Then how do you configure systems which are part of a domain to only support kerberos? I've _NEVER_ seen a setup where hash passing didn't work..
Also in 99% of cases, if you take the local hash from one workstation it works on all the others (built from the same image) anyway, tho this is admittedly due to poor configuration.
There really is no excuse for a hash to be usable as a password equivalent under any circumstances, this completely defeats the point of storing it hashed in the first place.
They still use NTLM, that is their strongest hash type... Lanman is the even weaker one that was disabled by default in vista.
Kerberos is only used in an active directory setup, and only seems to be used when a user logs in on a workstation to initially authenticate to the domain, it still seems to use ntlm for virtually everything else and i've never seen it configured differently.
The common argument against open source is the requirement to have someone who knows how to run it (but this applies to anything), using a hosted service solves that at the expense of flexibility. If you have staff on hand who are capable of modifying sourcecode than chances are you already have people capable of running the server, and so a hosted service isn't your best choice.
OSS is a no brainer for a decent hosting provider, it scales financially (no extra software costs as you get more customers), and you can modify it to integrate with your existing hosting environment (assuming you host other things too). If you are buying a hosted service chances are you don't have any intention to change the source.
While it makes sense to have outlook support without requiring a plugin, they don't have native activesync support so you now need a plugin on many types of phone handsets... Last i checked, the funambol plugin was quite sucky... And sure an iphone will sync using caldav/carddav/imap but it won't do push email and you can't remote wipe the device this way...
Zarafa has free activesync support... Support for outlook is usually non free because they have to pay a per seat license fee to microsoft in order to write a plugin to outlook...
OpenChange seems to be a layer for implementing the proprietary exchange protocols used by outlook, so how difficult would it be to make openchange talk to the free versions of these other projects instead of having a plugin on the client?
A rainbow table wouldn't be feasible against crypt() because the passwords are salted... Rainbow tables are typically used against hashes which do not use salts, like plain md5 (commonly used in webapps, modern unixes can use bsd-md5 which is salted), lanman/ntlm (as used by windows, lanman is deprecated) etc..
MS still don't get it, google for "pass the hash"... It doesn't matter how strong your password or encryption is if you can authenticate using the hash.
The old unix crypt function (using DES encryption) has always been case sensitive, although it is limited to 8 characters... If the password is case insensitive that sounds more like LANMAN, an old password hashing function used by older versions of windows (still enabled by default in 2003 and earlier).
Having a closed environment just means that there will be less cheaters, and many people who think cheating is impossible... People will still cheat, and those who do will be much harder to spot than they would be otherwise.
Newer games also force you to play on manufacturer supplied servers, older games let you run your own servers so you could create your own server and invite your trusted friends onto it and have a cheat-free experience.
The PS3 was actually the last platform to be cracked, people have been pirating games on all the other platforms for a long time. By your reckoning, the PS3 would be the only platform for which any games have been released in the last 4 years.
The point of DRM is not to stop serious cracking groups, its to stop casual copying such as kids someone making a copy for their schoolfriends.
While the 360 is far less commonly used for homebrew, drive patches are extremely widely used for piracy... So they have all of the "bad" modders and none of the "good" ones...
They sold you the PS3 on the basis that it can run linux, play games and access psn... If you want to continue running linux, you lose the ability to play newer games as well as access psn. It used to be possible to do all of these things and i bought a ps3 (the original model with ps2 hardware) on that basis. Now if i want to keep all the features i originally bought the ps3 for, i have to jailbreak it.
Telnet, FTP, POP and IMAP will give someone sniffing the network access to the user and password you are using to connect to the service...
Wether that is a root login or some other user is by the by. Someone could easily be using their root password via FTP and that would be just as dangerous as doing it over Telnet.
Ofcourse it all depends on what the service is used for, a telnet service doesn't have to require authentication or provide a shell. It might simply provide a screen full of information, or an ascii version of starwars.. Similarly, unencrypted HTTP is perfectly fine for anonymous distribution of information.
Whats wrong with telnet as a client? Netcat implementations often don't indicate wether a TCP connection has been established or not (or require extra parameters), which is why i generally use telnet for such things. Also telnet is present on virtually any os and most other network devices, netcat not so much.
The telnet *client* is extremely useful to talk raw protocol to a service, very good for debugging etc...
Running a telnet service on the other hand, is sadly still very common... Lots of networking equipment these days still only has telnet and no ssh support... Even where SSH support is available, sometimes only telnet is enabled by default, sometimes ssh costs extra etc... And there are plenty of people who are used to using telnet and won't consider anything else regardless of what benefits it might provide.
Also, windows still only comes with a telnet client, probably the last os that doesn't include ssh by default - which also makes ssh more troublesome to use from some random workstation.
They should also filter searches for other things that are used to facilitate copyright infringement...
FTP, IRC and HTTP - all have been used for downloading warez a lot longer than bittorrent or rapidshare. Microsoft & Windows - the most popular platform both in terms of being copied, and in terms of being used by those that do the copying (far less linux users use warez, because there is far less software for linux that its even possibly to acquire this way). Any form of commercially sold media - if everything were given away freely, there would be no "pirates"... And dont forget anything to do with ships or seafaring, pirates need ships...
Font sizes are specified in points (72 points = 1 inch) not pixels, why would a high dpi screen be a problem? The text should be the same physical size, but consist of more pixels (ie be smoother) on a high dpi screen.
Some of this is also down to new drivers or those with low confidence driving quite slowly, also drink drivers tend to drive slowly through a combination of fear that they will crash, plus the quite ridiculous idea that by driving very slowly they will attract less police attention.
But you are already broadcasting a unique ID optically whenever you drive a car in the form of your license plate, and traffic management authorities already have the technology to record license plates.
It's unlikely spammers would want to pay a penny per 100 mails, when they can use compromised boxes to send thousands for free... Spam has a very low hit rate, if you send out a million mails maybe a small handful of them will achieve the desired result, the rest will either be ignored, bounce, or get deleted by filters.
Ubuntu is so simple that my mother (and grandmother) can figure it out yet it foils scores of long time computer users...
Why? Because those users have preconceptions about how they think things are supposed to work, and they try to apply those preconceptions to something different which either results in it working badly or not at all. People hate learning anything new, wether the new option is better or not is largely irrelevant.
My grandmother has driven manual shift cars for over 50 years, she can't drive an automatic, despite the fact that an automatic is undeniably easier (simply less to worry about)... She instinctively goes for the clutch with her left foot, and hits the brake instead.
Then how do you configure systems which are part of a domain to only support kerberos? I've _NEVER_ seen a setup where hash passing didn't work..
Also in 99% of cases, if you take the local hash from one workstation it works on all the others (built from the same image) anyway, tho this is admittedly due to poor configuration.
There really is no excuse for a hash to be usable as a password equivalent under any circumstances, this completely defeats the point of storing it hashed in the first place.
They still use NTLM, that is their strongest hash type... Lanman is the even weaker one that was disabled by default in vista.
Kerberos is only used in an active directory setup, and only seems to be used when a user logs in on a workstation to initially authenticate to the domain, it still seems to use ntlm for virtually everything else and i've never seen it configured differently.
The common argument against open source is the requirement to have someone who knows how to run it (but this applies to anything), using a hosted service solves that at the expense of flexibility.
If you have staff on hand who are capable of modifying sourcecode than chances are you already have people capable of running the server, and so a hosted service isn't your best choice.
OSS is a no brainer for a decent hosting provider, it scales financially (no extra software costs as you get more customers), and you can modify it to integrate with your existing hosting environment (assuming you host other things too). If you are buying a hosted service chances are you don't have any intention to change the source.
While it makes sense to have outlook support without requiring a plugin, they don't have native activesync support so you now need a plugin on many types of phone handsets... Last i checked, the funambol plugin was quite sucky...
And sure an iphone will sync using caldav/carddav/imap but it won't do push email and you can't remote wipe the device this way...
A unix mail server will usually work out of the box for simple use (ie one domain, add users to the os)...
Zarafa has free activesync support...
Support for outlook is usually non free because they have to pay a per seat license fee to microsoft in order to write a plugin to outlook...
OpenChange seems to be a layer for implementing the proprietary exchange protocols used by outlook, so how difficult would it be to make openchange talk to the free versions of these other projects instead of having a plugin on the client?
A rainbow table wouldn't be feasible against crypt() because the passwords are salted... Rainbow tables are typically used against hashes which do not use salts, like plain md5 (commonly used in webapps, modern unixes can use bsd-md5 which is salted), lanman/ntlm (as used by windows, lanman is deprecated) etc..
MS still don't get it, google for "pass the hash"... It doesn't matter how strong your password or encryption is if you can authenticate using the hash.
The old unix crypt function (using DES encryption) has always been case sensitive, although it is limited to 8 characters... If the password is case insensitive that sounds more like LANMAN, an old password hashing function used by older versions of windows (still enabled by default in 2003 and earlier).
Having a closed environment just means that there will be less cheaters, and many people who think cheating is impossible... People will still cheat, and those who do will be much harder to spot than they would be otherwise.
Newer games also force you to play on manufacturer supplied servers, older games let you run your own servers so you could create your own server and invite your trusted friends onto it and have a cheat-free experience.
The PS3 was actually the last platform to be cracked, people have been pirating games on all the other platforms for a long time. By your reckoning, the PS3 would be the only platform for which any games have been released in the last 4 years.
The point of DRM is not to stop serious cracking groups, its to stop casual copying such as kids someone making a copy for their schoolfriends.
While the 360 is far less commonly used for homebrew, drive patches are extremely widely used for piracy... So they have all of the "bad" modders and none of the "good" ones...
They sold you the PS3 on the basis that it can run linux, play games and access psn...
If you want to continue running linux, you lose the ability to play newer games as well as access psn. It used to be possible to do all of these things and i bought a ps3 (the original model with ps2 hardware) on that basis. Now if i want to keep all the features i originally bought the ps3 for, i have to jailbreak it.
Telnet, FTP, POP and IMAP will give someone sniffing the network access to the user and password you are using to connect to the service...
Wether that is a root login or some other user is by the by. Someone could easily be using their root password via FTP and that would be just as dangerous as doing it over Telnet.
Ofcourse it all depends on what the service is used for, a telnet service doesn't have to require authentication or provide a shell. It might simply provide a screen full of information, or an ascii version of starwars.. Similarly, unencrypted HTTP is perfectly fine for anonymous distribution of information.
Whats wrong with telnet as a client?
Netcat implementations often don't indicate wether a TCP connection has been established or not (or require extra parameters), which is why i generally use telnet for such things. Also telnet is present on virtually any os and most other network devices, netcat not so much.
The telnet *client* is extremely useful to talk raw protocol to a service, very good for debugging etc...
Running a telnet service on the other hand, is sadly still very common... Lots of networking equipment these days still only has telnet and no ssh support... Even where SSH support is available, sometimes only telnet is enabled by default, sometimes ssh costs extra etc... And there are plenty of people who are used to using telnet and won't consider anything else regardless of what benefits it might provide.
Also, windows still only comes with a telnet client, probably the last os that doesn't include ssh by default - which also makes ssh more troublesome to use from some random workstation.
They should also filter searches for other things that are used to facilitate copyright infringement...
FTP, IRC and HTTP - all have been used for downloading warez a lot longer than bittorrent or rapidshare.
Microsoft & Windows - the most popular platform both in terms of being copied, and in terms of being used by those that do the copying (far less linux users use warez, because there is far less software for linux that its even possibly to acquire this way).
Any form of commercially sold media - if everything were given away freely, there would be no "pirates"...
And dont forget anything to do with ships or seafaring, pirates need ships...
No pasting in safari? I've been browsing slashdot for months with safari and never noticed this, i use cut+paste quite regularly.
How high resolution and what size physical screen? Resolution isn't really relevant, DPI is...
Font sizes are specified in points (72 points = 1 inch) not pixels, why would a high dpi screen be a problem?
The text should be the same physical size, but consist of more pixels (ie be smoother) on a high dpi screen.
Some of this is also down to new drivers or those with low confidence driving quite slowly, also drink drivers tend to drive slowly through a combination of fear that they will crash, plus the quite ridiculous idea that by driving very slowly they will attract less police attention.
But you are already broadcasting a unique ID optically whenever you drive a car in the form of your license plate, and traffic management authorities already have the technology to record license plates.
It's unlikely spammers would want to pay a penny per 100 mails, when they can use compromised boxes to send thousands for free...
Spam has a very low hit rate, if you send out a million mails maybe a small handful of them will achieve the desired result, the rest will either be ignored, bounce, or get deleted by filters.
Ubuntu is so simple that my mother (and grandmother) can figure it out yet it foils scores of long time computer users...
Why? Because those users have preconceptions about how they think things are supposed to work, and they try to apply those preconceptions to something different which either results in it working badly or not at all. People hate learning anything new, wether the new option is better or not is largely irrelevant.
My grandmother has driven manual shift cars for over 50 years, she can't drive an automatic, despite the fact that an automatic is undeniably easier (simply less to worry about)... She instinctively goes for the clutch with her left foot, and hits the brake instead.