This is ha-ha-only-serious; porn has been a great motivator for pushing technology forward. Porn is the reason VHS won out over Betamax; porn's the reason the internet has gotten into the hands of the hoi-polloi (although AOL does get it's own mention for it's part in The September That Never Ended). It's one of the reasons why I don't worry about DRM -- if anyone were going to make DRM work, it'd be porn producers, who are really motivated to get people to pay for their product. The RIAA/MPAA's losses are really peanuts compared to how hard the pre-internet and post-internet porn money books differ. Consider that a porn VHS could easily go from anywhere between 20$ for a POS title to 60$ for something popular.
The "no central authority to fix things" argument w/r/t/ the internet is BS at best, and likely just a ploy to get some kind of control over the net. It's meant to be an amorphous self-healing entity. The DNS bug from a few months ago is a good example; this affected everyone, and it got fixed. I don't remember getting a call from The Internet Boss telling me to fix it; I saw the bug report and decided I should fix my part of it.
if it were a service the lawyer/doctors/etc were paying them for, how would this be different than say a lawyer's office contracting their IT work to a tech firm?
that blocks all updates, including legit updates. If you're running a server that needs to process non-malicious updates, your best bet is to run a hidden-master/public-slave combination of servers (the attack doesn't work on slave zones).
unless the proxy you setup is inside the iranian infrastructure (ie, on the iran side of the choke-point), it's going to be relatively worthless, since the chokepoint will show the traffic from iran going to your proxy. realistically you've got few options:
- install on the inside, so when the chokepoint logs say "it's $PROXY_IP doing it", your lack of logs protects those that connected to your proxy
- route around the chokepoint, for which you'll need access to infrastructure that will be difficult to secure (assuming iran's network security dudes aren't total fucking morons).
- links that do not rely on iranian infrastructure (an encrypted link to a satellite for e.g.)
A squid or tor proxy on the outside's going to exactly nothing to protect anyone in Iran -- their packets still have to leave the country to get to your proxy!
A lot of folks that ran redhat got annoyed when they went from free for home use and paid support to pay for everything or use the "testing" fedora branch which will be outdated in 6 months. I am now managing some boxes that are running fedora 6 (and 9) and can't be updated because the yum repos are now dead and the packages in current repos are incompatible; this was the fault of the admin installing the boxes, but the fact remains that I can't do jack w/ them unless I reinstall. I switched the majority of machines I ran over to CentOS (netbackup installs from rpm; I can't use debian) because of the licensing and cost. 1K$/machine isn't a lot for the enterprise, but when you've got 10 or 15 mostly-static machines (ntp, dns, dhcp, etc etc) you don't want to shell out a thousand $ for each one every year, over 3 years, that's 45K$! I could just as easily drop debian or centos on every VM I bring up and hire an administrator to deal with them for the same money. A lot of folks that were using RH switched over to CentOS or Ubuntu -- I know I'm not the only one!
DNSSEC is not an https replacement, nor a replacement for ssl keys. Many services that require DNS resolution (and that the resolution be good,) do not happen over https or ssh (it often comes as a surprise to some people that the internet is not the web, but ping or smtp are two prominent examples that often use DNS; calling http trivial doesn't actually make it so, and http is vulnerable still.) That https/ssl can secure the communication between you and a webserver is not of much use if the cert has been faked -- see http://www.teamfurry.com/wordpress/2007/11/20/tor-exit-node-doing-mitm-attacks/ if you're curious as to how this can be taken advantage of (and even if you're a paranoid nut using Tor, how often are you checking that SSL certs are good?)
I have tried this several times with very discouraging results. I need a particular bit of code -- shouldn't be too difficult, it's a common language and implentation w/ a more or less well known API -- Specifically I am looking for a plugin for mu-wordpress that does authentication via LDAP/Active Directory and is aware of LDAP/AD Groups. There's a plugin that exists but it doesn't care about groups, rather OUs; There's a plugin for the non-multiuser version of WordPress that does exactly this but it fails miserably in the MU version -- the author of this version is not-contactable and his personal site is broken good and hard). But I'm not a programmer, I do networking and servers and end-user support and mostly security/infrastructure. So I hit up the related sites (the product, mu-wordpress, has forums and a dev community as well as a couple of companies and prominent developers that advertise that they do work for hire etc etc). None of them want anything to do with it. One refers me to the another, who says 'we are too busy, but try XXXX' who answers back that they put all their effort into the community project and so cannot. The only thing left to me is to wait and hope that someone does it or learn PHP and how to query AD's LDAP implementation to auth against it.
don't worry, they'll take off the masks after the halloween ball and you'll see that MS has been wearing the google mask and google has been wearing the MS costume.
Unless you're writing this from my LAN or your time machine in 1972, you can take the very fact that you can read this online as proof that the internet scales well.
It may not scale optimally, but it's been running for a while and everywhere we can pump power and signal. His personal tech fiefdom is being attacked because he's criticizing a well-built and planned system while his own system is down frequently due strictly to poor design. For e.g., DNS is a pretty old system with many flaws in it's assumptions on how it would work operationally (a lot of trust was assumed) and therefore many of the security flaws that make it not-ideal are based on security exploiting the trust assumed when it was designed (c.f. the recent poisoning attacks). But it was designed in a manner that allows extending it to the point that it could, conceivably be fixed (c.f. DNSSEC).
His comments are offensive in that he hasn't built anything nearly as robust, extensible or ubiquitous as SMTP or IPv4 and therefore doesn't have the bona fides to actually criticize either one. Hell, he doesn't even propose his own alternative (I'm guessing to avoid having anyone who can think of a reason sending him a copy of spamsolutions.txt) so it just comes off as a petulant "this thing sucks because i can think of something better!" with nothing to back it up. When Twitter can route around damage at a whim and not show the failwhale quite so often, he might have a better position to speak from.
dude, NAFTA or H1B your way into foreign monkeys, they're way cheaper. Give 'em all a USB cheapo drive with your data and be all "fly my pretties!". Sure they have different accents, but if you're listening to what your monkeys say, it's not like your data is all that important anyway.
port-mirror somewhere else and scan the mirror'd traffic. if the US government can do it, private ISPs can too (not that it would be particularly cheap or easy, but possible at least.)
Laugh it up, but the reason Obama got a seat in the senate in 2004 so easily is because his predecessor was forced to step down after his tearful ex told a divorce court that he made her go to a swinger's club with him. On such things the fate of nations hang, sometimes. http://en.wikipedia.org/wiki/Jack_Ryan_(2004_U.S._Senate_candidate)
Slashdot Mirror
This is ha-ha-only-serious; porn has been a great motivator for pushing technology forward. Porn is the reason VHS won out over Betamax; porn's the reason the internet has gotten into the hands of the hoi-polloi (although AOL does get it's own mention for it's part in The September That Never Ended). It's one of the reasons why I don't worry about DRM -- if anyone were going to make DRM work, it'd be porn producers, who are really motivated to get people to pay for their product. The RIAA/MPAA's losses are really peanuts compared to how hard the pre-internet and post-internet porn money books differ. Consider that a porn VHS could easily go from anywhere between 20$ for a POS title to 60$ for something popular.
Note also that there's a project that gives away porn only if you connect to it via IPv6. IPv6 is coming in it's own good time (no pun intended).
The "no central authority to fix things" argument w/r/t/ the internet is BS at best, and likely just a ploy to get some kind of control over the net. It's meant to be an amorphous self-healing entity. The DNS bug from a few months ago is a good example; this affected everyone, and it got fixed. I don't remember getting a call from The Internet Boss telling me to fix it; I saw the bug report and decided I should fix my part of it.
if it were a service the lawyer/doctors/etc were paying them for, how would this be different than say a lawyer's office contracting their IT work to a tech firm?
that blocks all updates, including legit updates. If you're running a server that needs to process non-malicious updates, your best bet is to run a hidden-master/public-slave combination of servers (the attack doesn't work on slave zones).
Sure, but where's the silver surfer come to warn of Galactus? Maybe Jack Chick was right all along
unless the proxy you setup is inside the iranian infrastructure (ie, on the iran side of the choke-point), it's going to be relatively worthless, since the chokepoint will show the traffic from iran going to your proxy. realistically you've got few options:
- install on the inside, so when the chokepoint logs say "it's $PROXY_IP doing it", your lack of logs protects those that connected to your proxy
- route around the chokepoint, for which you'll need access to infrastructure that will be difficult to secure (assuming iran's network security dudes aren't total fucking morons).
- links that do not rely on iranian infrastructure (an encrypted link to a satellite for e.g.)
A squid or tor proxy on the outside's going to exactly nothing to protect anyone in Iran -- their packets still have to leave the country to get to your proxy!
then you get all sorts of "but i don't want it to make sound!" or "do i have to turn my volume up?" complaints
You obviously haven't thought this idea out very well; that's just asking for the system to be abused.
Lex: It's a UNIX system! I know this!
Turns out that turtles will probably swim just fine in molasses.
No, you can still buy World of Warcraft online if you want to.
story translates as: "i was allowed to do something that i have no use for, something must be wrong!"
protip to the author: your imagination is not the limit of all possible cases.
are you trolling? or do you really not know?
A lot of folks that ran redhat got annoyed when they went from free for home use and paid support to pay for everything or use the "testing" fedora branch which will be outdated in 6 months. I am now managing some boxes that are running fedora 6 (and 9) and can't be updated because the yum repos are now dead and the packages in current repos are incompatible; this was the fault of the admin installing the boxes, but the fact remains that I can't do jack w/ them unless I reinstall. I switched the majority of machines I ran over to CentOS (netbackup installs from rpm; I can't use debian) because of the licensing and cost. 1K$/machine isn't a lot for the enterprise, but when you've got 10 or 15 mostly-static machines (ntp, dns, dhcp, etc etc) you don't want to shell out a thousand $ for each one every year, over 3 years, that's 45K$! I could just as easily drop debian or centos on every VM I bring up and hire an administrator to deal with them for the same money. A lot of folks that were using RH switched over to CentOS or Ubuntu -- I know I'm not the only one!
This is a new and interesting definition of "worked".
Best. Non-moderation. Ever.
DNSSEC is not an https replacement, nor a replacement for ssl keys. Many services that require DNS resolution (and that the resolution be good,) do not happen over https or ssh (it often comes as a surprise to some people that the internet is not the web, but ping or smtp are two prominent examples that often use DNS; calling http trivial doesn't actually make it so, and http is vulnerable still.) That https/ssl can secure the communication between you and a webserver is not of much use if the cert has been faked -- see http://www.teamfurry.com/wordpress/2007/11/20/tor-exit-node-doing-mitm-attacks/ if you're curious as to how this can be taken advantage of (and even if you're a paranoid nut using Tor, how often are you checking that SSL certs are good?)
I have tried this several times with very discouraging results. I need a particular bit of code -- shouldn't be too difficult, it's a common language and implentation w/ a more or less well known API -- Specifically I am looking for a plugin for mu-wordpress that does authentication via LDAP/Active Directory and is aware of LDAP/AD Groups. There's a plugin that exists but it doesn't care about groups, rather OUs; There's a plugin for the non-multiuser version of WordPress that does exactly this but it fails miserably in the MU version -- the author of this version is not-contactable and his personal site is broken good and hard). But I'm not a programmer, I do networking and servers and end-user support and mostly security/infrastructure. So I hit up the related sites (the product, mu-wordpress, has forums and a dev community as well as a couple of companies and prominent developers that advertise that they do work for hire etc etc). None of them want anything to do with it. One refers me to the another, who says 'we are too busy, but try XXXX' who answers back that they put all their effort into the community project and so cannot. The only thing left to me is to wait and hope that someone does it or learn PHP and how to query AD's LDAP implementation to auth against it.
don't worry, they'll take off the masks after the halloween ball and you'll see that MS has been wearing the google mask and google has been wearing the MS costume.
Unless you're writing this from my LAN or your time machine in 1972, you can take the very fact that you can read this online as proof that the internet scales well.
It may not scale optimally, but it's been running for a while and everywhere we can pump power and signal. His personal tech fiefdom is being attacked because he's criticizing a well-built and planned system while his own system is down frequently due strictly to poor design. For e.g., DNS is a pretty old system with many flaws in it's assumptions on how it would work operationally (a lot of trust was assumed) and therefore many of the security flaws that make it not-ideal are based on security exploiting the trust assumed when it was designed (c.f. the recent poisoning attacks). But it was designed in a manner that allows extending it to the point that it could, conceivably be fixed (c.f. DNSSEC).
His comments are offensive in that he hasn't built anything nearly as robust, extensible or ubiquitous as SMTP or IPv4 and therefore doesn't have the bona fides to actually criticize either one. Hell, he doesn't even propose his own alternative (I'm guessing to avoid having anyone who can think of a reason sending him a copy of spamsolutions.txt) so it just comes off as a petulant "this thing sucks because i can think of something better!" with nothing to back it up. When Twitter can route around damage at a whim and not show the failwhale quite so often, he might have a better position to speak from.
dude, NAFTA or H1B your way into foreign monkeys, they're way cheaper. Give 'em all a USB cheapo drive with your data and be all "fly my pretties!". Sure they have different accents, but if you're listening to what your monkeys say, it's not like your data is all that important anyway.
past what?
port-mirror somewhere else and scan the mirror'd traffic. if the US government can do it, private ISPs can too (not that it would be particularly cheap or easy, but possible at least.)
Laugh it up, but the reason Obama got a seat in the senate in 2004 so easily is because his predecessor was forced to step down after his tearful ex told a divorce court that he made her go to a swinger's club with him. On such things the fate of nations hang, sometimes. http://en.wikipedia.org/wiki/Jack_Ryan_(2004_U.S._Senate_candidate)
man, those emacs chicks are high-maintenance, you're better off without her.
arguably this is what helped Bush the Lesser win the first time. Nader is still called a spoiler by many.