The problem is that in the early days they handed out class A subnets like they were candy, wasting millions of IP addresses with every one.
This is correct, and we should continue efforts to reclaim IPs from entities sitting on massive swaths of unused space. Eli Lilly surrendered part of their unneeded allocation, for example. I say forget the corporate blocks for now until the emergency is a bit more dire. While companies like Halliburton and Ford Motors can't possibly have a need for a full/8, trying to recover from them is likely to present legal challenges.
Instead, why don't we take a look at how many/8s are reserved for militaries? 6.0.0.0/8, 7.0.0.0/8, 11.0.0.0/8, 21.0.0.0/8, 22.0.0.0/8, 25.0.0.0/8, 26.0.0.0/8, 28.0.0.0/8, 29.0.0.0/8, 30.0.0.0/8, 33.0.0.0/8. It goes on well through the IPv4 space but I got bored of looking them up, and just those represent more than 180 million IPs that could be released for public use. Networks like SIPRNET aren't publicly routed and don't need public IPs. Most of these blocks are entirely unused on the public internet. Of course the military has plenty of valid, publicly accessible services, but they don't have 180 million of them.
As a taxpayer, I would much rather see these chunks of IP space SWIP'd out to ISPs who can justify their need instead of being destined to forever sit around dormant and registered to the military.
Just watched ISS transit over my house about an hour ago. I was excited when the HDEV stream first went online and I spent a day or so with one monitor showing nothing but that feed. But I had no idea that video like this could be captured from 250 miles up using commercial equipment. That's scary good resolution and stabilization for video, makes me wonder how far beyond "Enemy of the State" the US government is doing from their birds.
Allow me to add my vote that Urthecast is a name I find hard to parse properly.
The two major exceptions have been microsoft@mydomain.com and adobe@mydomain.com. Those two companies clearly sold my email address to marketers and spammers.
Can you be sure? Every now and then, I'll open up the floodgates and alias all of @domain to an account just to see what comes in. At one point I noticed a ton of spam to netflix@, and got pissed until I remembered that the email on my Netflix account isn't netflix@. That's never been a legit alias, so it's probably a dictionary style attack. Spammers are blasting shit out to netflix@<everywhere> much like the ssh bots try logging in as alice, bob, and a few thousand other users that have never existed on most systems.
It shares a *hash* of your password (Slashdot of old would know the difference) with first-level friends (not friends of friends) for networks where you actively choose to. It's like given them the password, except better, because you don't.
How does that work?
Suppose the password for my wireless network is BillGates. You're saying Wi-Fi Sense stores some hash of this, let's say 510ae47865e94f0e2165, and shares that with my friend. My friend comes over to my house. How does his computer sign on to my wireless network knowing only the hash, 510ae47865e94f0e2165? That isn't the password for my network, the router isn't going to accept it.
Slashdot sels no product. Sells no service. And wouldn't get enough donations to cover its costs. So they deserve to die?
They used to sell a service where you could subscribe to Slashdot for some nominal fee per 1,000 page loads. The fact that they quit selling this service is their own problem, the scaffolding is all there. It just needs to be turned back on and made worth the investment.
Because people generally don't want to pay for anything. And running these things isn't free.
Our next stewards should revisit the freemium/subscription model. I used to pay $5 a month for TotalFark, now I spend around $3 a month for reddit gold, lots of people pay $10+ for Something Awful, but I never saw any compelling reason to buy a subscription here. I can suppress ads without subscribing, and the other features weren't appealing enough to make it worth a few bucks. Get rid of the page count model and switch to a couple dollars per month. Then ask the community what features would justify those dollars. Comment editing, a richer set of supported HTML tags in comments, the ability to revert to the layout from 10 years ago, etc.
"We're on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication," Biderman said. "I've got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services."
Did eBay tell you which item to list and when to list it? Did eBay set the price? Did eBay dictate that you couldn't be in your pajamas when you listed the item? Did eBay refuse to let you sign up because the item you wanted to list was old and looked like a piece of junk? Did eBay structure their platform so the only way your items get bids is if you spend 50 minutes of every hour logged in to eBay?
The cynic in me wonders whether that was calculated marketing sleaze as opposed to laziness, maybe they're targeting people who try searching for Game of Thrones. The various app stores all have auto-suggest, so you start typing in "game of" and get other suggestions including Game of War.
Hi Ray, nice to see the NYCL moniker around here again. I have a few questions if you're willing.
First, you indicate that a judge has denied discovery due to several factors, one being that an IP address does not identify any particular individual. Can you speak to the weight or breadth of this specific Court's opinion here, in layman's terms? I see references to the Eastern and Southern districts of New York, might this decision influence cases outside of those jurisdictions?
Second, this business of "if the Motion Picture is considered obscene, it may not be eligible for copyright protection." I've read about certain cases where the Court stated that obscenity has no rigid definition, but "I'll know it when I see it." Does that have any bearing on the Malibu case? Was this some kind of completely outrageous pornography, where any community standard would likely find it to be obscene, or was it just run-of-the-mill porn? Would it matter either way? Would the opinion have likely been the same if the case involved a blockbuster Hollywood film instead of a pornographic and potentially obscene film?
Lastly, I'm curious whether or not you've kept up with developments in the case regarding Prenda Law, and how you might compare this case to that one, if at all. I try to read Ken White's PopeHat blog every once in awhile to see how poorly the Prenda copyright trolls are faring. It doesn't look good for Prenda, and I wonder if you would put Malibu in the same proverbial boat.
Reddit, the closed-source, privately owned message board
The reddit platform is open source. Just as Soylent News runs on modified Slashcode, there are already other sites out there using reddit's codebase or forks thereof.
Granted the BBB has used the same AL business model for a century and is still un-sued. I expect they get away with it by never having any money, that can't be AL's method.
This is a *security* focused appliance that made this goof from one of the more well regarded vendors in the market.
"Goof?" I'm not convinced. It's just as likely that this was engineered into the products intentionally.
News broke last year that NSA was intercepting Cisco equipment enroute to customers and making a few tweaks. Cisco made a big production a few months ago about how they were suddenly willing to ship to random addresses to avoid NSA interdiction. Perhaps that's because whatever NSA needs is already built in, and always has been, and the whole story about NSA physically yanking packages from carriers was misdirection. Put that story out there and people who are able to control the delivery chain will have a strong, but very false, sense of security.
Why in the heck aren't they doing this research again?
They are, but when they find something, they add it to their arsenal and use it themselves instead of alerting anyone to the vulnerability. This fact was the subject of some hand-waving from the White House earlier in the year. There's a good chance NSA has known about several of these for a long time, which is a little disconcerting since the Adobe Type Manager exploit may date back to 1998.
Youtube uses HTML5 now. Why does anyone still have a reason to use flash?
Most functionally useful weather radars, including NOAA's, require Flash. My state's Department of Transportation uses Flash for their traffic cameras. Livestream.com, which hosts my local TV news broadcasts along with other stuff like SpaceX launches, is still Flash. And if I want to view any cable TV programming on the computer, Comcast's player is Flash based.
I'd love to have uninstalled Flash a long time ago; for the time being I have to keep it around and use Flashblock.
Slashdot Mirror
The problem is that in the early days they handed out class A subnets like they were candy, wasting millions of IP addresses with every one.
This is correct, and we should continue efforts to reclaim IPs from entities sitting on massive swaths of unused space. Eli Lilly surrendered part of their unneeded allocation, for example. I say forget the corporate blocks for now until the emergency is a bit more dire. While companies like Halliburton and Ford Motors can't possibly have a need for a full /8, trying to recover from them is likely to present legal challenges.
Instead, why don't we take a look at how many /8s are reserved for militaries? 6.0.0.0/8, 7.0.0.0/8, 11.0.0.0/8, 21.0.0.0/8, 22.0.0.0/8, 25.0.0.0/8, 26.0.0.0/8, 28.0.0.0/8, 29.0.0.0/8, 30.0.0.0/8, 33.0.0.0/8. It goes on well through the IPv4 space but I got bored of looking them up, and just those represent more than 180 million IPs that could be released for public use. Networks like SIPRNET aren't publicly routed and don't need public IPs. Most of these blocks are entirely unused on the public internet. Of course the military has plenty of valid, publicly accessible services, but they don't have 180 million of them.
As a taxpayer, I would much rather see these chunks of IP space SWIP'd out to ISPs who can justify their need instead of being destined to forever sit around dormant and registered to the military.
http://www.gasbuddy.com/Privacy
The effective date is August 31, 2015. The app probably won't be asking for any new permissions until then.
Just watched ISS transit over my house about an hour ago. I was excited when the HDEV stream first went online and I spent a day or so with one monitor showing nothing but that feed. But I had no idea that video like this could be captured from 250 miles up using commercial equipment. That's scary good resolution and stabilization for video, makes me wonder how far beyond "Enemy of the State" the US government is doing from their birds.
Allow me to add my vote that Urthecast is a name I find hard to parse properly.
The two major exceptions have been microsoft@mydomain.com and adobe@mydomain.com. Those two companies clearly sold my email address to marketers and spammers.
Can you be sure? Every now and then, I'll open up the floodgates and alias all of @domain to an account just to see what comes in. At one point I noticed a ton of spam to netflix@, and got pissed until I remembered that the email on my Netflix account isn't netflix@. That's never been a legit alias, so it's probably a dictionary style attack. Spammers are blasting shit out to netflix@<everywhere> much like the ssh bots try logging in as alice, bob, and a few thousand other users that have never existed on most systems.
It shares a *hash* of your password (Slashdot of old would know the difference) with first-level friends (not friends of friends) for networks where you actively choose to. It's like given them the password, except better, because you don't.
How does that work?
Suppose the password for my wireless network is BillGates. You're saying Wi-Fi Sense stores some hash of this, let's say 510ae47865e94f0e2165, and shares that with my friend. My friend comes over to my house. How does his computer sign on to my wireless network knowing only the hash, 510ae47865e94f0e2165? That isn't the password for my network, the router isn't going to accept it.
Slashdot sels no product. Sells no service. And wouldn't get enough donations to cover its costs. So they deserve to die?
They used to sell a service where you could subscribe to Slashdot for some nominal fee per 1,000 page loads. The fact that they quit selling this service is their own problem, the scaffolding is all there. It just needs to be turned back on and made worth the investment.
Because people generally don't want to pay for anything. And running these things isn't free.
Our next stewards should revisit the freemium/subscription model. I used to pay $5 a month for TotalFark, now I spend around $3 a month for reddit gold, lots of people pay $10+ for Something Awful, but I never saw any compelling reason to buy a subscription here. I can suppress ads without subscribing, and the other features weren't appealing enough to make it worth a few bucks. Get rid of the page count model and switch to a couple dollars per month. Then ask the community what features would justify those dollars. Comment editing, a richer set of supported HTML tags in comments, the ability to revert to the layout from 10 years ago, etc.
I figured they'd love "China will grow larger."
That precise experience inspired the sig I've had for a few years.
If I had a dollar for every variation of "Anonymous Coward" I've seen over the years, I could probably be retired.
Source?
The Krebs article linked in TFS mentions as much.
Watch out for the Tracebuster-buster-buster !
Did eBay tell you which item to list and when to list it? Did eBay set the price? Did eBay dictate that you couldn't be in your pajamas when you listed the item? Did eBay refuse to let you sign up because the item you wanted to list was old and looked like a piece of junk? Did eBay structure their platform so the only way your items get bids is if you spend 50 minutes of every hour logged in to eBay?
The cynic in me wonders whether that was calculated marketing sleaze as opposed to laziness, maybe they're targeting people who try searching for Game of Thrones. The various app stores all have auto-suggest, so you start typing in "game of" and get other suggestions including Game of War.
Hi Ray, nice to see the NYCL moniker around here again. I have a few questions if you're willing.
First, you indicate that a judge has denied discovery due to several factors, one being that an IP address does not identify any particular individual. Can you speak to the weight or breadth of this specific Court's opinion here, in layman's terms? I see references to the Eastern and Southern districts of New York, might this decision influence cases outside of those jurisdictions?
Second, this business of "if the Motion Picture is considered obscene, it may not be eligible for copyright protection." I've read about certain cases where the Court stated that obscenity has no rigid definition, but "I'll know it when I see it." Does that have any bearing on the Malibu case? Was this some kind of completely outrageous pornography, where any community standard would likely find it to be obscene, or was it just run-of-the-mill porn? Would it matter either way? Would the opinion have likely been the same if the case involved a blockbuster Hollywood film instead of a pornographic and potentially obscene film?
Lastly, I'm curious whether or not you've kept up with developments in the case regarding Prenda Law, and how you might compare this case to that one, if at all. I try to read Ken White's PopeHat blog every once in awhile to see how poorly the Prenda copyright trolls are faring. It doesn't look good for Prenda, and I wonder if you would put Malibu in the same proverbial boat.
Reddit, the closed-source, privately owned message board
The reddit platform is open source. Just as Soylent News runs on modified Slashcode, there are already other sites out there using reddit's codebase or forks thereof.
What is it this time??
Your bank's grammar verification code clearly hadn't been fixed.
Therefore this accidentally and somewhat embarrassingly mimics that behaviour.
You mean apes that behaviour?
Granted the BBB has used the same AL business model for a century and is still un-sued. I expect they get away with it by never having any money, that can't be AL's method.
The BBB has been sued plenty of times. My understanding is that Angie's List has never turned a profit. They're both scams in my opinion.
He said he installed an extension, not a Browser Helper Object!
I wonder, would Google let APK sell an .apk? Harassment and stalking are kind of a no-go in their microcosm.
Don't forget Roland Piquepaille ;)
This is a *security* focused appliance that made this goof from one of the more well regarded vendors in the market.
"Goof?" I'm not convinced. It's just as likely that this was engineered into the products intentionally.
News broke last year that NSA was intercepting Cisco equipment enroute to customers and making a few tweaks. Cisco made a big production a few months ago about how they were suddenly willing to ship to random addresses to avoid NSA interdiction. Perhaps that's because whatever NSA needs is already built in, and always has been, and the whole story about NSA physically yanking packages from carriers was misdirection. Put that story out there and people who are able to control the delivery chain will have a strong, but very false, sense of security.
Why in the heck aren't they doing this research again?
They are, but when they find something, they add it to their arsenal and use it themselves instead of alerting anyone to the vulnerability. This fact was the subject of some hand-waving from the White House earlier in the year. There's a good chance NSA has known about several of these for a long time, which is a little disconcerting since the Adobe Type Manager exploit may date back to 1998.
Youtube uses HTML5 now. Why does anyone still have a reason to use flash?
Most functionally useful weather radars, including NOAA's, require Flash. My state's Department of Transportation uses Flash for their traffic cameras. Livestream.com, which hosts my local TV news broadcasts along with other stuff like SpaceX launches, is still Flash. And if I want to view any cable TV programming on the computer, Comcast's player is Flash based.
I'd love to have uninstalled Flash a long time ago; for the time being I have to keep it around and use Flashblock.