But recall... this vulnerability is only available to someone who has access to the caching server in the first place...
No!
This attack is simply a flood of false answers to a dns query made by either a client or caching server. They *look* like legit answers that beat the actual answer back. Because the legit answer has to be able to get back to the server, the spoofed ones are able to get there too.
The clients are only vulnerable within their own firewalled network; but a resolving server, even behind a firewall, is vulnerable to the Internet at large.
One of the issues was the "Internet Sharing" buzz phrase. If you google that now, you'll find lots of warnings that if you enable this in OSX, it silently starts up a DHCP server.
So does ICS in windows, what's your point? You don't know what you're doing?
The caseless filesystem certainly causes headaches, we had to rename some files in Maia Mailguard due to name clashes that only show up on OSX, and yes we do have one person using it. I guess the other osx server gets lots of spam.
The rsync issues are well known in the mac community, and there are some patched versions available. As with open source, utilize the communities, not Apple support. You may find it's not that bad.
Having said that, I don't use OS X in a server, I prefer Ubuntu.:)
... and that's just exactly the reason people advocate a caseless file system. A folder named templates and another folder named Templates? Are you mad? I'm not really leaning one way or the other wrt caseless fs's, but let's not ask for pain!
That's not quite true. The flaw is in any system that asks a dns question. The attack is to answer that question first. Thus, a patch is needed for client systems too. Firewalls do nothing to prevent the attack, as the attack involves spoofing a legitimate and expected answer to a a question. You may note that MS had a patch for client systems a couple weeks ago... I saw the bind9-host package update in my ubuntu workstation. Even my router, DD-WRT, needed an upgrade.
The risk is minimized, however, because larger caching servers are a much more interesting target,since one hit can then reap many targets at once. My ISP hasn't patched yet, so I set up my own caching servers to bypass theirs. (and I thoroughly tested it!)
I'm a little miffed that my macbook doesn't have a patch yet, but due to my precautions, It can only be attacked from my local network right now. I only hope they get a patch out before I have to leave town. Oh nuts. There's a whole new risk - traveling onto an insecure network...the fun never stops.
Actually, that makes sense to me; the MAC address of the cable modem may not be on the right network layer to take action via IP restrictions - in other words, the router doing the throttling may not see that network layer.
No kidding. I don't run any computers in this house without a UPS. I just gave a computer back to a friend which I had been working on - the hard drive was shot. I asked if he had power problems, sure enough, they have brownouts, blinks,etc... and no UPS. Is it any wonder they lost the hard drive?
Cost of production isn't the right term; it has more to do with "opportunity cost" and the simple fact that they are unwilling to sell below a certain value. You may think they are wrong, but that's ok.
I have a car to sell, but there's a certain minimum value that I'm unwilling to go below. Sure, there's someone ready to give me 10% of that value, but I think I'll wait.
Granted, opportunity cost usually applies to scarce goods, but I think there is room for an updated model in the virtual world.
Alternative housing developments are a staple of Science Fiction, but any good piece of SciFi is Science first, Fiction second.
Maybe I'm missing what you're trying to say, but I've always thought it was the other way around - the best SciFi uses a smidge of futuristic science to change the environment substantially, to take us into another world... where the fiction part becomes where the main story is told. The technology and science simply serves to change the rules of the environment from what we are accustomed to.
For example, I love Firefly as a SciFi series... but what made it great wasn't the science or technology. The ship was a beat up clunker! (Sorry Serenity!) The magic was the environments created by their technology path - the inner planets, the outer planets... the science experiment that created the Reavers... Who cares about the science that made it all happen? It's a given in the story line, and the story is what's important.
I'm saying there's a lack of evidence, which yes could be a cover-up, or it could be that the nature of the plot was larger than any one person knew about, and too much is being tied together by association that may not fully deserve it. There may be some that were pretty bad, but it's hard to tell how much involvement various parties incurred.
Oh noes! they did business with the Nazi's! Well so did a lot of people until we declared war on them.
I'm not trying to spin it, I have no attachment to the issue at all. I'm just try not to be influenced by the conspiracy spin that's already on it. There's no need for you to enhance that spin. I'm just saying that the truth may be somewhat less than conspiracy maskes it out to be.
Wow, seriously, why not? (Except the pocketting 16 million part). Buy the very best RV that will fit in the cargo plane. If you have to balance the weight, attach some weights, re-trim the outside to look patriotic, attach it to the proper transport pallet and viola!
If they would just do it on the cheap like this, I doubt anyone would care.
Honestly, I think it looks worse in hindsight than the original participants intended - it sounds like a confusing time, combined with a lot of hardship from the depression. Probably most of the "plotters" were doing no more than lobbyists today... Hm.. that makes one pause to think though... and maybe one or two wackos thought they could do more.
Don't forget, the US was founded by men who were guilty of treason!
KDE 4.0 is the starting line, not the finishing line.
See, from the users' point of view and every other project out there, a "point oh" release means you are done with a development cycle, and have a finished release. I don't know why they deviated from this tradition. If this code base was so radically different, it should have been given another name or something.
I actually liked the old kernel naming scheme of x.y.z where if x was odd, it was developmental and if it were even it was stable. By that scheme, KDE 3.5 should have been named KDE 4.0.0 and the new line as 5.0.0 - we would know to expect it to be buggy until KDE 6.0.0
If we could run the entire worlds fleet of cars/buses/planes/trains on biofuels, it would have eventually balance out and have zero effect on atmospheric carbon concentrations.
As Colonel Potter from MASH woud say,
"Horsepucky!"
The current natural process for scrubbing carbon from the air is not keeping up with our emmisions. It doesn't matter if the carbon fuel came from 1 year ago in biofuel or millions of years ago in oil. Either we have to emit less carbon, or we have to scrub more from the air.
I havent seen any indication from biofuels that indicate they can dramatically increase the amount of scrubbing of the atmosphere. Thus, all we do is shift the carbon net carbon production from one source to another, but it solves nothing.
The equation is not balanced - if you could magically make everything run on biofuels and magically create as many biofuel factories as you want, you'd find that demand would outstrip the abilities to produce the fuel.
Carbon neutrality would be great. In fact, all the resources we use should be neutral if we want to preserve the planet... I wish people would stop waving the flag without thinking it through.
Seems to me at the end of the day that files sizes or volume sizes would not add up, especially if you are trying to hide a whole OS. 160 GB drive? Why does it only report 80GB?
Can someone explain how this fact would be hidden?
Re:NAS: Western Digital MyBook World Edition II
on
What NAS To Buy?
·
· Score: 1
The question has come up a few times already, and I have posted about it before, but here we go... I got a WD MyBook WE 2 TB and it was terrible - on long transfers it would hang and I'd have to power cycle the nas to get it to respond again.
It also had somewhat limited functionality compared to a full fledged linux system.
I sent it back and built my own fully functional nas running ubuntu, for under $700, and I'm much more happy with that. I had a hard drive go bad, but WD replaced easily, and I just plugged the new drive back in and rebuilt the array. Easy stuff.
Well, except for the confusion over the drive order being changed in the bios boot order, took me a while to figure out which drive failed. I suppose to remedy this I could go with hot swap drives that have an activity light on them. Oh well.
Slashdot Mirror
The attacker could send you a spam that has a image or link to blah.victim.com
But recall... this vulnerability is only available to someone who has access to the caching server in the first place...
No!
This attack is simply a flood of false answers to a dns query made by either a client or caching server. They *look* like legit answers that beat the actual answer back. Because the legit answer has to be able to get back to the server, the spoofed ones are able to get there too.
The clients are only vulnerable within their own firewalled network; but a resolving server, even behind a firewall, is vulnerable to the Internet at large.
One of the issues was the "Internet Sharing" buzz phrase. If you google that now, you'll find lots of warnings that if you enable this in OSX, it silently starts up a DHCP server.
So does ICS in windows, what's your point? You don't know what you're doing?
The caseless filesystem certainly causes headaches, we had to rename some files in Maia Mailguard due to name clashes that only show up on OSX, and yes we do have one person using it. I guess the other osx server gets lots of spam.
The rsync issues are well known in the mac community, and there are some patched versions available. As with open source, utilize the communities, not Apple support. You may find it's not that bad.
Having said that, I don't use OS X in a server, I prefer Ubuntu. :)
... and that's just exactly the reason people advocate a caseless file system. A folder named templates and another folder named Templates? Are you mad? I'm not really leaning one way or the other wrt caseless fs's, but let's not ask for pain!
That's not quite true. The flaw is in any system that asks a dns question. The attack is to answer that question first. Thus, a patch is needed for client systems too. Firewalls do nothing to prevent the attack, as the attack involves spoofing a legitimate and expected answer to a a question. You may note that MS had a patch for client systems a couple weeks ago... I saw the bind9-host package update in my ubuntu workstation. Even my router, DD-WRT, needed an upgrade.
The risk is minimized, however, because larger caching servers are a much more interesting target,since one hit can then reap many targets at once. My ISP hasn't patched yet, so I set up my own caching servers to bypass theirs. (and I thoroughly tested it!)
I'm a little miffed that my macbook doesn't have a patch yet, but due to my precautions, It can only be attacked from my local network right now. I only hope they get a patch out before I have to leave town. Oh nuts. There's a whole new risk - traveling onto an insecure network...the fun never stops.
Actually, that makes sense to me; the MAC address of the cable modem may not be on the right network layer to take action via IP restrictions - in other words, the router doing the throttling may not see that network layer.
Which is why you should test it
This is an even niftier check
No kidding. I don't run any computers in this house without a UPS. I just gave a computer back to a friend which I had been working on - the hard drive was shot. I asked if he had power problems, sure enough, they have brownouts, blinks,etc... and no UPS. Is it any wonder they lost the hard drive?
You wouldn't write a web app in C++, so why would you want to write it in a language that was designed to replace C++?
Wow, this comment I think wins the Best Java Troll on SlashDot for this month.
That doesn't mean the troll is wrong! ;)
How is "massive concurrency" and the lack of these features compatible?
What I want is massive concurrency in a full scale, disk based, highly available, highly scalable cluster. Can we get that right, please?
Cost of production isn't the right term; it has more to do with "opportunity cost" and the simple fact that they are unwilling to sell below a certain value. You may think they are wrong, but that's ok.
I have a car to sell, but there's a certain minimum value that I'm unwilling to go below. Sure, there's someone ready to give me 10% of that value, but I think I'll wait.
Granted, opportunity cost usually applies to scarce goods, but I think there is room for an updated model in the virtual world.
Alternative housing developments are a staple of Science Fiction, but any good piece of SciFi is Science first, Fiction second.
Maybe I'm missing what you're trying to say, but I've always thought it was the other way around - the best SciFi uses a smidge of futuristic science to change the environment substantially, to take us into another world... where the fiction part becomes where the main story is told. The technology and science simply serves to change the rules of the environment from what we are accustomed to.
For example, I love Firefly as a SciFi series... but what made it great wasn't the science or technology. The ship was a beat up clunker! (Sorry Serenity!) The magic was the environments created by their technology path - the inner planets, the outer planets... the science experiment that created the Reavers... Who cares about the science that made it all happen? It's a given in the story line, and the story is what's important.
Oh noes! they did business with the Nazi's! Well so did a lot of people until we declared war on them.
I'm not trying to spin it, I have no attachment to the issue at all. I'm just try not to be influenced by the conspiracy spin that's already on it. There's no need for you to enhance that spin. I'm just saying that the truth may be somewhat less than conspiracy maskes it out to be.
Wow, seriously, why not? (Except the pocketting 16 million part). Buy the very best RV that will fit in the cargo plane. If you have to balance the weight, attach some weights, re-trim the outside to look patriotic, attach it to the proper transport pallet and viola!
If they would just do it on the cheap like this, I doubt anyone would care.
Honestly, I think it looks worse in hindsight than the original participants intended - it sounds like a confusing time, combined with a lot of hardship from the depression. Probably most of the "plotters" were doing no more than lobbyists today... Hm.. that makes one pause to think though... and maybe one or two wackos thought they could do more.
Don't forget, the US was founded by men who were guilty of treason!
I wondered so much I even followed the link
What? You RTFA? Turn in your /. account this instant!
KDE 4.0 is the starting line, not the finishing line.
See, from the users' point of view and every other project out there, a "point oh" release means you are done with a development cycle, and have a finished release. I don't know why they deviated from this tradition. If this code base was so radically different, it should have been given another name or something.
I actually liked the old kernel naming scheme of x.y.z where if x was odd, it was developmental and if it were even it was stable. By that scheme, KDE 3.5 should have been named KDE 4.0.0 and the new line as 5.0.0 - we would know to expect it to be buggy until KDE 6.0.0
If we could run the entire worlds fleet of cars/buses/planes/trains on biofuels, it would have eventually balance out and have zero effect on atmospheric carbon concentrations.
As Colonel Potter from MASH woud say, "Horsepucky!"
The current natural process for scrubbing carbon from the air is not keeping up with our emmisions. It doesn't matter if the carbon fuel came from 1 year ago in biofuel or millions of years ago in oil. Either we have to emit less carbon, or we have to scrub more from the air.
I havent seen any indication from biofuels that indicate they can dramatically increase the amount of scrubbing of the atmosphere. Thus, all we do is shift the carbon net carbon production from one source to another, but it solves nothing.
The equation is not balanced - if you could magically make everything run on biofuels and magically create as many biofuel factories as you want, you'd find that demand would outstrip the abilities to produce the fuel.
Carbon neutrality would be great. In fact, all the resources we use should be neutral if we want to preserve the planet... I wish people would stop waving the flag without thinking it through.
And you expect any implementation of OOXML to fare any better???? *Spock's one-eyebrow-raise*
I'm still trying to figure out wha this is: $B!V8=6b+F02s}5!!W$G$9!*$*6b$,$"$J$?$N8}:B$K+F0E*$KF~6b$5$l$^$9!*(B
I think Iran would be well aware of an attack, what with all the bombs going off... ;)
Seems to me at the end of the day that files sizes or volume sizes would not add up, especially if you are trying to hide a whole OS. 160 GB drive? Why does it only report 80GB? Can someone explain how this fact would be hidden?
I sent it back and built my own fully functional nas running ubuntu, for under $700, and I'm much more happy with that. I had a hard drive go bad, but WD replaced easily, and I just plugged the new drive back in and rebuilt the array. Easy stuff.
Well, except for the confusion over the drive order being changed in the bios boot order, took me a while to figure out which drive failed. I suppose to remedy this I could go with hot swap drives that have an activity light on them. Oh well.
Ow, my eyes... it burns!