I think the whole interracial kiss thing has been overrated. Nichelle Nichols was a beautiful woman and her lips were full. I merely sought to make an impression.
Maybe he should find out how the other person in the scene thought about it in Uhura's Biography.
Say a P2P network of all the DNS servers, which would feature client side intelligent load balancing (ie it only queries past your ISP's DNS when it needs to).
Set your nameserver to forward all your request to your ISP's DNS instead of having a.-hinted-zone.
Of course, ultimately you have to have some sort of root server. But in a distributed model, they could be essentially insulated from DOS attacks, because they just need to get the master list out to a few systems for it to propagate all over.
"ANTILEECH:
No more ad-blockers
No more pop up-kills
No more cookie-stops"
And then....
"We do not tolerate theft of our bandwidth!"
Err... hold on, it's my bandwidth too you're filling up with all these flashy blinking ads!
If you don't want people to download from your website unless they have looked at something, make it so that they have to look at something before they can download. If my browser, with all its bells and whistles, can allow me to watch it, then ad stopping software can do it too! Fix it where it is broken!
You already can do that with bind (build with PORT_REPLACES_BASE_BIND8) and openssh (build with OPENSSH_OVERWRITE_BASE).
I haven't been informed neither! So what?
on
Root Zone Changed
·
· Score: 3, Insightful
The usual sites don't breathe a word about this change however as one would expect for such a change to be properly announced.
The impact of this change is close to zero. The announcement is only necessary for people who distribute name-server software. Why?
- Only the hints-file needs to be changed. The hints file bootstraps the DNS software on where it can find the.-zone. After that has been found, this data is not needed anymore.
- There are still 12 other perfectly reachable servers in the hints-file. They give you all the information needed.
- On the old IP address, a server will keep running for a while.
- Unless you're working for an ISP, you don't need this information. The majority of the internet (windows users) don't have to change anything, they just run use their ISPs nameservers. The majority of the minority of the internet also use the nameservers of the ISP. Only a relative small group run their own servers.
So dear anonymous writer, don't be afraid, the internet is not going to break because of this. No reason for panic, all is fine.
Don't forget to mention OpenSSH and OpenSSL! Or doesn't that fit in your list-of-things-for-which-djb-has-made-a-replacemen t-so-you-can-piss-on-it-each-time-they-get-mention ed?
You sound like one of these people who questioned the usefullness of the first sattelites[sp]. Thanks to sattelites we now have more understanding of the weather (saving lifes and products by better weather forecasts), we know where to find water and are able to communicate from all over the world to all over the world.
Imagine what we could learn from finding intelligence[sp] from outside this world... maybe they will teach us to be tolerant to each other (that would be a big win:-)
For one webpage and N visits, you need N transfers. If you add M caching proxies on strategic places, you end up with with not-really but close to N/M transfers. This will result in more local traffic and less non-local traffic.
This principle has been practised on the Internet a lot in the past. Take for example USENET. Instead of sending all messages to all people, they were collected on central servers and people could access them locally via there. This resulted in more local traffic and less non-local traffic.
Same with multicast radio. instead of sending N streams from one central server, they can send one stream which is distributed over the internet and forked at routers on which the traffic splits. Result: only one stream per channel.
So, if people started to make "peer-to-peer-caches" on strategic places, you could get all your music from there instead of having it to fetch from a far-away-country. Result: more local traffic, less non-local traffic.
If we only could map the law on this network-design, life would be so difficult and the internet would be so much faster for the data which can't be cached.
Get a bucket of water, drop a coin in it and run an electric current through it (my father did this with an old telephone-bell-generator). The moment you put your fingers in the water your muscles start to shake and you hardly can get them deeper in it.
If it is a hardware patent, then the idea behind it isn't patented, right? So Intel should be able to build their own version of it with their own design, right? And the owner of the patent shouldn't be able to complain because Intel made their own design, right?
If the evidence confirms the theory, the hack would definitely be a strange way to compromise a downloadable file, said Marc Maiffret, chief hacking officer for security software firm eEye Digital Security.
"I'm not sure why they would want to do that," he said.
Come on guys, it's not rocket-science. It's all just to prevent alarms going off.
Scenario 1: I just downloaded an infected version of sendmail and verify the checksum: failed. Hmm... let's try again. Aha, it's okay this time.
Scenario 2: I just downloaded an infected version of sendmail, verified the checksum and informed the people at sendmail.org about it. They say: nothing wrong here, try again. I try again and it's okay this time.
Scenario 3: As 2, but the people at sendmail.org get too many complaints and start to get suspicious.
Scenario 4: I just downloaded an infected version of sendmail, verified the checksum and informed the people at sendmail.org about it. They say: nothing wrong here, try again. I try again and it's okay this time. I kept the broken version and find out what the difference is.
How often do the scenarios happen?
Scenario 1: 99% of the time. Scenario 2: 0% of the time. Scenario 3: 0% of the time (less than 2). Scenario 4: 0% of the time (less than 2).
With the OpenSSH hack I tried to re-download the broken version twice too before I started to get suspicious. I wouldn't have been suspicious at all if it worked fine the second time.
It says that: The FTP-server of sendmail.org was compromised.
It doesn't say that: - somebody commited code to the CVS server. - nobody reads the commitlog of the CVS server.
It says that: The sendmail-distribution was trojaned.
It doesn't say that: - sendmail itself was trojaned - there are trojans inside sendmail - qmail/postfix is better because it isn't trojaned. - exchange is better because the source is closed. It's the distribution which is corrupted, not the software.
It says that: The correct MD5-checksum is...
It doesn't say that: - with PGP signing it wouldn't be prevented. Security is a process, you need to follow the rules or you are not secure. You should check all checksum/signatures you have, preferable from independant resources (e.g. one from sendmail.com and one from your unix-distribution).
Next time, please read the article and realize what's going on before you post (apologies to the people who actually did:-)
The OpenBSD team has confirmed it, OpenBSD 3.0 is dead. After an initial increase in use the decline has become visible even for them and they decided not to support it anymore. Everybody who was using it has dropped it in support for version 3.1 and 3.2. This is a clear message to the community: OpenBSD 3.0 is dead. Upgrade NOW!.
Version number hiding is not the way to go. And let me explain why: Nimda / Code Red. ISS only. Certain versions of ISS only. And do you think that the virus checks for the HTTP Server-string before it sends it payload? No way. Brute force. Just send the exploit and check later if it was successfull. I have the logs of my Apache webservers to show this behaviour.
Same with the bugbear[sp] worm at this moment. "Check all the shares on the system. Found one! Let's copy to there." Zwoooosh there goes another sheet of paper through the printer.
For administrative purposes, being able to find out what version of software is running is essential. In a company with tens of locations and thousands of computers, nobody will be able to keep a list of software installed on all these things, let alone keep track of the versions. A weekly scan by the corperate IT department and they know what MTAs and versions are there, what FTP servers and version, what DNS servers and versions are there. An update is released? Just inform the right people (i.e. the LAN administrators, not the people who own these servers). An exploit has become known? At least you know how vulnerable you are instead of panicing and trying to get (obsolete) lists from all over the place.
So yeah, version number hiding doesn't reduce the attackrate but does reduce the ability to act.
It's about time Australia got its own Bermuda triangle!
Or the people from redhat.au should go pig-hunting with him (At least they should have given him a copy of the movie Dirty Deeds before he came down [review, trailer)
Sounds like an old-fashioned "indent must die" thread: You can't trust information from sites you don't manage.
But... you can value the information from sites you have a relationship with (or which have a higher trust-factor than the average porn-site).
For example, if you have a spider running on your own intranet (that's a relationship), you know that the people running the webservers are not going for the most hits but for the best information, you know you can trust these meta-tags.
Slashdot Mirror
Bill:
I think the whole interracial kiss thing has been overrated. Nichelle Nichols was a beautiful woman and her lips were full. I merely sought to make an impression.
Maybe he should find out how the other person in the scene thought about it in Uhura's Biography.
...then they complain about the amount of overseas traffic. Can you add one to one?
1998.... isn't there a newer one?
(note, this is not a flame, just a question)
Say a P2P network of all the DNS servers, which would feature client side intelligent load balancing (ie it only queries past your ISP's DNS when it needs to).
.-hinted-zone.
Set your nameserver to forward all your request to your ISP's DNS instead of having a
Of course, ultimately you have to have some sort of root server. But in a distributed model, they could be essentially insulated from DOS attacks, because they just need to get the master list out to a few systems for it to propagate all over.
Isn't that what we have now?
"ANTILEECH:
No more ad-blockers
No more pop up-kills
No more cookie-stops"
And then....
"We do not tolerate theft of our bandwidth!"
Err... hold on, it's my bandwidth too you're filling up with all these flashy blinking ads!
If you don't want people to download from your website unless they have looked at something, make it so that they have to look at something before they can download. If my browser, with all its bells and whistles, can allow me to watch it, then ad stopping software can do it too! Fix it where it is broken!
You already can do that with bind (build with PORT_REPLACES_BASE_BIND8) and openssh (build with OPENSSH_OVERWRITE_BASE).
The usual sites don't breathe a word about this change however as one would expect for such a change to be properly announced.
.-zone. After that has been found, this data is not needed anymore.
The impact of this change is close to zero. The announcement is only necessary for people who distribute name-server software. Why?
- Only the hints-file needs to be changed. The hints file bootstraps the DNS software on where it can find the
- There are still 12 other perfectly reachable servers in the hints-file. They give you all the information needed.
- On the old IP address, a server will keep running for a while.
- Unless you're working for an ISP, you don't need this information. The majority of the internet (windows users) don't have to change anything, they just run use their ISPs nameservers. The majority of the minority of the internet also use the nameservers of the ISP. Only a relative small group run their own servers.
So dear anonymous writer, don't be afraid, the internet is not going to break because of this. No reason for panic, all is fine.
Don't forget to mention OpenSSH and OpenSSL!n t-so-you-can-piss-on-it-each-time-they-get-mention ed?
Or doesn't that fit in your list-of-things-for-which-djb-has-made-a-replaceme
Haven't you seen the movie "Tomorrow never dies"? (just to make you a little bit more paranoid)
... Don't forget to post an article on /. so you can actually measure high-volume bulk traffic.
/content/article/1549/ HTTP/1.0
[~] edwin@topaz>time telnet www.hardwareanalysis.com 80
Trying 217.115.198.3...
Connected to powered.by.nxs.nl.
Escape character is '^]'.
GET
Host: www.hardwareanalysis.com
[...]
Connection closed by foreign host.
real 1m21.354s
user 0m0.000s
sys 0m0.050s
Do as we say, don't do as we do.
You sound like one of these people who questioned the usefullness of the first sattelites[sp]. Thanks to sattelites we now have more understanding of the weather (saving lifes and products by better weather forecasts), we know where to find water and are able to communicate from all over the world to all over the world.
:-)
Imagine what we could learn from finding intelligence[sp] from outside this world... maybe they will teach us to be tolerant to each other (that would be a big win
life would be so difficult
Life wouldn't be that is. (doh)
Peer to peer traffic is evil, network-wise.
For one webpage and N visits, you need N transfers.
If you add M caching proxies on strategic places, you end up with with not-really but close to N/M transfers. This will result in more local traffic and less non-local traffic.
This principle has been practised on the Internet a lot in the past. Take for example USENET. Instead of sending all messages to all people, they were collected on central servers and people could access them locally via there. This resulted in more local traffic and less non-local traffic.
Same with multicast radio. instead of sending N streams from one central server, they can send one stream which is distributed over the internet and forked at routers on which the traffic splits. Result: only one stream per channel.
So, if people started to make "peer-to-peer-caches" on strategic places, you could get all your music from there instead of having it to fetch from a far-away-country. Result: more local traffic, less non-local traffic.
If we only could map the law on this network-design, life would be so difficult and the internet would be so much faster for the data which can't be cached.
Get a bucket of water, drop a coin in it and run an electric current through it (my father did this with an old telephone-bell-generator). The moment you put your fingers in the water your muscles start to shake and you hardly can get them deeper in it.
This is a hardware patent, not a software patent.
If it is a hardware patent, then the idea behind it isn't patented, right? So Intel should be able to build their own version of it with their own design, right? And the owner of the patent shouldn't be able to complain because Intel made their own design, right?
Edwin
If the evidence confirms the theory, the hack would definitely be a strange way to compromise a downloadable file, said Marc Maiffret, chief hacking officer for security software firm eEye Digital Security.
"I'm not sure why they would want to do that," he said.
Come on guys, it's not rocket-science. It's all just to prevent alarms going off.
Scenario 1: I just downloaded an infected version of sendmail and verify the checksum: failed. Hmm... let's try again. Aha, it's okay this time.
Scenario 2: I just downloaded an infected version of sendmail, verified the checksum and informed the people at sendmail.org about it. They say: nothing wrong here, try again. I try again and it's okay this time.
Scenario 3: As 2, but the people at sendmail.org get too many complaints and start to get suspicious.
Scenario 4: I just downloaded an infected version of sendmail, verified the checksum and informed the people at sendmail.org about it. They say: nothing wrong here, try again. I try again and it's okay this time. I kept the broken version and find out what the difference is.
How often do the scenarios happen?
Scenario 1: 99% of the time.
Scenario 2: 0% of the time.
Scenario 3: 0% of the time (less than 2).
Scenario 4: 0% of the time (less than 2).
With the OpenSSH hack I tried to re-download the broken version twice too before I started to get suspicious. I wouldn't have been suspicious at all if it worked fine the second time.
Edwin.
Only fair now! :-)
After reading this, I thought it would be only fair to mention this:
FreeBSD 4.7 is out. Here is the announcement.
Heh, at least they left out the crap-talk about Crays and HP-UXs this time :-)
(sorry, I have to get this out of my system)
...
:-)
READ THE ARTICLE AND REALIZE WHAT IS GOING ON!
It says that:
The FTP-server of sendmail.org was compromised.
It doesn't say that:
- somebody commited code to the CVS server.
- nobody reads the commitlog of the CVS server.
It says that:
The sendmail-distribution was trojaned.
It doesn't say that:
- sendmail itself was trojaned
- there are trojans inside sendmail
- qmail/postfix is better because it isn't trojaned.
- exchange is better because the source is closed. It's the distribution which is corrupted, not the software.
It says that:
The correct MD5-checksum is
It doesn't say that:
- with PGP signing it wouldn't be prevented. Security is a process, you need to follow the rules or you are not secure. You should check all checksum/signatures you have, preferable from independant resources (e.g. one from sendmail.com and one from your unix-distribution).
Next time, please read the article and realize what's going on before you post (apologies to the people who actually did
Edwin (yes, the guy from the OpenSSH trojan)
Hello Anonymous Coward, feel free to recognize a parody when you bump into one.
The OpenBSD team has confirmed it, OpenBSD 3.0 is dead. After an initial increase in use the decline has become visible even for them and they decided not to support it anymore. Everybody who was using it has dropped it in support for version 3.1 and 3.2. This is a clear message to the community: OpenBSD 3.0 is dead. Upgrade NOW!.
Version number hiding is not the way to go. And let me explain why: Nimda / Code Red. ISS only. Certain versions of ISS only. And do you think that the virus checks for the HTTP Server-string before it sends it payload? No way. Brute force. Just send the exploit and check later if it was successfull. I have the logs of my Apache webservers to show this behaviour.
Same with the bugbear[sp] worm at this moment. "Check all the shares on the system. Found one! Let's copy to there." Zwoooosh there goes another sheet of paper through the printer.
For administrative purposes, being able to find out what version of software is running is essential. In a company with tens of locations and thousands of computers, nobody will be able to keep a list of software installed on all these things, let alone keep track of the versions.
A weekly scan by the corperate IT department and they know what MTAs and versions are there, what FTP servers and version, what DNS servers and versions are there. An update is released? Just inform the right people (i.e. the LAN administrators, not the people who own these servers). An exploit has become known? At least you know how vulnerable you are instead of panicing and trying to get (obsolete) lists from all over the place.
So yeah, version number hiding doesn't reduce the attackrate but does reduce the ability to act.
It's about time Australia got its own Bermuda triangle!
Or the people from redhat.au should go pig-hunting with him (At least they should have given him a copy of the movie Dirty Deeds before he came down [review, trailer)
Sounds like an old-fashioned "indent must die" thread: You can't trust information from sites you don't manage.
But... you can value the information from sites you have a relationship with (or which have a higher trust-factor than the average porn-site).
For example, if you have a spider running on your own intranet (that's a relationship), you know that the people running the webservers are not going for the most hits but for the best information, you know you can trust these meta-tags.