hate to sound like a broken record, but *if* they were to ever drop their restrictive DRM and go with AAC, or something similar, I would darken their doorstep.
Beyond that, it seems these silos never get sold! I see the same ones over and over again. (I especially like the one in the national park in New York, complete with runway...) I guess not enough geeks win the lottery. (Knowing the odds, I guess geeks just don't play the lottery...)
It's not exactly slashdotted... The index page has been changed, but the "deep links" still work... Desperate for this site? Google-cache the base page here and follow the links to the real site. (Until they decide they don't like that either...)
Pop in a DVD, press play, and you are FORCED to watch the Piracy Warning, and the Company Name banners. Some previews are even hard to get past. This takes up to a few minutes for some DVD's.
...until I found a hacked firmware for my DVD player that makes it multiregion, disables macrovision, and allows my to skip past FBI warnings and the like... (also known as using MY DVD player with MY DVDs in any way I want...) Is it a DMCA violation? Probably... But the more people do this, the more obvious it is that this type of encumberment is NOT what the market wants.
Just what do you do with such a thing? I don't mean obvious commercial uses, but as a home-bound geek, what reason can I use to justify this to my wife?
I just recently applied for a mortgage loan. The loan guy was happy to share my credit report with me. I looked it over, and found a section I couldn't make sense of. I asked the loan guy what that section meant. He said "That's whether or not you're a terrorist. Congrats, you're not." So as far as the credit reporting agencies go, yes, they track that stuff. Scarier still, that little tidbit, accurate or not, is available to every person capable of pulling a credit rating...
I asked the loan guy what he would do if the report said I was a terrorist... He said "I'd excuse myself to the restroom, get in my car, drive at least five miles away, then call my boss!";)
As long as you're looking a gift horse in the mouth, don't forget that you have to report the $13.86 check as income on your taxes next April!
No, since the award is compensation for damages you've already suffered, its even and no taxable event occured... Unless you wrote off the "damage" already in a previous tax year. (IANATA - I Am Not A Tax Accountant...)
Oh, somebody get a copy of that page while you can... It's going to be freakin' hillarious in about six months!
It's hard to be unencumbered... when you're dead!*
(*Refering to your company, Darl, not you personally. But if you feel the need to cross the street without looking both ways, I'm not going to argue with you.)
"SuSE is owned by Novell.. Novell is German? Since when?"
Ah, I see you've never had to compile and link your own NE2000 driver into the workstation shell or COMPSURF'ed a 40 meg hard drive overnight before...;)
"The article mentions that Microsoft is unaware of any computers hacked with this vulnerability. Assuming it wasn't ever used, then not disclosing it until a patch was made worked well in this situation."
OK, put on your tin-foil hat... Ready? I heard rumors in the white-hat underground almost a year ago on this issue. Apparently, government-types were sourcing ANS.1 experts for security work, but it was all very hush-hush. I didn't think much about it at the time, but it all came back to me today.
With that said, are you ready to state that this vulnerability has not been used in the wild just because MS hasn't heard of it? You think various three-letter organizations haven't had this hack in there tool kit for at least a year? (MS probably wrote the exploit code! Or wait... Does spy hack code include Service Packs?;) Or perhaps MS dragged their feet for six months so the cloak-and-dagger types could refocus on another, presently non-public, vulnerability in order to perform their "work".
In security work, you have to work from the assumption that your enemy can defeat your controls so you can build redundancy into the system and minimize exposure.
Reminds me of a sure-fire laugh getter for these meetings... After 2/3rds of the attendees arrive, grab two cinnamon roles from the donut pile, hold them vertically next to your ears and state "Help me Obi-Wan Kenobi! You're my only hope!" Works for me, anyway...;)
While there are no guarantees, if latency isn't absolutely horrid, you could time them to arrive in a certain order. (My mind wanders to a vision of using port knocking to actually be the transport protocol, complete with integrity checks and retransmission of dropped packets... IP encapsulated into port knocks. MUST... RESIST... STUPID...THOUGHTS!)
You are right that there is no way to know if a packet is dropped, but you could define the "protocol" to account for a few drop outs...
Sadly, most people who probably think port knocking is great security probably have yet to learn how to use DSA keys.
Think "in addition to" and not "instead of". No reason why you couldn't do both. In fact, you could rotate your port knocks to be different everytime you connect. That way, if someone does try to fake their way in, you could detect it and react.
Any good admin knows the most secure system is one that is listening on as few ports as possible.
Is zero secure enough for you? The ports used for knocking are not open. The knock is the connect attempt which is recorded as an event on the server. The client gets nothing, not a NAK not a reset, nothing.
Proper karma whoring requires that you reply to the parent, not this post. I'm afraid your irrelevant (to the thread) post just doesn't have what it takes to pull in the good numbers. Next time, reply to the appropriate post, and you may be able to pry a few points away from inexperienced mods. Better luck next time!
Slashdot Mirror
hate to sound like a broken record, but *if* they were to ever drop their restrictive DRM and go with AAC, or something similar, I would darken their doorstep.
Broken record! That's exactly the problem!
28.....50....all that really proves is that you two are a bunch of old farts who remember the bad ol' days :P
:p
No, were two old farts, one of whom remembers the bad old days!
And the swap of 50 diskettes to build...
It was 28, you insensitive clod!
Beyond that, it seems these silos never get sold! I see the same ones over and over again. (I especially like the one in the national park in New York, complete with runway...) I guess not enough geeks win the lottery. (Knowing the odds, I guess geeks just don't play the lottery...)
Cold thread, no mods... Oh well!
There's one in Denver for only $1,450,000.
Here's what looks to be a realtor specializing in old silos. Quite a collection for the truly paranoid!
It's not exactly slashdotted... The index page has been changed, but the "deep links" still work... Desperate for this site? Google-cache the base page here and follow the links to the real site. (Until they decide they don't like that either...)
Pop in a DVD, press play, and you are FORCED to watch the Piracy Warning, and the Company Name banners. Some previews are even hard to get past. This takes up to a few minutes for some DVD's.
...until I found a hacked firmware for my DVD player that makes it multiregion, disables macrovision, and allows my to skip past FBI warnings and the like... (also known as using MY DVD player with MY DVDs in any way I want...) Is it a DMCA violation? Probably... But the more people do this, the more obvious it is that this type of encumberment is NOT what the market wants.
Just what do you do with such a thing? I don't mean obvious commercial uses, but as a home-bound geek, what reason can I use to justify this to my wife?
I remember that Jeff Minter was THE Man when it came to making the Atari ST do the impossible. I haven't thought of my old ST for many years...
Bow before my 5 digit greatness, you six-digit swine! (Cold thread, thought I'd use it to get your attention...)
/. gods? ;)
OK, now where's that thread where I get beat up by a gaggle of 2 and 3 digit
I just recently applied for a mortgage loan. The loan guy was happy to share my credit report with me. I looked it over, and found a section I couldn't make sense of. I asked the loan guy what that section meant. He said "That's whether or not you're a terrorist. Congrats, you're not." So as far as the credit reporting agencies go, yes, they track that stuff. Scarier still, that little tidbit, accurate or not, is available to every person capable of pulling a credit rating...
;)
I asked the loan guy what he would do if the report said I was a terrorist... He said "I'd excuse myself to the restroom, get in my car, drive at least five miles away, then call my boss!"
As long as you're looking a gift horse in the mouth, don't forget that you have to report the $13.86 check as income on your taxes next April!
No, since the award is compensation for damages you've already suffered, its even and no taxable event occured... Unless you wrote off the "damage" already in a previous tax year. (IANATA - I Am Not A Tax Accountant...)
"Wonder how long it'll take before a torrent of new worms using newly discovered security holes tear up the net."
Speaking of torrents, anybody got one?
Oh, somebody get a copy of that page while you can... It's going to be freakin' hillarious in about six months!
It's hard to be unencumbered... when you're dead!*
(*Refering to your company, Darl, not you personally. But if you feel the need to cross the street without looking both ways, I'm not going to argue with you.)
" Appeal to her inner feminist by telling her "women are superior men in every way" and she'll eat right out of your hand."
Yup, sincerity is the hardest part. Once you can fake that, you're golden...
"SuSE is owned by Novell .. Novell is German? Since when?"
;)
Ah, I see you've never had to compile and link your own NE2000 driver into the workstation shell or COMPSURF'ed a 40 meg hard drive overnight before...
"The article mentions that Microsoft is unaware of any computers hacked with this vulnerability. Assuming it wasn't ever used, then not disclosing it until a patch was made worked well in this situation."
;) Or perhaps MS dragged their feet for six months so the cloak-and-dagger types could refocus on another, presently non-public, vulnerability in order to perform their "work".
OK, put on your tin-foil hat... Ready? I heard rumors in the white-hat underground almost a year ago on this issue. Apparently, government-types were sourcing ANS.1 experts for security work, but it was all very hush-hush. I didn't think much about it at the time, but it all came back to me today.
With that said, are you ready to state that this vulnerability has not been used in the wild just because MS hasn't heard of it? You think various three-letter organizations haven't had this hack in there tool kit for at least a year? (MS probably wrote the exploit code! Or wait... Does spy hack code include Service Packs?
In security work, you have to work from the assumption that your enemy can defeat your controls so you can build redundancy into the system and minimize exposure.
"Obligatory "Mmmmmmm....donuts" reference."
;)
Reminds me of a sure-fire laugh getter for these meetings... After 2/3rds of the attendees arrive, grab two cinnamon roles from the donut pile, hold them vertically next to your ears and state "Help me Obi-Wan Kenobi! You're my only hope!" Works for me, anyway...
Aw, Taco! If you're going to correct your article after its posted, I want to correct my posts! ;)
While there are no guarantees, if latency isn't absolutely horrid, you could time them to arrive in a certain order. (My mind wanders to a vision of using port knocking to actually be the transport protocol, complete with integrity checks and retransmission of dropped packets... IP encapsulated into port knocks. MUST... RESIST... STUPID...THOUGHTS!)
You are right that there is no way to know if a packet is dropped, but you could define the "protocol" to account for a few drop outs...
Sadly, most people who probably think port knocking is great security probably have yet to learn how to use DSA keys.
Think "in addition to" and not "instead of". No reason why you couldn't do both. In fact, you could rotate your port knocks to be different everytime you connect. That way, if someone does try to fake their way in, you could detect it and react.
Any good admin knows the most secure system is one that is listening on as few ports as possible.
Is zero secure enough for you? The ports used for knocking are not open. The knock is the connect attempt which is recorded as an event on the server. The client gets nothing, not a NAK not a reset, nothing.
And someone should tell Taco how to spell "implement" (To miss it once is a typo. To miss it twice is a "d'oh!";)
Proper karma whoring requires that you reply to the parent, not this post. I'm afraid your irrelevant (to the thread) post just doesn't have what it takes to pull in the good numbers. Next time, reply to the appropriate post, and you may be able to pry a few points away from inexperienced mods. Better luck next time!
I certainly hope the author wasn't a Linux zealot trying to harm SCO.
;)
Especially when they're doing such a fine job all by themselves!