DNSSEC is not secure because it doesn't address the fundimental issues with security and nameservers.
I'm not sure you've read the specs...
It doesn't stop cache poisoning attacks- a client resquesting a name from a poisoned cache won't get the key so they won't know anything is wrong.
Like all security, you need a trust-anchor root. This is the same way that your browser has a list of trusted root CA certificates. DNSsec requires something similar: a list of keys for roots that you trust. It a can securely navigate below that point, but you do need to track the changes to at least these "anchors".
Breaking the nameserver itself gives you the keys as the nameserver is required to sign the resource records, so in this case, it gives people a false sense of security that they don't have!
DNSsec is designed so that you can do offline signing of data. thus you don't need to keep the keys on the nameserver serving your data. If it's broken, and people have you or something above you as a trust anchor there is no way the attacker can publish new data that will be trusted (though they can still obviously do DoS on the data by stopping it from being served).
Finally, as it stands, DNSSEC perscribes to give a particular company power that hasn't demonstrated that they're trustworthy enough to hold it.
Hopefully you'll have a choice in who signs it. The problem will come when you don't want to use verisign but you do want a.com address. You'd have to settle for a non-verisign opperated TLD
I couldn't understand your VER proposal at all based on the wording, so I won't respond to it.
can recognize touch, pressure and even the direction and path of a stroke.
Hmm... I can just envision the streets of NY filled with people wandering around all of whom are touching their clothes as if they were giving signals to the pitcher at a major league baseball game....
"I assume your hand will open this door whether you are alive or dead". Or was it conscious or unconscious? OK, I don't remember the exact quote, but you get the idea. I always loved that quote from data since it showed a side of him you rarely saw (and was potentially out of character but I didn't care).
How about we call the new section "slashmeat"? And then we can set up a web interface to post to slashdot and freshmeat at the same time! Two birds and all...
You know the sad thing is that I once had a guy at a gas station refuse to give me my free 20oz drink because the award, as printed on the cap, said "free coke". Thus, he said, he wasn't allowed to give me a diet coke. Sigh....
Pay me money or I'll submit a story to slashdot about your company every day.
Of course, this shouldn't scare you because of all the stories I've submitted to slashdot in the past (11-15) none were ever approved;-) But as long as I don't tell you that I'm ok, right?
Not at all. Then you can use the phone *while* you're using the internet. Just think of the possibilities man! Incredibly slow multi-player games while talking really slowly to them at the same time! Beat that!
Who actually listens to music on their cellphone anyway?
Actually, I do. But my phone does it and I have ear pieces... I find it better when flying and other places to do that rather than drain my laptop batteries.
When's the last time a company built a cellphone just for the purpose of making and receiving calls?
Admittedly this is a mixed blessing. The one thing you don't want your phone to do is break when you're trying to use it as a phone. But modern phones definitely have that problem, and both my last two phones have either crashed or locked when trying to use it as a phone. That's definitely bad. But yet because I need the other functionality (calendars, lists, etc) because I refuse to carry around multiple gadgets I keep buying a multi-phone even though I know it's going to be less of a phone. Interestingly enough a good friend of mine complains constantly about just wanting a phone that works as a phone. All the time. What did he buy for his last phone? That's right... A treo.
Here's code to to implement that joke. To get it right and be truly funny, you have to use realistic timing of course. Snicker:
(defun load-vmunix ()
"Loads the vmunix OS into 'the' Emacs."
(interactive)
(message "loading vmunix.el...")
(sleep-for 65535)
(message "loading vmunix.el...done")
)
I use Korganizer synced with a palm for my scheduling. It works quite well. Like any piece of software, it's far from perfect. But I'm continually impressed with what I can pull off with it. I really like being able to link in other schedules as well and have them available from a checkbox to display them or not. I have the fedora release schedule pulled from HTTP, my wifes schedule copied to my machine hourly from hers... Lets me quickly overlay multiple things.
To make sure I look at it, my login session opens it whenever I log into my machine (and I do shutdown nightly just to start clean though it's hardly necessary). A cron job to open it every morning would be just as helpful.
Obviously, this needs at least some level of KDE installed.
Dude, I haven't laughed that hard outloud at a slashdot comment in a long time. Thanks!
[though his comment should have been in a blog not a diary, but I'll give you the benefit and assume you meant an Emacs diary entry.]
The inevitable situation is that we will have unlimited space -- that is, more than we can fill.
Never underestimate the ability of microsoft to always require a slightly larger disk than you have.
(linux, my normal environment, isn't much better because I install all those extras because I can. I've never yet had a disk that I've not had to wonder at somepoint "where did all my space go")
Defacing the site without touching it
on
Hack IIS6 Contest
·
· Score: 1
One of these days someone is going to do a DNS cache poisoning attack to win one of these contests. You don't even need to touch the machine in question to win!
A secure server connected to an insecure network doesn't mean people will be able to sucessfuly talk to it.
The key to productivity really is: not reading email, not browsing the web, just firing up the editor and just getting down to reading, thinking, and finally writing code.
Summary: any platform where (X)Emacs will run.
Well, we all know there is a lot of patents, and that is clear from the discussion... but there are two problems and the stats blur them together.
How many have been challenged out of the mass? We know that patents are much easier to get than to defeat... But what is the percentage that has been challeged (besides low), and has that percentage gotten better or worse over time?
How many have been challenged and lost. The interesting statistic is not how many have been over-turned, but what percentage of those that have been challenged are over-turned.
Gee... a virus that does things different when in a debugger or emulator? Sounds an aweful lot like a certain version of Turbotax about 2 years back... Do we have a prime suspect yet?
gcompris is a great kids set of educatinoal software. You might throw in some others as well. Then wrap the whole thing in a kde kiosk that comes up on boot. zero maintance and easy to use.
Ok... I should admit something. I've never used kde in kiosk mode, but I've heard its cool.
Sounds like it should suit the bill, no?
... you have the right job/responsibilities and the right boss.
I've been working at home for the last 3.5 years starting shortly after my daughter was born (I now have a son as well). Though I miss aspects of the office environment, I love being close to the kids and seeing them more than many Dads get to. I does mean I spread my time out over the day a lot more, however, and it can be stressful to get the work actually done.
But, the only reason this works is because I'm a programmer with a lot of flexibility in what I do, very few on-this-hour deadlines and one of the best bosses ever. It's hard to find a boss that lets you put family first at all times, but there are some like that out there. And if you find one, hang on to them and don't let them down! That's the tricky part. Flexibility is only granted to those that have shown the ability to handle it well. I try to get everything I'm asked to do done on time if not earlier, and with exceptional quality. IE, the more you preform efficiently the better you'll be able to get the flexibility you need.
Effeciency is by far the most important benchmark in my mind. If you are not efficient, you won't do a good job. Concentrate on what you need to get done and try to eliminate as much waste and you'll be amazed how much you can get accomplished.
Now, having said all that, do put up a gate between you and the child(ren) and teach them early to understand what "working" means. But at least you can step back over that gate frequently.
A while ago Sun decided to use the Net-SNMP open-source (BSD-licenced) SNMP agent instead of their proprietary one that they had been distributing for a long time. Being the lead-developer of the project, they contacted me about how to best work with each other. They were wonderful to work with, accomodated all my requests of them and submitted more patches and bug fixes than probably anyone else (under a BSD license, which I required). Our users were certainly pleased with all this, as a large number of our users were sun users that had swapped in our snmp agent for theirs. Tighter integration meant better support for them. (not to mention better security as our code supports SNMPv3, and theirs did not to my understanding).
Unfortuantely, the tale turned sour when Sun downsized and the entire team that did all this wonderful work (and probably will have saved Sun money in the long run) got laid-off.
So, this story is both good and bad news. They've done smart things before in the OSS realm, but they've also laid off some of the people that really made it happen.
1) I called pacbell because my connection was down. I told the guy "The connection is down, and your router isn't responding to ARP requests". He said "lets check your TCP/IP settings to see if you changed something.". I replied, I have 3 machines none of them have been touched and they can all talk to each other just fine. "I'm sorry sir, but you need to do this". Ok, so I fired up vmware and continued reading my email and other such things while repeatedly saying "ok" and "yep, its right" into the phone. Occassionally he'd ask what the dialog box said, so I'd quickly move over to VMware and start reading off the tab names at the top. Eventually, when he was satisfied with my settings he sent me to tier-2, who took 8 hours to call back but did finally fix it (shocker, it was their fault). I hate the tier support system
2) I called SBC the other day and asked "I was wondering if you support multicast to your home dsl users". Back came the indian accent: "I'm sorry sir, but I couldn't quite hear you". Repeat these two lines for 10 minutes. Finally, she answers "ohh... Yes, we support multitasking over our DSL lines". Sigh... I said "never mind, I can see you're not going to be of help if we can't communicate". She said "Why do you say that sir? Maybe you should try our online live chat support system."
But seriously, how long do you think you could play a tape of your voice asking stupid questions at random intervals (say every 30 seconds or so) over the phone without them hanging up on you and actually trying to have a conversation? I'm betting you could get some of them going for 30 minutes at least.
The Internet Architecture Board has recently written a document (draft-iab-identities) which covers how DNS names are used as identities and why doing things like what verisign was trying to do is a bad thing. They don't outright specify this particular battle, but talk about it in a more generic sense.
Slashdot Mirror
I'm not sure you've read the specs...
It doesn't stop cache poisoning attacks- a client resquesting a name from a poisoned cache won't get the key so they won't know anything is wrong.
Like all security, you need a trust-anchor root. This is the same way that your browser has a list of trusted root CA certificates. DNSsec requires something similar: a list of keys for roots that you trust. It a can securely navigate below that point, but you do need to track the changes to at least these "anchors".
Breaking the nameserver itself gives you the keys as the nameserver is required to sign the resource records, so in this case, it gives people a false sense of security that they don't have!
DNSsec is designed so that you can do offline signing of data. thus you don't need to keep the keys on the nameserver serving your data. If it's broken, and people have you or something above you as a trust anchor there is no way the attacker can publish new data that will be trusted (though they can still obviously do DoS on the data by stopping it from being served).Finally, as it stands, DNSSEC perscribes to give a particular company power that hasn't demonstrated that they're trustworthy enough to hold it.
Hopefully you'll have a choice in who signs it. The problem will come when you don't want to use verisign but you do want a .com address. You'd have to settle for a non-verisign opperated TLD
I couldn't understand your VER proposal at all based on the wording, so I won't respond to it.
Hmm... I can just envision the streets of NY filled with people wandering around all of whom are touching their clothes as if they were giving signals to the pitcher at a major league baseball game....
"I assume your hand will open this door whether you are alive or dead". Or was it conscious or unconscious? OK, I don't remember the exact quote, but you get the idea. I always loved that quote from data since it showed a side of him you rarely saw (and was potentially out of character but I didn't care).
How about we call the new section "slashmeat"? And then we can set up a web interface to post to slashdot and freshmeat at the same time! Two birds and all...
You know the sad thing is that I once had a guy at a gas station refuse to give me my free 20oz drink because the award, as printed on the cap, said "free coke". Thus, he said, he wasn't allowed to give me a diet coke. Sigh....
Pay me money or I'll submit a story to slashdot about your company every day.
Of course, this shouldn't scare you because of all the stories I've submitted to slashdot in the past (11-15) none were ever approved ;-) But as long as I don't tell you that I'm ok, right?
Not at all. Then you can use the phone *while* you're using the internet. Just think of the possibilities man! Incredibly slow multi-player games while talking really slowly to them at the same time! Beat that!
Actually, I do. But my phone does it and I have ear pieces... I find it better when flying and other places to do that rather than drain my laptop batteries.
When's the last time a company built a cellphone just for the purpose of making and receiving calls?
Admittedly this is a mixed blessing. The one thing you don't want your phone to do is break when you're trying to use it as a phone. But modern phones definitely have that problem, and both my last two phones have either crashed or locked when trying to use it as a phone. That's definitely bad. But yet because I need the other functionality (calendars, lists, etc) because I refuse to carry around multiple gadgets I keep buying a multi-phone even though I know it's going to be less of a phone. Interestingly enough a good friend of mine complains constantly about just wanting a phone that works as a phone. All the time. What did he buy for his last phone? That's right... A treo.
Hey... why did it strip my <pre tags out? sigh.
Here's code to to implement that joke. To get it right and be truly funny, you have to use realistic timing of course. Snicker: (defun load-vmunix () "Loads the vmunix OS into 'the' Emacs." (interactive) (message "loading vmunix.el...") (sleep-for 65535) (message "loading vmunix.el...done") )
Does this mean we slashdotted a state?
To make sure I look at it, my login session opens it whenever I log into my machine (and I do shutdown nightly just to start clean though it's hardly necessary). A cron job to open it every morning would be just as helpful.
Obviously, this needs at least some level of KDE installed.
Dude, I haven't laughed that hard outloud at a slashdot comment in a long time. Thanks! [though his comment should have been in a blog not a diary, but I'll give you the benefit and assume you meant an Emacs diary entry.]
Never underestimate the ability of microsoft to always require a slightly larger disk than you have.
(linux, my normal environment, isn't much better because I install all those extras because I can. I've never yet had a disk that I've not had to wonder at somepoint "where did all my space go")
One of these days someone is going to do a DNS cache poisoning attack to win one of these contests. You don't even need to touch the machine in question to win! A secure server connected to an insecure network doesn't mean people will be able to sucessfuly talk to it.
The key to productivity really is: not reading email, not browsing the web, just firing up the editor and just getting down to reading, thinking, and finally writing code. Summary: any platform where (X)Emacs will run.
Well, of course with a name like microsoft you're bound to get email for viagra like products... (excuse me... I should have said V1aGR___a)
Gee... a virus that does things different when in a debugger or emulator? Sounds an aweful lot like a certain version of Turbotax about 2 years back... Do we have a prime suspect yet?
Ok... I should admit something. I've never used kde in kiosk mode, but I've heard its cool. Sounds like it should suit the bill, no?
Unfortunately, I suspect you're right. Just not in the way you thought...
password: ""
I've been working at home for the last 3.5 years starting shortly after my daughter was born (I now have a son as well). Though I miss aspects of the office environment, I love being close to the kids and seeing them more than many Dads get to. I does mean I spread my time out over the day a lot more, however, and it can be stressful to get the work actually done.
But, the only reason this works is because I'm a programmer with a lot of flexibility in what I do, very few on-this-hour deadlines and one of the best bosses ever. It's hard to find a boss that lets you put family first at all times, but there are some like that out there. And if you find one, hang on to them and don't let them down! That's the tricky part. Flexibility is only granted to those that have shown the ability to handle it well. I try to get everything I'm asked to do done on time if not earlier, and with exceptional quality. IE, the more you preform efficiently the better you'll be able to get the flexibility you need.
Effeciency is by far the most important benchmark in my mind. If you are not efficient, you won't do a good job. Concentrate on what you need to get done and try to eliminate as much waste and you'll be amazed how much you can get accomplished.
Now, having said all that, do put up a gate between you and the child(ren) and teach them early to understand what "working" means. But at least you can step back over that gate frequently.
Unfortuantely, the tale turned sour when Sun downsized and the entire team that did all this wonderful work (and probably will have saved Sun money in the long run) got laid-off.
So, this story is both good and bad news. They've done smart things before in the OSS realm, but they've also laid off some of the people that really made it happen.
1) I called pacbell because my connection was down. I told the guy "The connection is down, and your router isn't responding to ARP requests". He said "lets check your TCP/IP settings to see if you changed something.". I replied, I have 3 machines none of them have been touched and they can all talk to each other just fine. "I'm sorry sir, but you need to do this". Ok, so I fired up vmware and continued reading my email and other such things while repeatedly saying "ok" and "yep, its right" into the phone. Occassionally he'd ask what the dialog box said, so I'd quickly move over to VMware and start reading off the tab names at the top. Eventually, when he was satisfied with my settings he sent me to tier-2, who took 8 hours to call back but did finally fix it (shocker, it was their fault). I hate the tier support system
2) I called SBC the other day and asked "I was wondering if you support multicast to your home dsl users". Back came the indian accent: "I'm sorry sir, but I couldn't quite hear you". Repeat these two lines for 10 minutes. Finally, she answers "ohh... Yes, we support multitasking over our DSL lines". Sigh... I said "never mind, I can see you're not going to be of help if we can't communicate". She said "Why do you say that sir? Maybe you should try our online live chat support system."
But seriously, how long do you think you could play a tape of your voice asking stupid questions at random intervals (say every 30 seconds or so) over the phone without them hanging up on you and actually trying to have a conversation? I'm betting you could get some of them going for 30 minutes at least.
The Internet Architecture Board has recently written a document (draft-iab-identities) which covers how DNS names are used as identities and why doing things like what verisign was trying to do is a bad thing. They don't outright specify this particular battle, but talk about it in a more generic sense.