Actaully, I wasn't confusing the 2 at all. But I don't think that we should be banning public resolvers and forcing people to use the resolver operated by their ISP when those resolvers have frequently been messed with for profit by the companies running them. The article would propose killing OpenDNS, Google DNS, and many, many more.
The correct solution is not to break the internet by banning a harmless and very useful feature, but to fix the internet by blocking IP spoofing. Why on earth are there any ISPs out there that still allow spoofed traffic off their network? this is not a new issue, and should have been fixed ages ago.
You're confirming that I understood the article perfectly. The problem is in their choice of solution.
It seems there are 2 possible solutions.
1) get ISPs and transit providers to actually start blocking IP spoofing (something they all should have been doing years ago)
2) break the internet by banning all public resolvers.
Unfortunately the article seems to me to be advocating for number 2, which would harm many people, and just cause the attackers to continue to use IP spoofing on different services or protocols. Fix number 1 and you fix a lot. implement number 2, and you delay the issue by a few days while the attackers work around it.
Why not? sure, it would be more difficult as each request would have to be tailored to the DNS server it's using, but the same principle should apply, spoof the source address, request information (in this case something within the domain being hosted) and let the larger reply go to the spoofed (victim's) address.
The only thing preventing this is that it's more work than the easier current method of being able to send the same request to every name server, but there's no reason it couldn't still be done.
As others have pointed out, it's unlikely to actually be stocked with 10 years worth of provisions, but regardless of that, yes, the SWAT team would do a multi-year siege. Of course they'd also do things to make it end much quicker, like cut the internet connection, leaving no reason left for the people to stay inside. Police don't give up if they fail at first attempt, they just wait it out, no matter how long it takes. The only way anyone ever survives a siege is if they have external backup come overpower the attackers, this seems unlikely in any battle between a small group, and a modern government force.
Air tight is great, but how much oxygen do they have stored up?
Surviving a siege, regardless of your resources, ALWAYS amounts to waiting for backup. If there is no prospect of backup arriving to overcome your attackers, you might as well give up, because your food, electricity, and even air, will only last you so long. And Police don't simply "go away" after an initial failed attack. they WILL wait you out, no matter how long it takes.
This seems HIGHLY unlikely. Police don't give up that easily. Police always win eventually in that sort of thing, if they can't get in, they make sure nobody, and nothing, gets in or out until they get their way. No matter how many resources are inside that bunker, they will eventually run out of electricity, and food. Not to mention that cutting communication lines would definitely happen sooner or later. And the police can wait as long as they need to.
That's the thing with a private entity battling a government force. the government has effectively unlimited resources.
The simple fact that there is no source other than Cyberbunker for this annecdote, combined with the extremely dubious claim, makes it seem highly suspect.
I'm fully in favour of source address verification. however as for kicking all folks off the internet who run open resolvers... would you kick google off the internet? how about OpenDNS? do you really want to force everyone to use only their ISP's resolver after we've seen so many reports of IPSs abusing that position in one way or another?
Maybe this is over my head. But how would one rung a "safe" DNS server then? My interpretation of the article basically says to let only specific people use your DNS server, but then how would a company run a public resolver?
For example, Google runs open public name servers on 8.8.8.8 and 8.8.4.4, same with OpenDNS, and many, many more. What is to stop those servers from being used in this sort of attack? Is this article really advocating a situation where you MUST use only your own ISP's resolver and trust them not to do what so many of them consistently do and mess with the results?
Or am I completely missing the point to this article?
That would be interesting... except that the exact same thing happens to athiests too. Medical misdiagnosis are unfortunately common, and along with the body's own natural healing ability, account for every one of these cases. When it comes to minor aches and pains, mental condition and the body's own healing ability can handle a lot. When it comes to the larger issues, ones that would require surgery to solve, in every one of these cases that has ever been investigated and the claims are properly analyzed, it turns out the initial diagnosis was wrong.
And that's how arguing with religious people always goes. as soon as they realize that they're loosing the argument they come up with the one thing that you simply can't counter "God did it" Because God is supposed to have no limits to his/her/it's power they can explain ANY discrepancy with "God did it" they don't need to look in to it any further than that.
The real trick to this challenge would be to ignore the creationism debate entirely and simply look at internal inconsistencies in the Bible. There is no possible way to disprove faith and religion because they're too abstract and always subject to the "God did it" defence. But the bible is something that CAN be challenged, it is a text full of contradictions, and anywhere there are 2 contradictory statements, you know that at least one (if not both) must by definition be false. He wants proof that Genesis is wrong, that's easy, Genesis is contradictory and therefore wrong by definition.
I bet it's "supposed to mean" that the scientific method won't be allowed. he's probably using that word to try to weasel out of such techniques as carbon dating, or rational thought.
Faith can't be disproved, nor can God, or Adam and Eve. but the Bible is something we can read and evaluate, and as such, the Bible's account of creation can be disproved. The Bible contains all sorts of direct contradictions, and as two opposite things can not both be true, it is by definition wrong. (you don't even have to know if either one of the contradictory statements is true, they could both be false, but they can't both be true, so at least one must be wrong)
On the bright side you don't need to go very far to find a lot of contradictions.
In fact this whole argument could likely be won without even talking about creationism vs evolution, all he asked for was scientific proof that genesis is wrong. considering that it contains complete contradictions, one or the other must by definition be wrong. Of course I bet his list of possible judges includes only religious ones...
From what I understand the archive is for troubleshooting purposes. and is kept for 30 days. Without a lot more information about how they actually troubleshoot text message problems, it's hard for me to say if that's reasonable or not. I can however say I'm glad that TELUS pushed back on this, even with a general warrant they didn't release the information, even after loosing on appeal, they still pushed all the way to the Supreme Court to push for a wiretap order instead of the warrant. I am quite surprised that any company would go to all that effort to protect it's clients.
Which is exactly as it should be. the laws are all about intent, nobody cares how you do something, they care about the end result. "on a phone", "on the internet", "on the computer", "over text message" appended to the end of any existing action doesn't change the action. Laws should always be interpreted in a technologically agnostic way. Otherwise you'll never keep up with every new device invented that you failed to write in to the last version of the law.
If you need special paperwork to eavesdrop on my phone, you'd better need the same paperwork to eavesdrop on my text messages, my instant chat, my VoIP account, and my future telepathic satellite link.
I'm glad the Supreme Court of Canada seems to have figured this out, I'm just sadened that south of the border their courts don't get it (and unfortunately that usually comes back to bite us up here eventually)
It was. That's what the court determined. Thing is, the law didn't talk about "text messages" it talked about communication. text messages didn't exist when the law was written. What the court ruled is that just because the tech didn't exist, doesn't mean that it isn't covered.
Courts don't write laws. they interpret them. This time they interpreted what the original law "would have said" had it been written in an age where text messaging existed.
We don't need a new law for every new piece of technology that comes along. What we need is laws that give the general outline, and courts that realize what the intent was originally and rule within it. "on a phone" or "on a computer" doesn't change what you're doing, it only changes how it is done, rule based on what was done, not how.
The same court also ruled recently that Police need a warrant to search through your phone if it's password protected, but not if it is not, basically making it akin to your physical papers where they'd need a warrant to look through them if they were locked in a safe, but not if you left them lying on the desk and they were otherwise entitled to look at the desk.
At the moment I'm relatively happy with our supreme court... (and I'd like to give some credit to TELUS on this one, as it was TELUS who challenged the general warrant in this case and pushed for the wiretap order instead. good on them holding the government to account.)
No. it really isn't. no country wins by sending themselves back 50years technologically. If you advocate cutting the attacker off from the internet you may have something, but that likely involves kinetic strikes on infrastructure not in your own country.
As I said, it's your bread, charge whatever you want, wherever you want. but it's my car, so I can drive to whichever neighbourhood I want to buy it. don't get the police to set up roadblocks checking for smuggled bread.
Big companies shop around, yet they do everything they can to stop consumers from doing the same. You can make your product anywhere in the world you want. but I can buy it anywhere I want too.
As for your cancer post, it's completely hypothetical. but I bet they wouldn't even bother selling it at that $50 price unless they thought they could make money on it at that price. so they can hardly get upset at me for buying it at that price and importing it. or are you saying that someone dying of cancer in one part of the world is less worthy of affordable medication than someone dying of the same disease in a different part of the world? or does the pharmaceutical company also do background checks on each patient and charge accordingly? does a homeless person in the USA get the $50 price while a billionaire in africa pays $100,000?
Considering that many attacks are now extremely decentralized through botnets and other such things, isolating you from them could isolate you from the entire internet. now taking out the other country's links to the internet so they can't control the attack anymore, that might make sense. Of course if they keep getting around it somehow, you'll have to eventually work on something more drastic.
Of course the government could fix the problem pretty easily too... just change the laws such that Adobe can't refuse support for grey market imports, remove all laws against breaking digital locks, remove the import tariffs, and make re-selling grey market imports explicitly legal. Then let the market truly decide.
If Adobe can't compete with itself on a level playing field, maybe they'll re-think their practices.
This is NOT the free market in action, there are too many rules and regulations on the business' side that are against the consumer. open that up a bit to make it legal for consumers to shop around internationally, and then we'll talk about a free market.
Slashdot Mirror
How is an accidental public resolver an issue if IP spoofing is impossible?
Actaully, I wasn't confusing the 2 at all. But I don't think that we should be banning public resolvers and forcing people to use the resolver operated by their ISP when those resolvers have frequently been messed with for profit by the companies running them. The article would propose killing OpenDNS, Google DNS, and many, many more.
The correct solution is not to break the internet by banning a harmless and very useful feature, but to fix the internet by blocking IP spoofing. Why on earth are there any ISPs out there that still allow spoofed traffic off their network? this is not a new issue, and should have been fixed ages ago.
You're confirming that I understood the article perfectly. The problem is in their choice of solution.
It seems there are 2 possible solutions.
1) get ISPs and transit providers to actually start blocking IP spoofing (something they all should have been doing years ago)
2) break the internet by banning all public resolvers.
Unfortunately the article seems to me to be advocating for number 2, which would harm many people, and just cause the attackers to continue to use IP spoofing on different services or protocols.
Fix number 1 and you fix a lot. implement number 2, and you delay the issue by a few days while the attackers work around it.
1) would be REALLY bad, and I hate anyone who would even consider such a solution.
2) I can't imagine why every ISP and transit provider doesn't already do this. This has been a known problem for over a decade, deal with it already!
Why not? sure, it would be more difficult as each request would have to be tailored to the DNS server it's using, but the same principle should apply, spoof the source address, request information (in this case something within the domain being hosted) and let the larger reply go to the spoofed (victim's) address.
The only thing preventing this is that it's more work than the easier current method of being able to send the same request to every name server, but there's no reason it couldn't still be done.
As others have pointed out, it's unlikely to actually be stocked with 10 years worth of provisions, but regardless of that, yes, the SWAT team would do a multi-year siege. Of course they'd also do things to make it end much quicker, like cut the internet connection, leaving no reason left for the people to stay inside.
Police don't give up if they fail at first attempt, they just wait it out, no matter how long it takes. The only way anyone ever survives a siege is if they have external backup come overpower the attackers, this seems unlikely in any battle between a small group, and a modern government force.
Air tight is great, but how much oxygen do they have stored up?
Surviving a siege, regardless of your resources, ALWAYS amounts to waiting for backup. If there is no prospect of backup arriving to overcome your attackers, you might as well give up, because your food, electricity, and even air, will only last you so long. And Police don't simply "go away" after an initial failed attack. they WILL wait you out, no matter how long it takes.
This seems HIGHLY unlikely. Police don't give up that easily. Police always win eventually in that sort of thing, if they can't get in, they make sure nobody, and nothing, gets in or out until they get their way. No matter how many resources are inside that bunker, they will eventually run out of electricity, and food. Not to mention that cutting communication lines would definitely happen sooner or later. And the police can wait as long as they need to.
That's the thing with a private entity battling a government force. the government has effectively unlimited resources.
The simple fact that there is no source other than Cyberbunker for this annecdote, combined with the extremely dubious claim, makes it seem highly suspect.
I'm fully in favour of source address verification. however as for kicking all folks off the internet who run open resolvers... would you kick google off the internet? how about OpenDNS? do you really want to force everyone to use only their ISP's resolver after we've seen so many reports of IPSs abusing that position in one way or another?
Maybe this is over my head. But how would one rung a "safe" DNS server then? My interpretation of the article basically says to let only specific people use your DNS server, but then how would a company run a public resolver?
For example, Google runs open public name servers on 8.8.8.8 and 8.8.4.4, same with OpenDNS, and many, many more. What is to stop those servers from being used in this sort of attack? Is this article really advocating a situation where you MUST use only your own ISP's resolver and trust them not to do what so many of them consistently do and mess with the results?
Or am I completely missing the point to this article?
That would be interesting... except that the exact same thing happens to athiests too. Medical misdiagnosis are unfortunately common, and along with the body's own natural healing ability, account for every one of these cases. When it comes to minor aches and pains, mental condition and the body's own healing ability can handle a lot. When it comes to the larger issues, ones that would require surgery to solve, in every one of these cases that has ever been investigated and the claims are properly analyzed, it turns out the initial diagnosis was wrong.
You'd think an omnipotent being could get around such little issues... or is he not "all powerful" after all?
And that's how arguing with religious people always goes. as soon as they realize that they're loosing the argument they come up with the one thing that you simply can't counter "God did it" Because God is supposed to have no limits to his/her/it's power they can explain ANY discrepancy with "God did it" they don't need to look in to it any further than that.
The real trick to this challenge would be to ignore the creationism debate entirely and simply look at internal inconsistencies in the Bible. There is no possible way to disprove faith and religion because they're too abstract and always subject to the "God did it" defence. But the bible is something that CAN be challenged, it is a text full of contradictions, and anywhere there are 2 contradictory statements, you know that at least one (if not both) must by definition be false. He wants proof that Genesis is wrong, that's easy, Genesis is contradictory and therefore wrong by definition.
I bet it's "supposed to mean" that the scientific method won't be allowed. he's probably using that word to try to weasel out of such techniques as carbon dating, or rational thought.
Faith can't be disproved, nor can God, or Adam and Eve. but the Bible is something we can read and evaluate, and as such, the Bible's account of creation can be disproved. The Bible contains all sorts of direct contradictions, and as two opposite things can not both be true, it is by definition wrong. (you don't even have to know if either one of the contradictory statements is true, they could both be false, but they can't both be true, so at least one must be wrong)
depends on the definition of "third party judge" but I'm willing to bet he's unlikely to agree to any that aren't in some way religious.
On the bright side you don't need to go very far to find a lot of contradictions.
In fact this whole argument could likely be won without even talking about creationism vs evolution, all he asked for was scientific proof that genesis is wrong. considering that it contains complete contradictions, one or the other must by definition be wrong. Of course I bet his list of possible judges includes only religious ones...
From what I understand the archive is for troubleshooting purposes. and is kept for 30 days. Without a lot more information about how they actually troubleshoot text message problems, it's hard for me to say if that's reasonable or not.
I can however say I'm glad that TELUS pushed back on this, even with a general warrant they didn't release the information, even after loosing on appeal, they still pushed all the way to the Supreme Court to push for a wiretap order instead of the warrant. I am quite surprised that any company would go to all that effort to protect it's clients.
Which is exactly as it should be. the laws are all about intent, nobody cares how you do something, they care about the end result. "on a phone", "on the internet", "on the computer", "over text message" appended to the end of any existing action doesn't change the action. Laws should always be interpreted in a technologically agnostic way. Otherwise you'll never keep up with every new device invented that you failed to write in to the last version of the law.
If you need special paperwork to eavesdrop on my phone, you'd better need the same paperwork to eavesdrop on my text messages, my instant chat, my VoIP account, and my future telepathic satellite link.
I'm glad the Supreme Court of Canada seems to have figured this out, I'm just sadened that south of the border their courts don't get it (and unfortunately that usually comes back to bite us up here eventually)
It was. That's what the court determined.
Thing is, the law didn't talk about "text messages" it talked about communication. text messages didn't exist when the law was written. What the court ruled is that just because the tech didn't exist, doesn't mean that it isn't covered.
Courts don't write laws. they interpret them. This time they interpreted what the original law "would have said" had it been written in an age where text messaging existed.
We don't need a new law for every new piece of technology that comes along. What we need is laws that give the general outline, and courts that realize what the intent was originally and rule within it. "on a phone" or "on a computer" doesn't change what you're doing, it only changes how it is done, rule based on what was done, not how.
The same court also ruled recently that Police need a warrant to search through your phone if it's password protected, but not if it is not, basically making it akin to your physical papers where they'd need a warrant to look through them if they were locked in a safe, but not if you left them lying on the desk and they were otherwise entitled to look at the desk.
At the moment I'm relatively happy with our supreme court... (and I'd like to give some credit to TELUS on this one, as it was TELUS who challenged the general warrant in this case and pushed for the wiretap order instead. good on them holding the government to account.)
No. it really isn't. no country wins by sending themselves back 50years technologically.
If you advocate cutting the attacker off from the internet you may have something, but that likely involves kinetic strikes on infrastructure not in your own country.
As I said, it's your bread, charge whatever you want, wherever you want. but it's my car, so I can drive to whichever neighbourhood I want to buy it. don't get the police to set up roadblocks checking for smuggled bread.
Big companies shop around, yet they do everything they can to stop consumers from doing the same. You can make your product anywhere in the world you want. but I can buy it anywhere I want too.
As for your cancer post, it's completely hypothetical. but I bet they wouldn't even bother selling it at that $50 price unless they thought they could make money on it at that price. so they can hardly get upset at me for buying it at that price and importing it. or are you saying that someone dying of cancer in one part of the world is less worthy of affordable medication than someone dying of the same disease in a different part of the world? or does the pharmaceutical company also do background checks on each patient and charge accordingly? does a homeless person in the USA get the $50 price while a billionaire in africa pays $100,000?
I think that was exactly my point.
Considering that many attacks are now extremely decentralized through botnets and other such things, isolating you from them could isolate you from the entire internet. now taking out the other country's links to the internet so they can't control the attack anymore, that might make sense. Of course if they keep getting around it somehow, you'll have to eventually work on something more drastic.
Of course the government could fix the problem pretty easily too... just change the laws such that Adobe can't refuse support for grey market imports, remove all laws against breaking digital locks, remove the import tariffs, and make re-selling grey market imports explicitly legal. Then let the market truly decide.
If Adobe can't compete with itself on a level playing field, maybe they'll re-think their practices.
This is NOT the free market in action, there are too many rules and regulations on the business' side that are against the consumer. open that up a bit to make it legal for consumers to shop around internationally, and then we'll talk about a free market.