Ahh, I see. Thank you for elaborating on that a little, wasn't really aware of this. Makes me wonder why my box cannot handle the --state option with iptables then...
About UPNP: I utterly dislike it and keep it disabled. I prefer knowing if an app wants a port open and then I make a static iptable entry for it myself; otherwise, if some fancy malware asks nicely, my router would happily give them any port they ask for.
A minor nitpick. It's very flattering to read all that praise about us, but we hungarians are easily one of the most pessimistic people you can meet in Europe, so I'd question the delightful part. I mean, we rank near the bottom charts of everypoll regarding happiness and were #1 leader in suicides world-wide for a while (now we are #5 or something). Just saying.;)
NAT is harder than firewalling? How so? A stateless NAT should be lot easier on the machine than a firewall (which I could compare to stateful NAT, dropping packets based on some criteria and being able to track established connections), or do I get it completely wrong?
And thanks for the link, interesting doc. My router is a WL500g Premium v1, a pretty old model that's working quite admirably so far, but it can't do firewalling. Seems I'll have to just throw it out.
It's not doing stateful NAT, it's completely stateless - it's a static port forwarding to preset LAN IPs or outright dropping the packet, UPNP is disabled. AFAIK this is anything but stateful. When I try enabling the stateful features in iptables (--state SOMETHING), it quickly slows down the box and makes it unresponsive during heavy use. Maybe there's a bug in the kernel I use, but I'd bet it's closer related to 16MB RAM and 400Mhz CPU.:)
I don't see how a larger address space helps. First of all, devices generate IPv6 by using the MAC - if someone is looking for an exploit for a specific device (like, knowing there's a bug in the LExxW650 brand of samsung TVs, let's say) they can narrow down the possible IPs by knowing what brand of cards the device uses. Also, as IPv6 (supposedly) never changes, anyone can take their sweet time to scan piece by piece (subset by subset), as that data will never lose relevance...
I'd say having a stateful firewall will be a must. It's not good to rely in security through obscurity. Or maybe I'm just paranoid.:)
I have a WL500gP v1. It has a "firewall" feature, but it's stateless and pretty much just NAT given a fancy name and a semi useful UI. I'd expect most routers work the same way, unless Moore did some magic on these as well...
...without a firewall on your router? Seriously, unless you invest deeply, 90% of the consumer grade devices can't do that - my router supports IPv6 in theory (no carrier support yet to test it) but only has a 400mhz CPU. Trying to implement any stateful firewall on that will just make the system unstable if you make some more intensive use of the connection (streaming HD TV, torrent, etc). No "smart" device I have in my home supports firewalls apart from my PC, so they can not be trusted to just cope on their own.
I'm probably missing something I guess, but it just doesn't seem like a genious prospect to me.
So how do you firewall your smart TV, or any other connected appliance (that is not a PC)? No router today has any meaningful firewall functionality - all those devices with their globally unique and reachable IP6 address will be fun targets for malicious attackers. Hell, even if home grade routers had firewalls, 90% of the end users couldn't manage (or even understand) them anyway.
Yup, a blunder on my part. I only remembered it's a different engine - the one Safari uses on iOS - but I forgot the original's called the same as well. Still: it's not the same as the "other" Chromes. No Nitro for one.
Don't be an appletard either. Firefox was not developed because EVERY WEB BROWSER ON iDEVICES MUST USE THE WEBKIT ENGINE. Even Chrome - which means what you get as "Chrome" on iDevice is basically a webkit with a different look'n'feel. Basically: a skin.
...they would get smacked around for the same anti-competition behaviour which hurt Microsoft during the XP days, forcing them to change this "One browser" approach (and maybe for other apps as well). In a sense, they are lucky their rather unusual philosophy - where instead of designing products to meet the demand, you shape the demand yourself - hit the wall before they became a monopoly.
Try Grigori Medvedev's "The Truth About Chernobyl". It's a pretty thick book - almost 300 pages - but he goes into very deep detail how and why things went the way they did, from the "soviet way" of handling nuclear energy and generic sentiment to the very specific events and even the aftermath. Medvedev himself was a chief engineer in Chernobyl for a while; he was also pretty acclaimed in Russia (he mentions other cases where he tried giving sensible advice to authorities regarding nuclear power plants) and he was tasked with investigating the catastrophe. It's a fairly old book so finding a new copy might be a tad difficult, but I think it's a must-read if you are really interested in Chernobyl...
Not really. They wouldn't have been sent to Siberia, as they weren't even the guys who were supposed to run the test. These were the night shift guys; the day shift - who were supposed to do this task and actually prepared for it - were told to stand by because of another plant falling out of the power grid in Ukraine. By the time the plant recevied the green signal for the test, the shifts rotated and this detail never seemed to be important to anybody. It's not widely publicized because it's not a very "interesting" detail, but this very test was attempted three times before the accident by the other crew; they failed to safely shut off the reactor on every three, but they neither blew up the reactor. (They simply aborted the test and switched back to external power for cooling.)
The primary cause of the accident is two-founded. Firstly, the reactor was not safe by design, being a positive coefficient reactor. Secondarily, the crew was utterly ignorant on even the basic principles of nuclear power, let alone the operation of their own reactor. The reason why they never aborted the test was not out of fear. They never realized the reactor was in danger! Even after the fuel rods were strewn across Pripyat, these guys reported to Moscow that the reactor is intact and being fed with fresh coolant water - even though at this point the water they pumped in only flooded the electrical controls of the other units, almost causing a second catastrophe.
The final bit of irony: the reason for the test? Israel bombed a nuclear plant in Iraq prior, and some people in Russia started to get worried if the RBMK reactors could safely shut down when NATO started bombing their power grid.
Maybe because, frankly, they're advancing pretty much none whatsoever? The only time the big music/movie industry was forced to back down was with SOPA, and that had pretty little to do with anyone of those and much more with the public outrage. And even that wasn't a real victory anyway, only a postpone at best. In the meantime, we're all enjoying the more and more stringent copyright laws and extensions of trademarks/copyright time periods (with no end in sight).
So frankly, I don't see those real heroes being very succesful either, to be honest. Might as well cheer for the guy who's story starts to look like an episode from a bad sitcom....
I mean, a lot of industries would LOVE having spider silk in large quantities - it's a very durable material, and could be pretty useful in making bulletproof vests or strong-yet-light cables, if I recall correctly.
So even if it's theoretically correct - I kind of doubt it'll ever get better than glass, mind you - there'll be just another industry standing in line waiting for the artificial spider silk to start flowing...
Airplanes don't care if there is a new street or changes to the city layout, and hills/other geographical features don't tend to move around too much - so maps get outdated actually very slowly. The reason why they are doing the whole thing is late warnings. Approaching steeper hills at more significant speeds can mean that the radar only tells the pilots to pull up when it's too late. As for all the things you mentioned, only the RADAR matters as far as ground proximity goes...:)
Some modern GPWS systems actually use digitalized maps of the area, determining possible collisions not only by radar but by "looking" around the map using the GPS coordinates. Pretty sure it'd cause problems there, causing false alerts and not warning other times...
You mean, literally going to insane lenghts (like having AC get used for public execution) trying to kill off AC which was a WAY BETTER solution, and had only one problem: wasn't his invention?
Slashdot Mirror
Ahh, I see. Thank you for elaborating on that a little, wasn't really aware of this. Makes me wonder why my box cannot handle the --state option with iptables then...
About UPNP: I utterly dislike it and keep it disabled. I prefer knowing if an app wants a port open and then I make a static iptable entry for it myself; otherwise, if some fancy malware asks nicely, my router would happily give them any port they ask for.
A minor nitpick. It's very flattering to read all that praise about us, but we hungarians are easily one of the most pessimistic people you can meet in Europe, so I'd question the delightful part. I mean, we rank near the bottom charts of every poll regarding happiness and were #1 leader in suicides world-wide for a while (now we are #5 or something). Just saying. ;)
NAT is harder than firewalling? How so? A stateless NAT should be lot easier on the machine than a firewall (which I could compare to stateful NAT, dropping packets based on some criteria and being able to track established connections), or do I get it completely wrong?
And thanks for the link, interesting doc. My router is a WL500g Premium v1, a pretty old model that's working quite admirably so far, but it can't do firewalling. Seems I'll have to just throw it out.
It's not doing stateful NAT, it's completely stateless - it's a static port forwarding to preset LAN IPs or outright dropping the packet, UPNP is disabled. AFAIK this is anything but stateful. When I try enabling the stateful features in iptables (--state SOMETHING), it quickly slows down the box and makes it unresponsive during heavy use. Maybe there's a bug in the kernel I use, but I'd bet it's closer related to 16MB RAM and 400Mhz CPU. :)
:)
I don't see how a larger address space helps. First of all, devices generate IPv6 by using the MAC - if someone is looking for an exploit for a specific device (like, knowing there's a bug in the LExxW650 brand of samsung TVs, let's say) they can narrow down the possible IPs by knowing what brand of cards the device uses. Also, as IPv6 (supposedly) never changes, anyone can take their sweet time to scan piece by piece (subset by subset), as that data will never lose relevance...
I'd say having a stateful firewall will be a must. It's not good to rely in security through obscurity. Or maybe I'm just paranoid.
I have a WL500gP v1. It has a "firewall" feature, but it's stateless and pretty much just NAT given a fancy name and a semi useful UI. I'd expect most routers work the same way, unless Moore did some magic on these as well...
So, "I can say with 95% confidence that I survived"?
...without a firewall on your router? Seriously, unless you invest deeply, 90% of the consumer grade devices can't do that - my router supports IPv6 in theory (no carrier support yet to test it) but only has a 400mhz CPU. Trying to implement any stateful firewall on that will just make the system unstable if you make some more intensive use of the connection (streaming HD TV, torrent, etc). No "smart" device I have in my home supports firewalls apart from my PC, so they can not be trusted to just cope on their own.
I'm probably missing something I guess, but it just doesn't seem like a genious prospect to me.
So how do you firewall your smart TV, or any other connected appliance (that is not a PC)? No router today has any meaningful firewall functionality - all those devices with their globally unique and reachable IP6 address will be fun targets for malicious attackers. Hell, even if home grade routers had firewalls, 90% of the end users couldn't manage (or even understand) them anyway.
I really wish I had any modpoints left :(
Yup, a blunder on my part. I only remembered it's a different engine - the one Safari uses on iOS - but I forgot the original's called the same as well. Still: it's not the same as the "other" Chromes. No Nitro for one.
Everywhere? I didn't know the Nitro Javascript engine was disabled on my PC. (It is disabled on iOS.)
iOS WebKit != WebKit
All browsers on iDevices must use the WebKit engine. You may use a different "browser" but you always get the same engine.
Don't be an appletard either. Firefox was not developed because EVERY WEB BROWSER ON iDEVICES MUST USE THE WEBKIT ENGINE. Even Chrome - which means what you get as "Chrome" on iDevice is basically a webkit with a different look'n'feel. Basically: a skin.
...they would get smacked around for the same anti-competition behaviour which hurt Microsoft during the XP days, forcing them to change this "One browser" approach (and maybe for other apps as well). In a sense, they are lucky their rather unusual philosophy - where instead of designing products to meet the demand, you shape the demand yourself - hit the wall before they became a monopoly.
Try Grigori Medvedev's "The Truth About Chernobyl". It's a pretty thick book - almost 300 pages - but he goes into very deep detail how and why things went the way they did, from the "soviet way" of handling nuclear energy and generic sentiment to the very specific events and even the aftermath. Medvedev himself was a chief engineer in Chernobyl for a while; he was also pretty acclaimed in Russia (he mentions other cases where he tried giving sensible advice to authorities regarding nuclear power plants) and he was tasked with investigating the catastrophe. It's a fairly old book so finding a new copy might be a tad difficult, but I think it's a must-read if you are really interested in Chernobyl...
Not really. They wouldn't have been sent to Siberia, as they weren't even the guys who were supposed to run the test. These were the night shift guys; the day shift - who were supposed to do this task and actually prepared for it - were told to stand by because of another plant falling out of the power grid in Ukraine. By the time the plant recevied the green signal for the test, the shifts rotated and this detail never seemed to be important to anybody. It's not widely publicized because it's not a very "interesting" detail, but this very test was attempted three times before the accident by the other crew; they failed to safely shut off the reactor on every three, but they neither blew up the reactor. (They simply aborted the test and switched back to external power for cooling.)
The primary cause of the accident is two-founded. Firstly, the reactor was not safe by design, being a positive coefficient reactor. Secondarily, the crew was utterly ignorant on even the basic principles of nuclear power, let alone the operation of their own reactor. The reason why they never aborted the test was not out of fear. They never realized the reactor was in danger! Even after the fuel rods were strewn across Pripyat, these guys reported to Moscow that the reactor is intact and being fed with fresh coolant water - even though at this point the water they pumped in only flooded the electrical controls of the other units, almost causing a second catastrophe.
The final bit of irony: the reason for the test? Israel bombed a nuclear plant in Iraq prior, and some people in Russia started to get worried if the RBMK reactors could safely shut down when NATO started bombing their power grid.
Maybe because, frankly, they're advancing pretty much none whatsoever? The only time the big music/movie industry was forced to back down was with SOPA, and that had pretty little to do with anyone of those and much more with the public outrage. And even that wasn't a real victory anyway, only a postpone at best. In the meantime, we're all enjoying the more and more stringent copyright laws and extensions of trademarks/copyright time periods (with no end in sight).
So frankly, I don't see those real heroes being very succesful either, to be honest. Might as well cheer for the guy who's story starts to look like an episode from a bad sitcom....
Wait until they unionize...
I mean, a lot of industries would LOVE having spider silk in large quantities - it's a very durable material, and could be pretty useful in making bulletproof vests or strong-yet-light cables, if I recall correctly.
So even if it's theoretically correct - I kind of doubt it'll ever get better than glass, mind you - there'll be just another industry standing in line waiting for the artificial spider silk to start flowing...
Airplanes don't care if there is a new street or changes to the city layout, and hills/other geographical features don't tend to move around too much - so maps get outdated actually very slowly. The reason why they are doing the whole thing is late warnings. Approaching steeper hills at more significant speeds can mean that the radar only tells the pilots to pull up when it's too late. As for all the things you mentioned, only the RADAR matters as far as ground proximity goes... :)
Some modern GPWS systems actually use digitalized maps of the area, determining possible collisions not only by radar but by "looking" around the map using the GPS coordinates. Pretty sure it'd cause problems there, causing false alerts and not warning other times...
No speed limits in certain areas works great for Germany.
You mean, literally going to insane lenghts (like having AC get used for public execution) trying to kill off AC which was a WAY BETTER solution, and had only one problem: wasn't his invention?
...that the creepy bug-machines they put in your stomach in Matrix1 were scifi only.
You never "migrated" your HDDs when you changed everything else in your PC, I take it?