If a DNS reply passes DNSSEC validation, I can be confident the response is what the zone administrator wanted it to be and it hasn't been tampered with. DNSCurve provides no such assurance.
Widespread DNSSEC and client-side validation would kill OpenDNS's business model, which revolves around tampering with DNS responses. DNSCurve continues to allow them to do this.
Remember - we're comparing IPv4 with NAT against IPv6.
Yes the ISP allocates the IPv6 prefix, but then again with NAT every source packet has the same IPv4 address. The real difference is that with IPv6 every single request can be given a different source address. If the source addresses are picked randomly from the/64 pool then it should be impossible to identify individual hosts within the/64 based solely on IP address information. As you rightly point out there are other effective ways of doing this already, but that's not an argument against using IPv6.
I've never understood this concern. With IPv6 I have, say, 2^64 addresses to use. I could use a different source IP address for each and every HTTP request I send out. Even at 1000 requests a second we'll all be long dead before you had to reuse a source address.
IPv6 gives you loads of room to hide. This is my concern - address based blocklists will quickly become infeasible.
Facebook are willing to sue. They don't want people to do this either. It devalues their service (even if the users are the "product", they still need to provide something of value to attract users).
Facebook probably wants to be able to charge companies for access to potential employees' data
CRLs are revocation lists which used to be published by CAs and clients were able to periodically download.
As a concept they were replaced with OCSP (online certificate status protocol). Here the client requests the current status of a certificate each time they are presented with it. The idea was that it would be more timely and up to date and meant CAs didn't need to publish a complete list of revoked certificates.
Now it seems Chrome wants to go back to a bodged version of the old way of doing things where Chrome periodically requests the CRL from the browser vendor or Chrome is periodically updated with the latest CRL?
The CAs never see the private key material. When you apply for a certificate, you generate the private key and a certificate signing request (CSR). It's the CSR which gets sent to the CA to sign, not the private key. All the CA has a copy of is the CSR and certificate, which is public knowledge anyway.
One of Dilbert creator Scott Adam's books covers market segmentation. The market segment every business should aim for is the "stupid rich". The poor rich don't have enough money, and smart people aren't going to buy your company's product anyway. The stupid rich is where the money is made.
What surprises me is the number of people who use caps-lock instead of shift to type a single capital letter, i.e.
caps-lock on
type letter
caps-lock off
every single time.
Virtualisation is, in many ways, trying to do what the OS should already be doing, namely isolation between processes (though protected memory), providing an abstraction layer for the hardware (though drivers) and allocating resources (through the CPU/IO schedulers).
Unfortunately, a certain OS has been so bad at doing this (historically) that people turn to virtualisation and you end up with a form of inner-platform effect. We have Linux implementing the virtio drivers to interface with the hypervisor which implements real drivers to talk to the real hardware. We have the guest's scheduler trying to manage "virtual CPUs" without any real information about what resources are actually available. We have hypervisors trying to re-implement copy-on-write for memory pages that the OS already does out-of-the-box.
Virtualisation is used as a "one size fits all" sledgehammer, often where it isn't the appropriate solution.
The "poor guy" is believed to have been part of the gang that came up with the plan in the first place. He wasn't, however, expecting it to be a real bomb.
In the UK you require a license to watch or record TV as it is being broadcast, or to install TV receiving equipment for the purpose of watching/records TV as it is broadcast.
The requirement is worded to be independent of the technology used - terrestrial, satellite broadcasts, cable, internet etc
You don't require a license to watch recordings, so if you only ever watch DVDs, BBC iPlayer and 4OD you don't require a license. Copyright is a different issue - the TV license is a license to install/use equipment and is nothing to do with copyright.
And, not for nothing, the example you provided of it failing, isn't.
It's difficult to claim to be an "independent country" when you have to rely on the British RAF and British RNLI to rescue when you entire "country" catches fire.
I found it funny back when they tried to launch Sealand as a datacentre about ten years ago (HavenCo). 100% of their bandwidth came courtesy of the UK. How long would that bandwidth have lasted if they had hosted anything that had upset the UK authorities?
Indeed, how long would Sealand last if they were to upset anyone of any importance?
A similar amount of folks were in opposition due to the fact that the underground is currently blissfully free of Dom Joly type berks barking at top volume into their mobile phones about what station they're at and what's for dinner.
This is a fundamental problem. Instructions and data are intermingled in memory and on disk. Buffer overflows exploit this by tricking computers into executing data as code. Most interpreted languages support an eval() like procedure that takes data and interprets it as code. On the topic of interpreted languages - is a Perl script data or code?
Things like the NX bit in newer CPUs help but don't solve the problem.
Slashdot Mirror
If a DNS reply passes DNSSEC validation, I can be confident the response is what the zone administrator wanted it to be and it hasn't been tampered with. DNSCurve provides no such assurance.
Widespread DNSSEC and client-side validation would kill OpenDNS's business model, which revolves around tampering with DNS responses. DNSCurve continues to allow them to do this.
That's not guaranteed to address the problem. http://cm.bell-labs.com/who/ken/trust.html To compile the source code you used the binary compiler...
Have you just described the goal of Wine?
There is also the question whether this video will influence more people to commit suicide. The Samaritans have a section on their website explaining how to report and dramatize suicides responsibly.
http://www.samaritans.org/media-centre/media-guidelines-reporting-suicide
The problem is that it encourages other people to commit suicide too.
http://www.samaritans.org/media-centre/media-guidelines/advice-media-copycats-and-social-contagion
Remember - we're comparing IPv4 with NAT against IPv6.
Yes the ISP allocates the IPv6 prefix, but then again with NAT every source packet has the same IPv4 address. The real difference is that with IPv6 every single request can be given a different source address. If the source addresses are picked randomly from the /64 pool then it should be impossible to identify individual hosts within the /64 based solely on IP address information. As you rightly point out there are other effective ways of doing this already, but that's not an argument against using IPv6.
I've never understood this concern. With IPv6 I have, say, 2^64 addresses to use. I could use a different source IP address for each and every HTTP request I send out. Even at 1000 requests a second we'll all be long dead before you had to reuse a source address.
IPv6 gives you loads of room to hide. This is my concern - address based blocklists will quickly become infeasible.
All these posts and no-one has mentioned it runs on FreeBSD?
Netflix's New Peering Appliance Uses FreeBSD
Preferably with DNSSEC turned on.
If the filesystem is already marked as clean, then e2fsck doesn't actually check anything. You might want to try timing "fsck -f ..."
Facebook probably wants to be able to charge companies for access to potential employees' data
If there is a Dotcom bubble and if it does burst, how many customers are the cloud services going to have left?
Does the operating system not provide the SSL libraries? Or do you actually have to code the encryption routines into each application on iOS?
I would have thought the export restrictions would only apply to the SSL libraries, not the application that uses them.
CRLs are revocation lists which used to be published by CAs and clients were able to periodically download.
As a concept they were replaced with OCSP (online certificate status protocol). Here the client requests the current status of a certificate each time they are presented with it. The idea was that it would be more timely and up to date and meant CAs didn't need to publish a complete list of revoked certificates.
Now it seems Chrome wants to go back to a bodged version of the old way of doing things where Chrome periodically requests the CRL from the browser vendor or Chrome is periodically updated with the latest CRL?
The CAs never see the private key material. When you apply for a certificate, you generate the private key and a certificate signing request (CSR). It's the CSR which gets sent to the CA to sign, not the private key. All the CA has a copy of is the CSR and certificate, which is public knowledge anyway.
One of Dilbert creator Scott Adam's books covers market segmentation. The market segment every business should aim for is the "stupid rich". The poor rich don't have enough money, and smart people aren't going to buy your company's product anyway. The stupid rich is where the money is made.
What surprises me is the number of people who use caps-lock instead of shift to type a single capital letter, i.e.
caps-lock on
type letter
caps-lock off
every single time.
Virtualisation is, in many ways, trying to do what the OS should already be doing, namely isolation between processes (though protected memory), providing an abstraction layer for the hardware (though drivers) and allocating resources (through the CPU/IO schedulers).
Unfortunately, a certain OS has been so bad at doing this (historically) that people turn to virtualisation and you end up with a form of inner-platform effect. We have Linux implementing the virtio drivers to interface with the hypervisor which implements real drivers to talk to the real hardware. We have the guest's scheduler trying to manage "virtual CPUs" without any real information about what resources are actually available. We have hypervisors trying to re-implement copy-on-write for memory pages that the OS already does out-of-the-box.
Virtualisation is used as a "one size fits all" sledgehammer, often where it isn't the appropriate solution.
The "poor guy" is believed to have been part of the gang that came up with the plan in the first place. He wasn't, however, expecting it to be a real bomb.
Brian Douglas Wells
In the UK you require a license to watch or record TV as it is being broadcast, or to install TV receiving equipment for the purpose of watching/records TV as it is broadcast.
The requirement is worded to be independent of the technology used - terrestrial, satellite broadcasts, cable, internet etc
You don't require a license to watch recordings, so if you only ever watch DVDs, BBC iPlayer and 4OD you don't require a license. Copyright is a different issue - the TV license is a license to install/use equipment and is nothing to do with copyright.
Wikipedia links to this DEF CON presentation(PDF) from 2003 which has some details.
It's difficult to claim to be an "independent country" when you have to rely on the British RAF and British RNLI to rescue when you entire "country" catches fire.
I found it funny back when they tried to launch Sealand as a datacentre about ten years ago (HavenCo). 100% of their bandwidth came courtesy of the UK. How long would that bandwidth have lasted if they had hosted anything that had upset the UK authorities?
Indeed, how long would Sealand last if they were to upset anyone of any importance?
I really hope you don't have to explain who Doohan and Shatner are to people on Slashdot.
Mobile reception on the tube isn't a popular idea. Tube mobile network opposed by 76% of Londoners
This is a fundamental problem. Instructions and data are intermingled in memory and on disk. Buffer overflows exploit this by tricking computers into executing data as code. Most interpreted languages support an eval() like procedure that takes data and interprets it as code. On the topic of interpreted languages - is a Perl script data or code?
Things like the NX bit in newer CPUs help but don't solve the problem.