Yes. In fact the two developers that were working at Canonical on Kubuntu left the company and now work for Blue Systems. That's the company that is the current sponsor of Kubuntu. Canonical is no longer involved (thank goodness!)
The methodology use on oswatershed is spot-on for linux distros, but absolutely misguided for FreeBSD and other BSDs. Comparing them in the way that this site does is incorrect and disingenuous. FreeBSD has a ports system that is totally separate from the main source tree of the OS. The main OS moves on a 6 months to a year release cycle, but the ports system is on a rolling release. Ports are updated to the current stable version constantly just like Arch. The site oswatershed compares the port snapshot for the day of a FreeBSD release (the set of ports that come with that release). This is wrong. The first thing that you do with a FreeBSD box is run portsnap. Once that's done, all the ports are as fresh or fresher than Arch.
The way this site makes these comparisons demonstrates that the guy running the site has never used FreeBSD for an extended period of time or failed to read the documentation.
Google made a business decision for each of these projects. Their return on investment was too low to justify the project. They will probably not disclose any of the criteria or metric that they used to reach this decision, but I guarantee that each of these projects deserved the axe. Google is not there to provide free services to you. Google's business is to allow access to services that give their main business (advertisements) an advantage. If the money spent to keep the project going outweighs the number of users brought in, with some other metrics probably in there too, it gets the axe, and deservedly so.
The 3G and 4G products here in the US are made by Samsung, Novatel, Sierra Wireless, and others. None that I could find were made by Chinese manufacturers Huawei and ZTE.
This article only applies to Russia where those things are even available. Headline should read "Russian Mobile Providers' 3G and 4G USB Modems Are Security Threat, Black Hat Presenter Says"
But with that headline, nobody would care or read the article.
TLS 1.1 support is enabled by default in Chrome. Read about that here.
If you want TLS 1.2 in chrome, please star this bug.
As for Firefox, TLS 1.1 and 1.2 support are still not ready. If you want to help, vote for this bug, this bug, this bug, and this bug.
The bugs to get TLS 1.2 support into Firefox are this one and this one.
Both Opera and IE support TLS 1.1 and 1.2. If you want to see this in Firefox and Chrome, vote for the bugs above. But, please don't comment on the bugs. That won't help.
Not sure what effort you are referring to. I can create large numbers of subdomains using a simple script to modify the zone file. Subdomains cost nothing. No effort, and no money.
Bandwidth is nearly nothing because I don't have to transfer any data to create data on the victim's drive if I use javascript.
Lastly, you're not thinking about threats holistically. This just becomes one single tool added to a group of other tools that can be employed in an advanced persistent threat attack.
I was at your talk at ShmooCon and was quite impressed.
What if for any domains that you discovered vulnerabilities on you were to automatically pull whois data (if the TLD has whois servers or web based whois without a captcha) and send a quick email about your findings to any emails listed?
A shameless plug: ruby whois is the best programmatic whois client and parser out there IMHO. It would make the above suggestion quite simple.
Siri: You need to take a shower! It smells like balls in here!
Siri: Oh my god! Cover my smell receptor! Why do you have to fart when I'm in your back pocket!
Read it over. Understand it: http://cm.bell-labs.com/who/ken/trust.html
You must decide what you trust unless you wrote it all yourself and built it yourself. You must also acknowledge that the system is insecure and work backwards from that trying to mitigate any damage and minimize risks.
Stop authenticating users via keys directly to a server. Use Kerberos v5. This centralizes the authentication to one or a set of servers. You then don't need to clean up key mess everywhere. Once you're running Kerberos you can choose the method of authentication to the central server. You can use password, public key (but only one in this case), OPIE (One-time Passwords In Everything), Google authenticator, RSA securid, biometrics, SRP (Secure Remote Password), or any combination of these to make things 2, 3, 4 or X factor authentication. The sky is the limit, and there's no crazy mess to have to follow up with.
When you need to have things automated, and you must use key authentication, then make sure that the area the key authenticates to is well sandboxed with something like a FreeBSD jail with access to nothing but the resources needed for the remote function to be performed.
This is all using standard practices that are over a decade old (and clearly spelled out in the FreeBSD Handbook among many other places).
Um, no. You are misreading the units of measurement. Lowercase "b" is bit. Uppercase "B" is byte. The unit in the article is byte, and there being 8 bits in one byte. To convert the speed in the article to the units that you are taking about, you would want to multiply by 8. Therefore, Google Fiber averages 20.4 Mb/s in the units that you are referring to. That's a pretty good average for service in the US.
I think it's high time for Google to issue an internet death sentence for a day or two to each movie studio that participated in this. They will see what happens when their internet presence disappears from Google.
10 times out of 10, if you hack into the system where the attack is coming from, you will be hacking into a system owned by an innocent third party that was also hacked. You are then violating that party a second time. Lets take a more concerning scenario: You discover an attack that is originating from a competitor. You hack back into their system. This situation can only end badly. First, if they were responsible you have now spoiled evidence. Second, if they are not responsible and were also hacked as a jumping off point, you now have hacked into a competitor's system and compromised them. You should now have to pay damages because they have not way to tell that you didn't steal their corporate secrets while you were there in their system.
I'm glad you live in a generally enlightened place where Obama's winning was treated with the same type of celebration that a soccer team winning would be. Unfortunately, here in the south Republicans showed their true face and their true feelings in places like Ole Miss and elsewhere when the election results were out. Racism and bigotry have finally destroyed the Republican party.
Off the fact that the Republican platform was bigoted, anti-women, anti-gay, anti-latino, anti-african american, anti-environmental, anti-science, mixed with a large does of religious crazy.
I've got news for you. Your IT department wasn't why you lost the young vote. Your get out the vote failing wasn't what scared away the Latino vote. And believe me, canvasing poorly wasn't what kept African Americans from voting for you.
The angry white man thing won't work anymore because us "those people" now outnumber you, permanently (thank goodness!).
Slashdot Mirror
Is it production ready yet? Or is it still in a beta/testing state?
Yes. In fact the two developers that were working at Canonical on Kubuntu left the company and now work for Blue Systems. That's the company that is the current sponsor of Kubuntu. Canonical is no longer involved (thank goodness!)
The methodology use on oswatershed is spot-on for linux distros, but absolutely misguided for FreeBSD and other BSDs. Comparing them in the way that this site does is incorrect and disingenuous. FreeBSD has a ports system that is totally separate from the main source tree of the OS. The main OS moves on a 6 months to a year release cycle, but the ports system is on a rolling release. Ports are updated to the current stable version constantly just like Arch. The site oswatershed compares the port snapshot for the day of a FreeBSD release (the set of ports that come with that release). This is wrong. The first thing that you do with a FreeBSD box is run portsnap. Once that's done, all the ports are as fresh or fresher than Arch.
The way this site makes these comparisons demonstrates that the guy running the site has never used FreeBSD for an extended period of time or failed to read the documentation.
Google made a business decision for each of these projects. Their return on investment was too low to justify the project. They will probably not disclose any of the criteria or metric that they used to reach this decision, but I guarantee that each of these projects deserved the axe. Google is not there to provide free services to you. Google's business is to allow access to services that give their main business (advertisements) an advantage. If the money spent to keep the project going outweighs the number of users brought in, with some other metrics probably in there too, it gets the axe, and deservedly so.
The 3G and 4G products here in the US are made by Samsung, Novatel, Sierra Wireless, and others. None that I could find were made by Chinese manufacturers Huawei and ZTE.
This article only applies to Russia where those things are even available. Headline should read "Russian Mobile Providers' 3G and 4G USB Modems Are Security Threat, Black Hat Presenter Says"
But with that headline, nobody would care or read the article.
TLS 1.1 support is enabled by default in Chrome. Read about that here.
If you want TLS 1.2 in chrome, please star this bug.
As for Firefox, TLS 1.1 and 1.2 support are still not ready. If you want to help, vote for this bug, this bug, this bug, and this bug.
The bugs to get TLS 1.2 support into Firefox are this one and this one.
Both Opera and IE support TLS 1.1 and 1.2. If you want to see this in Firefox and Chrome, vote for the bugs above. But, please don't comment on the bugs. That won't help.
Not sure what effort you are referring to. I can create large numbers of subdomains using a simple script to modify the zone file. Subdomains cost nothing. No effort, and no money.
Bandwidth is nearly nothing because I don't have to transfer any data to create data on the victim's drive if I use javascript.
Lastly, you're not thinking about threats holistically. This just becomes one single tool added to a group of other tools that can be employed in an advanced persistent threat attack.
I was at your talk at ShmooCon and was quite impressed. What if for any domains that you discovered vulnerabilities on you were to automatically pull whois data (if the TLD has whois servers or web based whois without a captcha) and send a quick email about your findings to any emails listed? A shameless plug: ruby whois is the best programmatic whois client and parser out there IMHO. It would make the above suggestion quite simple.
Or all of these: http://serverfault.com/questions/141978/cloud-providers-that-support-freebsd
Ok, now that was funny. Where are my mod points?
Siri: You need to take a shower! It smells like balls in here! Siri: Oh my god! Cover my smell receptor! Why do you have to fart when I'm in your back pocket!
So that's why my last email from paypalcom.tk forwarded me to a URL that looked like this:
http://joesdumbblog.net/wp-admin/plugins/css/https.paypal.com.php
Read it over. Understand it:
http://cm.bell-labs.com/who/ken/trust.html
You must decide what you trust unless you wrote it all yourself and built it yourself. You must also acknowledge that the system is insecure and work backwards from that trying to mitigate any damage and minimize risks.
Stop authenticating users via keys directly to a server. Use Kerberos v5. This centralizes the authentication to one or a set of servers. You then don't need to clean up key mess everywhere. Once you're running Kerberos you can choose the method of authentication to the central server. You can use password, public key (but only one in this case), OPIE (One-time Passwords In Everything), Google authenticator, RSA securid, biometrics, SRP (Secure Remote Password), or any combination of these to make things 2, 3, 4 or X factor authentication. The sky is the limit, and there's no crazy mess to have to follow up with.
When you need to have things automated, and you must use key authentication, then make sure that the area the key authenticates to is well sandboxed with something like a FreeBSD jail with access to nothing but the resources needed for the remote function to be performed.
This is all using standard practices that are over a decade old (and clearly spelled out in the FreeBSD Handbook among many other places).
Um, no. You are misreading the units of measurement. Lowercase "b" is bit. Uppercase "B" is byte. The unit in the article is byte, and there being 8 bits in one byte. To convert the speed in the article to the units that you are taking about, you would want to multiply by 8. Therefore, Google Fiber averages 20.4 Mb/s in the units that you are referring to. That's a pretty good average for service in the US.
I think it's high time for Google to issue an internet death sentence for a day or two to each movie studio that participated in this. They will see what happens when their internet presence disappears from Google.
The phrase is "at the conn" not com. It's a nautical term.
10 times out of 10, if you hack into the system where the attack is coming from, you will be hacking into a system owned by an innocent third party that was also hacked. You are then violating that party a second time. Lets take a more concerning scenario: You discover an attack that is originating from a competitor. You hack back into their system. This situation can only end badly. First, if they were responsible you have now spoiled evidence. Second, if they are not responsible and were also hacked as a jumping off point, you now have hacked into a competitor's system and compromised them. You should now have to pay damages because they have not way to tell that you didn't steal their corporate secrets while you were there in their system.
Now every script kiddie out there will be able to steal your bitcoins in addition to turning your website into a phishing page.
Do you have any idea how many phishing and malware links have wp-admin, wp-content, or wp-includes in the URL?
Take a look for yourself at Phishtank.com!
I want.
"many companies have already settled with TQP rather than take the case to trial, including Apple, Amazon, Dell, and Exxon Mobil."
I'm glad you live in a generally enlightened place where Obama's winning was treated with the same type of celebration that a soccer team winning would be. Unfortunately, here in the south Republicans showed their true face and their true feelings in places like Ole Miss and elsewhere when the election results were out. Racism and bigotry have finally destroyed the Republican party.
It's not that it's poorly led. The message itself scares the crap out of anyone who is young or female or not white.
Here. There's a phone call for you. 1996 wants their html back.
Off the fact that the Republican platform was bigoted, anti-women, anti-gay, anti-latino, anti-african american, anti-environmental, anti-science, mixed with a large does of religious crazy.
I've got news for you. Your IT department wasn't why you lost the young vote. Your get out the vote failing wasn't what scared away the Latino vote. And believe me, canvasing poorly wasn't what kept African Americans from voting for you.
The angry white man thing won't work anymore because us "those people" now outnumber you, permanently (thank goodness!).