Hmm, in reflection, Comcast does not have to proxy port 53 to replace unresolved domains with their own IP address -- the resolvers can do this, and using alternate resolvers avoids the annoyance.
Comcast could proxy port 53 and do as I described above, which would be "less evil" than what the article claims, but as others note, they don't even seem to do that.
Hmm. I RTFA and it appears that the author's beef is that Comcast is responding where the responder is non-existent.
To replace unresolved DNS lookups with IP addresses of ad servers, Comcast has to proxy port 53 traffic, yes?
Well, if they do that, they can certainly redirect to their own DNS resolvers if the specified DNS resolver is non-responsive, just as easily as they can substitute an IP address when the specified resolver fails to resolve.
They can also redirect all port 53 traffic to their resolver, always, but it does not appear that they are doing this.
That doesn't strike me as evil as the article suggests. Still, they should disclose that they do this.
Yes, but we live in a liberal world of perceived "entitlement".
While the U.S. is not as bad as I last remember Canada, when I lived in Whitby, ON, in around 2003, my neighbors were a relatively friendly bunch... until, out of laziness, I hired a kid to mow my lawn in the summer.
Whoa!
All of a sudden, it was, "Who the hell are you to be able to afford a kid to mow your lawn instead of paying more taxes!"
It was so bad there, that it was illegal for those eligible for government healthcare (citizens, and landed immigrants), to pay for "better" care, as this is perceived as "unfar" to those who can't afford it. Imagine if it were illegal for you to own a laptop simply because someone else couldn't.
I earn my money (and pay my taxes, even as I might think that, on principle, taxation is theft), and should do with it as I see fit: waste it on beer and cigarettes, pay a kid to mow my lawn, or... buy a laptop.
You are encountering envy.
You don't owe anybody anything, and frankly any "friends" you might make by being generous would be of the fair weather variety.
Sometimes, I have an important need to borrow something of someone else. I always offer to compensate them, and am not offended if they say "Sorry, no."
Do not mistake transient governments for the principles on which a nation is founded. I'll take "Life, Liberty, and the Pursuit of Happiness" over "Peace, Order, and Good Government" any day
I'm stealing that
HEY! I ROT26 encrypted it in a digital medium and claim copyright! I'm gonna send a DMCA smackdown your way.:-)
Just kidding! An attribution would be nice, if you chose to use it, but not necessary. Now, if it makes you rich, I expect 10%.
The bottom line is that the market likes the convenience of unified threat management, and the price to be paid is generally not quality but performance.
I dunno.. TFS said it did a pretty crap job keeping things out... I'd call that a cost in quality.
That's a different problem, since signatures can be updated over time. But, now that you mention it, space constraints in a UTM do limit the size of signature databases it can hold.
The answer is, of course, to get a bigger UTM, and address performance with clustered UTMs.
Sadly, one does not have to be perfect, one just has to be better, for some definition of better, than the competition.
Disclaimer: I am employed by one of the companies represented in the trial but do not speak for them.
Unfortunately, security is a process and affects all interacting systems. Placing them under one umbrella in a UTM device allows security issues to be dealt with in one place. This is better than having "something else" misconfigured somewhere undo all the efforts one has made in a particular place.
Yes, by layering SPAM filtering, virus scanning, and application protocol validation, one can achieve the same effect, and each appliance can excel in it's area, but this comes at the complexity of having to configure many things independently (not "atomic security changes" spanning multiple issies), adds to complexity (the bane of security), and may give rise to an "end run" if these units run in parallel, instead of sequentially (which yields latency issues).
The bottom line is that the market likes the convenience of unified threat management, and the price to be paid is generally not quality but performance.
There is a principle that if there is any means of systems affecting each other, that mechanism can be used to communicate.
Consider classified and unclassified processes in a "secure" operating system, separated by a process boundary, and disjoint credentials (so, they can't see the same resources, like files).
The can communicate because the system has a finite amount of memory and simply requesting memory resources and noting successes and failures can be used to communicate.
> 5. No, you can't spend your money to save your > life. Get in line for "free" health care.
People always cite this without the flipside: hundreds of thousands of dollars of debt because you were hit by an uninsured driver? Because you were born with a genetic heart defect?
Our system isn't perfect, but healthcare is a right not a privilege for those who can afford it.
A right? Really?
Then, why can't I spend my money for better care?
When my son, an American, needed a doctor in Ontario, I could pay, and he'd go to the head of the line, specifically because he was a citizen of a foreign country.
As for the cost, almost anyone who works has health insurance in the U.S. And, state hospitals can't turn away anyone for an inability to pay... but, no one wants to be treated there because they're about as bad as Canadian public hospitals.
I find it strange that any citizen with a choice chooses to live in a country that has a death penalty, a history of drafts in offensive war time, and a gun lobby that's so powerful it scares politicians.
I rather like the fact that this Canadian's guns scare the politicians of his adopted country, the U.S.A.
I've been a lawful permanent resident of the U.S. since 2006, and intend to apply for citizenship in 2011.
The only thing I ever got from Canada was:
1. No, you can't deduct the mortgage interest on your home.
2. No, you can't file jointly because your spouse stays home to raise your home children -- damn you denying daycare workers jobs!
3. No, you don't have the right to free speech, bare arms, or otherwise criticize the government unless we tell you you can.
4. No, you don't have title to your home in Ontario, we maintain a record of your tenancy in our government database. You car either.
5. No, you can't spend your money to save your life. Get in line for "free" health care.
6. And lastly, who the hell are you to be so rich as to be able to pay a kid to mow your lawn?
Do not mistake transient governments for the principles on which a nation is founded. I'll take "Life, Liberty, and the Pursuit of Happiness" over "Peace, Order, and Good Government" any day, even if I have to blow the head off of some daft politician to preserve it. Hell yes, I'd rather die on my feet than live on my knees.
But, I suppose this is something suckers of socialist pablum don't get.
I rather think this is "stuff that matters", and would likely not be as widely viewed if computers weren't involved, hence the fact that they were is the "news for nerds" part.
You know, when you have a logically contiguous sequence of data items of a given type that are physically discontinuous and represented in their discontinuous form by an array of pointers to there representative parts and lengths?
At some point you need a physically contiguous representation of them. Short of magical virtual memory hackery (which might work if the objects are of just the right size, and all aligned on just the right boundaries), you need a method to copy an specified block of contiguous objects from one location to some offset from another location.
Not as type- and memory-unsafe as memcpy, but similar enough to get one into trouble, especially if the output size is not known at compile-time (which it most certainly won't be).
A bounded memcpy, where the presumed extents of the sources and targets helps (and, IIRC is what MSFT now demands), but ultimately within it, a bald memcpy will be necessary for efficiency's sake.
But, that can't be written.
This is similar to the problem with "smart" pointers to reference-counted objects, that are destroyed and their memory reclaimed when the last reference to them disappears. At some implementation level, real, bald, pointers will have to be dealt with.
This right solution here is to constrain where the tricky code lives and verify it more carefully than the "protected" code.
A mashup is more than a mix tape -- a compilation of complete songs. It usually involves the unique combination of very small excerpts of separate works united by some theme.
A mix tape takes little effort to edit together... a mashup much more.
A mashup is snippets of other people's content is combined in novel ways, for example cartoon snippets with mouths moving in sync (with some video editing to make it so) to some tune. Another example is a montage of a set of quotes of some famous person, usually a politician.
The original article refers to logical space-shifting of media one has already licensed. My system permits this provided the listener provides proof of license: the decryption keys being stored on all playback devices a user accesses, even transiently.
Slashdot Mirror
Archie Bunker was right: we're all either honky, nigger, or chink.
There was a time when such epithets could appear on national television, so that racism could be exposed for the ugly thing it is.
Sadly, these days, we prefer to pretend it doesn't exist.
So, it's not, "Oh, shit!" but rather "Oh! Shit."
Hmm, in reflection, Comcast does not have to proxy port 53 to replace unresolved domains with their own IP address -- the resolvers can do this, and using alternate resolvers avoids the annoyance.
Comcast could proxy port 53 and do as I described above, which would be "less evil" than what the article claims, but as others note, they don't even seem to do that.
Hmm. I RTFA and it appears that the author's beef is that Comcast is responding where the responder is non-existent.
To replace unresolved DNS lookups with IP addresses of ad servers, Comcast has to proxy port 53 traffic, yes?
Well, if they do that, they can certainly redirect to their own DNS resolvers if the specified DNS resolver is non-responsive, just as easily as they can substitute an IP address when the specified resolver fails to resolve.
They can also redirect all port 53 traffic to their resolver, always, but it does not appear that they are doing this.
That doesn't strike me as evil as the article suggests. Still, they should disclose that they do this.
I have the luxury of residential AND commercial internet service from Comcast in Monroe, WA. I can try both tonight.
Yes, but we live in a liberal world of perceived "entitlement".
While the U.S. is not as bad as I last remember Canada, when I lived in Whitby, ON, in around 2003, my neighbors were a relatively friendly bunch... until, out of laziness, I hired a kid to mow my lawn in the summer.
Whoa!
All of a sudden, it was, "Who the hell are you to be able to afford a kid to mow your lawn instead of paying more taxes!"
It was so bad there, that it was illegal for those eligible for government healthcare (citizens, and landed immigrants), to pay for "better" care, as this is perceived as "unfar" to those who can't afford it. Imagine if it were illegal for you to own a laptop simply because someone else couldn't.
I earn my money (and pay my taxes, even as I might think that, on principle, taxation is theft), and should do with it as I see fit: waste it on beer and cigarettes, pay a kid to mow my lawn, or... buy a laptop.
You are encountering envy.
You don't owe anybody anything, and frankly any "friends" you might make by being generous would be of the fair weather variety.
Sometimes, I have an important need to borrow something of someone else. I always offer to compensate them, and am not offended if they say "Sorry, no."
The perclorate ion is Cl04-.
And yes, when heated, it releases a good deal of oxygen:
KCl04 --> KCl + 2O2
As for the cost, almost anyone who works has health insurance in the U.S.
This is patently untrue. Only ~70% of employed persons had employer provided health insurance as of 2006, down from ~75% in 2000. That leaves 30% of employed persons scrambling to cover the cost on their own. Since most of the non-covered employees are in the lower income ranks, they simply can't afford private coverage.
And, a state hospital will not turn them away.
Of course, they'll get care on a par with what Canada offers.
Do not mistake transient governments for the principles on which a nation is founded. I'll take "Life, Liberty, and the Pursuit of Happiness" over "Peace, Order, and Good Government" any day
I'm stealing that
HEY! I ROT26 encrypted it in a digital medium and claim copyright! I'm gonna send a DMCA smackdown your way. :-)
Just kidding! An attribution would be nice, if you chose to use it, but not necessary. Now, if it makes you rich, I expect 10%.
The bottom line is that the market likes the convenience of unified threat management, and the price to be paid is generally not quality but performance.
I dunno.. TFS said it did a pretty crap job keeping things out... I'd call that a cost in quality.
That's a different problem, since signatures can be updated over time. But, now that you mention it, space constraints in a UTM do limit the size of signature databases it can hold.
The answer is, of course, to get a bigger UTM, and address performance with clustered UTMs.
Sadly, one does not have to be perfect, one just has to be better, for some definition of better, than the competition.
Disclaimer: I am employed by one of the companies represented in the trial but do not speak for them.
Unfortunately, security is a process and affects all interacting systems. Placing them under one umbrella in a UTM device allows security issues to be dealt with in one place. This is better than having "something else" misconfigured somewhere undo all the efforts one has made in a particular place.
Yes, by layering SPAM filtering, virus scanning, and application protocol validation, one can achieve the same effect, and each appliance can excel in it's area, but this comes at the complexity of having to configure many things independently (not "atomic security changes" spanning multiple issies), adds to complexity (the bane of security), and may give rise to an "end run" if these units run in parallel, instead of sequentially (which yields latency issues).
The bottom line is that the market likes the convenience of unified threat management, and the price to be paid is generally not quality but performance.
There is a principle that if there is any means of systems affecting each other, that mechanism can be used to communicate.
Consider classified and unclassified processes in a "secure" operating system, separated by a process boundary, and disjoint credentials (so, they can't see the same resources, like files).
The can communicate because the system has a finite amount of memory and simply requesting memory resources and noting successes and failures can be used to communicate.
It's awfully inefficient, but it can be done.
> 4. No, you don't have title to your home in
> Ontario, we maintain a record of your tenancy
> in our government database. You car either.
Nope.
WA is a title state, and has specific exemptions for importing cars from foreign countries and non-title states. Ontario does not title vehicles.
Do not confuse registration with title.
> 5. No, you can't spend your money to save your
> life. Get in line for "free" health care.
People always cite this without the flipside: hundreds of thousands of dollars of debt because you were hit by an uninsured driver? Because you were born with a genetic heart defect?
Our system isn't perfect, but healthcare is a right not a privilege for those who can afford it.
A right? Really?
Then, why can't I spend my money for better care?
When my son, an American, needed a doctor in Ontario, I could pay, and he'd go to the head of the line, specifically because he was a citizen of a foreign country.
As for the cost, almost anyone who works has health insurance in the U.S. And, state hospitals can't turn away anyone for an inability to pay... but, no one wants to be treated there because they're about as bad as Canadian public hospitals.
> No, you don't have the right to free speech
This is patently untrue. It's explicitly enshrined in the charter of rights and freedoms. Section 2b.
Try waving a Canadian flag in Quebec on July 1, when the Meech Lake accord died.
You'd be arrested on the bogus charge of "inciting to riot".
Politicians are, for the most part, cowards.
Assassinations are wonderfully effective vehicles for change IF there is sufficient civil unrest.
A single bullet started WW I.
There are four boxes used to maintain liberty: soap, jury, ballot, and lastly, ammo. Emphasis on lastly.
What? No flamebait yet?
Why the heck don't I have mod points when I want them?
+5, Truth.
I find it strange that any citizen with a choice chooses to live in a country that has a death penalty, a history of drafts in offensive war time, and a gun lobby that's so powerful it scares politicians.
I rather like the fact that this Canadian's guns scare the politicians of his adopted country, the U.S.A.
I've been a lawful permanent resident of the U.S. since 2006, and intend to apply for citizenship in 2011.
The only thing I ever got from Canada was:
1. No, you can't deduct the mortgage interest on your home.
2. No, you can't file jointly because your spouse stays home to raise your home children -- damn you denying daycare workers jobs!
3. No, you don't have the right to free speech, bare arms, or otherwise criticize the government unless we tell you you can.
4. No, you don't have title to your home in Ontario, we maintain a record of your tenancy in our government database. You car either.
5. No, you can't spend your money to save your life. Get in line for "free" health care.
6. And lastly, who the hell are you to be so rich as to be able to pay a kid to mow your lawn?
Do not mistake transient governments for the principles on which a nation is founded. I'll take "Life, Liberty, and the Pursuit of Happiness" over "Peace, Order, and Good Government" any day, even if I have to blow the head off of some daft politician to preserve it. Hell yes, I'd rather die on my feet than live on my knees.
But, I suppose this is something suckers of socialist pablum don't get.
No kidding.
How is this not "obvious to one practiced in the art"?
I rather think this is "stuff that matters", and would likely not be as widely viewed if computers weren't involved, hence the fact that they were is the "news for nerds" part.
You know, when you have a logically contiguous sequence of data items of a given type that are physically discontinuous and represented in their discontinuous form by an array of pointers to there representative parts and lengths?
At some point you need a physically contiguous representation of them. Short of magical virtual memory hackery (which might work if the objects are of just the right size, and all aligned on just the right boundaries), you need a method to copy an specified block of contiguous objects from one location to some offset from another location.
Not as type- and memory-unsafe as memcpy, but similar enough to get one into trouble, especially if the output size is not known at compile-time (which it most certainly won't be).
A bounded memcpy, where the presumed extents of the sources and targets helps (and, IIRC is what MSFT now demands), but ultimately within it, a bald memcpy will be necessary for efficiency's sake.
But, that can't be written.
This is similar to the problem with "smart" pointers to reference-counted objects, that are destroyed and their memory reclaimed when the last reference to them disappears. At some implementation level, real, bald, pointers will have to be dealt with.
This right solution here is to constrain where the tricky code lives and verify it more carefully than the "protected" code.
Yes, but in WA you can be convicted under DUI with 0% BAC.
The "influence" does not have to be alcohol, nor an identifiable chemical intoxicant.
Driving erratically is evidence enough of being "influenced".
A mashup is more than a mix tape -- a compilation of complete songs. It usually involves the unique combination of very small excerpts of separate works united by some theme.
A mix tape takes little effort to edit together... a mashup much more.
A mashup is snippets of other people's content is combined in novel ways, for example cartoon snippets with mouths moving in sync (with some video editing to make it so) to some tune. Another example is a montage of a set of quotes of some famous person, usually a politician.
The original article refers to logical space-shifting of media one has already licensed. My system permits this provided the listener provides proof of license: the decryption keys being stored on all playback devices a user accesses, even transiently.