MS will be forcing itself not to become complacent and hide behind the obscurity of a vulnerability that may not be known, but instead will have to deal with the vulnerability in the correct way - fixing the thing.
Hold on. By giving a summary of fixes coming up, thus indicating the fix is already there does not change anything, or do what you suggest. This is not full disclosure of unfixed problems.
All that's happening is you'll get advanced summaries of what the monthly security updates will contain. They've already fixed it when this happens.
Microsoft do not seem to support most of the open-source formats like OGG and OGV.
Well of course not, that's like complaing because iTunes doesn't support WMA. Why should a manufacturer support 3rd party components?
The DirectShow filters specs are well known, and there are Ogg filters as well as DivX filters available. As for MP4 sound with Windows Media Player, again 3rd parties produce it and the MP4 video support is already there.
I believe the official answer to this is because Lucas wanted to represent the Jedi Spirit as they where when they died.
That may be the official answer, but of course we all know that the real answer is "Well we changed it because we can, and when we release an 'original' DVD set in a couple of years everyone will rush out and buy it again. Then Lucas will finally have enough money to get a custom made real doll shaped like jar jar."
That's why junk mail is worse than spam, for spam all you have to do is click a couple of times and it's gone.
And pay for bigger mail servers to hold it, more bandwidth to accept it, more processing time to virus scan it. Then there is those who must pay to access the net on a non-flat fee basis.
The whole "just press deleted" arguement has been long banished by everyone, except for spammers
How many times have you personally ordered the SAME pay per view movie more than once? Unless you're lying, the answer is none.
Actually I find myself watching most sci-fi PPVs twice, once on my own so I can enjoy it, then once with the life where I have to answer "Who is that?" "Is that the bad guy?" "Why are the effects so bad?" "Oh a monster" type comments every 5 minutes.
You seem to be assuming that everyone who has a legitimate reason to spoof "from" addresses also has control of the firewall and DNS entry, or the ability to influence SenderID policy. This is very rarely the case.
No I'm not. If you don't have control over the firewall or DNS then you don't have the ability to produce an SPF entry anyway.
I am assuming that if you have the technical ability to have an SPF entry then you also have the ability to setup SMTP AUTH, a VPN to your server or any other way to support remote working.
People seem to be assuming that if you don't have an SPF/Sender ID record your mail gets rejected. That's not the case in most setups, and hell, at the end of the day it's my mail server I'll configure it how I like:)
Maybe I didn't explain it very well then. If I can use the example of my local setup.
If you connect to me I do a bunch of dnsBL checks. If you pass those then I'll do an SPF lookup. If, in your case, you don't have an SPF record then the mail goes though (to spam assassin). If you fail an SPF check because you're "spoofing" a from address for a domain which has valid SPF lookups then you get rejected.
Your cases where your MTA has no SPF has no effect, the mail gets passed through because you did not fail. I'm not blocking on a "must pass", that would be insane. So why is blocking like this bad in your eyes? You seem to think that people only tag, wrong. People reject on *fails*. A domain which does not have an SPF record is not a fail.
No-one is forcing you to publish SPF/SenderID records, so you can leave your domain unencumbered and SPF filters will never touch you
If you have non-domain X sending MTAs you can always add them to your SPF record anyway
You can always open that firewall to allow SMTP AUTH
Relaying is not, in theory, a bad thing. Open news servers are not, in theory, a bad thing, gun ownership in theory is not a bad thing. But there are always those who will happily abuse facilities.
Just because you can't use SNTP AUTH because of a firewall don't try to dictate how everyone else should use SPF.
One of the big problems is that with a standard TV you can't see the blemishes and wrinkles that are present on any normal person's face.
Off topic I know, but how do you imagine politics will be effected by being able to see "Warts and all" on your local congressman's face? Hell, the "first" world has turned visual and we're shallow enough to trust people based on appearance. I can see a lot of incumbants being voted out once HDTV interviews start being broadcast to the majority of homes.
If you're lucky, you will have to pay for a second box, and will be "allowed" to watch it in your bedroom.
Funny, thats not how media center works right now. You can stream to PCs in your local network easily enough. And if you don't want to pop for a second PC there are "media center" extenders, low priced little things that will plug into your TV.
I know DRM is the big bad boogey man of/. (closely followed by SCO) but the media center DRM isn't that bad. Hell you can't even complain much about the MSN music store rules as they're exactly the same as iTunes.
HDTVoIP with its far bigger hunger for hbandwidth.
(disclaimer : I spent 3 years as the dev lead/manager for a large streaming media company)
The bandwidth for streaming is never as high as people think. Once you start to control the whole network it gets a lot easier. If you can place caching servers in each major subscriber area and most importantly enable multi-case (which you can finaly do because you control all the routing and switches) it will drop a lot. Sure movies that are truely "on-demand" will have to be served on an individual basis, but again, local caching servers would reduce bandwidth requirements to just the last 1-2 hops.
Now, why in the world they were handed a bunch of social security numbers (instead of MD5's of the numbers) to store is a mystery to me
MD5? Surely you would at least salt them first. As a Brit I will freely admit to having no clue over the format of the US SSN, but the UK one goes XX999999X where the first two characters describe your year of birth (I believe). Now with such a well known format, and a reasonably small data set pre-calculation of a simple MD5 hash is just an exercise is computin. Now if they were salted first, with say the holder's surname then the order of magnitude to pre-calculate a hash becomes much greater.
As the library publish their email format and the article had the fellow's full name in it I've dropped him a email pointing him to here, and to ebay. Hopefully he'll post a list of what he needs.
Yea, my mother's ISP does that, but again, connecting over a non-standard port (in my case ODMR) allows her to use my mail server, and SPF. Not that she knows that's what's happening.
Run an MTA on your laptop configured to send mail for your domain. Publish the key for that laptop in your dns records and now you can send email from the cybercafe. The reason this works is becuase it doesn't depend on IP addresses like SPF.
Except of course any sensible cybercafe doesn't allow SMTP out, and any sensible company allows SMTP-Auth for people on the road, usually on a non-standard port, so they can a) keep a record of what is sent from their company email addresses and b) allow support for things like SPF
Then why didn't they? Because they simply don't care. And that is what sucks.
Oh but they have. MS produced SenderID, which builds on the already published and supported SPF. Except that got dismissed on here due to licensing issues and because, well it's MS. Of course DomainKeys has a somewhat intersting license restriction as well (funny how there's not much screaming over that) and the cost involved in getting a signing key. Whereas SPF does all this for the price of a single TXT DNS entry.
So what's the point in rolling something out when people won't, for whatever reason, implement checking at their end? And why didn't gmail implement SPF, the no-cost solution?
is already stupid enough without adding a fourth option into the list.
The whole things smacks of "not invented here" right now, they all do the same thing, they all do it in the same way, and yet everyone says theirs is best.
What's more interesting is the lack of awareness from developers for this. There are a lot of systems out there right now that will, for example, send invites to join their web site to your nominated friends using your from address. So as someone who has SPF and SenderID entries I see a lot of bounces because of this. It's not just a matter of making all mail servers support it developers also have to actually think and keep up and stop spoofing themselves.
You purchase accordingly (for example the compaq rack mount UPS communicates over a specific card).
As for me I'd have far rather had a serial connection for home for my SmartUPS, I could have split it between the 3 machines it's protecting, and not have to worry having to put a switch on the smartups so the only device that knows power has been lost can then shut the other 2 servers down.
Right now where I am all USB is banned (but then I am in a bank...)
However where is the problem with no USB on a server? Is your server room filled full of MP3 players hooked up to your NAS? A mobile phone hanging off the sendmail box? a digital camera on the proxy? Of course it isn't. You talk as if disabling support means finding the cables to the sockets, of course it doesn't, disable it in the BIOS, then if you need to boot off a key (and remember how many big servers will support that? or that 3 year old corporate desktop? Oh. bugger) you login to the BIOS and turn it back on.
In some corporate environments the dangers of USB devices running away with proprietary information far outweigh letting the secretary plug her digital camera in and send run pictures of her last beach holiday.
Actually come to think of it in any environment not seeing holiday snaps is a good idea:)
Am i the only one who feels that charging a mp3 player by just a computer is a bad way of doing it?
Why? My Zen recharges by USB, as does my phone when it's docked in it's cradle. That saves me 2 power adapters when I'm travelling. Heck, even my digital camera powers up via a cradle which can draw power from USB alone, and my portable hard drive draws power from a USB2 port (unless you're on a Dell Inspirion which complains that the device is sucking too much power from the port. Cheap ass dells!)
Err. Right. Any smart admin has disabled access without a password, so you can only shut it down by the pulling the power, any smart admin has passworded the BIOS and told it to boot off the hard drive, and any smart admin has disabled the USB ports on a server anyway.
Other than that though it's not a hacker tool, there's no blue LED.
Slashdot Mirror
MS will be forcing itself not to become complacent and hide behind the obscurity of a vulnerability that may not be known, but instead will have to deal with the vulnerability in the correct way - fixing the thing.
Hold on. By giving a summary of fixes coming up, thus indicating the fix is already there does not change anything, or do what you suggest. This is not full disclosure of unfixed problems.
All that's happening is you'll get advanced summaries of what the monthly security updates will contain. They've already fixed it when this happens.
Microsoft do not seem to support most of the open-source formats like OGG and OGV.
Well of course not, that's like complaing because iTunes doesn't support WMA. Why should a manufacturer support 3rd party components?
The DirectShow filters specs are well known, and there are Ogg filters as well as DivX filters available. As for MP4 sound with Windows Media Player, again 3rd parties produce it and the MP4 video support is already there.
I posted the link earlier, but Intervideo have a license to produce WMA/WMV with DRM products for Linux.
So since it would be easier to buy compatable products then try to recreate compatable ones in Linux while facing legal hurdles and patent problems.
Except there is supposed to a version of Windows Media, with DRM support for embedded Linux.
That may be the official answer, but of course we all know that the real answer is "Well we changed it because we can, and when we release an 'original' DVD set in a couple of years everyone will rush out and buy it again. Then Lucas will finally have enough money to get a custom made real doll shaped like jar jar."
How is different from virus vendors stopping reporting on "corporate" keyloggers?
That's why junk mail is worse than spam, for spam all you have to do is click a couple of times and it's gone.
And pay for bigger mail servers to hold it, more bandwidth to accept it, more processing time to virus scan it. Then there is those who must pay to access the net on a non-flat fee basis.
The whole "just press deleted" arguement has been long banished by everyone, except for spammers
Actually I find myself watching most sci-fi PPVs twice, once on my own so I can enjoy it, then once with the life where I have to answer "Who is that?" "Is that the bad guy?" "Why are the effects so bad?" "Oh a monster" type comments every 5 minutes.
No I'm not. If you don't have control over the firewall or DNS then you don't have the ability to produce an SPF entry anyway.
I am assuming that if you have the technical ability to have an SPF entry then you also have the ability to setup SMTP AUTH, a VPN to your server or any other way to support remote working.
People seem to be assuming that if you don't have an SPF/Sender ID record your mail gets rejected. That's not the case in most setups, and hell, at the end of the day it's my mail server I'll configure it how I like :)
If you connect to me I do a bunch of dnsBL checks. If you pass those then I'll do an SPF lookup. If, in your case, you don't have an SPF record then the mail goes though (to spam assassin). If you fail an SPF check because you're "spoofing" a from address for a domain which has valid SPF lookups then you get rejected.
Your cases where your MTA has no SPF has no effect, the mail gets passed through because you did not fail. I'm not blocking on a "must pass", that would be insane. So why is blocking like this bad in your eyes? You seem to think that people only tag, wrong. People reject on *fails*. A domain which does not have an SPF record is not a fail.
What utter tosh.
Just because you can't use SNTP AUTH because of a firewall don't try to dictate how everyone else should use SPF.
One of the big problems is that with a standard TV you can't see the blemishes and wrinkles that are present on any normal person's face.
Off topic I know, but how do you imagine politics will be effected by being able to see "Warts and all" on your local congressman's face? Hell, the "first" world has turned visual and we're shallow enough to trust people based on appearance. I can see a lot of incumbants being voted out once HDTV interviews start being broadcast to the majority of homes.
If you're lucky, you will have to pay for a second box, and will be "allowed" to watch it in your bedroom.
Funny, thats not how media center works right now. You can stream to PCs in your local network easily enough. And if you don't want to pop for a second PC there are "media center" extenders, low priced little things that will plug into your TV.
I know DRM is the big bad boogey man of /. (closely followed by SCO) but the media center DRM isn't that bad. Hell you can't even complain much about the MSN music store rules as they're exactly the same as iTunes.
HDTVoIP with its far bigger hunger for hbandwidth.
(disclaimer : I spent 3 years as the dev lead/manager for a large streaming media company)
The bandwidth for streaming is never as high as people think. Once you start to control the whole network it gets a lot easier. If you can place caching servers in each major subscriber area and most importantly enable multi-case (which you can finaly do because you control all the routing and switches) it will drop a lot. Sure movies that are truely "on-demand" will have to be served on an individual basis, but again, local caching servers would reduce bandwidth requirements to just the last 1-2 hops.
Now, why in the world they were handed a bunch of social security numbers (instead of MD5's of the numbers) to store is a mystery to me
MD5? Surely you would at least salt them first. As a Brit I will freely admit to having no clue over the format of the US SSN, but the UK one goes XX999999X where the first two characters describe your year of birth (I believe). Now with such a well known format, and a reasonably small data set pre-calculation of a simple MD5 hash is just an exercise is computin. Now if they were salted first, with say the holder's surname then the order of magnitude to pre-calculate a hash becomes much greater.
MD5 is not a stand alone security method.
As the library publish their email format and the article had the fellow's full name in it I've dropped him a email pointing him to here, and to ebay. Hopefully he'll post a list of what he needs.
It would probably be a good idea for them to accept email from EVERYONE and sort through it later.
Lets see;
A good idea? Really?!
Yea, my mother's ISP does that, but again, connecting over a non-standard port (in my case ODMR) allows her to use my mail server, and SPF. Not that she knows that's what's happening.
Except of course any sensible cybercafe doesn't allow SMTP out, and any sensible company allows SMTP-Auth for people on the road, usually on a non-standard port, so they can a) keep a record of what is sent from their company email addresses and b) allow support for things like SPF
Oh but they have. MS produced SenderID, which builds on the already published and supported SPF. Except that got dismissed on here due to licensing issues and because, well it's MS. Of course DomainKeys has a somewhat intersting license restriction as well (funny how there's not much screaming over that) and the cost involved in getting a signing key. Whereas SPF does all this for the price of a single TXT DNS entry.
So what's the point in rolling something out when people won't, for whatever reason, implement checking at their end? And why didn't gmail implement SPF, the no-cost solution?
is already stupid enough without adding a fourth option into the list.
The whole things smacks of "not invented here" right now, they all do the same thing, they all do it in the same way, and yet everyone says theirs is best.
What's more interesting is the lack of awareness from developers for this. There are a lot of systems out there right now that will, for example, send invites to join their web site to your nominated friends using your from address. So as someone who has SPF and SenderID entries I see a lot of bounces because of this. It's not just a matter of making all mail servers support it developers also have to actually think and keep up and stop spoofing themselves.
As for me I'd have far rather had a serial connection for home for my SmartUPS, I could have split it between the 3 machines it's protecting, and not have to worry having to put a switch on the smartups so the only device that knows power has been lost can then shut the other 2 servers down.
Right now where I am all USB is banned (but then I am in a bank ...)
However where is the problem with no USB on a server? Is your server room filled full of MP3 players hooked up to your NAS? A mobile phone hanging off the sendmail box? a digital camera on the proxy? Of course it isn't. You talk as if disabling support means finding the cables to the sockets, of course it doesn't, disable it in the BIOS, then if you need to boot off a key (and remember how many big servers will support that? or that 3 year old corporate desktop? Oh. bugger) you login to the BIOS and turn it back on.
In some corporate environments the dangers of USB devices running away with proprietary information far outweigh letting the secretary plug her digital camera in and send run pictures of her last beach holiday.
Actually come to think of it in any environment not seeing holiday snaps is a good idea :)
Am i the only one who feels that charging a mp3 player by just a computer is a bad way of doing it?
Why? My Zen recharges by USB, as does my phone when it's docked in it's cradle. That saves me 2 power adapters when I'm travelling. Heck, even my digital camera powers up via a cradle which can draw power from USB alone, and my portable hard drive draws power from a USB2 port (unless you're on a Dell Inspirion which complains that the device is sucking too much power from the port. Cheap ass dells!)
Err. Right. Any smart admin has disabled access without a password, so you can only shut it down by the pulling the power, any smart admin has passworded the BIOS and told it to boot off the hard drive, and any smart admin has disabled the USB ports on a server anyway.
Other than that though it's not a hacker tool, there's no blue LED.