Or it could just keystroke you, as a lot of windows spyware already does. Doesnt matter that your running a vm, your keystrokes are still being processed by windows and thus fair game. Spyware also already takes screenshots, you'd need the vm on screen to interact with it so your screwed there too.
Encrypted between client and server, and then decrypted on the server? You really need end to end encryption, encryption provided by the server operator is just a false sense of security, whats to stop you simply decrypting the data before reading it?
Macs are cheaper than they would be if they had no competition... The reason macs are typically more expensive than generic x86 clones is because there's less competition in their segment. There's a thousand and one makers of x86 clones, but only one that has the apple branding, reputation and the capability to legally run OSX.
Powerdns is good because it's sql backed, which means it uses the existing sql replication facilities and makes it easy to write arbitrary frontends to it.
When i used djbdns i used HTTPS, with the data file downloaded every day... It worked on 2 stages, first downloaded a timestamp file, compared it to its locally stored timestamp and if it was different, download the full (much larger) dns datafile. There's also no reason the HTTPS server needs to be a DNS server, it could be a completely seperate machine and it only needs to permit traffic from the leaf dns servers.
Depends on their level of success... Had Hitler been successful in his ultimate plans then there wouldn't be any jews left to be extreme. Hitler even killed people who were *suspected* of being jews.
That's stupid... More clients = more congestion... More traffic = more congestion... More traffic from different networks on the same channel = more congestion... Cloaked networks still generate traffic and congest the channel they're using.
I can see 6 open access points from here, 3 of them are uselessly slow because they're congested with users and all on the same channel. Also when setting up your own access point, it's due diligence to determine what other access points are around you, including cloaked ones, and what channels they are on.
That's pure laziness... I'm not exactly sure what it means by word95 linebreaks, but i imagine it's something like the amount of space between lines, or the height of blank line etc (some apps treat a completely blank line as slightly smaller than a line containing characters)...
In which case, there only needs to be simple tags to define the size of linebreaks or blanklines in a standard measurement (eg points), this could recur wherever the size needs to be changed...
If you are trying to convert something to word95 format, you can simply convert whatever the current document is to it's word95 equivalent (assuming word95 is capable of doing what your doing)... That way, even if your document was created in a newer app, you can still convert it to word95 format and have it look as close as word95 is capable of. Using the microsoft way, if you created the document in a new version then it would look broken if loaded into word 95 (which is probably intentional, they dont want people to continue using old apps).
Microsoft's products have become so widespread that people no longer talk about spreadsheets, they now specifically say "excel spreadsheets"... They could argue that the program names have become genericised. Look at the company Hoover that became synonymous with vacuum cleaners,
Tho the site looks somewhat broken... I used to use VistaLite and VistaPro on the Amiga back in the days. It started out as just Vista, then as it got more features it was renamed VistaPro but the extra features meant it wouldn't run on most standard Amigas, and thus VistaLite was born as a stripped down version requiring much less memory. Wikipedia has a brief article on it: http://en.wikipedia.org/wiki/VistaPro
They know it's a bad spec which doesn't deserve standardisation... Most of their products are bad products which don't deserve purchasing... Since when have microsoft thought twice about forcing something half assed onto their long suffering customers?
Why does the FORMAT need to support things like this? Surely the CONVERTER when converting to/from old formats must know how these buggy old apps handled things like line breaks, and represent this behaviour using the new format. If converting back, it can make the appropriate changes in reverse. It is utterly nonsensical to have kludges for all these buggy old apps in a new format, and will just make the new format unnecessarily bloated and difficult to parse.
You want a clean format spec, that handles all the necessary formatting in a clean portable way... And a large bloated buggy conversion tool that turns all these old crufty formats into modern representations of the same data. That way once the old formats have finally died off, you can rid yourself of all the klunky conversion code.
Nazi Germany would have been very bad for any jews had Hitler not been stopped. Had he been successful invading the UK and USSR he would only have continued to other countries, executing any jews he found there.
Well sure djbdns is not perfect for all scenarios, i never said it was... I was responding to a poster who said msdns was more secure because it's had one exploit, i countered that based on number of exploits djbdns is more secure. Yes number of exploits is a flawed metric, i was simply responding to the poster. I then pointed out that other things mattered too, like what else runs on the dns server box, and how you can mitigate the damage a vulnerability could cause.
Dynamic dns clients are not a good idea, letting your dhcp clients set arbitrary dns records is a horrible thing to do... Give all your IPs static hosts like dhcp-192.168.1.12.yourdomain.com etc.
As for having to use rsync/ssh, is that really necessary? You can use a pull-only system, authenticated https perhaps. Compromise a leaf dns server, all you can do is steal the zone data (which you had anyway). And for many internet facing domains there are very few changes ever taking place, just a couple of hosts and an mx record.
As for incremental updates, i like the powerdns way of using sql replication.
You can find them all quite easily... Search for the company name, assuming all the blocks are registered to the same company... Look at the routes being advertised by your AS number...
Updates and new software installs should only force you to reboot if there are kernel changes being made, possible with updates but highly unlikely with third party apps... And you were still forced to reboot for another unspecified reason?
Since upgrading my mac to Leopard, i have rebooted once for the 10.5.1 update, which updated the kernel.
Interesting those people unable to use OOo due to their scripts, are usually due to the scripts being in a proprietary language rather than OOo lacking equivalent capability. OOo has very good scripting support, with support for at least 3 real languages (plus one oo specific language) and the ability to reasonably easily parse the files outside of the oo application.
If you had lots of scripts in OO, it would be even harder to migrate to MS.
True, and Bind has had many more vulnerabilities. But going purely on vulnerabilities, we should probably all be running djbdns.
But what is also important to consider is what requirements a given dns server has and assuming that there will be vulnerabilities in the dns implementation, what you can do to mitigate it.
Windows DNS requires RPC (which was the cause of the vulnerability as you point out) and requires many other default windows components, many of which are difficult/impossible to remove and have no valid reason to be on a dns server. Bind by contrast has very few other requirements, and is often found on small embedded systems.
Windows DNS only runs on windows, of which there are a relatively small number of versions (for purposes of calculating offsets when exploiting buffer overflows and the like) current versions run on only 3 (x86, x86-64, itanium) hardware platforms. Bind runs on virtually any OS, and subsequently on many different types of hardware too.
Windows DNS usually runs as SYSTEM (can it run as any other user?), Bind can be run inside of a chroot and usually runs as an unprivileged user, and this is the default on some systems.
It is a small step forwards... In the future IPv6 will be more common, and addresses are assigned based on the mac address so sequential IP scanning will become worthless.
But sure your right that kiddies and worms just scan large ipblocks not caring about dns...
So forget bind... Djbdns is a smaller much simpler DNS server with a simple config syntax (and simple./add-host blah.com 1.2.3.4 type scripts) Powerdns has a smaller featureset, but lets you serve dns records from an sql database and some other neat stuff
There was also an ultra simple dns server i saw which simply used a file format like/etc/hosts, but i forget what this program was called...
Bind's configs are perhaps more awkward than they need to be, but there are also several frontends to bind that can shield you from the config, i'm sure many gui driven apps store their config in formats which are even harder to edit by hand than bind's.
The advantage of open source is that you have choice, you are not forced to use something that has verbose and anally-retentive configs. There are many alternatives for all kinds of different purposes.
When you bring up dumb/lazy staff, it is dumb/lazy people who are at fault for most things, and even if you give them something simple and intuitive they can still screw it up. Instead what we really need to do is make sure that people doing jobs where they need to run internet connected systems are suitably competent.
Pushed to it's ultimate ends, they could end up turning the west into a nazi style dictatorship, run by someone like Hitler who has decided that muslims are to blame for everything in the same way hitler blamed jews. I doubt al-qaeda would be very happy with this eventuality, with such a powerful well armed force aiming to exterminate them all.
Because someone will have read your conversation, seen what you were trying to do and discarded it.
Or it could just keystroke you, as a lot of windows spyware already does.
Doesnt matter that your running a vm, your keystrokes are still being processed by windows and thus fair game.
Spyware also already takes screenshots, you'd need the vm on screen to interact with it so your screwed there too.
Encrypted between client and server, and then decrypted on the server? You really need end to end encryption, encryption provided by the server operator is just a false sense of security, whats to stop you simply decrypting the data before reading it?
Unfortunately they're very good at it... And their poor knockoffs of Apple's (and other companies) products tend to sell better than the originals.
Macs are cheaper than they would be if they had no competition...
The reason macs are typically more expensive than generic x86 clones is because there's less competition in their segment. There's a thousand and one makers of x86 clones, but only one that has the apple branding, reputation and the capability to legally run OSX.
Powerdns is good because it's sql backed, which means it uses the existing sql replication facilities and makes it easy to write arbitrary frontends to it.
When i used djbdns i used HTTPS, with the data file downloaded every day... It worked on 2 stages, first downloaded a timestamp file, compared it to its locally stored timestamp and if it was different, download the full (much larger) dns datafile.
There's also no reason the HTTPS server needs to be a DNS server, it could be a completely seperate machine and it only needs to permit traffic from the leaf dns servers.
Depends on their level of success... Had Hitler been successful in his ultimate plans then there wouldn't be any jews left to be extreme. Hitler even killed people who were *suspected* of being jews.
That's stupid...
More clients = more congestion...
More traffic = more congestion...
More traffic from different networks on the same channel = more congestion...
Cloaked networks still generate traffic and congest the channel they're using.
I can see 6 open access points from here, 3 of them are uselessly slow because they're congested with users and all on the same channel.
Also when setting up your own access point, it's due diligence to determine what other access points are around you, including cloaked ones, and what channels they are on.
That's pure laziness...
I'm not exactly sure what it means by word95 linebreaks, but i imagine it's something like the amount of space between lines, or the height of blank line etc (some apps treat a completely blank line as slightly smaller than a line containing characters)...
In which case, there only needs to be simple tags to define the size of linebreaks or blanklines in a standard measurement (eg points), this could recur wherever the size needs to be changed...
If you are trying to convert something to word95 format, you can simply convert whatever the current document is to it's word95 equivalent (assuming word95 is capable of doing what your doing)... That way, even if your document was created in a newer app, you can still convert it to word95 format and have it look as close as word95 is capable of. Using the microsoft way, if you created the document in a new version then it would look broken if loaded into word 95 (which is probably intentional, they dont want people to continue using old apps).
Microsoft's products have become so widespread that people no longer talk about spreadsheets, they now specifically say "excel spreadsheets"... They could argue that the program names have become genericised. Look at the company Hoover that became synonymous with vacuum cleaners,
And we already have an "Open Office" XML based document format, didn't stop microsoft creating "Office Open"...
There was also a graphics program called vista for generating landscapes...
Version 4 is still available, see:
http://www.vendornation.com/*ws4d-db-query-QuickShow?vp001
Tho the site looks somewhat broken...
I used to use VistaLite and VistaPro on the Amiga back in the days. It started out as just Vista, then as it got more features it was renamed VistaPro but the extra features meant it wouldn't run on most standard Amigas, and thus VistaLite was born as a stripped down version requiring much less memory.
Wikipedia has a brief article on it:
http://en.wikipedia.org/wiki/VistaPro
They know it's a bad spec which doesn't deserve standardisation...
Most of their products are bad products which don't deserve purchasing...
Since when have microsoft thought twice about forcing something half assed onto their long suffering customers?
Why does the FORMAT need to support things like this?
Surely the CONVERTER when converting to/from old formats must know how these buggy old apps handled things like line breaks, and represent this behaviour using the new format. If converting back, it can make the appropriate changes in reverse. It is utterly nonsensical to have kludges for all these buggy old apps in a new format, and will just make the new format unnecessarily bloated and difficult to parse.
You want a clean format spec, that handles all the necessary formatting in a clean portable way...
And a large bloated buggy conversion tool that turns all these old crufty formats into modern representations of the same data. That way once the old formats have finally died off, you can rid yourself of all the klunky conversion code.
Nazi Germany would have been very bad for any jews had Hitler not been stopped. Had he been successful invading the UK and USSR he would only have continued to other countries, executing any jews he found there.
Well sure djbdns is not perfect for all scenarios, i never said it was... I was responding to a poster who said msdns was more secure because it's had one exploit, i countered that based on number of exploits djbdns is more secure.
Yes number of exploits is a flawed metric, i was simply responding to the poster.
I then pointed out that other things mattered too, like what else runs on the dns server box, and how you can mitigate the damage a vulnerability could cause.
Dynamic dns clients are not a good idea, letting your dhcp clients set arbitrary dns records is a horrible thing to do... Give all your IPs static hosts like dhcp-192.168.1.12.yourdomain.com etc.
As for having to use rsync/ssh, is that really necessary?
You can use a pull-only system, authenticated https perhaps. Compromise a leaf dns server, all you can do is steal the zone data (which you had anyway). And for many internet facing domains there are very few changes ever taking place, just a couple of hosts and an mx record.
As for incremental updates, i like the powerdns way of using sql replication.
You can find them all quite easily...
Search for the company name, assuming all the blocks are registered to the same company...
Look at the routes being advertised by your AS number...
Updates and new software installs should only force you to reboot if there are kernel changes being made, possible with updates but highly unlikely with third party apps...
And you were still forced to reboot for another unspecified reason?
Since upgrading my mac to Leopard, i have rebooted once for the 10.5.1 update, which updated the kernel.
Interesting those people unable to use OOo due to their scripts, are usually due to the scripts being in a proprietary language rather than OOo lacking equivalent capability.
OOo has very good scripting support, with support for at least 3 real languages (plus one oo specific language) and the ability to reasonably easily parse the files outside of the oo application.
If you had lots of scripts in OO, it would be even harder to migrate to MS.
Well, surely selling a computer program that stores data in a proprietary format is also lock-in, and should also be illegal in Germany...
True, and Bind has had many more vulnerabilities. But going purely on vulnerabilities, we should probably all be running djbdns.
But what is also important to consider is what requirements a given dns server has and assuming that there will be vulnerabilities in the dns implementation, what you can do to mitigate it.
Windows DNS requires RPC (which was the cause of the vulnerability as you point out) and requires many other default windows components, many of which are difficult/impossible to remove and have no valid reason to be on a dns server. Bind by contrast has very few other requirements, and is often found on small embedded systems.
Windows DNS only runs on windows, of which there are a relatively small number of versions (for purposes of calculating offsets when exploiting buffer overflows and the like) current versions run on only 3 (x86, x86-64, itanium) hardware platforms. Bind runs on virtually any OS, and subsequently on many different types of hardware too.
Windows DNS usually runs as SYSTEM (can it run as any other user?), Bind can be run inside of a chroot and usually runs as an unprivileged user, and this is the default on some systems.
It is a small step forwards...
In the future IPv6 will be more common, and addresses are assigned based on the mac address so sequential IP scanning will become worthless.
But sure your right that kiddies and worms just scan large ipblocks not caring about dns...
So forget bind... ./add-host blah.com 1.2.3.4 type scripts)
/etc/hosts, but i forget what this program was called...
Djbdns is a smaller much simpler DNS server with a simple config syntax (and simple
Powerdns has a smaller featureset, but lets you serve dns records from an sql database and some other neat stuff
There was also an ultra simple dns server i saw which simply used a file format like
Bind's configs are perhaps more awkward than they need to be, but there are also several frontends to bind that can shield you from the config, i'm sure many gui driven apps store their config in formats which are even harder to edit by hand than bind's.
The advantage of open source is that you have choice, you are not forced to use something that has verbose and anally-retentive configs. There are many alternatives for all kinds of different purposes.
When you bring up dumb/lazy staff, it is dumb/lazy people who are at fault for most things, and even if you give them something simple and intuitive they can still screw it up. Instead what we really need to do is make sure that people doing jobs where they need to run internet connected systems are suitably competent.
Pushed to it's ultimate ends, they could end up turning the west into a nazi style dictatorship, run by someone like Hitler who has decided that muslims are to blame for everything in the same way hitler blamed jews. I doubt al-qaeda would be very happy with this eventuality, with such a powerful well armed force aiming to exterminate them all.
I'm sure all those with firsthand experience are busy complaining about it right now, on slashdot.cn.