I'm not particularly concerned with someone's control over.com. Consider the path that we've taken in the last 7 years, where we went from having to explain what the internet was, to dot-bomb being a common media expression. A lot happens in 7 years.
If you've registered a domain name recently you know how hard it is to get a good.com name. The scarcity is already and will continue to drive people to alternative tld's. My feeling is that in another 7 years (or less) you won't care at all who controls registration for.com. I would imagine that i would rather be a registrar that controlled access to an appealing alternative TLD. There are many great names left to sell. Verisign will end up selling less and less.com registrations as every possible reasonable one will have been taken.
Competition among registrars and many TLD's will also likely drive the average price of a domain name way down. I wouldn't be surprised if VeriSign's revenues get driven down by this.
Honestly, there are plenty of businesses i'd rather be able to get a crack at than baby sitting some root servers.
It took me years to give it a real try. When I started my current project which is a C base but needed some easy way for the customer to extend via scripting, python looked like a good choice.
It turns out it's super easy to integrate into a C or C++ base and nearly instantly gives you a very solid scripting language. Restricted execution allows you to limit the power of the scripts, perhaps only allowing access to a few of your own custom objects and none of the system calls. This allows us to trust scripts from relatively untrusted users. All in all it's been a dream to use.
I was a little weary of having to learn a new language. Having to have C, C++, Java, VB, perl, javascript & shell under your belt seems excessive. I wish we could settle down and use a few LESS languages, but whaddya gonna do?
Once I jumped in though, i found it really easy to learn and nice to work with. Most modern languages seems to use so many of the same concepts, it's hardly like picking up a new one (I felt the same way about java). So it was really painless.
I would suggest anyone who's on the fence to give it a try because really it's only a couple of days before you've got a pretty good command of it
I guess I don't understand what all the fuss is about then? With all the problems IP based authentication can create on a local network (with someone just taking over the IP address) who uses things such as.rhosts anymore?
OK. But when I read this from the more recent article... doesn't this sound like you are sniffing communications between the two hosts?:
"This change prevented attackers from guessing the ISN, but Newsham found that a skilled attacker could still glean enough information from other TCP sessions between two hosts to be able to infer the ISN value, regardless of whether it is incremented in a random manner."
I thought that the threat of telnet hijacking was very real. While switching to ssh makes sense for privacy and password sniffing, I was under the impression that one of the best benefits of ssh over telnet with one time passwords was the probability of session hijacking
I am no script kiddie but I thought I had even seen tools available for download that would do just that. If these have been around for years then how do they differ from this revelation?
The article at eweek that the post seems to refer to seems to give more details about the attack.
It says: "ISN values are exchanged by the sending and receiving hosts and are supposed to be chosen randomly. Each successive packet then contains a sequence number that is based on the ISN plus the number of bytes transferred to the receiving host.
But if the ISN is not chosen at random or if it is increased by a non-random increment in subsequent TCP sessions, an attacker could guess the ISN, thereby enabling him or her to hijack the session's traffic, inject false packets into the stream or even launch a denial of service attack against individual Web servers."
So they seem to say the problem is not that the initial ISN isn't created randomly, it's that the subsequent numbers aren't incremeted randomly (wouldn't that be hard to do?) but are rather incremented by the number of bytes transmitted. IF you observe the session and count the bytes on a couple of packets, you can figure a number to use to continue (hijack) the session.
I guess there must be an additional bit to it considering the details haven't been released. Can anyone comment that knows more about the issue?
Anyway, my only point with telnet was that I thought it was already commonly accepted that encryption was the only thing that was going to stop hijacking. I guess this may get proved out
Haha, I only wish Slashdot paid that kind of money
I'm pretty sure heart surgeons and other skilled medical staff make more than that. I personally know a couple of doctors that made in excess of $1 mil a year, which $250/hr sure doesn't get you.
I provide what amounts to software architecture and design work. Most of the systems lately have been ecommerce or online banking and online billing. Java, xml, RDBMS, C++, no single point of failure, hot fail, etc... full systems.
I generally work with a team that I've done many other projects together with. We already know each other, and how we work, and we're able to start at something close to 100% at the start of the project... something that doesn't happen normally when you put together a team that hasn't worked before.
The people I work with are great, we've always managed to get the job done right and on time in the past. Getting the reputation of being able to deliver results is what bring clients in.
Really it's basically just the Andersen, KPMG, BCG or whoevere model, bring in the whole team and charge more for the sum of the parts. The only difference is it's pretty uncommon for you to be happy at the end of an andersen engagement.
Commercial real estate has been in a free fall. Last spring, if you wanted to be in SOMA, some people were paying as much as $9-$12/sq ft a month. Currently, small space in SOMA is going for $1.75-$2.50/sq ft. a month, and is constantly being reduced.
Flats may take longer to go down, but here in potrero hill I've seen several 2 bedroom places with views going for the $2000-$2200 range, which i don't think yuo could have found six months ago at all. While It's lagged a bit, I know a bunch of people leaving the city currently. I wouldn't be suprised if another 9 months takes a lot of residential rent down by another $500 or more.
"HTML engineer" was the biggest myth of the last two years. Suddenly, if you had the attention span to read a book on HTML, you could get an $80k+ job inside the engineering department no problem. Here in san francisco, that was absolutely because there were hundreds of hopefully ecommerce shops run by MBA's with 0 technical knowledge. They would pile on the "engineers", who often with little experience would flounder... none of these companies were working very efficiently.
Fast forward a year, and yeah, it's a lot harder to get that kind of job. People won't kiss your ass for having read a book and having designed your own homepage. You don't get a six figure signing bonus for knowing how to place images in tables.
I know it's been said before, but good riddence. San Francisco had been torn apart by new money. $3000/mo 500 sq ft. flats. Overheard party circuit conversations about feeling sorry for the poor people "but honestly what do they expect". More mercedes benz automobiles than hondas. Honestly, you couldn't have lived in the bay area for the last three years and not been overwhelmed by it, even if you were part of the problem.
I think what the salon article meant to say was "Tech Job Hunting returns to normal: Tough but fair". It may mean that with 2 years of experience you'll be struggling to sell yourself to a potential client. It may mean that what you got used to as a standard of living wasn't real. But as for a programmer with real experience and modern skills, there is most certainly work out there.
I am both an engineering consultant and a staff member in an engineering consulting firm. While there is no doubt that demand has waned, My own services have stayed very much in demand and pricing hasn't dropped much from my peak of $250-$300/hr. I have found that those that we worked with with at least five years of coding are similarly in demand. We have also had some success placing other, but these rates have dropped significantly. At one point we were able to charge $110-$125 for QA, $125-$150 for design and $150-$200 for mid level programmers. These rates are now more like $40-$50 for QA, $50-$60 for design and $60-$90 for contract programming.
I actually think $120k/year + overtime for doing HTML design is DAMN GOOD PAY.
It'll just take a while before folks can swallow the bitter pill they have been handed. But when they do, they'll do just fine. Perhaps they won't be eatingf lunch at aqua anymore.
Sleeper
I agree with many of the posters that it's likely this copy protection will be easy to hack. I doubt that it will be on purpose, but napster just doesn't have the kind of resources or time it takes to play this kind of game. But I do think that it's a legitimate attempt. Napster investors and board members aren't looking to play cute tricks and sly wink-wink kind of routines with all the visibility this has in the country and on the hill. This is all about making their authorized subscription service, which seems like it at this point will have only one major contributor, Bertelsmann (and if other label showings are any indications, maybe only with a few hundred selected traffic)
The main issue is really the injunction. Once a reasonable rewrite is made, napster will be compelled to turn off file sharing. The injunction has nothing to do with appropriate copy protection. It will still be illegal to swap songs, even if you can't burn them.
So that leaves the high profile 1 billion dollar deal that is nothing more than a political stance, an effort to show good faith that napster wants to pay. Can you imagine as a record label taking $30 million a year to give a license to piracy?? Do you think any of the labels would take that deal from off-shore pirates? And a little honesty... Where does the $200 million a year that napster would have to produce come from? How much revenue did they book in '00 ? Probably no more than 10-20 million, and if they did that would put them at the top of the heap in private online music ventures.
The real truth of the matter is that no one, NO ONE, is doing well with online music. No one can beg borrow or steal licenses to deliver digital as the primary medium. What you're left with is a bunch of marginal online radio apps and places that offer a horrible cross-section of downloadables (emusic). Or deals where the right to stream is gotten buy buying in the correct brick and mortar store. It makes no difference, look around at the online music industry and everyone is laying off. It's simply a game of how much money you have left before you go under.
Napster is no different. The $50 million they got from Bertelsmann had heavy contingencies. If you had made an investment in napster, wouldn't you have been looking at the appeal results as to how you felt about following through with the investments.
They even hinted at doing napster for movies and games. Apparently they saw scour's unqualified success as a reason to run down that road. What on earth makes them think they can be successful against the MPAA when the RIAA has been so effective?
Napster's management has cracked like everyone else's, and they are desperately grasping at any business plan that hits their desks. It's quite interesting to watch, you can be sure it will continue to be entertaining.
Slashdot Mirror
If you've registered a domain name recently you know how hard it is to get a good .com name. The scarcity is already and will continue to drive people to alternative tld's. My feeling is that in another 7 years (or less) you won't care at all who controls registration for .com. I would imagine that i would rather be a registrar that controlled access to an appealing alternative TLD. There are many great names left to sell. Verisign will end up selling less and less .com registrations as every possible reasonable one will have been taken.
Competition among registrars and many TLD's will also likely drive the average price of a domain name way down. I wouldn't be surprised if VeriSign's revenues get driven down by this.
Honestly, there are plenty of businesses i'd rather be able to get a crack at than baby sitting some root servers.
at the average intelligence shown around here. Who's with me?
two years ago would they have based this thing on motorolla's iridium?
It turns out it's super easy to integrate into a C or C++ base and nearly instantly gives you a very solid scripting language. Restricted execution allows you to limit the power of the scripts, perhaps only allowing access to a few of your own custom objects and none of the system calls. This allows us to trust scripts from relatively untrusted users. All in all it's been a dream to use.
I was a little weary of having to learn a new language. Having to have C, C++, Java, VB, perl, javascript & shell under your belt seems excessive. I wish we could settle down and use a few LESS languages, but whaddya gonna do?
Once I jumped in though, i found it really easy to learn and nice to work with. Most modern languages seems to use so many of the same concepts, it's hardly like picking up a new one (I felt the same way about java). So it was really painless.
I would suggest anyone who's on the fence to give it a try because really it's only a couple of days before you've got a pretty good command of it
Sleeper
I guess I don't understand what all the fuss is about then? With all the problems IP based authentication can create on a local network (with someone just taking over the IP address) who uses things such as .rhosts anymore?
"This change prevented attackers from guessing the ISN, but Newsham found that a skilled attacker could still glean enough information from other TCP sessions between two hosts to be able to infer the ISN value, regardless of whether it is incremented in a random manner."
I am no script kiddie but I thought I had even seen tools available for download that would do just that. If these have been around for years then how do they differ from this revelation?
The article at eweek that the post seems to refer to seems to give more details about the attack.
It says:
"ISN values are exchanged by the sending and receiving hosts and are supposed to be chosen randomly. Each successive packet then contains a sequence number that is based on the ISN plus the number of bytes transferred to the receiving host.
But if the ISN is not chosen at random or if it is increased by a non-random increment in subsequent TCP sessions, an attacker could guess the ISN, thereby enabling him or her to hijack the session's traffic, inject false packets into the stream or even launch a denial of service attack against individual Web servers."
So they seem to say the problem is not that the initial ISN isn't created randomly, it's that the subsequent numbers aren't incremeted randomly (wouldn't that be hard to do?) but are rather incremented by the number of bytes transmitted. IF you observe the session and count the bytes on a couple of packets, you can figure a number to use to continue (hijack) the session.
I guess there must be an additional bit to it considering the details haven't been released. Can anyone comment that knows more about the issue?
Anyway, my only point with telnet was that I thought it was already commonly accepted that encryption was the only thing that was going to stop hijacking. I guess this may get proved out
Sleeper
I'm pretty sure heart surgeons and other skilled medical staff make more than that. I personally know a couple of doctors that made in excess of $1 mil a year, which $250/hr sure doesn't get you.
I provide what amounts to software architecture and design work. Most of the systems lately have been ecommerce or online banking and online billing. Java, xml, RDBMS, C++, no single point of failure, hot fail, etc... full systems.
I generally work with a team that I've done many other projects together with. We already know each other, and how we work, and we're able to start at something close to 100% at the start of the project... something that doesn't happen normally when you put together a team that hasn't worked before.
The people I work with are great, we've always managed to get the job done right and on time in the past. Getting the reputation of being able to deliver results is what bring clients in.
Really it's basically just the Andersen, KPMG, BCG or whoevere model, bring in the whole team and charge more for the sum of the parts. The only difference is it's pretty uncommon for you to be happy at the end of an andersen engagement.
Commercial real estate has been in a free fall. Last spring, if you wanted to be in SOMA, some people were paying as much as $9-$12/sq ft a month. Currently, small space in SOMA is going for $1.75-$2.50/sq ft. a month, and is constantly being reduced.
Flats may take longer to go down, but here in potrero hill I've seen several 2 bedroom places with views going for the $2000-$2200 range, which i don't think yuo could have found six months ago at all. While It's lagged a bit, I know a bunch of people leaving the city currently. I wouldn't be suprised if another 9 months takes a lot of residential rent down by another $500 or more.
Well we can only hope
"HTML engineer" was the biggest myth of the last two years. Suddenly, if you had the attention span to read a book on HTML, you could get an $80k+ job inside the engineering department no problem. Here in san francisco, that was absolutely because there were hundreds of hopefully ecommerce shops run by MBA's with 0 technical knowledge. They would pile on the "engineers", who often with little experience would flounder... none of these companies were working very efficiently. Fast forward a year, and yeah, it's a lot harder to get that kind of job. People won't kiss your ass for having read a book and having designed your own homepage. You don't get a six figure signing bonus for knowing how to place images in tables. I know it's been said before, but good riddence. San Francisco had been torn apart by new money. $3000/mo 500 sq ft. flats. Overheard party circuit conversations about feeling sorry for the poor people "but honestly what do they expect". More mercedes benz automobiles than hondas. Honestly, you couldn't have lived in the bay area for the last three years and not been overwhelmed by it, even if you were part of the problem. I think what the salon article meant to say was "Tech Job Hunting returns to normal: Tough but fair". It may mean that with 2 years of experience you'll be struggling to sell yourself to a potential client. It may mean that what you got used to as a standard of living wasn't real. But as for a programmer with real experience and modern skills, there is most certainly work out there. I am both an engineering consultant and a staff member in an engineering consulting firm. While there is no doubt that demand has waned, My own services have stayed very much in demand and pricing hasn't dropped much from my peak of $250-$300/hr. I have found that those that we worked with with at least five years of coding are similarly in demand. We have also had some success placing other, but these rates have dropped significantly. At one point we were able to charge $110-$125 for QA, $125-$150 for design and $150-$200 for mid level programmers. These rates are now more like $40-$50 for QA, $50-$60 for design and $60-$90 for contract programming. I actually think $120k/year + overtime for doing HTML design is DAMN GOOD PAY. It'll just take a while before folks can swallow the bitter pill they have been handed. But when they do, they'll do just fine. Perhaps they won't be eatingf lunch at aqua anymore. Sleeper
I agree with many of the posters that it's likely this copy protection will be easy to hack. I doubt that it will be on purpose, but napster just doesn't have the kind of resources or time it takes to play this kind of game. But I do think that it's a legitimate attempt. Napster investors and board members aren't looking to play cute tricks and sly wink-wink kind of routines with all the visibility this has in the country and on the hill. This is all about making their authorized subscription service, which seems like it at this point will have only one major contributor, Bertelsmann (and if other label showings are any indications, maybe only with a few hundred selected traffic)
The main issue is really the injunction. Once a reasonable rewrite is made, napster will be compelled to turn off file sharing. The injunction has nothing to do with appropriate copy protection. It will still be illegal to swap songs, even if you can't burn them.
So that leaves the high profile 1 billion dollar deal that is nothing more than a political stance, an effort to show good faith that napster wants to pay. Can you imagine as a record label taking $30 million a year to give a license to piracy?? Do you think any of the labels would take that deal from off-shore pirates? And a little honesty... Where does the $200 million a year that napster would have to produce come from? How much revenue did they book in '00 ? Probably no more than 10-20 million, and if they did that would put them at the top of the heap in private online music ventures.
The real truth of the matter is that no one, NO ONE, is doing well with online music. No one can beg borrow or steal licenses to deliver digital as the primary medium. What you're left with is a bunch of marginal online radio apps and places that offer a horrible cross-section of downloadables (emusic). Or deals where the right to stream is gotten buy buying in the correct brick and mortar store. It makes no difference, look around at the online music industry and everyone is laying off. It's simply a game of how much money you have left before you go under.
Napster is no different. The $50 million they got from Bertelsmann had heavy contingencies. If you had made an investment in napster, wouldn't you have been looking at the appeal results as to how you felt about following through with the investments.
They even hinted at doing napster for movies and games. Apparently they saw scour's unqualified success as a reason to run down that road. What on earth makes them think they can be successful against the MPAA when the RIAA has been so effective?
Napster's management has cracked like everyone else's, and they are desperately grasping at any business plan that hits their desks. It's quite interesting to watch, you can be sure it will continue to be entertaining.
http://www.3d-shooters.com/screenshots/return_to_c astle_wolfenstein/
enjoy