>> This isn't supposed to be possible. SYN cookies are supposed to contain at least 24 bits worth of entropy... > > 24 bits of entropy is insignificant. WEP used a 24 bit IV, and we know how well that worked out for them. > For something to be computationally infeasible, it needs to have 80 bits of entropy or more.
Bollocks. While that holds true for encryption, i.e. the 24bit encryption can be brute forced in feasible amount of time, the same can not be said about hashing. Hashing is meant to be one-way, you cannot determine the input from the output.
Ofcourse you can get weak collisions if you send enough packets. 2^24 packets will do nicely, but that's nothing special as an syn-flood attack. You'd be merely filling the pipe, but the server would handidly drop most of the packets. That's precisely what the syn-cookies are there for.
In this case, the syn-cookie mechanism would indeed break if they could craft fake cookies that the server would accept, all of them. Or enough of them. But one in 16 million is not enough...
No, that's not it. That's just simple tcp handshake flood that originates from one ip. That's trivial to prevent. Every single server out there limits the number of tcp connections accepted per ip.
This article is more likely about them somehow being able to crack the syncookie calculation mechanism open so that they can send back ACK:s from spoofed ip to SYN-ACKs that the server never actually sent, but only believes it sent because the cookie opens up to correct values.
But that shouldn't be that easy to do, unless the serverside cookie generation is buggy, which might very well be the case for some tcp stacks...
I'm not religious, but I agree with the Aristotelian definition of "soul" is pretty much everything that makes an organism alive. You can say that living organisms possess "soul", dead ones don't. Just because someone uses the word soul doesn't imply they believe it something mystical and immortal.
I can take it a step further. If I define soul to be an apple, I can even prove that they exist.
If you're not religious and not into the supernatural aspect of the "soul" (as it's normally used and understood), let alone inclined to be scientific / philosophical about it, then why on earth would you even want to use the term "soul", even though it's possible to use in aristotelian meaning or some other definition making it real-worldish.
Soul, to most people, implies supernatural entity, which by definition in not part of natural sciences.
Particularly given that from a neuroscience perspective, "Mind" and "Soul" might as well be synonymous.
Actually, scientifically speaking "soul" is not synonymous to much else than "religious mumbo jumbo".
It's a redundant hypothesis that doesn't really explain anything, it doesn't provide a single experimentable prediction and it's beyond observations by definition. You might need it for your faith, but science sure as hell has no use for it.
Actually, Russia's economy has been growing steadily over the last few years
Actually, when the russians start drilling the north pole there'll only be few more gansters buying premier league clubs and all the world stars to play for them.
Average siberian thinks that Medvedev is just another Tsar in a long line of tyrants...
> Actually, 'climate change' is preferred instead of 'global warming' since it's very much possible that, > while the average worldwide temperature is expected to increase, the temperature could decrease in some > locations (Example: Gulf stream slowing down causing Europe to become colder)
Granted, but regarding the example, well, even with the gulf stream slowing down accounted for in all current models the temperature in northern europe (which owes it's habitability to the gulf stream) is still expected to rise.
But ye, global warming as such will also cause localized temperature decreasing effects, such as the gulf stream slowing down, but wether that will result in actual decrease in average temperature as a whole depends on a whole bundle other things, too.
Reiser may end up on death row because he was unable to raise enough funds to hire a good enough attorney. All because he named the product after himself instead of something more generic. Who would have guessed that he might pay for that bit of ego indulgement with his life?
>> And you have a right to a free lawyer > > Can I fork the lawyer and rename it?
Sure. Forking is actually recommended and after that it really doesn't matter what you call it. Personal favourite especially for lawyers is a good pitch fork (images.google.com/images?q=heavy+duty+pitch+fork) .
I understand that they're doing everything in their power to maintain their monopolistic position. In today's corporate world that's what they should/have to do and they do it and they do it rather well. That includes inventing own proprietary "evolving standards" every chance they have, augmenting and thus breaking existing standards, doing everything they can to sell the new versions every two-three years etc, etc (I could go on for hours..)
It's just that as a software enginer those practices have a negative impact on my work. But that effect is thesedays relatively nonexistans since when I applied to my current job I made it clear in the interview that I will not be seated to a windows box, I will not touch windows and most importantly I will not write software that will be run on windows.
And outside of work, I just don't like what they've done and I do all I can to get by without touching anything M$ related. Moreover, now a decade with linux I've really stopped caring what they do as long as they keep their hands out of free/open software community.
And I can't really blame M$ what they do, since I do understand them. But since the shite manifests in M$ they do sometimes get their share of hatered from me, too, eventhough I know perfectly well it's not really justifiable.
The thing I do hate is these a tad too big companies in today's corporate world that work for the share holders' benefit and their benefit alone. Nevermind the customers, employees, anti-trust laws...
Its situations like this that just scream patent reform. It all just goes in line with the new American business model: find ways to sue a major innovative company for millions.
Actually, I think it's the major companies that keep the smaller ones at bay with patent litigation.
Currently it's virtually impossible to start a company that would write, say, an office suite, an image editor or a database and attempt to make any innovations in said software without stumbling on to some of these trivial patents. And it doesn't help one bit that the patents would probably fail in court because it's the mere threat of litigation and it's costs that keeps the smaller companies at bay when the opposing side is a fortune 500 company.
But beyond that remark I totally agree with you, a patent reform truly called for.
Re:package manager need tons of work
on
Fedora Linux
·
· Score: 1
(I'm not running Fedora Core 6, so I'm not sure if this change made it in.)
It did. It's 3.0.1 now in fc6. And you're absolutely right, things have seriously become faster with yum.
Re:More widely used than you'd know
on
Fedora Linux
·
· Score: 1
What is ironic is that everyone is bitching about how it took 6 years to go from xp to Vista (which I won't migrate to) but I felt the opposite.
Geez, and you use Fedora. The one distro that really has set fast release cycles as one of it main agendas...
If you're stuck with redhatish quirks and want stability as in things-not-changing-all-the-god-damn-time, why not go for CentOS or other RHEL forks? Ther's stability for you (in more ways than one).
In a truly free market, you'd see Visual Studio (which is an awesome kit) that runs under Linux/BSD and can be bound to other compilers (e.g. Intel CC, GCC, etc). In a truly free market, you'd see Office work in Linux/BSD and use well documented file formats so people could create 3rd party tools for working with the data... In a truly free market, Windows would strive for UNIX/POSIX compliance underneath so that programs written for it (under the GUI level) would be more portable,...
Wrong.
In a truly free market there'd be nothing but Microsoft. PCs would be manufactured by them, as would be also the case for the chair you sit on and the electricity that powers your computer.
The only balance in free market are monopolies. That was gruesomly discovered late 19th century when trusts emerged with their sole intent being the creation of monopolies. Without rules, regulations, anti-trust laws and what not the free market would simply wind up being "one company market".
The big problem with the current US approach to global warming (beyond its pure bone-headed stupidity) is that once the US is forced into taking it seriously it will be significantly behind the competition from companies elsewhere in the globe, and paticularly in Europe.
Although you're absolutely right, I must add to that there's also an up-side to it. Because for example the Kioto agreement was phrased to force each country to reduce it's CO2 emission levels from what they are now to what they were some time ago. I can't remember the details but the point is that it was also agreed/planned that those emission could be exchanged between countries. Now imagine a country that has been blatantly disregarding all possible CO2 emission cut downs and imagine a country that already tried to be nature-aware and efficient. Guess who's gonna be selling CO2 emissions to whom.
I just can't figure out how come the emission levels weren't atleast somehow tied to per capita... I mean, rewarding those that have been more pollutive already on the expense of those that have atleast tried to do something seems counter intuitive to me.
So all in all, albeit sadly, the US might not have it so bad after all. Although, most likely future environmental agreements will atleast one day be loosely tied to per capita and then being competetive in CO2 efficiency will be crucial.
I wonder if SCO has licensed his "Dare To Be Stupid" song yet?
What do you mean his song? We're talking about SCO here. The real question is "Has Weird Al paid the license fee SCO demanded for his use of their song?"
Well, almost so, I believe the "Dare To Be Stupid" is in fact a Weird Al remake of the SCO original, their theme song if you please, which was titled "We're Too Stupid".
"...could avoid detection or suspicion by staying close to commercial airliner flight paths."
That's just great. More sams from hostile countries fired at commercial airliners. Just the thing we needed.
While we're at it why not paint the tanks white with red crosses and equip marines with sticks with white flags. No wait, also dress them as doctors, priests and nuns and put them on assault vehicles that look like school busses. Brilliant...
Slashdot Mirror
>> This isn't supposed to be possible. SYN cookies are supposed to contain at least 24 bits worth of entropy...
>
> 24 bits of entropy is insignificant. WEP used a 24 bit IV, and we know how well that worked out for them.
> For something to be computationally infeasible, it needs to have 80 bits of entropy or more.
Bollocks.
While that holds true for encryption, i.e. the 24bit encryption can be brute forced in feasible amount of time, the same can not be said about hashing. Hashing is meant to be one-way, you cannot determine the input from the output.
Ofcourse you can get weak collisions if you send enough packets. 2^24 packets will do nicely, but that's nothing special as an syn-flood attack. You'd be merely filling the pipe, but the server would handidly drop most of the packets. That's precisely what the syn-cookies are there for.
In this case, the syn-cookie mechanism would indeed break if they could craft fake cookies that the server would accept, all of them. Or enough of them. But one in 16 million is not enough...
No, that's not it. That's just simple tcp handshake flood that originates from one ip. That's trivial to prevent. Every single server out there limits the number of tcp connections accepted per ip.
This article is more likely about them somehow being able to crack the syncookie calculation mechanism open so that they can send back ACK:s from spoofed ip to SYN-ACKs that the server never actually sent, but only believes it sent because the cookie opens up to correct values.
But that shouldn't be that easy to do, unless the serverside cookie generation is buggy, which might very well be the case for some tcp stacks...
In other words they have supplied an agreed service at an agreed rate which is not manifestly unfair.
Would you care to elaborate how $19370 is "not manifestly unfair" for said services?
Rather than ordering a "bottle of red" and receiving the finest of wines, this case runs along these lines:
Customer: Pray sir, how much is the house red?
Waiter: $8 sir. Would sir like a bottle?
Customer: Hm. I'll take the vineyard.
Emails and photos sent back home to Portland all the way from Vancouver is like a vineyard in this case?
Really?
The original analogy was far more accurate, only the 1940 barolo is probably better than an ordinary $8 wine.
I'm not religious, but I agree with the Aristotelian definition of "soul" is pretty much everything that makes an organism alive. You can say that living organisms possess "soul", dead ones don't. Just because someone uses the word soul doesn't imply they believe it something mystical and immortal.
I can take it a step further. If I define soul to be an apple, I can even prove that they exist.
If you're not religious and not into the supernatural aspect of the "soul" (as it's normally used and understood), let alone inclined to be scientific / philosophical about it, then why on earth would you even want to use the term "soul", even though it's possible to use in aristotelian meaning or some other definition making it real-worldish.
Soul, to most people, implies supernatural entity, which by definition in not part of natural sciences.
Particularly given that from a neuroscience perspective, "Mind" and "Soul" might as well be synonymous.
Actually, scientifically speaking "soul" is not synonymous to much else than "religious mumbo jumbo".
It's a redundant hypothesis that doesn't really explain anything, it doesn't provide a single experimentable prediction and it's beyond observations by definition. You might need it for your faith, but science sure as hell has no use for it.
>We're one step closer to a "Forget your first sexual encounter" pill.
Not much of a market for that in here...
Actually, Russia's economy has been growing steadily over the last few years
Actually, when the russians start drilling the north pole there'll only be few
more gansters buying premier league clubs and all the world stars to play for them.
Average siberian thinks that Medvedev is just another Tsar in a long line of tyrants...
> Actually, 'climate change' is preferred instead of 'global warming' since it's very much possible that,
> while the average worldwide temperature is expected to increase, the temperature could decrease in some
> locations (Example: Gulf stream slowing down causing Europe to become colder)
Granted, but regarding the example, well, even with the gulf stream slowing down accounted for in all
current models the temperature in northern europe (which owes it's habitability to the gulf stream)
is still expected to rise.
But ye, global warming as such will also cause localized temperature decreasing effects, such as the gulf
stream slowing down, but wether that will result in actual decrease in average temperature as a whole
depends on a whole bundle other things, too.
In light of Kolumbus, I just might understand that argumentation from someone from the old continent, but coming from an american it seems odd.
Then again, the native americans would've been faaar better off without us europeans sticking our rifle barrels up their arses.
Reiser may end up on death row because he was unable to raise enough funds to hire a good enough attorney. All because he named the product after himself instead of something more generic. Who would have guessed that he might pay for that bit of ego indulgement with his life?
Torvalds, you listening there?
>> And you have a right to a free lawyer
) .
>
> Can I fork the lawyer and rename it?
Sure. Forking is actually recommended and after that it really doesn't matter what you call it.
Personal favourite especially for lawyers is a good pitch fork (images.google.com/images?q=heavy+duty+pitch+fork
I understand that they're doing everything in their power to maintain their monopolistic position. In today's corporate world that's what they should/have to do and they do it and they do it rather well. That includes inventing own proprietary "evolving standards" every chance they have, augmenting and thus breaking existing standards, doing everything they can to sell the new versions every two-three years etc, etc (I could go on for hours ..)
...
It's just that as a software enginer those practices have a negative impact on my work. But that effect is thesedays relatively nonexistans since when I applied to my current job I made it clear in the interview that I will not be seated to a windows box, I will not touch windows and most importantly I will not write software that will be run on windows.
And outside of work, I just don't like what they've done and I do all I can to get by without touching anything M$ related.
Moreover, now a decade with linux I've really stopped caring what they do as long as they keep their hands out of free/open software community.
And I can't really blame M$ what they do, since I do understand them. But since the shite manifests in M$ they do sometimes get their share of hatered from me, too, eventhough I know perfectly well it's not really justifiable.
The thing I do hate is these a tad too big companies in today's corporate world that work for the share holders' benefit and their benefit alone. Nevermind the customers, employees, anti-trust laws
I don't think this feature will be quick enough to save you time though.
It's pretty slick in vmware.
Its situations like this that just scream patent reform. It all just goes in line with the new American business model: find ways to sue a major innovative company for millions.
Actually, I think it's the major companies that keep the smaller ones at bay with patent litigation.
Currently it's virtually impossible to start a company that would write, say, an office suite, an image editor or a database and attempt to make any innovations in said software without stumbling on to some of these trivial patents. And it doesn't help one bit that the patents would probably fail in court because it's the mere threat of litigation and it's costs that keeps the smaller companies at bay when the opposing side is a fortune 500 company.
But beyond that remark I totally agree with you, a patent reform truly called for.
(I'm not running Fedora Core 6, so I'm not sure if this change made it in.)
It did.
It's 3.0.1 now in fc6.
And you're absolutely right, things have seriously become faster with yum.
What is ironic is that everyone is bitching about how it took 6 years to go from xp to Vista (which I won't migrate to) but I felt the opposite.
Geez, and you use Fedora. The one distro that really has set fast release cycles as one of it main agendas...
If you're stuck with redhatish quirks and want stability as in things-not-changing-all-the-god-damn-time, why not go for CentOS or other RHEL forks? Ther's stability for you (in more ways than one).
In a truly free market, you'd see Visual Studio (which is an awesome kit) that runs under Linux/BSD and can be bound to other compilers (e.g. Intel CC, GCC, etc). In a truly free market, you'd see Office work in Linux/BSD and use well documented file formats so people could create 3rd party tools for working with the data... In a truly free market, Windows would strive for UNIX/POSIX compliance underneath so that programs written for it (under the GUI level) would be more portable, ...
Wrong.
In a truly free market there'd be nothing but Microsoft. PCs would be manufactured by them, as would be also the case for the chair you sit on and the electricity that powers your computer.
The only balance in free market are monopolies. That was gruesomly discovered late 19th century when trusts emerged with their sole intent being the creation of monopolies. Without rules, regulations, anti-trust laws and what not the free market would simply wind up being "one company market".
The big problem with the current US approach to global warming (beyond its pure bone-headed stupidity) is that once the US is forced into taking it seriously it will be significantly behind the competition from companies elsewhere in the globe, and paticularly in Europe.
Although you're absolutely right, I must add to that there's also an up-side to it. Because for example the Kioto agreement was phrased to force each country to reduce it's CO2 emission levels from what they are now to what they were some time ago. I can't remember the details but the point is that it was also agreed/planned that those emission could be exchanged between countries. Now imagine a country that has been blatantly disregarding all possible CO2 emission cut downs and imagine a country that already tried to be nature-aware and efficient. Guess who's gonna be selling CO2 emissions to whom.
I just can't figure out how come the emission levels weren't atleast somehow tied to per capita... I mean, rewarding those that have been more pollutive already on the expense of those that have atleast tried to do something seems counter intuitive to me.
So all in all, albeit sadly, the US might not have it so bad after all. Although, most likely future environmental agreements will atleast one day be loosely tied to per capita and then being competetive in CO2 efficiency will be crucial.
Oracle decides to make it's own distro causing RedHat stock to dive and rumors about Oracle eventually buying the RedHat are circulated.
And now this. Microsoft backing up Novel and SuSe. What next?
After Google buys/takes-over Gentoo and we lose Debian to, say, Exxon. I suppose then it's finally time for me to get me coat...
I wonder if SCO has licensed his "Dare To Be Stupid" song yet?
What do you mean his song? We're talking about SCO here. The real question is "Has Weird Al paid the license fee SCO demanded for his use of their song?"
Well, almost so, I believe the "Dare To Be Stupid" is in fact a Weird Al remake of the SCO original, their theme song if you please, which was titled "We're Too Stupid".
Floating point arithmetic on computers is not absolutely accurate? Not suitable for
financial solutions?
What next? Sloppy usage of pointers in C may lead to uncanny features?
And I though I knew a thing or two about programming.
There's a video on break.com where you can see the liquid armor in action - it's pretty amazing:
or try google videos with 'liquid armor' since the break.com player options didn't quite work for me.
"I work at a Fortune 500 company, that actually hands out USB keys with laptop provisionings."
As soon as you used the term "provisionings" we all knew you worked for a Fortune 500 co. Do you "connectorize" stuff, too?
I'm a little baffled as to how you managed to miss the first hint...
Back then it was what happened between the start and the finnish of the game that was conidered content.
"...could avoid detection or suspicion by staying close to commercial airliner flight paths."
That's just great. More sams from hostile countries fired at commercial airliners. Just the thing we needed.
While we're at it why not paint the tanks white with red crosses and equip marines with sticks with white flags. No wait, also dress them as doctors, priests and nuns and put them on assault vehicles that look like school busses. Brilliant...