU if the customer also buys an Intel motherboard. No customer is going to pay Intel for a motherboard and then turn around and pay again for a second motherboard from a third party, so all the third party motherboard makers would be out of business.
The problem with applying this to Google is that you aren't forced to buy anything. You aren't required to pay anything extra for personalized results in order to use Google search, which means there is nothing you are forced to pay for that you would have to discard at a loss in order to use a competitor. The lock-in mechanism doesn't exist.
So then you get people talking about Internet Explorer and conveniently ignoring what actually happened in the Microsoft trial: The government accused Microsoft of tying Internet Explorer, the appellate court ruled that the district court screwed up in finding that they had so there would have to be a retrial (although Microsoft was still on the hook for Java and some other things), and the case was settled before the retrial. The only thing that was actually decided about Microsoft tying IE to Windows was that the analysis the district court used in deciding that they had was wrong.
If Microsoft wanted to emulate x86 on ARM, they'd probably do exactly what Apple did when they emulated PowerPC on x86 (which, incidentally, worked remarkably well for most apps): include a complete copy of the actual x86 Windows libraries, run it all in a dynamically recompiling emulator, and translate the few dozen system calls where the apps and libraries actually call down into the kernel. And boom. You're done.
The problem is that most architecture transitions are done for reasons of performance. A 500MHz Alpha running x86 programs under FX!32 could run them faster than the then-competing 200MHz Pentium Pro. Apple replaced PowerBooks with aging single core G4 processors with MacBooks with dual core Core-architecture processors at close to 50% higher clock speeds.
Emulating an x86 processor on a 1GHz ARM processor will yield performance similar to that of a 400MHz Pentium II, and the extra load will cause battery life to suffer significantly. Considering that battery life is the primary purpose in using ARM to begin with, that seems like a non-starter.
exposes such attacks for what they are.
It certainly does that, but it still breaks DNSSEC because it makes users expect DNSSEC failures under normal operation, which enables fraud because users will subsequently ignore future warnings. It further prevents client software developers from implementing countermeasures that would thwart a man in the middle attack since doing so would succeed just as well in bypassing the DNS blocking.
For example, client software might be designed so that if a DNSSEC failure occurs, the client first tries all configured DNS servers to try to get a valid response. If any of the servers is outside the country, the blocking fails. If not, the client software might then try to act as its own recursive DNS server. (Clients are normally not supposed to do this because it would put extra load on the authoritative DNS servers, but clients are normally not supposed to encounter DNSSEC failures, and doing it only in that rare circumstance would almost certainly not cause serious performance issues.) If the authoritative DNS server is outside the country (which it would be for a 'rogue site') then the blocking fails.
So either the law prohibits client software from being designed that way and the security benefits of DNSSEC are destroyed, or client software is designed to thwart a man in the middle attack and the law is a dead letter because the operators of intermediary DNS servers cannot prevent end users from receiving a true DNS response since an attempt to do so will only cause the client's DNSSEC implementation to detect and bypass the intermediary DNS server.
Is there really a tie in mechanism with DNSSEC?
It is widely understood that SOPA will break DNSSEC, because it requires intermediaries to modify DNS responses, which looks to DNSSEC like a man in the middle attack (because it is one).
I hear this argument all the time. "Now we've got Criminal X! .. Oh wait, he's encrypted his drive with 1024 bit military grade encryption! It'll cost BILLIONS to crack the key! We're hosed." ... More likely it's "Huh. Drive's encrypted. Joey, get the hose."
1) That is not even close to the same argument as the one being made.
2) "Getting the hose" is unconstitutional. It may be that law enforcement does not see fit to follow the constitution, but in that case they have no need for the hose: They can just lock you up on false charges without ever reading the disk.
DNSSEC is no proof against the men with shotguns and a court order saying "You will remove this domain from your server... or else."
Removing the domain would break DNSSEC, since the removal would not be signed and the signing entity may not be subject to US jurisdiction (or may refuse on first amendment grounds etc.)
More than that, the user can trivially work around the removal of the DNS entry merely by using a DNS server in another country. Effectively preventing the user from communicating with servers in other countries would severely break the internet, which is part of the problem that people are concerned about.
Nice, one can get to their absurd caps that much faster. Get rid of the caps and perhaps there might be something worth talking about.
DNSSEC is fine by itself, but it is only a distraction as implemented by Comcast.
Troll rating: 8/10. It was a good, subtle effort. You get people off topic, since data caps are highly contentious and Comcast is unpopular so that will gather several responses, and extra points for getting the first post so that no one with an on-topic post can precede you. In addition to that, you picked a topic that might otherwise have led somewhere productive, because of the tie in between DNSSEC and SOPA (which is an important, relevant, and time-sensitive topic at this point). You may wish to apply for remuneration with pro-SOPA entities if you have not done so already, as they are known to pay compensation for such efforts.
Half of Congress is going to impeach the other half? Don't be a defeatist.
The proverbial grandma logging in weekly to check email and look at her photos should be paying much much less than she is now. An "average" user who uses significant data but never hits the current caps should pay about what he pays now, and these "data hogs" should pay more, but not exponentially more.
The problem is the market doesn't work that way. Grandma's subsidized phone/modem doesn't cost any less just because she only uses it once a week, so she has to pay the hidden cost of the subsidy no matter what, and that is a big chunk of the bill. In addition to that, Grandma has to pay her share of the maintenance on the infrastructure, because a tower damaged by severe weather costs the same amount to fix regardless of how many bits have gone through it.
In addition to that, there is just no way that "data hogs" can be expected to make up the difference, even if the telco was willing to take a loss on Grandma's business, because there are twenty Grandmas for every data hog and there is zero chance that they would all be willing to pay twenty times as much rather than reducing their usage to keep their bill in the same vicinity as it is now.
And even if you did fix the campaign financing issue, there's still a much more insidious type of money in politics that's harder to stop...the move to the private sector.
Not necessarily. Suppose you fix the campaign finance issue, but you have no term limits and therefore you still have career politicians -- it's just that to make it a career they have to do what their constituents want to keep getting reelected. Then you would still have a revolving door for the corrupt candidates, but as soon as you get an honest candidate in office who wants to stay, they do. From then on, every election cycle reduces the number of corrupt candidates because they're the ones who quit in order to take the payday while all the honest candidates stick around.
The reason it can't happen that way now is that if an honest candidate proves they're honest while in office, corrupt money funds their opponents until they lose, which prevents the honest candidates from being consistently reelected.
How would you get the law passed?
I still think the best way to do it is at the state level. Have each state pass a law offering state money to fund the campaigns for federal office for that state's senators and representatives. You don't even have to do it all at once that way -- the more states you get to sign on, the less corruption there is. And the people who are voting to do (state legislators) it are not the ones affected (federal legislators). On top of all that, all the big lobbyists are in D.C. Exxon and the MPAA have very few lobbyists in Phoenix or Boise, which limits their ability to stop it.
R U twelve yrs old?
I had assumed you understood that nobody would actually care about your post because a list of vulnerabilities (or users of a piece of software) is totally meaningless without a comprehensive list of vulnerabilities in and users of the alternative software so as to allow a basis for comparison, which you so blatantly failed to provide.
I've been reading more about SOPA recently, and the list of opponents is actually relatively small. Most of them are internet-based service companies, without tangible products. Google's the biggest of the bunch, followed by Amazon, Ebay, Yahoo, and AOL. Everyone else is tiny--miniscule even--compared to the list of SOPA supporters.
Well who do you expect to oppose it? Chrysler and Home Depot, or some other companies in almost entirely unrelated industries?
Not only that, you're just blatantly wrong that there are only five major companies against it. Is Facebook "miniscule" now? Twitter? Wikipedia? It's basically every "internet-based service company" not in bed with Hollywood plus any company that significantly relies on the internet for their business.
On the other hand, everybody from cosmetics to media support SOPA. Every industry that involves a tangible product has at least one company or lobbying group within it supporting SOPA.
Major legacy media companies support SOPA. It is their stupid bill, is it not? The "cosmetics" industry or whatever you're talking about is providing nominal support if any.
But everyone else is in favor of SOPA. Everyone.
Don't be ridiculous. Most industries have no reason to care about it one way or the other. The only industry putting any resources behind trying to pass it is the legacy entertainment industry; anything else is just Hollywood lobbyists collecting signatures in exchange for a political quid pro quo.
I was wondering, how does Microsoft track your posts so that you can get paid when you post anonymously like that? Can't any of your fellow shills claim that post as their own and take your money? Or do they give you some kind of monitoring software so they can track who posts what or something like that?
I can tell you if I ask teenagers today most won't even know what a VPN is.
You don't have to know how a thing works or even what it is in order to use it. If it comes automatically when you click the link that says "a new version is available, click here to install" then it's the sort of thing "most teenagers" can figure out.
In addition to that, people are talking VPNs because it's the existing technology known to be effective in circumventing SOPA. You can't honestly think that it's the only or even best way to do so once an economic incentive is created to produce one purpose-built to the task. Think about how P2P works for crying out loud: The pirate goes to Pirate Bay to get a 10KB file that provides information about a 4GB file. You don't think that could be modified with no noticeable increase in overhead so that the 10KB file comes through the same way as the rest of the 4GB, by seamlessly using something like onion routing through a non-censoring country for just the .torrent file in the event it can't be accessed directly? (Naturally you could prohibit such software from being distributed, which we all learned was so effective with DeCSS.)
The average Joe won't and will see people being thrown in jail and stop.
Just like the average Joe stopped when they started throwing around $2M fines, right? Right?
4. There are virtually NO U.S. corporations that would not benefit from the enactment of SOPA, in some way. Virtually none would suffer any damages from enactment of SOPA. Even Internet-based corporations would benefit from having clear rules to follow. Ambiguity is not always profitable.
This is just ridiculous. First of all, what about the existing law is supposed to be so ambiguous? New laws almost always produce more ambiguity because there has to be a period of years before the courts have a chance to write decisions interpreting them where any number of the new provisions remain uncertain. This is especially true of SOPA because parts of it are so obviously subject to a constitutional challenge, which means companies won't know whether they have to follow them until it goes to court -- which is the worst kind of uncertainty; the kind that leads to expensive protracted litigation.
In addition to that, if SOPA will have no negative effects on them, why have they all come out against it? Why are they running full page ads in the New York Times?
I think you'll find that the US Trade Representative's positions are set not based on what US companies want, but rather based on what US companies that do the most lobbying want. The RIAA and MPAA have long been prolific in their employment of lobbyists; tech companies less so until very recently and even there they lack the sort of experience necessary to be as effective as would be expected from their size and economic importance. One can hope that they get it right before it's too late, but I prefer to hope that Americans come to their senses and make it a defense to murder that the victim was an entertainment/fossil fuel/defense/telecommunications industry lobbyist.
You do understand that the corollary to that is the open source competitors save their users that same amount of money.
Pointing out that Apple uses platform-specific tools, both as a major player (in iOS today) and as a minor player historically. These platform specific tools have not had any impact on Apple's ability to deliver.
That is because Apple uses a completely different strategy. It isn't about "developers developers developers," it's about "users users users." The iPhone was already a huge success before the App Store, and at that point developers will use whatever tools they have available in order to reach that large customer base. The disadvantage of being less portable was overcome by the advantage of a large existing customer base.
The problem for Microsoft is that they're trying to do it the other way around, by attracting developers with supposedly better but platform-specific developer tools, before they have a user base. But what good is that when the applications are being written for other platforms first? Even if you can take an Android application and run it through a meat grinder to make it into C#, the best you can do is minimize the disadvantage caused by having to port it. You get no advantage from the supposedly better Microsoft stuff because you can't use any of it: By the time you have something portable enough to run on both iOS and Android, it almost never makes sense to go back and make any kind of nontrivial changes to it in order to take advantage of proprietary features of a small minority platform.
Which leaves Microsoft still in the chicken and egg situation. WP7 has no significant advantage over Android and iOS that can overcome the user preference for platforms with more apps (and the developer tools don't provide one), yet developers have little incentive to spend many hours rewriting their code for WP7 before there exists any significant customer base.
Well then what did you mean by "Run back to 2007 and tell Apple that"?
Are you seriously trying to argue that the reason for the iPhone's success was Apple's developer tools? Because that seem pretty laughable considering that it became popular before the App Store existed.
PCs with Windows 7 Home Premium have Windows Media Center; does that count? If not, then I guess the real problem for a company that wants to sell computers with preinstalled XBMC is getting a distribution deal with nationwide big-box chains, and a startup isn't going to have an easy time of that.
Media Center is better than nothing, but Microsoft had reasons for not making the XBOX UI identical to the Media Center UI. As for a distribution deal, probably the best way to do this is to do it in cooperation with a major company like Dell or Samsung. You make the software, they make the hardware and provide the distribution network. You do it the same way Microsoft sells Windows to OEMs. Or you work with someone like Google and then let them schlep it around to manufacturers like they do with Android.
But apart from the Xbox 360 wired controller, what are the common game controllers? There's no standard for the arrangement of buttons on a USB HID.
So create a standard. Write an RFC. Or create a database of mappings for as many existing controllers as possible, concentrating on those with the highest sales volumes first, and get Microsoft and other OS vendors to include it in their operating systems.
If I were to start such a company reselling PCs as consoles, how would I come by these marketing dollars?
If you're Dell or some other large company then you already have the money. If you're not, you partner with a large company or seek venture capital.