Lately I've been playing a game with myself. I'll read Slashdot articles and try and guess who "edited" them. Strangely, the only guesses I get right are the stories posted up by kdawson.
Um, if I guessed kdawson every single time, the only guesses I'd get right are the stories posted by kdawson too...
We now know that, in fact, the exact opposite is true - people create more new works when they have free access to the work of others.
People create more derivative works when they have free access to the work of others that they can derive from. I'm not convinced that it's true for truly original creations. It almost certainly isn't true for works that simply cannot be created by individuals - for example, a movie or television show has hundreds of people involved in production, and they all need to get paid, or the work doesn't get created. Most of the people involved in something like that aren't creative people - for example, a camera operator on a television show is essentially performing skilled labor; he's not providing creative input, but if he's not getting a paycheck, I don't get to watch the show.
People who say music shouldn't cost anything usually seem to prefer listening to house/techno/trance/electronica, which can be created by one person working alone in their basement. I like to listen to music performed by an 80-piece symphony orchestra, or a 20-piece jazz band, and those musicians don't work for free, even if the composer doesn't mind giving away his compositions.
Who runs a critical server like DNS on a version of the OS that is 5 years old?
Who upgrades the operating system on a critical server like DNS more often than every 5 years? I usually only reboot my servers about once a year, and you want me to reinstall the OS every time I do?
As much as I love Apple, it bothers me that they do not release security patches for versions earlier than n-1 (where n is the current release).
Mac OS X 10.3 server dates back to October 2003 (http://www.apple.com/pr/library/2003/oct/08pantherserver.html), so it's just short of 5 years. It's not THAT old, especially for a server products that's likely to be used in some SMEs.
Or is 10.3 not affected ?
As much as I love Linux, it bothers me that many Linux distributions are even worse. For example, Fedora Core 6 and Ubuntu 6.10 were both released in October 2006 (a year and a half after the still-supported Mac OS X 10.4), but support for both of them was dropped several months ago.
(very few run named and few still in a configuration that would be vulnerable).
Most Mac OS X client users do not run named, but they do use the system's stub resolver, which I believe is linked to BIND and does not randomize source ports when querying your local DNS server. This means someone could spoof replies from your DNS server in response to queries coming from your Mac. This is MUCH less of a problem than a vulnerable DNS server, because it requires a very localized attack, but it's still an issue.
I thought about that as I was walking out of a store last night, past a rack of CDs and DVDs for sale. If I were to swipe a DVD on my way past, and got caught, the consequences for shoplifting would be absolutely trivial, compared to getting caught downloading the same movie over the Internet, which takes longer, doesn't include the bonus features, and would probably require me to burn it to a DVD-R to free up space on my file server. And yet, stealing a DVD actually deprives the store of physical property that they paid for, while downloading via BitTorrent doesn't harm anyone.
How many people are going to switch from downloading to shoplifting because they're concerned about the possible repercussions?
But you refuse to consider that in the billions of years this universe has existed life could have been somewhere else.
No, I've considered it, and reached a conclusion that differs from yours. Show me some evidence - ANY evidence - to support your belief, and I'll be happy to reconsider.
This could mean we could build a sustaining building on mars. Of course we can't have that becasue that would mean there will be extraterrestrial life on mars... former earthling and there descendants.
Of course I didn't mean that life that originated on Earth couldn't live on other planets. I wouldn't even rule out that there's something alive out there right now - some microscopic organism that hitched a ride on a spacecraft or probe or something, that somehow managed to survive. That would definitely be interesting.
So you believe out of the entire universe there is not even bacteria on a planet besides earth and in the whole time the universe has been around either?
That's correct.
as unlikely as extraterrestrial life is, IMHO, thats more unlikely
You're welcome to keep looking, of course, but I respectfully disagree with your opinion. Let me know if you find anything.
Well maybe not for you, but hey why don't just skip over this article and find something you would rather be interested in? Just saying...
Because maybe there is something interesting here, other than the possibility of extraterrestrial life. That's what I was asking about. If not, then I'll skip over it (and any similarly uninteresting articles in the future).
I don't understand how you can say that - if the universe is in a constant (albeit slow) state of change, and buying the theory that the universe is endless...
It's simple: I reject your assumptions.:-)
What if the orbit of Mars was similar to that of earth at one time, and Mars was exposed to a similar set of circumstances that brought the process of life to earth (going from the scientific approach, not the opposing biblical version)? Would not the discovery mean something then?
Nope. I mean, sure, finding water is cool and all, but that's not life.
Better yet, what if the discovery of water there invalidates some long-standing scientific theory? Could it not then force some new way of thinking?
Well, this was the whole point of my original question. Was there some long-standing theory that the discovery of water on Mars invalidates? How does this change our understanding of the universe? So far I haven't seen any indication that it does.
Is there any particular scientific significance to the discovery of water on Mars that isn't related to the possibility of discovering extraterrestrial life? I firmly believe that extraterrestrial life does not exist (and never has), so everybody else's excitement about it gets a little old after awhile. Is there another reason I should be excited about this?
That would be great, if the iPhone supported tethering. It doesn't. That's why I don't have one.
It also doesn't support MMS messages (sending pictures and video to other cell phone users), or recording video with the built-in camera, or voice dialing, or using a custom MP3 as a ring tone, or a whole host of other features that are standard on just about every other cell phone on the market.
I was just at Fry's the other day, and I noticed an IEEE802.11 wireless router that accepts an EVDO card, so it can connect to a 3G cell network and share the connection to Ethernet or wifi devices. I think the one I saw was made by DLink.
So we should be welcoming, give them a drink of the kool-aid and treat them like one of the gang. Its going to be hard and we'll have to keep an eye out for deception, but I think we should start playing nicer with them and hope that they do the same.
"If your enemy is hungry, give him food to eat; if he is thirsty, give him water to drink. In doing this, you will heap burning coals on his head, and the LORD will reward you." - Proverbs 25:21-22 (NIV)
As I understand it, this kind of attack would be noticeable when attempting to use a secure (HTTPS) web connection, because the browser should throw up a certificate error. Is this true?
Yes, this is true. HTTPS connections require an SSL certificate which must be signed by a Certificate Authority (CA) that your browser trusts. Your browser ships with a database of CA certificates, and you can manually add your own if you want; any SSL cert signed by one of those CAs will be trusted, but any SSL cert signed by anybody else will display a warning message before allowing you to access the web site.
Unfortunately, there are legitimate HTTPS sites out there using self-signed SSL certificates. Chances are, you've probably seen one at some point, and you went ahead and accepted it anyway, because you figured the company is legitimate and they just skimped on getting an SSL cert signed by a real CA. I know I have. If DNS cache poisoning (or other techniques) can get your browser to think it's talking to a particular host when it really isn't, AND you accept an invalid SSL certificate, you're screwed.
Note that SSL serves two purposes: it encrypts data while it's being sent over the wire so nobody* can eavesdrop on the connection between your browser and the server, and it also provides authentication so you can be sure that your browser is really talking to the server it thinks it's talking to. Using a self-signed certificate (or a certificate signed by an untrusted CA) renders the second of these useless, but the data is still encrypted.
* And of course when I said "nobody"... There is a way to intercept SSL connections, but it requires that you install a special CA cert in your browser, which will make your browser trust whoever is intercepting the SSL connections. This makes it possible to set up a caching proxy server that can inspect and cache data being sent over HTTPS. This is crazy stuff you shouldn't think about.
The truth of the matter is conversations originating overseas from known or suspected terrorist organizations to their contacts in the U.S. may be monitored. Your chats with Grandma about what to get little Jimmy for his birthday are of no interest to anyone and cannot be legally intercepted without a warrant.
Conversations originating overseas from known or suspected terrorist organizations to their contacts in the US also cannot be legally intercepted without a warrant (or at least that was the case before this bill passed); the purpose of the warrant is to provide some judicial oversight and make sure the government is in fact eavesdropping on suspected terrorist organizations and not, say, suspected Democratic fundraisers or something. Nobody is arguing that the government shouldn't be able to spy on terrorists, only that there needs to be oversight so we can be sure they're really spying on terrorists.
How much do you trust Barrack Obama not to abuse this expanded wiretapping power? If he's elected President, can you trust his Democratic appointees not to eavesdrop on conversations between GOP strategists?
One of the issues was the "Internet Sharing" buzz phrase. If you google that now, you'll find lots of warnings that if you enable this in OSX, it silently starts up a DHCP server. If there's already a DNCP server anywhere on the local network, you now have two of them battling it out, and the symptoms aren't something I'd wish on anyone but a networking expert.
Not true. First, we're talking about Mac OS X Server, which has a whole section in the Server Admin GUI just for configuring the DHCP server. You're talking about the plain old normal client version of Mac OS X. The Internet Sharing feature does enable a DHCP server, but not silently. The warning message (with big yellow caution sign) says:
Are you sure you want to turn on Internet sharing?
If your computer is connected to a network, turning on Internet sharing may affect the network settings of other computers and disrupt the network. Contact your system administrator before turning on Internet sharing.
It's certainly not as technical as I'd like, but anybody with half a clue should be able to infer that "affect the network settings of other computers" is talking about running a DHCP server.
I've also experimented with an OSX web server. The main problem here is that OSX does funky things with file names, starting with their "caseless" feature. This works if everything was developed on OSX. But if you're running a web server, you're probably going to be including things from other machines in the vicinity. If they're not OSX, you'll go crazy trying to figure out what's going on with the file names. And you probably won't be able to fix it.
It has always been possible to use a case-sensitive filesystem with Mac OS X, but it breaks some legacy Mac OS applications, so case-insensitive is the default. There was a security issue here as well; Apple submitted patches to Apache to fix that.
But on OSX, we'd see non-ASCII chars simply garbaged with no obvious pattern.
Mac OS X uses UTF-8 encoding for filenames. Bug your other OS vendors about supporting it.
(And I have occasionally wished that I could use '/' and NUL in file names. I wonder if there's a system that allows all 256 8-bit bytes in a file name...;-)
I don't know, but if there is, good luck using it with a CLI.
Slashdot Mirror
If you want your communication secure encrypt it on your computer which you trust. This is the only way to keep it secure...
Yes, but a "computer which you trust" could include Hushmail's servers. Perhaps that trust is misplaced, but isn't that what we're talking about?
"Crap" used to be taboo as well, but for some reason in the mid 90s, it suddenly became OK.
Lately I've been playing a game with myself. I'll read Slashdot articles and try and guess who "edited" them. Strangely, the only guesses I get right are the stories posted up by kdawson.
Um, if I guessed kdawson every single time, the only guesses I'd get right are the stories posted by kdawson too...
We now know that, in fact, the exact opposite is true - people create more new works when they have free access to the work of others.
People create more derivative works when they have free access to the work of others that they can derive from. I'm not convinced that it's true for truly original creations. It almost certainly isn't true for works that simply cannot be created by individuals - for example, a movie or television show has hundreds of people involved in production, and they all need to get paid, or the work doesn't get created. Most of the people involved in something like that aren't creative people - for example, a camera operator on a television show is essentially performing skilled labor; he's not providing creative input, but if he's not getting a paycheck, I don't get to watch the show.
People who say music shouldn't cost anything usually seem to prefer listening to house/techno/trance/electronica, which can be created by one person working alone in their basement. I like to listen to music performed by an 80-piece symphony orchestra, or a 20-piece jazz band, and those musicians don't work for free, even if the composer doesn't mind giving away his compositions.
Since when is GIF an audio format?
Well, if it can be a Java applet, why not audio too?
rofl, I'd mod you up but I already posted.
Who runs a critical server like DNS on a version of the OS that is 5 years old?
Who upgrades the operating system on a critical server like DNS more often than every 5 years? I usually only reboot my servers about once a year, and you want me to reinstall the OS every time I do?
As much as I love Apple, it bothers me that they do not release security patches for versions earlier than n-1 (where n is the current release).
Mac OS X 10.3 server dates back to October 2003 (http://www.apple.com/pr/library/2003/oct/08pantherserver.html), so it's just short of 5 years. It's not THAT old, especially for a server products that's likely to be used in some SMEs.
Or is 10.3 not affected ?
As much as I love Linux, it bothers me that many Linux distributions are even worse. For example, Fedora Core 6 and Ubuntu 6.10 were both released in October 2006 (a year and a half after the still-supported Mac OS X 10.4), but support for both of them was dropped several months ago.
And yes, of course Mac OS X 10.3 is affected.
(very few run named and few still in a configuration that would be vulnerable).
Most Mac OS X client users do not run named, but they do use the system's stub resolver, which I believe is linked to BIND and does not randomize source ports when querying your local DNS server. This means someone could spoof replies from your DNS server in response to queries coming from your Mac. This is MUCH less of a problem than a vulnerable DNS server, because it requires a very localized attack, but it's still an issue.
I thought about that as I was walking out of a store last night, past a rack of CDs and DVDs for sale. If I were to swipe a DVD on my way past, and got caught, the consequences for shoplifting would be absolutely trivial, compared to getting caught downloading the same movie over the Internet, which takes longer, doesn't include the bonus features, and would probably require me to burn it to a DVD-R to free up space on my file server. And yet, stealing a DVD actually deprives the store of physical property that they paid for, while downloading via BitTorrent doesn't harm anyone.
How many people are going to switch from downloading to shoplifting because they're concerned about the possible repercussions?
It's good that such a hack exists, but it should be a vendor-supported feature, like it is on every other phone.
But you refuse to consider that in the billions of years this universe has existed life could have been somewhere else.
No, I've considered it, and reached a conclusion that differs from yours. Show me some evidence - ANY evidence - to support your belief, and I'll be happy to reconsider.
This could mean we could build a sustaining building on mars. Of course we can't have that becasue that would mean there will be extraterrestrial life on mars... former earthling and there descendants.
Of course I didn't mean that life that originated on Earth couldn't live on other planets. I wouldn't even rule out that there's something alive out there right now - some microscopic organism that hitched a ride on a spacecraft or probe or something, that somehow managed to survive. That would definitely be interesting.
So you believe out of the entire universe there is not even bacteria on a planet besides earth and in the whole time the universe has been around either?
That's correct.
as unlikely as extraterrestrial life is, IMHO, thats more unlikely
You're welcome to keep looking, of course, but I respectfully disagree with your opinion. Let me know if you find anything.
Well maybe not for you, but hey why don't just skip over this article and find something you would rather be interested in? Just saying...
Because maybe there is something interesting here, other than the possibility of extraterrestrial life. That's what I was asking about. If not, then I'll skip over it (and any similarly uninteresting articles in the future).
I don't understand how you can say that - if the universe is in a constant (albeit slow) state of change, and buying the theory that the universe is endless...
It's simple: I reject your assumptions. :-)
What if the orbit of Mars was similar to that of earth at one time, and Mars was exposed to a similar set of circumstances that brought the process of life to earth (going from the scientific approach, not the opposing biblical version)? Would not the discovery mean something then?
Nope. I mean, sure, finding water is cool and all, but that's not life.
Better yet, what if the discovery of water there invalidates some long-standing scientific theory? Could it not then force some new way of thinking?
Well, this was the whole point of my original question. Was there some long-standing theory that the discovery of water on Mars invalidates? How does this change our understanding of the universe? So far I haven't seen any indication that it does.
Is there any particular scientific significance to the discovery of water on Mars that isn't related to the possibility of discovering extraterrestrial life? I firmly believe that extraterrestrial life does not exist (and never has), so everybody else's excitement about it gets a little old after awhile. Is there another reason I should be excited about this?
That would be great, if the iPhone supported tethering. It doesn't. That's why I don't have one.
It also doesn't support MMS messages (sending pictures and video to other cell phone users), or recording video with the built-in camera, or voice dialing, or using a custom MP3 as a ring tone, or a whole host of other features that are standard on just about every other cell phone on the market.
I was just at Fry's the other day, and I noticed an IEEE802.11 wireless router that accepts an EVDO card, so it can connect to a 3G cell network and share the connection to Ethernet or wifi devices. I think the one I saw was made by DLink.
Can someone explain to me how this isn't a trademark violation?
That has to be the worst spelling of "persevered" I've ever seen.
So we should be welcoming, give them a drink of the kool-aid and treat them like one of the gang. Its going to be hard and we'll have to keep an eye out for deception, but I think we should start playing nicer with them and hope that they do the same.
"If your enemy is hungry, give him food to eat; if he is thirsty, give him water to drink. In doing this, you will heap burning coals on his head, and the LORD will reward you." - Proverbs 25:21-22 (NIV)
I've always liked that passage. :-)
I assumed ! to be a wildcard, so sex! would match sex or sexual or sexually or sexist or sexism or sexy.
As I understand it, this kind of attack would be noticeable when attempting to use a secure (HTTPS) web connection, because the browser should throw up a certificate error. Is this true?
Yes, this is true. HTTPS connections require an SSL certificate which must be signed by a Certificate Authority (CA) that your browser trusts. Your browser ships with a database of CA certificates, and you can manually add your own if you want; any SSL cert signed by one of those CAs will be trusted, but any SSL cert signed by anybody else will display a warning message before allowing you to access the web site.
Unfortunately, there are legitimate HTTPS sites out there using self-signed SSL certificates. Chances are, you've probably seen one at some point, and you went ahead and accepted it anyway, because you figured the company is legitimate and they just skimped on getting an SSL cert signed by a real CA. I know I have. If DNS cache poisoning (or other techniques) can get your browser to think it's talking to a particular host when it really isn't, AND you accept an invalid SSL certificate, you're screwed.
Note that SSL serves two purposes: it encrypts data while it's being sent over the wire so nobody* can eavesdrop on the connection between your browser and the server, and it also provides authentication so you can be sure that your browser is really talking to the server it thinks it's talking to. Using a self-signed certificate (or a certificate signed by an untrusted CA) renders the second of these useless, but the data is still encrypted.
* And of course when I said "nobody"... There is a way to intercept SSL connections, but it requires that you install a special CA cert in your browser, which will make your browser trust whoever is intercepting the SSL connections. This makes it possible to set up a caching proxy server that can inspect and cache data being sent over HTTPS. This is crazy stuff you shouldn't think about.
The truth of the matter is conversations originating overseas from known or suspected terrorist organizations to their contacts in the U.S. may be monitored. Your chats with Grandma about what to get little Jimmy for his birthday are of no interest to anyone and cannot be legally intercepted without a warrant.
Conversations originating overseas from known or suspected terrorist organizations to their contacts in the US also cannot be legally intercepted without a warrant (or at least that was the case before this bill passed); the purpose of the warrant is to provide some judicial oversight and make sure the government is in fact eavesdropping on suspected terrorist organizations and not, say, suspected Democratic fundraisers or something. Nobody is arguing that the government shouldn't be able to spy on terrorists, only that there needs to be oversight so we can be sure they're really spying on terrorists.
How much do you trust Barrack Obama not to abuse this expanded wiretapping power? If he's elected President, can you trust his Democratic appointees not to eavesdrop on conversations between GOP strategists?
One of the issues was the "Internet Sharing" buzz phrase. If you google that now, you'll find lots of warnings that if you enable this in OSX, it silently starts up a DHCP server. If there's already a DNCP server anywhere on the local network, you now have two of them battling it out, and the symptoms aren't something I'd wish on anyone but a networking expert.
Not true. First, we're talking about Mac OS X Server, which has a whole section in the Server Admin GUI just for configuring the DHCP server. You're talking about the plain old normal client version of Mac OS X. The Internet Sharing feature does enable a DHCP server, but not silently. The warning message (with big yellow caution sign) says:
Are you sure you want to turn on Internet sharing?
If your computer is connected to a network, turning on Internet sharing may affect the network settings of other computers and disrupt the network. Contact your system administrator before turning on Internet sharing.
It's certainly not as technical as I'd like, but anybody with half a clue should be able to infer that "affect the network settings of other computers" is talking about running a DHCP server.
I've also experimented with an OSX web server. The main problem here is that OSX does funky things with file names, starting with their "caseless" feature. This works if everything was developed on OSX. But if you're running a web server, you're probably going to be including things from other machines in the vicinity. If they're not OSX, you'll go crazy trying to figure out what's going on with the file names. And you probably won't be able to fix it.
It has always been possible to use a case-sensitive filesystem with Mac OS X, but it breaks some legacy Mac OS applications, so case-insensitive is the default. There was a security issue here as well; Apple submitted patches to Apache to fix that.
But on OSX, we'd see non-ASCII chars simply garbaged with no obvious pattern.
Mac OS X uses UTF-8 encoding for filenames. Bug your other OS vendors about supporting it.
(And I have occasionally wished that I could use '/' and NUL in file names. I wonder if there's a system that allows all 256 8-bit bytes in a file name... ;-)
I don't know, but if there is, good luck using it with a CLI.