Rather than start w/ his example, consider the attacks seen after the Kaminsky announcement: MX records were being forged. Now I can poison an ISP's caches w/ the wrong records for email of any site and all of your email will go through me. Do you ever send anything interesting over email?;) This was seen in the wild.
WRT the video, at Blackhat there was a presentation demoing the creation of forged SSL certs using weak CAs. Now, if DNS hands you an IP for a domain that really belongs to a MitM. Now your browser _thinks_ that it is talking to the real domain and just needs a cert that matches. Poof, wormhole attack.
Really, the problem here is your browser/OS comes bundled w/ a bunch of very poorly maintained root CAs that you should "trust". Who knows who many of them are, but if your browser is happy with a cert from any of them for any website, you get a nice false sense of security. DNSSEC doesn't address this specific problem. Rather, it makes it perfectly clear what DNS data can be verified. If you go to a rogue website, that is a higher level problem, but at least with DNSSEC you _know_ when you're at a rogue web site. SSL conflates too many things and can be dangerous if misunderstood.
DNSSEC address issues that include the Kaminsky cache poisoning attack from last summer. The idea of DNSSEC is that when you get a DNS record back, you can use crypto to verify that it the actual record (such as the IP address(es) for a web site) served by a domain.
If you're seriously interested in _why_ someone should care about DNSSEC, check out this 4 minute tech-talk:
http://www.youtube.com/watch?v=Yt-oJTj0j0o
Wrong... RFC's go through lengthy comment periods as drafts and though there are none that get 100% support, their purpose is to serve as specifications so people know how to implement protocols (for example).
DNSSEC had been widely implemented, tested, argued over for about 10 years before the final RFCs... Check it out... >10 years
Cutting NASAs budget makes me angry too, but military spending does not kill intellectual growth. Don't kid yourself, military research = science research.
Think again: http://www.nytimes.com/2005/04/02/technology/02dar pa.html. DARPA's getting out of the research game. Klienrock is even quoted in the article. You know, the father of the Internet? Don't take my word for it, see what HE says. If this policy existed in 1969, there would be NO Internet today.
Wow are you stupid! They are aluding to our future agreement "that this product _was_ worth the wait." This implies that the product was either released (the wait is over), or the product used to be worth the wait (and now it isn't). Either way, the future tense does not refer to the product, but the anticipated response of annoyed consumers!
At least it follows something that WORKS! Lets start checking uptime on machines running each type of OS. I guess if you don't mind crashing, memory leaks, dll conflicts, etc then you're better off having MS hold your hand and cover your eyes!
> At least Microsoft copied software written in the 80s when we knew a little about usability
???? What the... Where do you people come from?!?!?
> Microsoft are the market leaders; if that's China in your world then you must be living in 3000BC.
PLEASE! China is the market leader in rubber dog shit. That's the type leader MS is!
Yeah, Bill has made such a profound mark on the world... No other human has ever pilled so much shit into so many other people's houses, and then become rich for it!
Billy boy has some very sincere thoughts here, but the simple fact is that this sentiment is dated. The reality of the software industry is its constant flux. Everything about this industry is always changing, and a 24 year old statement by someone of the questionable more fabric that Billy is made of should not be taken as anyone's "mission statement".
Sharing software is something that can come from any situation. Writing code for work (for a company that has a viable revenue stream) and then letting the company open source components of software, writing code on my own time and then releasing it as open source, etc...
Actually, communism wouldn't recognize code as being free. Communism would say that it always belonged to everyone, and it was meant to be for everyone. Free means free.
More to the point though, open source is a tremendous forum for sharing ideas, and learning. It's about more than just free software (a lot more)! You ought to realize that if your great ideas can act as a starting point for someone else, then that person can use what you have done to take the next step. It's as much about software evolution as it is about free stuff!
Wait... Are you saying that you can't expect a multiprocessor machine to divide threads among its available preocessors?!?! That's rediculous. What you'll find is that compilers cannot accomplish the partitioning step of parallel programming, but the assignment can sometimes be a freebee. With thread-level parallization, you can count on most / all modern multiporocessor machines to spread load accross CPUs. I think multiporcessor systems would be MUCH less abundant if you had to have special code (instead of just smart OSes) running on the CPUs!
Don't forget about thread-level parallelization. That's pretty much the only level of parallelization a complier can buy you. If you are smart about assigning threads in a language that doesn't explicitly offer parallel constructs, you can still gain performance through thread-level parallelization.
*sigh* "centralized meaning that your account is in one location... there will be " doesn't sound very distributed to me! Also doesn't sound ANYTHING like an OS! "See what happens when you screw with a company that is big enough to be able to change the course of the computing industry with one fell swoop" and you think this is a good thing? MS is such a pig! I can't understand this fanatacism. Doesn't OS uptime mean anything to you?
Slashdot Mirror
Uhh... .org has already signed. .se (Sweden) has been signed for years.
If you want to get a list of all signed domains, check out:
http://secspider.cs.ucla.edu/
Look up any TLDs you want there.
You've actually hit onto something that some people think is _very_ important:
http://www.ops.ietf.org/lists/namedroppers/namedroppers.2009/msg00421.html
By putting the fingerprint of your SSL cert in a DNS record, you could do something like what you are suggesting... ymmv
Rather than start w/ his example, consider the attacks seen after the Kaminsky announcement: MX records were being forged. Now I can poison an ISP's caches w/ the wrong records for email of any site and all of your email will go through me. Do you ever send anything interesting over email? ;) This was seen in the wild.
WRT the video, at Blackhat there was a presentation demoing the creation of forged SSL certs using weak CAs. Now, if DNS hands you an IP for a domain that really belongs to a MitM. Now your browser _thinks_ that it is talking to the real domain and just needs a cert that matches. Poof, wormhole attack.
Really, the problem here is your browser/OS comes bundled w/ a bunch of very poorly maintained root CAs that you should "trust". Who knows who many of them are, but if your browser is happy with a cert from any of them for any website, you get a nice false sense of security. DNSSEC doesn't address this specific problem. Rather, it makes it perfectly clear what DNS data can be verified. If you go to a rogue website, that is a higher level problem, but at least with DNSSEC you _know_ when you're at a rogue web site. SSL conflates too many things and can be dangerous if misunderstood.
DNSSEC address issues that include the Kaminsky cache poisoning attack from last summer. The idea of DNSSEC is that when you get a DNS record back, you can use crypto to verify that it the actual record (such as the IP address(es) for a web site) served by a domain.
If you're seriously interested in _why_ someone should care about DNSSEC, check out this 4 minute tech-talk:
http://www.youtube.com/watch?v=Yt-oJTj0j0o
Wrong... RFC's go through lengthy comment periods as drafts and though there are none that get 100% support, their purpose is to serve as specifications so people know how to implement protocols (for example).
DNSSEC had been widely implemented, tested, argued over for about 10 years before the final RFCs... Check it out... >10 years
Know your history dude.
Cutting NASAs budget makes me angry too, but military spending does not kill intellectual growth. Don't kid yourself, military research = science research.
r pa.html. DARPA's getting out of the research game. Klienrock is even quoted in the article. You know, the father of the Internet? Don't take my word for it, see what HE says. If this policy existed in 1969, there would be NO Internet today.
Think again: http://www.nytimes.com/2005/04/02/technology/02da
Wow are you stupid! They are aluding to our future agreement "that this product _was_ worth the wait." This implies that the product was either released (the wait is over), or the product used to be worth the wait (and now it isn't). Either way, the future tense does not refer to the product, but the anticipated response of annoyed consumers!
At least it follows something that WORKS! Lets start checking uptime on machines running each type of OS. I guess if you don't mind crashing, memory leaks, dll conflicts, etc then you're better off having MS hold your hand and cover your eyes!
> At least Microsoft copied software written in the 80s when we knew a little about usability
???? What the... Where do you people come from?!?!?
> Microsoft are the market leaders; if that's China in your world then you must be living in 3000BC.
PLEASE! China is the market leader in rubber dog shit. That's the type leader MS is!
Yeah, Bill has made such a profound mark on the world... No other human has ever pilled so much shit into so many other people's houses, and then become rich for it!
Sharing software is something that can come from any situation. Writing code for work (for a company that has a viable revenue stream) and then letting the company open source components of software, writing code on my own time and then releasing it as open source, etc...
Actually, communism wouldn't recognize code as being free. Communism would say that it always belonged to everyone, and it was meant to be for everyone. Free means free. More to the point though, open source is a tremendous forum for sharing ideas, and learning. It's about more than just free software (a lot more)! You ought to realize that if your great ideas can act as a starting point for someone else, then that person can use what you have done to take the next step. It's as much about software evolution as it is about free stuff!
Multithreading is not the same as parallizing!!!
Wait... Are you saying that you can't expect a multiprocessor machine to divide threads among its available preocessors?!?! That's rediculous. What you'll find is that compilers cannot accomplish the partitioning step of parallel programming, but the assignment can sometimes be a freebee. With thread-level parallization, you can count on most / all modern multiporocessor machines to spread load accross CPUs. I think multiporcessor systems would be MUCH less abundant if you had to have special code (instead of just smart OSes) running on the CPUs!
Don't forget about thread-level parallelization. That's pretty much the only level of parallelization a complier can buy you. If you are smart about assigning threads in a language that doesn't explicitly offer parallel constructs, you can still gain performance through thread-level parallelization.
*sigh* "centralized meaning that your account is in one location... there will be " doesn't sound very distributed to me! Also doesn't sound ANYTHING like an OS! "See what happens when you screw with a company that is big enough to be able to change the course of the computing industry with one fell swoop" and you think this is a good thing? MS is such a pig! I can't understand this fanatacism. Doesn't OS uptime mean anything to you?
ARE YOU KIDDING?!?! MS uses one of the ugliest macrokernel designs in the word!