No, so long as we have legit uses, I can't see how they can do that. The only thing I use p2p to download is OSS. This weekend I downloaded MythDora 5, in 8 days I'll be downloaded Fedora 9. I download distros all the time with BT.
Further, how does the ISP know something is legit or not? What if some indy or signed band or director wants to start distributing music/movies (free license or not) via p2p?
Less resolution, bigger size, doesn't make sense to me, other than a cool hack. It's a step above, but much like the mplayer + aalib ascii output for video. It's really not that useful, unless you want to play videos on a 486 or something;-p
Low-rent as in free. Yup, it just verifies you're going to my domain/server, which is the only need, and just for family users accessing webmail.
So, I would say you should add a "yellow" caution "!" option, just as you have a yellow "?" option (instead of red stop, don't proceed) that says, "Verifies Domain-only, often used for personal-use, not owner of website - Don't trust for financial transactions".
The SSL cert is totally legit and there is nothing wrong with it and how it is being used. The personal website doesn't have anything to do with a business, so it is invalid to say the SSL cert doesn't verify something (business info) that cannot be verified (as it doesn't exist).
BTW, where does it get this info? "Information from secondary sources Commercial site."
Do you label all.net sites as commercial?
Giving false positives trains users to ignore your information.
Just my two cents, but thanks for updating your root CA.
I found SiteTruth's search worthless. I put in my own domain and it said it was suspect, no address listed on the website. Totally bogus information. One of the first links is to the AUP page, which contains the same address WHOIS has listed. Even if I search giving the AUP link, it cannot find the address. Further, it says no usable certification info - I could see it complain that it doesn't like my CA, but there cert works just fine in any non-Microsoft browser. I find this site worthless as it fails to provide valid information. I could see it complaining that my SSL cert (free for non-commercial, personal use) is a domain-only, but it doesn't, it just says, "No valid cert." Finally, just because something doesn't have a valid business behind it (as in a personal website/email hosting), doesn't mean it is invalid or worthless. Don't give me your money - I'm not asking for it.
Which makes me wonder how MythTV and others will do. I suppose so long as it is for personal use and not commercial it should be safe.
I still don't get how Tivo got a patent on that sort of thing. One has been able to do the same with VCRs and even PCs with tuner cards well before Tivo existed. Hmph, more examples of why the patent system is broken.
That's like saying someone who stops a guy who snags someone's person and hold him for the police is a vigilante.
As someone else pointed out, a vigilante is someone who ENFORCES their own JUSTICE. Just holding someone (or clearly stolen property) for the police to handle isn't vigilantism.
Batman is a vigilante because he doesn't just catch the crooks, he dishes out his own punishment, without following due process of the law.
I'm out of the loop these days. I used to have a DirecTivo (series 1) which I'd upgraded the HDD, put a NIC in and could download any shows I wanted to put on CD/DVD. Been a good 4 years since I sold it off.
Since then, I moved to MyhtDora (Fedora + MythTV, with install almost 99% automated). I love it, but I'm out of the loop on what Tivo and Dish have to offer.
Just what is Tivo suing Dish over?
If anyone knows both MythTV and Tivo, what features does Tivo have that I can't do on my MythTV box (for virtually free, other than the Schedules Direct $20/year listing fee)?
I'm actually not sure if you can still get 3rd and 4th-level delegations. I'm assuming you can for "official" gov, school (k12), library (lib), etc. business. I know you cannot get personal/business ones like the one that I have, those are no longer available, you just have to pay and get one right off of.US.
I too dislike NSI, but.ORG isn't under their control anymore, but under the ISC's PIR, which I very much like. I have some.NETs from way back, but at least I have them over at GKG.NET. One thing I like about GKG.net is their free email address cloaking.
I like how my town has longer yellows then elsewhere. The downside is that I have to stop whenever I see a yellow in any other nearby smaller town, otherwise I'll have my timing off and end up with a red light. Consistancy would be nice.
It's a shame they comercialized.US. I always liked the idea of being able to know where a website should be just by understanding the syntax, for instance the City of Modesto, California, USA, site should be at ci.modesto.ca.us and the Stanislaus County website should be at co.stanislaus.ca.us... of course, they have silly domains too like modestogov.com and stancounty.com which you'd find via Google, but aren't something you'd ever know otherwise (other than.COM branding you might see printed somewhere).
No, my office has an MSDN subscription so it costs nothing more for that 1% that I use it for. It's the others that are addicted that require MS apps which require the MSDN sub. Otherwise, we'd save whatever that yearly fee is - actually so long as we sell and support Cisco VM products which have Exchange backend integration, I doubt we'll get ride of our MSDN stuff, but perhaps. I could get little bit I need done in OOo (it's Excel scripting that doesn't work right yet in OOo), with just a bit more work the first time to create the form and ditch the scripting, and at the same time push Cisco (who makes the Excel BAT form) to supply it in ODF as well.
Even still, you wouldn't have any way for someone to remotely control those systems. A virus/worm might get spread from the internet PCs to SCADA PCs at the worst, but there is no way to control them (short of sending another message via virus and long time delay via "sneakernet" USB storage device).
But safer than that would be a way to have a DMZ storage system (not internet DMZ, but DMZ between internal Internet-access PCs and SCADA system PCs) that each different type of PC can drop data off in, but that DMZ system has no access out to either side. So you can drop data off, and then go get it from the other side. So long as your data is just raw data (db info of some sort, I'd imagine), there isn't away you're ever going to push a virus/worm back and forth.
The problem is the layers. The Desktop PCs (you know, the ones you use to check email and surf the web) have access to the internet (probably just outbound), and access to the SCADA networks. While you cannot initiate an inbound connection to those Desktop PCs, all you have to do is get someone to click on a link and get infected with something that sits on their PC and maintains an outbound connection (think GoToMyPC). From there, the exploit team has access to their PCs and everything their PCs have access to.
In an ideal world, they'd have two PCs on each desktop. One on the internet, one on the SCADA network. The two should never be connected. That's how the military is suppoesd to do it between different levels of their networks (the two different levels are never to be connected).
But that costs you twice as much, and isn't convenient. But you'd never have a security breach.
Oh, and they buy and sell power over the internet between different power companies, so right there is a reason you'd need some SCADA system connected with internet access (but you could have those systems very, very locked down as to what and how they can access between things).
Hmm, but if I use my VPN I can use my Cisco IP Communicator all encrypted and they can't block it without blocking my entire VPN access, which they can't block as I'll just revert to SSL mode.
HTML does evil things to PGP messages (like taking out the double-spaces after periods, which then makes the signature invalid). Here we go again without the double-spaces in the source:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I know this probably isn't highly favorable, and very geeky, but why can't everyone just sign their email with PGP/GPG, and then mail-servers check with public key servers to verify that the mail is legitimate?
I suppose spammers could submit their own public keys, but these could quickly be flagged as spammy, listing the signed email as proof. Keys being signed by others who trust it would also help to elevate regular users and keep spammers out (short of a system compromise where someone's private key is copied).
I'm sure there are holes in this, beyond just the technical hurdles (user training, key exchanges, CPU load on email servers, etc.). What am I missing? -----BEGIN PGP SIGNATURE-----
I know this probably isn't highly favorable, and very geeky, but why can't everyone just sign their email with PGP/GPG, and then mail-servers check with public key servers to verify that the mail is legitimate?
I suppose spammers could submit their own public keys, but these could quickly be flagged as spammy, listing the signed email as proof. Keys being signed by others who trust it would also help to elevate regular users and keep spammers out (short of a system compromise where someone's private key is copied).
I'm sure there are holes in this, beyond just the technical hurdles (user training, key exchanges, CPU load on email servers, etc.). What am I missing? -----BEGIN PGP SIGNATURE-----
I'm guessing most of the information they have they obtained either through public record (birth records, marriage records, property deeds) or purchased through the big 3 credit bureaus, which collected this information from you via you giving it to places you do business with.
I've always been careful to flag my accounts with "don't share with 3rd-party" or even other "business units" (which may be sold off later), but still, you can't control what the big 3 credit bureaus have, unless it is inaccurate.
If you cosign on something, you can't even get anything related to that removed, like the owners address (which may have never been yours), until it's paid in full.
I think any place like Intelius should have to follow the same rules that credit bureaus have to follow: give you full access to their records about you so that you can demand they remove things that you say are inaccurate - of course, since they're getting it from all sorts of 3rd parties, who knows how they'll ever verify things, but at least in the meantime they should have to remove it.
Especially harmful would be mis-information that Intelius may obtain which may come from Identity Fraud - or even someone with the same name as you, which somehow Intelius merges into the same identity.
Why don't they spent a little time on capping the flow of spam and brute force attacks? Greylisting and RBLs block nearly all the spam, and I've just created netfilters to block all traffic that isn't what I consider "core" (dns, smtp, web) from China due to the huge amount of brute force dictionary login attacks on my systems via ssh and ftp.
I don't think folks stealing laptops are spending time evaluating how good they are first. They ones with locked BIOS and/or no batteries will just end up in a dumpster. These laptops are probbaly getting sold on eBay for a few hundred.
Cogent is receiving the AS path from 1299, but when the traffic goes to transit through them, I believe they're dropping it. Just my guess. Are you able to reach prefixes announced from AS3308?
The problem with that is you'd have to maintain logs of everyone who connected and what they did to disprove if someone did something illegal that it wasn't you (which even then, it's hard to disprove it wasn't you). RIAA, etc. is going to say your Public IP was sharing such and such, or law enforcement may say you did such and such, and your left holding the bag.
I used to run an open WAP (freenet.artoo.net), and even had a proxy setup (NoCatNet) to filter access and block smtp outbound access and log who was logged in, etc., but I just won't continue to maintain such a thing with the legal climate these days. I don't have time for the hassles it may cause me, especially when I refuse to download or posses any copyright material I didn't buy (or legally get, like recording off my own cabletv), so I know there is no way any legit claims can come in.
Playing devil's advocate: With that same arguement, why should Cogent accept traffic from any ISP who won't peer directly with them?
What it comes down to is that is the way the internet works. You peer with someone who gives you transit. If you're a large ISP, you try to peer with others who are of the same size and you don't charge each other.
Slashdot Mirror
No, so long as we have legit uses, I can't see how they can do that. The only thing I use p2p to download is OSS. This weekend I downloaded MythDora 5, in 8 days I'll be downloaded Fedora 9. I download distros all the time with BT.
Further, how does the ISP know something is legit or not? What if some indy or signed band or director wants to start distributing music/movies (free license or not) via p2p?
While it is nice that you can resise the page text and see it grow, it does take up more space to store the CSS version than the original JPG.
;-p
The software author's example with image.jpg goes from 13322 to 42564 as CSS output.
Less resolution, bigger size, doesn't make sense to me, other than a cool hack. It's a step above, but much like the mplayer + aalib ascii output for video. It's really not that useful, unless you want to play videos on a 486 or something
Low-rent as in free. Yup, it just verifies you're going to my domain/server, which is the only need, and just for family users accessing webmail.
.net sites as commercial?
So, I would say you should add a "yellow" caution "!" option, just as you have a yellow "?" option (instead of red stop, don't proceed) that says, "Verifies Domain-only, often used for personal-use, not owner of website - Don't trust for financial transactions".
The SSL cert is totally legit and there is nothing wrong with it and how it is being used. The personal website doesn't have anything to do with a business, so it is invalid to say the SSL cert doesn't verify something (business info) that cannot be verified (as it doesn't exist).
BTW, where does it get this info?
"Information from secondary sources
Commercial site."
Do you label all
Giving false positives trains users to ignore your information.
Just my two cents, but thanks for updating your root CA.
I'll add the address to the contact page as well.
I found SiteTruth's search worthless. I put in my own domain and it said it was suspect, no address listed on the website. Totally bogus information. One of the first links is to the AUP page, which contains the same address WHOIS has listed. Even if I search giving the AUP link, it cannot find the address. Further, it says no usable certification info - I could see it complain that it doesn't like my CA, but there cert works just fine in any non-Microsoft browser. I find this site worthless as it fails to provide valid information. I could see it complaining that my SSL cert (free for non-commercial, personal use) is a domain-only, but it doesn't, it just says, "No valid cert." Finally, just because something doesn't have a valid business behind it (as in a personal website/email hosting), doesn't mean it is invalid or worthless. Don't give me your money - I'm not asking for it.
Uhm, so make a "lojack" account on your server that does nothing but let you reverse ssh back in, but has no other access on your server (chroot it).
Which makes me wonder how MythTV and others will do. I suppose so long as it is for personal use and not commercial it should be safe.
I still don't get how Tivo got a patent on that sort of thing. One has been able to do the same with VCRs and even PCs with tuner cards well before Tivo existed. Hmph, more examples of why the patent system is broken.
That's like saying someone who stops a guy who snags someone's person and hold him for the police is a vigilante.
As someone else pointed out, a vigilante is someone who ENFORCES their own JUSTICE. Just holding someone (or clearly stolen property) for the police to handle isn't vigilantism.
Batman is a vigilante because he doesn't just catch the crooks, he dishes out his own punishment, without following due process of the law.
I'm out of the loop these days. I used to have a DirecTivo (series 1) which I'd upgraded the HDD, put a NIC in and could download any shows I wanted to put on CD/DVD. Been a good 4 years since I sold it off.
Since then, I moved to MyhtDora (Fedora + MythTV, with install almost 99% automated). I love it, but I'm out of the loop on what Tivo and Dish have to offer.
Just what is Tivo suing Dish over?
If anyone knows both MythTV and Tivo, what features does Tivo have that I can't do on my MythTV box (for virtually free, other than the Schedules Direct $20/year listing fee)?
I'm actually not sure if you can still get 3rd and 4th-level delegations. I'm assuming you can for "official" gov, school (k12), library (lib), etc. business. I know you cannot get personal/business ones like the one that I have, those are no longer available, you just have to pay and get one right off of .US.
.ORG isn't under their control anymore, but under the ISC's PIR, which I very much like. I have some .NETs from way back, but at least I have them over at GKG.NET. One thing I like about GKG.net is their free email address cloaking.
I too dislike NSI, but
I like how my town has longer yellows then elsewhere. The downside is that I have to stop whenever I see a yellow in any other nearby smaller town, otherwise I'll have my timing off and end up with a red light. Consistancy would be nice.
I like my pre-Neustart .US domain - free forever.
.US. I always liked the idea of being able to know where a website should be just by understanding the syntax, for instance the City of Modesto, California, USA, site should be at ci.modesto.ca.us and the Stanislaus County website should be at co.stanislaus.ca.us... of course, they have silly domains too like modestogov.com and stancounty.com which you'd find via Google, but aren't something you'd ever know otherwise (other than .COM branding you might see printed somewhere).
It's a shame they comercialized
No, my office has an MSDN subscription so it costs nothing more for that 1% that I use it for. It's the others that are addicted that require MS apps which require the MSDN sub. Otherwise, we'd save whatever that yearly fee is - actually so long as we sell and support Cisco VM products which have Exchange backend integration, I doubt we'll get ride of our MSDN stuff, but perhaps. I could get little bit I need done in OOo (it's Excel scripting that doesn't work right yet in OOo), with just a bit more work the first time to create the form and ditch the scripting, and at the same time push Cisco (who makes the Excel BAT form) to supply it in ODF as well.
Even still, you wouldn't have any way for someone to remotely control those systems. A virus/worm might get spread from the internet PCs to SCADA PCs at the worst, but there is no way to control them (short of sending another message via virus and long time delay via "sneakernet" USB storage device).
But safer than that would be a way to have a DMZ storage system (not internet DMZ, but DMZ between internal Internet-access PCs and SCADA system PCs) that each different type of PC can drop data off in, but that DMZ system has no access out to either side. So you can drop data off, and then go get it from the other side. So long as your data is just raw data (db info of some sort, I'd imagine), there isn't away you're ever going to push a virus/worm back and forth.
The problem is the layers. The Desktop PCs (you know, the ones you use to check email and surf the web) have access to the internet (probably just outbound), and access to the SCADA networks. While you cannot initiate an inbound connection to those Desktop PCs, all you have to do is get someone to click on a link and get infected with something that sits on their PC and maintains an outbound connection (think GoToMyPC). From there, the exploit team has access to their PCs and everything their PCs have access to.
In an ideal world, they'd have two PCs on each desktop. One on the internet, one on the SCADA network. The two should never be connected. That's how the military is suppoesd to do it between different levels of their networks (the two different levels are never to be connected).
But that costs you twice as much, and isn't convenient. But you'd never have a security breach.
Oh, and they buy and sell power over the internet between different power companies, so right there is a reason you'd need some SCADA system connected with internet access (but you could have those systems very, very locked down as to what and how they can access between things).
Hmm, but if I use my VPN I can use my Cisco IP Communicator all encrypted and they can't block it without blocking my entire VPN access, which they can't block as I'll just revert to SSL mode.
Utter FUD. OpenOffice.org works for 99% of my needs.
HTML does evil things to PGP messages (like taking out the double-spaces after periods, which then makes the signature invalid). Here we go again without the double-spaces in the source:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I know this probably isn't highly favorable, and very geeky, but why
can't everyone just sign their email with PGP/GPG, and then mail-servers
check with public key servers to verify that the mail is legitimate?
I suppose spammers could submit their own public keys, but these could
quickly be flagged as spammy, listing the signed email as proof. Keys
being signed by others who trust it would also help to elevate regular
users and keep spammers out (short of a system compromise where
someone's private key is copied).
I'm sure there are holes in this, beyond just the technical hurdles
(user training, key exchanges, CPU load on email servers, etc.). What
am I missing?
-----BEGIN PGP SIGNATURE-----
iD8DBQFH/QzBd34OvcZ8P2oRAovcAJ0VcSh9RUaDVjxeCyEmCtaQFh31LACgkZm6
c8uGux1ycqg4FYDRtIqR6HQ=
=te7S
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I know this probably isn't highly favorable, and very geeky, but why
can't everyone just sign their email with PGP/GPG, and then mail-servers
check with public key servers to verify that the mail is legitimate?
I suppose spammers could submit their own public keys, but these could
quickly be flagged as spammy, listing the signed email as proof. Keys
being signed by others who trust it would also help to elevate regular
users and keep spammers out (short of a system compromise where
someone's private key is copied).
I'm sure there are holes in this, beyond just the technical hurdles
(user training, key exchanges, CPU load on email servers, etc.). What
am I missing?
-----BEGIN PGP SIGNATURE-----
iD8DBQFH/Qr0d34OvcZ8P2oRAiFDAJ9ug8DwebZXFjd40cNUhrrk9qr2WACgtwsX
4TEm527Wu7S/hTGynY8bpdY=
=oKFZ
-----END PGP SIGNATURE-----
I'm guessing most of the information they have they obtained either through public record (birth records, marriage records, property deeds) or purchased through the big 3 credit bureaus, which collected this information from you via you giving it to places you do business with.
I've always been careful to flag my accounts with "don't share with 3rd-party" or even other "business units" (which may be sold off later), but still, you can't control what the big 3 credit bureaus have, unless it is inaccurate.
If you cosign on something, you can't even get anything related to that removed, like the owners address (which may have never been yours), until it's paid in full.
I think any place like Intelius should have to follow the same rules that credit bureaus have to follow: give you full access to their records about you so that you can demand they remove things that you say are inaccurate - of course, since they're getting it from all sorts of 3rd parties, who knows how they'll ever verify things, but at least in the meantime they should have to remove it.
Especially harmful would be mis-information that Intelius may obtain which may come from Identity Fraud - or even someone with the same name as you, which somehow Intelius merges into the same identity.
Ad-free version of article.
How hard is it to look for the "Print version" w/o ads and link to that?
Why don't they spent a little time on capping the flow of spam and brute force attacks? Greylisting and RBLs block nearly all the spam, and I've just created netfilters to block all traffic that isn't what I consider "core" (dns, smtp, web) from China due to the huge amount of brute force dictionary login attacks on my systems via ssh and ftp.
I don't think folks stealing laptops are spending time evaluating how good they are first. They ones with locked BIOS and/or no batteries will just end up in a dumpster. These laptops are probbaly getting sold on eBay for a few hundred.
Cogent is receiving the AS path from 1299, but when the traffic goes to transit through them, I believe they're dropping it. Just my guess. Are you able to reach prefixes announced from AS3308?
The problem with that is you'd have to maintain logs of everyone who connected and what they did to disprove if someone did something illegal that it wasn't you (which even then, it's hard to disprove it wasn't you). RIAA, etc. is going to say your Public IP was sharing such and such, or law enforcement may say you did such and such, and your left holding the bag.
I used to run an open WAP (freenet.artoo.net), and even had a proxy setup (NoCatNet) to filter access and block smtp outbound access and log who was logged in, etc., but I just won't continue to maintain such a thing with the legal climate these days. I don't have time for the hassles it may cause me, especially when I refuse to download or posses any copyright material I didn't buy (or legally get, like recording off my own cabletv), so I know there is no way any legit claims can come in.
Playing devil's advocate: With that same arguement, why should Cogent accept traffic from any ISP who won't peer directly with them?
What it comes down to is that is the way the internet works. You peer with someone who gives you transit. If you're a large ISP, you try to peer with others who are of the same size and you don't charge each other.