They would send the same cookies - but packet length would be different also, so as I understand you'd need to open each URL at least twice to make one brute force attempt.
I agree that if attacker is already sitting in the middle of your traffic, and moreover can direct you to his malicious site, there are a lot of other attack vectors to worry about.
You mean it is possible to force loading of the parent URL from cross-domain child? I was under impression that it won't work without specific code to support that on the parent side.
It seems that the attack requires the victim to load the same page many times, in order to measure differences in packet length? In real life, how often one visits the same page (and this page doesn't change)? If I understand this correctly, the attack will be very slow in real life, apart from some specific cases where user visits a website which reloads itself continuously.
Also, in this day and age, would anyone trust authenticated sites which do not use https? These sites themselves are the main problem.
Perl simply throws your incompetence straight in your face, while other languages will not hurt your ego so much.
Yes guys & gals, complex constructs will take time to grasp. In return, Perl allows to write good & compact code and professionals will understand it much quicker compared to other languages, simply due to a smaller amount of code they have to read.
Your best handset for freedom is the one which does not pass through the government-controlled networks. E.g., Iridium, Globalstar, Thuraya. I'm sure that this is the way at least some of the information is leaking out to the West. If somebody catches you with it - well, don't let them do that. Newer handsets are pretty small and look like normal mobile phones.
The computers are not Russian, but European
on
Why ISS Computers Failed
·
· Score: 5, Informative
The article is misleading. The computers are not actually of Russian make, they were supplied to Russians by Europeans (EADS). See here.
A quick Google search revealed the following: ZEVS, THE RUSSIAN 82 Hz ELF TRANSMITTER. Located near Murmansk. The article has some nice maps, screenshot of the spectrum, etc.
Re:Dual NIC
on
Tiny Boxen
·
· Score: 4, Informative
Take a look here: Nagasaki Thin Client, there are versions with three NICs. OpenBrick actually looks to be a rebranded MS2100.
Thats getting interesting. Did you hear me whining? Its what you imagined and how you see other people. Thats why other people have stereotypes about Americans, the same way you have stereotypes about Russians "who are always whining". I don't live in Russia and I'm quite successful. I like capitalism. However I don't like when millions of people suffer because of commercial interests of a very small amount of people. That happened before with very unfortunate consequences, and I wouldn't like that to happen again.
I wouldn't like to repeat myself, read my other replies if you're interested..
Man, you just confirmed what I was writing. Money rule the world, not the people. Money is what votes, and it is not your vote and your choice (unless you're powerful financially). I'm taking this out of your own words. I don't have anything against healthy capitalism, I don't like overcommercialization of life.
And... Can you explain me, what are exactly interests of average USA business in international domains? How many USA companies will be interested in www.ÂÁÎË.com? However, I bet they'd be interested in having control over their registration and "lease" them to those "poor-3rd-world" countries. Commerce and harsh reality. Exactly what you are speaking about.
So, what should IETF really care for, those other countries which want to have domains written in their own language, or USA businesses, which want to profit on them? I guess it should be the first. But currently it is unreal in real-life and I don't like that it is so. Free software helps me struggle that, by making standards widely available.
You just completely ignored my main point.
Internet is becoming a life necessity and I don't think it should every be fully commercially controlled. I understand that it makes sense for a business to not really care about 80% of planet's population because they don't have enough financial power, but as a person I do not accept that.
Let's image a country of Belarus (~3 million people) passes a patent/law which prohibits IETF from using their international domains technologies within that country... How much of a problem would that be for IETF?
See? Size matters here. Still, that lack of international domain support would be prohibit me from using Cyrillic-character domains within my country (on webservers situated in my country) at least because of lack of support on the browser side. I don't see too much sense in this.
Thats where the freedom of free software (FSF meaning) really matters. If free software hopefully will get the desktop the userbase will be large enough to support international domain schemes at least within non-US countries... At the same time people in the USA will get the sort of pain in the a%% that users over all the world were enjoying because of USA cryptography export laws in the past. Would you feel happy about it?
Regarding all your posts above..
What you all seem to say that even if the IETF was in Europe, USA would still be blocking the progress.. And thats EXACTLY what I'm pissed off about. Of course IETF would not make any progress as long as USA is on the way, even if everybody else is happy about it. Is that correct?
What I was saying in my previous message is more a cry in void than any practical suggestion...
Let's see in general. The majority of the world doesn't live in USA; but most of the money is in USA. In pure capitalism that means that USA has the control over the majority. Somehow I don't think that it is fair.... but nobody can do anything about it.
I see abuses of USA power and I'm not happy about it.
I can't hold any more - this patent mess in USA makes me sick.
Why can't IETF relocate their domain task force somewhere in Europe? Just because of some brain-damaged (sorry, but it so) system in USA I can't have domain names spelled in Russian language in my own country. Where's the logic? I don't get it.
As of now, USA control the Internet. There is no reason why it should be so. Definetely USA has the biggest chunk of the 'Net, but also definetely that doesn't mean that Internet belongs to them. Democracy anyone?
I work as a senior sysadmin at one of the bigger ISPs in country, so most of the time I deal with major problems.
Usually when I have a problem which is in somebody's else network (mostly BGP routing/mail filtering) I call to their official tech support, make serious voice and say "Good day, I'm a senior sysadmin from XXX, it seems you have a problem and none of customers can reach you, can you connect me to somebody responsible for routers / BGP / servers / SMTP?"
Believe, most of them time I get connected at least to somebody who can recognize the problem and connect to a higher level admin if needed.
So, in your case, try calling them and pretend that you have a bigger problem than it really is.:-)
And don't know about @Home, but here I go through unresolved cases through our support system from time to time, just in case the problem didn't get to higher levels.
First of all, as far as I remember bwmgr is available for Linux now as well.
Secondly, I use Linux 2.2 and QoS on several routers, with not-so-good hardware. How unmature it may be, it works.
And finally, I think you do advocacy in a wrong way. I dont have anything *BSD, but advocacy like this doesn't encourage me to try it. If you wrote a couple of advantages of what FreeBSD has now and how do you use IMHO it would give a much better effect.
It is not very known, but sophisticated QoS and bandwidth limiting is available in 2.2. Try going to Networking options->QoS and fair queuing in kernel configuration and I'm sure you'll see lots of options with hard-to-understand descriptions;)
For the software and docs, go to ftp://ftp.proxad.net/mirrors/ftp.inr.ac.ru/ip-rout ing/ and download latest iproute from there.
It is not very known, but sophisticated QoS and bandwidth limiting is available in 2.2. Try going to Networking options->QoS and fair queuing in kernel configuration and I'm sure you'll see lots of options with hard-to-understand descriptions;)
For the software and docs, go to ftp://ftp.proxad.net/mirrors/ftp.inr.ac.ru/ip-rout ing/ and download latest iproute from there.
Ok, even if those people win the case and Lycos mp3search will have to shut down, nobody prohibits one to setup an mp3search server in a country like Russia and have a good laugh watching those lawyers trying to sue anyone there..
It's Internet - no geographic borders here.. Those people just dont get it..
I think all this hooplala over APSL is Apple's fault - if they wanted to do it correctly, they should have take the way Netscape did NPL - i.e. rise some public discussion and release several "beta" version of the license before releasing a final one.
i just dont trust Apple
on
RMS on APSL
·
· Score: 1
Apple was known as one of the most closed & propriatary computer companies for decades..
Its hard to belive that suddenly they changed their mind.. And in fact they didn't, remember that most of the code they released under APSL actually comes from BSD.
Just if Katz has wrote something you like it doesn't mean that he is trying to get some points from you... If he did you would be all considering him a slashdot hero by now..
Anyway Katz did a good job writing a hint sheet of what to say about Mr. Gates' new masterpiece.;)
Slashdot Mirror
They would send the same cookies - but packet length would be different also, so as I understand you'd need to open each URL at least twice to make one brute force attempt.
I agree that if attacker is already sitting in the middle of your traffic, and moreover can direct you to his malicious site, there are a lot of other attack vectors to worry about.
You mean it is possible to force loading of the parent URL from cross-domain child? I was under impression that it won't work without specific code to support that on the parent side.
It seems that the attack requires the victim to load the same page many times, in order to measure differences in packet length? In real life, how often one visits the same page (and this page doesn't change)? If I understand this correctly, the attack will be very slow in real life, apart from some specific cases where user visits a website which reloads itself continuously.
Also, in this day and age, would anyone trust authenticated sites which do not use https? These sites themselves are the main problem.
Perl simply throws your incompetence straight in your face, while other languages will not hurt your ego so much.
Yes guys & gals, complex constructs will take time to grasp. In return, Perl allows to write good & compact code and professionals will understand it much quicker compared to other languages, simply due to a smaller amount of code they have to read.
This story made me realize that I have been following Slashdot since 1998, e.g. ~57% of my life. Wow, what a waste. :)
Seriously, CmdrTaco, congrats. It must be special to be part of something that has literally changed the world.
P.S. And it sucks to be in the 4 digit UID club.
Your best handset for freedom is the one which does not pass through the government-controlled networks. E.g., Iridium, Globalstar, Thuraya. I'm sure that this is the way at least some of the information is leaking out to the West. If somebody catches you with it - well, don't let them do that. Newer handsets are pretty small and look like normal mobile phones.
The article is misleading. The computers are not actually of Russian make, they were supplied to Russians by Europeans (EADS). See here.
Indeed, I hope that Motorola is smart and will release a toolchain which would allow to build native applications (not just Java stuff).
Make a tri-band GSM Linux phone with ssh client and VNC client, and I'm your customer.
A quick Google search revealed the following: ZEVS, THE RUSSIAN 82 Hz ELF TRANSMITTER. Located near Murmansk. The article has some nice maps, screenshot of the spectrum, etc.
Take a look here: Nagasaki Thin Client, there are versions with three NICs. OpenBrick actually looks to be a rebranded MS2100.
WISP-Dist has similar targets, and runs on 8 Mb flash/16 Mb RAM.
Thats getting interesting. Did you hear me whining? Its what you imagined and how you see other people. Thats why other people have stereotypes about Americans, the same way you have stereotypes about Russians "who are always whining". I don't live in Russia and I'm quite successful. I like capitalism. However I don't like when millions of people suffer because of commercial interests of a very small amount of people. That happened before with very unfortunate consequences, and I wouldn't like that to happen again.
I wouldn't like to repeat myself, read my other replies if you're interested..
Man, you just confirmed what I was writing. Money rule the world, not the people. Money is what votes, and it is not your vote and your choice (unless you're powerful financially). I'm taking this out of your own words. I don't have anything against healthy capitalism, I don't like overcommercialization of life.
And... Can you explain me, what are exactly interests of average USA business in international domains? How many USA companies will be interested in www.ÂÁÎË.com? However, I bet they'd be interested in having control over their registration and "lease" them to those "poor-3rd-world" countries. Commerce and harsh reality. Exactly what you are speaking about.
So, what should IETF really care for, those other countries which want to have domains written in their own language, or USA businesses, which want to profit on them? I guess it should be the first. But currently it is unreal in real-life and I don't like that it is so. Free software helps me struggle that, by making standards widely available.
You just completely ignored my main point.
Internet is becoming a life necessity and I don't think it should every be fully commercially controlled. I understand that it makes sense for a business to not really care about 80% of planet's population because they don't have enough financial power, but as a person I do not accept that.
Let's image a country of Belarus (~3 million people) passes a patent/law which prohibits IETF from using their international domains technologies within that country... How much of a problem would that be for IETF?
See? Size matters here. Still, that lack of international domain support would be prohibit me from using Cyrillic-character domains within my country (on webservers situated in my country) at least because of lack of support on the browser side. I don't see too much sense in this.
Thats where the freedom of free software (FSF meaning) really matters. If free software hopefully will get the desktop the userbase will be large enough to support international domain schemes at least within non-US countries... At the same time people in the USA will get the sort of pain in the a%% that users over all the world were enjoying because of USA cryptography export laws in the past. Would you feel happy about it?
Of course, thats all theories..
Regarding all your posts above..
What you all seem to say that even if the IETF was in Europe, USA would still be blocking the progress.. And thats EXACTLY what I'm pissed off about. Of course IETF would not make any progress as long as USA is on the way, even if everybody else is happy about it. Is that correct?
What I was saying in my previous message is more a cry in void than any practical suggestion...
Let's see in general. The majority of the world doesn't live in USA; but most of the money is in USA. In pure capitalism that means that USA has the control over the majority. Somehow I don't think that it is fair.... but nobody can do anything about it.
I see abuses of USA power and I'm not happy about it.
I can't hold any more - this patent mess in USA makes me sick.
Why can't IETF relocate their domain task force somewhere in Europe? Just because of some brain-damaged (sorry, but it so) system in USA I can't have domain names spelled in Russian language in my own country. Where's the logic? I don't get it.
As of now, USA control the Internet. There is no reason why it should be so. Definetely USA has the biggest chunk of the 'Net, but also definetely that doesn't mean that Internet belongs to them. Democracy anyone?
I work as a senior sysadmin at one of the bigger ISPs in country, so most of the time I deal with major problems.
:-)
Usually when I have a problem which is in somebody's else network (mostly BGP routing/mail filtering) I call to their official tech support, make serious voice and say "Good day, I'm a senior sysadmin from XXX, it seems you have a problem and none of customers can reach you, can you connect me to somebody responsible for routers / BGP / servers / SMTP?"
Believe, most of them time I get connected at least to somebody who can recognize the problem and connect to a higher level admin if needed.
So, in your case, try calling them and pretend that you have a bigger problem than it really is.
And don't know about @Home, but here I go through unresolved cases through our support system from time to time, just in case the problem didn't get to higher levels.
First of all, as far as I remember bwmgr is available for Linux now as well.
Secondly, I use Linux 2.2 and QoS on several routers, with not-so-good hardware. How unmature it may be, it works.
And finally, I think you do advocacy in a wrong way. I dont have anything *BSD, but advocacy like this doesn't encourage me to try it. If you wrote a couple of advantages of what FreeBSD has now and how do you use IMHO it would give a much better effect.
It is not very known, but sophisticated QoS and ;)
t ing/ and download latest iproute from there.
bandwidth limiting is available in 2.2. Try going to Networking options->QoS and fair queuing in kernel configuration and I'm sure you'll see lots of options with hard-to-understand descriptions
For the software and docs, go to ftp://ftp.proxad.net/mirrors/ftp.inr.ac.ru/ip-rou
It is not very known, but sophisticated QoS and ;)
t ing/ and download latest iproute from there.
bandwidth limiting is available in 2.2. Try going to Networking options->QoS and fair queuing in kernel configuration and I'm sure you'll see lots of options with hard-to-understand descriptions
For the software and docs, go to ftp://ftp.proxad.net/mirrors/ftp.inr.ac.ru/ip-rou
Ok, even if those people win the case and Lycos mp3search will have to shut down, nobody prohibits one to setup an mp3search server in a country like Russia and have a good laugh watching those lawyers trying to sue anyone there..
It's Internet - no geographic borders here.. Those people just dont get it..
We'll see...
I think all this hooplala over APSL is Apple's fault - if they wanted to do it correctly, they should have take the way Netscape did NPL - i.e. rise some public discussion and release several "beta" version of the license before releasing a final one.
Apple was known as one of the most closed & propriatary computer companies for decades..
Its hard to belive that suddenly they changed their mind.. And in fact they didn't, remember that most of the code they released under APSL actually comes from BSD.
I like how the story is written. There are minor mistakes, but in overall a good job. :)
Just if Katz has wrote something you like it doesn't mean that he is trying to get some points from you... If he did you would be all considering him a slashdot hero by now..
;)
Anyway Katz did a good job writing a hint sheet of what to say about Mr. Gates' new masterpiece.