I've been reading about this a bit lately and found an interesting paper on bumping locks at http://www.toool.nl/bumping.pdf
They also have a section on locks that resist bumping: There are mechanisms that do not allow for the two pins to separate except when slid sideways, such as used in the Emhart interlocking lock (which is not being produced anymore). As far as we can see, such a mechanism would successfully foil the bumping attack. Also some mechanisms which have a one-piece locking mechanism (such as a 'sidebar') may resist bumping. Locks that involve rotating discs (such as Abloy Protec) or magnets (such as Evva MCS and Anker) are also not susceptible to this attack. Klaus Noch sells modified standard Euro profile locks which lock up (i.e. 'broken but closed') upon most attempted manipulations, including bumping.
I found the Abloy Protec lock (with rotating discs) especially interesting and I'm going to get this for my own front door when I get the chance. On the same website they have an paper on the Abloy Protec as well: http://www.toool.nl/abloypart3.pdf
You're confusing Nasism with Fascism, a mistake that is often made. They are not the same although they have many similarities. I would consider Nasism a form of Fascism but not the other way around.
The comparison of the current US government to Fascism is a bit extreme but it is a valid one. If you look at the past years you see that the federal government has: - Increased control of the central government. - Glorified patriotic loyalty to the state and it's ideals. - Taken rights away from the people and in to the hands of government.
These trends are very dangerous and can ultimately result in a fascistic government where democracy will only be symbolic and will have no real influence over the actual political process. By dismissing any comparison to Fascism as absurd you have basically closed your eyes to the possibility that it might happen. Fascism (or any type of totalitarianism) thrives on this kind of ignorance, you only need to look at history to see this. We should always be alert to any signs of fascism and keep a close eye on any such development, the minute we stop doing that you can be sure someone will take advantage of it. We are fortunate enough to have a history full of examples, I suggest that we learn from it.
If enforced, these patents could shut down almost every dynamic site on the Internet, including the USPTO.
Hmmm, something tells me this is not exactly what they're after. They're most likely just looking for a big stinky wad of money, without actually having to earn it. Just like most 'companies' who are in the patent-then-sue business.
I've also just been wading through the story on life's early origins which, yet again, turned into a flamefest of angry rationalists and unconvincable Creationists. GP has a point.
Actually, that's the main reason I keep reading Slashdot: for entertainment. It used to be different, when I read Slashdot for technological/scientific news. Now it's mostly for the +5 Funny and -1 Flamebait posts.
It looks like their servers make the content (at least partially) available online for people to search for and download, then other servers make requests for the content and will snag the IP and content blocks that people upload to them which they verify is the content and store for later prosecution.
Have they even released a complete set yet? It's obviously going to happen.
A quick search on Amazon returned this. This is the normal theatrical version though, not the extended edition. So it still leaves room for the Ultra-super-take-a-short-holiday-to-see-it version.
While the term "secure home" is still relatively new to the general public, this unique segment of the home construction industry has, for the past decade, been growing steadily, albeit slowly. Presently, with the increased threat of major terrorist attacks, many more people than ever before are building secure homes. Also, more contractors and consultants have recently dedicated themselves to the concept of disaster-resistant and self-sufficient residences. It is only with a realistic understanding of the potential for terrorist attacks, and the magnitude of the problems they could cause, that one can truly recognize the value of a secure home.
Although I find the click-kiddy label amuzing it doesn't apply. I know how to properly manage my DNS setup and I know how caching works, that's why I had modified the TTL and negative cache settings well in advance.
My IP address just got changed 2 hours ago because I switched to a different ISP. I have a nameserver based on my own domain that is registered in the root servers and I expected the IP change to take a couple of days. But when I changed the IP of my nameserver (in the godaddy web interface) I was surprised to see it reflected after only a few minutes:
$ dig @a.gtld-servers.net a ns.XXXXX.net;; ANSWER SECTION: ns.XXXXX.net. 172800 IN A 62.216.XXX.XXX new IP
Very nice indeed! Now if I could only get zoneedit to accept the notifies my DNS server sends them...
Lets go for starters, BGP packets unless multihop should have a TTL of exactly 1 and come through a point to point interface.
First of all, it's trivial to deliver a packet to a certain host on the Internet so that the TTL on the packet is exactly 1 (just do a traceroute and send out the packet with a TTL to match the number of hops). Second, I would say that many important BGP sessions are NOT accross point to point links, they are over Gigabit Ethernet at IXP's.
Basic anti-spoofing on each side will stop any packets that cleam to be from the other end of that interface from comming in any other interface
Please explain to me how you would do this on a Cisco 12000 with Engine 0 or 1 linecards and still maintain line rate. In fact, please explain to me how this can be done on any Cisco at all. (URPF doesn't protect against this.)
BGP does support preshared keys as well though I'm not sure if that will stop this attack as it's more to prevent session hijacking. I dont see a 'fix' for this comming out besides normal security settings.
I'm not sure either. I'm aware of the enormous BGP MD5 authentication setup rage that has been going on over the past week and while I think this is a good effort I'm not entirely sure if it will protect against the RST attack. BGP lies on top of TCP so if you are able to kill the underlying TCP session I don't think MD5 authentication protects against this. Anyone care to enlighten me?
The best thing I can think of so far is tweaking windows sizes etc. and do ingress filtering on your network where possible.
So just pretend to have an open mail server, and you can get all the spam you want, and harvest all the addresses you care about.
This is a great idea for constructing a Blacklist. Just set up a fake open relay, don't list it in any MX records so people have no business connecting to it. And Blacklist anyone who tries to send mail through it. Is anyone doing this yet?
Is there going to be storage that can read/write that fast by 2010 too?
Um... This is not going to be used to hook up your Windows XXP PC to the net so you can play Quake Reality at super duper speeds. It's going to form the next generation Internet backbones, and will only be connected to powerful routers/switches. This means faster Internet for lots and lots of people/companies etc.
Even worse here (Tokyo). Blocked as soon as I leave my ISP
That's because the Al Jazeera network is not (or no longer) in the BGP routing tables. So as soon as your trace reaches a router running BGP (usually a large ISP) it reports host unreachable. This is a measure that service providers can take to counter a DOS attack (blackholing a subnet via BGP). The problem is that this accomplishes exactly what the attacker wants: Denial Of Service.
I don't see how effective this could be. How long before spammers get smart and set their SMTP program to give up after X seconds?
This doesn't matter since most spammers use open relays to send their junk. They generaly don't have control over the timers for the relays they are using. The relay will be slowed down to a crawl making it less useful for them. Of course the spammer can get around this by running his own mailserver but this means he needs to invest a lot more money in bandwidth/hardware/upkeep etc. and he will make himself much more visible to the net.
Regardless of all the technical difficulties with your proposals my guess is this would increase the cost of a ticket by about four times. When I book a flight, I am not looking for the most enjoyable experience during the flight. I want a cheap ticket and possible a short traveling time.
Also, I am willing to take some risk when traveling by plane. We take risks every day and driving your car is still FAR more dangerous than air travel.
In my experience, downtime is caused more by router misconfigurations and not physical problems
What is your experience based on? I work in the NOC of a major telecom provider and I would say 80% of outages are related to physical circuit problems or router/card crashes. Configuration issues usually get noticed and solved during the implementation phase of a network.
In many third world countries, antibiotics are available by the pill. People take them until they feel better or can't afford any more.
Not only that, in many third world countries doctors deliberately give too low dosages of antibiotics so patients will come back for more and thus pay more money. Travelers to third world countries should be aware of this and check with home if the dosage/duration is strong enough.
CMOS sensors look much worse than CCDs, so even a 11.1MP CMOS sensor will likely look worse than a 3-4MP CCD.
Um... The Canon D30 3 megapixel digital SLR has a CMOS censor. And although it might be a bit outdated on the megapixel front it still delivers one of the best quality images from a digital camera.
How long until entire movies feature an all composite cast? Or a entire cast that had been dead before filming even started?
I wouldn't hold my breath. You have to consider the celebrity factor. People love their celebrities and I think most of us (save perhaps for a few slashdotters) won't get a crush on the newest software-star.
Ok, I'll bite. The Netherlands actually has a very large number of powerfull multinationals. For example: Shell (Royal Dutch Petroleum), Philips (electronics), Unilever (foods, and other), Heineken (beer), Ahold (retail), ABN AMRO (international banking), ING (international banking and insurance), AKZO (chemicals). And I'm sure Switzerland has some nice big banks and pharmaceutical companies to speak for them.
I remember reading somewhere that The Netherlands have the highest number of multinationals per head of the population (no link, sorry). I'm not saying this is a good thing, but that is a different story.
For a nice overview of the strength of the Dutch economy go here. Now pull your head out of the Texas sand and start informing yourself before making ignorant posts.
Slashdot Mirror
I've been reading about this a bit lately and found an interesting paper on bumping locks at http://www.toool.nl/bumping.pdf
They also have a section on locks that resist bumping:
There are mechanisms that do not allow for the two pins to separate except when slid sideways, such as used in the Emhart interlocking lock (which is not being produced anymore). As far as we can see, such a mechanism would successfully foil the bumping attack. Also some mechanisms which have a one-piece locking mechanism (such as a 'sidebar') may resist bumping. Locks that involve rotating discs (such as Abloy Protec) or magnets (such as Evva MCS and Anker) are also not susceptible to this attack. Klaus Noch sells modified standard Euro profile locks which lock up (i.e. 'broken but closed') upon most attempted manipulations, including bumping.
I found the Abloy Protec lock (with rotating discs) especially interesting and I'm going to get this for my own front door when I get the chance. On the same website they have an paper on the Abloy Protec as well: http://www.toool.nl/abloypart3.pdf
You're confusing Nasism with Fascism, a mistake that is often made. They are not the same although they have many similarities. I would consider Nasism a form of Fascism but not the other way around.
The comparison of the current US government to Fascism is a bit extreme but it is a valid one. If you look at the past years you see that the federal government has:
- Increased control of the central government.
- Glorified patriotic loyalty to the state and it's ideals.
- Taken rights away from the people and in to the hands of government.
These trends are very dangerous and can ultimately result in a fascistic government where democracy will only be symbolic and will have no real influence over the actual political process. By dismissing any comparison to Fascism as absurd you have basically closed your eyes to the possibility that it might happen. Fascism (or any type of totalitarianism) thrives on this kind of ignorance, you only need to look at history to see this. We should always be alert to any signs of fascism and keep a close eye on any such development, the minute we stop doing that you can be sure someone will take advantage of it. We are fortunate enough to have a history full of examples, I suggest that we learn from it.
If enforced, these patents could shut down almost every dynamic site on the Internet, including the USPTO.
Hmmm, something tells me this is not exactly what they're after. They're most likely just looking for a big stinky wad of money, without actually having to earn it. Just like most 'companies' who are in the patent-then-sue business.
I've also just been wading through the story on life's early origins which, yet again, turned into a flamefest of angry rationalists and unconvincable Creationists. GP has a point.
Actually, that's the main reason I keep reading Slashdot: for entertainment. It used to be different, when I read Slashdot for technological/scientific news. Now it's mostly for the +5 Funny and -1 Flamebait posts.
It looks like their servers make the content (at least partially) available online for people to search for and download, then other servers make requests for the content and will snag the IP and content blocks that people upload to them which they verify is the content and store for later prosecution.
Sounds a lot like entrapment to me...
Have they even released a complete set yet? It's obviously going to happen.
A quick search on Amazon returned this. This is the normal theatrical version though, not the extended edition. So it still leaves room for the Ultra-super-take-a-short-holiday-to-see-it version.
How bout a full sized cardboard cut-out of goatse in the front hallway? I'd run....
Works wonders with the in-laws as well.
While the term "secure home" is still relatively new to the general public, this unique segment of the home construction industry has, for the past decade, been growing steadily, albeit slowly. Presently, with the increased threat of major terrorist attacks, many more people than ever before are building secure homes. Also, more contractors and consultants have recently dedicated themselves to the concept of disaster-resistant and self-sufficient residences. It is only with a realistic understanding of the potential for terrorist attacks, and the magnitude of the problems they could cause, that one can truly recognize the value of a secure home.
Oh come on, give me a break!
Although I find the click-kiddy label amuzing it doesn't apply. I know how to properly manage my DNS setup and I know how caching works, that's why I had modified the TTL and negative cache settings well in advance.
See this page if you need some more info about TTL's and IP migration:
http://www.netadmintools.com/art232.html
This IP migration was well-planned but for some reason zoneedit (my secondary) started refusing notifies from my primary DNS.
My IP address just got changed 2 hours ago because I switched to a different ISP. I have a nameserver based on my own domain that is registered in the root servers and I expected the IP change to take a couple of days. But when I changed the IP of my nameserver (in the godaddy web interface) I was surprised to see it reflected after only a few minutes:
;; ANSWER SECTION:
$ dig @a.gtld-servers.net a ns.XXXXX.net
ns.XXXXX.net. 172800 IN A 62.216.XXX.XXX new IP
Very nice indeed! Now if I could only get zoneedit to accept the notifies my DNS server sends them...
The MD5 protection happens at the TCP layer. Each TCP segment is verified.
Ah thanks, I wasn't aware of this but it explains it quite nicely.
Lets go for starters, BGP packets unless multihop should have a TTL of exactly 1 and come through a point to point interface.
First of all, it's trivial to deliver a packet to a certain host on the Internet so that the TTL on the packet is exactly 1 (just do a traceroute and send out the packet with a TTL to match the number of hops). Second, I would say that many important BGP sessions are NOT accross point to point links, they are over Gigabit Ethernet at IXP's.
Basic anti-spoofing on each side will stop any packets that cleam to be from the other end of that interface from comming in any other interface
Please explain to me how you would do this on a Cisco 12000 with Engine 0 or 1 linecards and still maintain line rate. In fact, please explain to me how this can be done on any Cisco at all. (URPF doesn't protect against this.)
BGP does support preshared keys as well though I'm not sure if that will stop this attack as it's more to prevent session hijacking. I dont see a 'fix' for this comming out besides normal security settings.
I'm not sure either. I'm aware of the enormous BGP MD5 authentication setup rage that has been going on over the past week and while I think this is a good effort I'm not entirely sure if it will protect against the RST attack. BGP lies on top of TCP so if you are able to kill the underlying TCP session I don't think MD5 authentication protects against this. Anyone care to enlighten me?
The best thing I can think of so far is tweaking windows sizes etc. and do ingress filtering on your network where possible.
So just pretend to have an open mail server, and you can get all the spam you want, and harvest all the addresses you care about.
This is a great idea for constructing a Blacklist. Just set up a fake open relay, don't list it in any MX records so people have no business connecting to it. And Blacklist anyone who tries to send mail through it. Is anyone doing this yet?
Is there going to be storage that can read/write that fast by 2010 too?
Um...
This is not going to be used to hook up your Windows XXP PC to the net so you can play Quake Reality at super duper speeds. It's going to form the next generation Internet backbones, and will only be connected to powerful routers/switches. This means faster Internet for lots and lots of people/companies etc.
Even worse here (Tokyo). Blocked as soon as I leave my ISP
That's because the Al Jazeera network is not (or no longer) in the BGP routing tables. So as soon as your trace reaches a router running BGP (usually a large ISP) it reports host unreachable. This is a measure that service providers can take to counter a DOS attack (blackholing a subnet via BGP). The problem is that this accomplishes exactly what the attacker wants: Denial Of Service.
I don't see how effective this could be. How long before spammers get smart and set their SMTP program to give up after X seconds?
This doesn't matter since most spammers use open relays to send their junk. They generaly don't have control over the timers for the relays they are using. The relay will be slowed down to a crawl making it less useful for them. Of course the spammer can get around this by running his own mailserver but this means he needs to invest a lot more money in bandwidth/hardware/upkeep etc. and he will make himself much more visible to the net.
Sure i work for MSFT but at least i can afford to drive a car, take girls out to eat, and go to the casinoes.
So I guess that's what it's all about then...
why thank you - i will now go smoke a joint and have sex with my long-haired girlfriend
who's the loser?
I think that depends on where the hair is growing...
Lets have lots of cool and expensive inovations!
Regardless of all the technical difficulties with your proposals my guess is this would increase the cost of a ticket by about four times. When I book a flight, I am not looking for the most enjoyable experience during the flight. I want a cheap ticket and possible a short traveling time.
Also, I am willing to take some risk when traveling by plane. We take risks every day and driving your car is still FAR more dangerous than air travel.
In my experience, downtime is caused more by router misconfigurations and not physical problems
What is your experience based on? I work in the NOC of a major telecom provider and I would say 80% of outages are related to physical circuit problems or router/card crashes. Configuration issues usually get noticed and solved during the implementation phase of a network.
In many third world countries, antibiotics are available by the pill. People take them until they feel better or can't afford any more.
Not only that, in many third world countries doctors deliberately give too low dosages of antibiotics so patients will come back for more and thus pay more money. Travelers to third world countries should be aware of this and check with home if the dosage/duration is strong enough.
It refers to a beautiful poem by Robert Frost: The road not taken.
CMOS sensors look much worse than CCDs, so even a 11.1MP CMOS sensor will likely look worse than a 3-4MP CCD.
Um... The Canon D30 3 megapixel digital SLR has a CMOS censor. And although it might be a bit outdated on the megapixel front it still delivers one of the best quality images from a digital camera.
How long until entire movies feature an all composite cast? Or a entire cast that had been dead before filming even started?
I wouldn't hold my breath. You have to consider the celebrity factor. People love their celebrities and I think most of us (save perhaps for a few slashdotters) won't get a crush on the newest software-star.
Ok, I'll bite. The Netherlands actually has a very large number of powerfull multinationals. For example: Shell (Royal Dutch Petroleum), Philips (electronics), Unilever (foods, and other), Heineken (beer), Ahold (retail), ABN AMRO (international banking), ING (international banking and insurance), AKZO (chemicals). And I'm sure Switzerland has some nice big banks and pharmaceutical companies to speak for them.
I remember reading somewhere that The Netherlands have the highest number of multinationals per head of the population (no link, sorry). I'm not saying this is a good thing, but that is a different story.
For a nice overview of the strength of the Dutch economy go here. Now pull your head out of the Texas sand and start informing yourself before making ignorant posts.