Nowadays "real" certificates are not expensive anymore. Certificates from "Comodo" were in the past offered for as little as USD 5 per year. Currently they can be had to USD 9,95 for one year for example at www.litessl.de (Disclaimer: I'm not affiliated with this company but a happy company of their "main" operations under a different name).
While some SSL vendors try to put these cheap certificates into a bad light (because they are issued in a automatic process, certain data is not included into the certificate etc), they most certainly do the job i.e. prevent the browser from showing a warning. Currently the SSL vendors try to salvage the cash cow SSL by the introduction of EV certificates.
And regarding virtual hosts this problem has been solved as well, see http://en.wikipedia.org/wiki/Server_Name_Indication This technology is still not universally available and thus it will still take some time but it solves the problem.
So the remaining problem is computational costs and this is the real problem. For big operations this increases the costs significantly and you might need/want to obtain for example SSL hardware acceleration boards.
This is incorrect. T-Mobile Germany does allow tethering without any additional charge on current iphone plans. You can even get (for a one-time fee) a second SIM card e.g. for your iPad. See the fine-print on t-mobile.de.
Now, if the anti-nuclear energy lobby had actually allowed us to build more, modern reactors over that time period, then we would have plenty of new, modern, safe nuclear reactors.
Oh really? I have not much insight but i keep reading that there was never much resistance against nuclear power in the Japanese population because they a.) believed in the technology and b.) saw the necessity.
So what has barred the Japanese from buying those hypothetical "plenty of new, modern, safe nuclear reactors." Yes, I know that the plant in question was about to be shut down. Still it was in operation for 40 years in which time span the safety of nuclear was allegedly so much increased. So why wasn't it replaced 20 years ago?
The truth is that these power plants are operated by companies who want to earn money. They will never replace a plant before they are forced too. And that they weren't forced is not the fault of the opponents of nuclear power.
I can make a Tesla coil out of $50 of junk surplus parts and destroy a roomful of the highest end electronic equipment in the world.
Nonsense. Operating a Tesla coil does not harm other electronics. I know because we have one in our hackerspace. It is operated occasionally and beside some noise we had recently in a AV recording and bad odor in the air it has no bad effects.
I RTFA (shame on me) and it is in my opinion absolutely stupid.
There is actually only one real reason given and that is that if you reboot after some services ceased working, you might end up with a unbootable machine.
In my opinion this outcome is absolutely great. Ok, maybe no great, but it is important and rightful. It forces you to fix the problem properly instead of ignoring the known problems and missing yet unknown problems which might bite you in the.... shortly after.
Also: When services start being flakey on my system, i usually want to run an fsck. In 16 years linux/unix administrations I found quite a time that the FS was corrupted without an apparent reason and with beeing unnoticed before. So a fsck is usually a good thing to run when strange things happen and to be able to run it, i nearly always need to reboot.
I can't grasp what kind of thinking it must be to continue running a server where some services fail or behave strangely. You could end up with more damage than cause by a outage when the reboot does not go through. You just might want to do the reboot at off-peak hours.
They should not take any steps in this direction. We should have learned that. it. just. don't. work. Brute-forcing a hash is not illegal anyway. If the customer of amazon decides to misuse the result, than this is not the responsibility of Amazon. Many services and tools can be abused for crime.
It's ridiculous that companies own more than a/24 (256 IP addresses) since they're not using it for public visibility.
This is really a utterly stupid comment. Have you ever heard about companies in the so called ISP business? I'm very sure that you are using the services of one of these companies. Did it occur to you that this company might have more than say 250 customers?
And what happens when the house's new owners want it unblurred? Google has to send out a new truck because their only copy of the existing picture is blurry?
Yes, they would have to. Google has already announced that the blur will be made permanent and no unblurred data will be kept. The current malfunctioning way is just a stop-gap measure.
The controversy about hacker vs. cracker is old and unsolved. But this case really does not warrant the use of the word "hack/hacked" under any meaning of the word whatsoever. This is a act of pure vandalism, nothing more.
Your phone does a periodic handshake with the tower, so that the operator knows which cell to route your calls to.
There is no general need for a periodic handshake in order to achieve this. In a properly designed system it would suffice if the phone contacts the network only when it switches to another tower. As long as there is no new update, the network can assume that you are still reachable through the same tower. So if periodic updates are needed, its actually a shortcoming of the specific mobile phone standard.
In GSM networks this is even more optimized. GSM allows to combine multiple towers into a so called Location Area. When the network needs to contacts the phone, it will try the limited number of towers in that LA. So as long as you stay in that LA, your phone does not need to contact the network - even if the phone switches to another tower. GSM operators can instruct your phone to send a periodic update anyway, but this is usually configured to happen only every few hours at most (e.g. every 6 hours, some operators use 24 hours).
According to an update dated 14:02 GMT (just two minutes before you commented) in TFA the site just came back online. So it probably WAS down when the article was published and there is no justification for snippy remarks like yours.
Wow, someone decided to mod me down as overrated. Talk about mod abuse.
However, it is told that the DNSSEC testbed worked fine during the outage, so this is a strong indicator that DNSSEC was not the culprit. I also got a credible statement from a DENIC technician that DNSSEC was not the reason and the DFN NOC is - as i said - making a ridiculous claim without any background knowledge. DENIC still has not provided an explanation but it appears that for some reasons the zones were only transfered in part, which explains why domains up to a specific point worked and the domains after that point didn't.
The abusive mod may now choose to mod me down again.
I heard this claim coming from the DFN as well, but i really suspect that it's bullshit. Why? As far as i understood (i admit lacking proper knowledge of DNSSEC) the introduction of DNSSEC might only affect clients which are actually capable of doing DNSSEC and which will request the nameserver to do DNSSEC, as DNSSEC is done by additional records in the DNS. Old clients will just request records as they did ever and will get normal answers like they got ever.
Also as told above, domains starting with a digit or the letters a to e (like br-online.de) did work all the time, while requests for other domains got a NXDOMAIN on the greater part of the authorative nameservers. I don't see any valid explanation how such a scenario should be caused by experimenting with DNSSEC. It seems more that a number of nameservers only got a incomplete zone file ending after domains starting with e.
I really think that the DFN NOC is making a wrong claim out of their ass here.
The problem did not affect all domains and it did not affect all nameservers for the german TLD. The nameservers which are reached through "c.de.net" (== c.nic.de) and "s.de.net" (== s.nic.de) more or less worked fine during the outage. Only for a short period of time they did not answer. The other nameservers for.de however lost the knowledge of most domains under the TLD and only returned NS-records for the domain names starting with a digit or with the letter a to e. So for example br-online.de worked fine, while web.de did not. The really bad part is, that the affected nameservers did not refrain to answer but instead answered with NXDOMAIN. So they told that they do not have a record for the query, which in turn effects to "This domain does not exist". Unfortunately such negative answers are cached for a time determined by the authorative nameserver. DENIC's nameserver tell clients to cache this result for 7200 seconds, therefore the outage continued to make problems for up to two hours after the problem was fixed, unless the DNS caches were cleared.
One more thing to notice: Some sites claim that four of the six nameservers for.de were affected because six hostnames are listed as nameservers for.de and as i told, two of them did work. However both a.nic.de and z.nic.de resolv to anycast IPs which will be routed to a number of different servers around the world depending on your own location. So it are more than six servers in total.
Slashdot Mirror
While I despise such cheating in general, I still have to say that this is a nice stunt. I like the coding through seating step.
Maybe you should choose a provider which does not rip you off.
Nowadays "real" certificates are not expensive anymore. Certificates from "Comodo" were in the past offered for as little as USD 5 per year. Currently they can be had to USD 9,95 for one year for example at www.litessl.de (Disclaimer: I'm not affiliated with this company but a happy company of their "main" operations under a different name).
While some SSL vendors try to put these cheap certificates into a bad light (because they are issued in a automatic process, certain data is not included into the certificate etc), they most certainly do the job i.e. prevent the browser from showing a warning. Currently the SSL vendors try to salvage the cash cow SSL by the introduction of EV certificates.
And regarding virtual hosts this problem has been solved as well, see http://en.wikipedia.org/wiki/Server_Name_Indication This technology is still not universally available and thus it will still take some time but it solves the problem.
So the remaining problem is computational costs and this is the real problem. For big operations this increases the costs significantly and you might need/want to obtain for example SSL hardware acceleration boards.
This is incorrect. T-Mobile Germany does allow tethering without any additional charge on current iphone plans. You can even get (for a one-time fee) a second SIM card e.g. for your iPad. See the fine-print on t-mobile.de.
Oh really? I have not much insight but i keep reading that there was never much resistance against nuclear power in the Japanese population because they a.) believed in the technology and b.) saw the necessity.
So what has barred the Japanese from buying those hypothetical "plenty of new, modern, safe nuclear reactors." Yes, I know that the plant in question was about to be shut down. Still it was in operation for 40 years in which time span the safety of nuclear was allegedly so much increased. So why wasn't it replaced 20 years ago?
The truth is that these power plants are operated by companies who want to earn money. They will never replace a plant before they are forced too. And that they weren't forced is not the fault of the opponents of nuclear power.
Maybe you could have just checked the site the article is on. Then you would have found this: http://www.cringely.com/about/
Nonsense. Operating a Tesla coil does not harm other electronics. I know because we have one in our hackerspace. It is operated occasionally and beside some noise we had recently in a AV recording and bad odor in the air it has no bad effects.
You are wrong. The WWW was invented before Windows 3.1 was introduced.
I once suffered from this illness myself. Thankfully I was able to overcome it.
I RTFA (shame on me) and it is in my opinion absolutely stupid.
There is actually only one real reason given and that is that if you reboot after some services ceased working, you might end up with a unbootable machine.
In my opinion this outcome is absolutely great. Ok, maybe no great, but it is important and rightful. It forces you to fix the problem properly instead of ignoring the known problems and missing yet unknown problems which might bite you in the .... shortly after.
Also: When services start being flakey on my system, i usually want to run an fsck. In 16 years linux/unix administrations I found quite a time that the FS was corrupted without an apparent reason and with beeing unnoticed before. So a fsck is usually a good thing to run when strange things happen and to be able to run it, i nearly always need to reboot.
I can't grasp what kind of thinking it must be to continue running a server where some services fail or behave strangely. You could end up with more damage than cause by a outage when the reboot does not go through. You just might want to do the reboot at off-peak hours.
They should not take any steps in this direction. We should have learned that. it. just. don't. work. Brute-forcing a hash is not illegal anyway. If the customer of amazon decides to misuse the result, than this is not the responsibility of Amazon. Many services and tools can be abused for crime.
This is really a utterly stupid comment. Have you ever heard about companies in the so called ISP business? I'm very sure that you are using the services of one of these companies. Did it occur to you that this company might have more than say 250 customers?
Are you brain damaged? I have nothing to do with that guy.
Andreas Bogk, long-time member of the german Chaos Computer Club and well connected to many people claims that this guy is actually capable of doing such an DoS: http://twitter.com/andreasdotorg/status/8940380875653120
One self proclaimed "Hacktivist for good" claims responsibility for the DoS-Attack: http://twitter.com/th3j35t3r
He threatened before that he would do that when Wikileaks releases, see last comment on http://th3j35t3r.wordpress.com/2010/09/17/wikileaks-insurance-policy-expired/
Yes, they would have to. Google has already announced that the blur will be made permanent and no unblurred data will be kept. The current malfunctioning way is just a stop-gap measure.
No. The EU data retention law does not allow/ask for logging actual content like which website was accessed.
The controversy about hacker vs. cracker is old and unsolved. But this case really does not warrant the use of the word "hack/hacked" under any meaning of the word whatsoever. This is a act of pure vandalism, nothing more.
There is no general need for a periodic handshake in order to achieve this. In a properly designed system it would suffice if the phone contacts the network only when it switches to another tower. As long as there is no new update, the network can assume that you are still reachable through the same tower. So if periodic updates are needed, its actually a shortcoming of the specific mobile phone standard.
In GSM networks this is even more optimized. GSM allows to combine multiple towers into a so called Location Area. When the network needs to contacts the phone, it will try the limited number of towers in that LA. So as long as you stay in that LA, your phone does not need to contact the network - even if the phone switches to another tower. GSM operators can instruct your phone to send a periodic update anyway, but this is usually configured to happen only every few hours at most (e.g. every 6 hours, some operators use 24 hours).
No.
As they were already shutdown last year (and after announcing the intent to do so) this is hardly news.
According to an update dated 14:02 GMT (just two minutes before you commented) in TFA the site just came back online. So it probably WAS down when the article was published and there is no justification for snippy remarks like yours.
Wow, someone decided to mod me down as overrated. Talk about mod abuse.
However, it is told that the DNSSEC testbed worked fine during the outage, so this is a strong indicator that DNSSEC was not the culprit. I also got a credible statement from a DENIC technician that DNSSEC was not the reason and the DFN NOC is - as i said - making a ridiculous claim without any background knowledge. DENIC still has not provided an explanation but it appears that for some reasons the zones were only transfered in part, which explains why domains up to a specific point worked and the domains after that point didn't.
The abusive mod may now choose to mod me down again.
I heard this claim coming from the DFN as well, but i really suspect that it's bullshit. Why? As far as i understood (i admit lacking proper knowledge of DNSSEC) the introduction of DNSSEC might only affect clients which are actually capable of doing DNSSEC and which will request the nameserver to do DNSSEC, as DNSSEC is done by additional records in the DNS. Old clients will just request records as they did ever and will get normal answers like they got ever.
Also as told above, domains starting with a digit or the letters a to e (like br-online.de) did work all the time, while requests for other domains got a NXDOMAIN on the greater part of the authorative nameservers. I don't see any valid explanation how such a scenario should be caused by experimenting with DNSSEC. It seems more that a number of nameservers only got a incomplete zone file ending after domains starting with e.
I really think that the DFN NOC is making a wrong claim out of their ass here.
The problem did not affect all domains and it did not affect all nameservers for the german TLD. The nameservers which are reached through "c.de.net" (== c.nic.de) and "s.de.net" (== s.nic.de) more or less worked fine during the outage. Only for a short period of time they did not answer. The other nameservers for .de however lost the knowledge of most domains under the TLD and only returned NS-records for the domain names starting with a digit or with the letter a to e. So for example br-online.de worked fine, while web.de did not. The really bad part is, that the affected nameservers did not refrain to answer but instead answered with NXDOMAIN. So they told that they do not have a record for the query, which in turn effects to "This domain does not exist". Unfortunately such negative answers are cached for a time determined by the authorative nameserver. DENIC's nameserver tell clients to cache this result for 7200 seconds, therefore the outage continued to make problems for up to two hours after the problem was fixed, unless the DNS caches were cleared.
One more thing to notice: Some sites claim that four of the six nameservers for .de were affected because six hostnames are listed as nameservers for .de and as i told, two of them did work. However both a.nic.de and z.nic.de resolv to anycast IPs which will be routed to a number of different servers around the world depending on your own location. So it are more than six servers in total.