Many here have posted about how the complexity of the "knocking" challenges could be significantly advanced that it would be hard to brute force. Well, this is good and everything, but you have to consider that if you are on a high-traffic site, you don't want the server side to have to be spending a whole lot of resources on determining whether or not a constant stream of incoming SYNs are part of a "knocking" sequence.
I imagine if this caught on there'd be technology to offload this burden onto, but until then it could be hairy for a site trying to do this with a complex challenge and a lot of incoming requests.
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Hmm. Not *precisely* the kind of publicity the Mac folks were probably looking for, but with their marketshare almost any publicity is good publicity. I just think it's cool that all the FBI Infosec guys are on OS X. Makes me feel good about my migration to the platform as well (as soon as Apple posts the much-awaited G5 price adjustment).
I don't quite understand how people are good at mining data off of *nix but not off of a Mac though -- that part didn't make too much sense. I find it hard to believe that the people they were referring to were on OS9, and if they were on OSX then the boxes basically *are* *nix machines...
Flaimbait? Come on, mods -- this was *not* flaimbait. I was merely pointing out that there wouldn't be much harm done in watching the trailer. I guess this *could* be construed as negative, but it wasn't meant to be...
Whatever happened to focusing on *positive* feedback anyway? I guess people read those guidelines as much as they read the articles.:)
Remember, it's only a spoiler if the movie is actually *good*. This one has a huge PTS (potential to suck) rating, with only a moderate PTR (potential to rock). Given those facts, I can afford a peek at what amounts to some backstage stuff usually included on the DVD.
Not that they don't have smart folks to come up with ideas too, but I would keep some of these to yourself and consider proposing them to Google. There could be something in it for you.:)
I for one am dumping (or at least sidelining) my other webmail accounts immediately if "googlemail" has the features I need. When is the last time you saw Google down?
At the moment, they can do little wrong in my eyes, and I thouroughly expect to enjoy anything coming out of their company. I just hope that as they grow into the beast they are sure to become that they don't lose the purity and creativity that sets them apart from the rest.
Improve your Google efficiency: http://www.dmiessler.com/google
I just got this book the other day, as I am about to go to OSX on the desktop (notice I didn't say Mac -- I'm having trouble accepting that I'm joining the cult). Anyway, the book is awesome.
I am particularly interested in learning the keyboard shortcuts and other efficiency-oriented material, and the book is full of this kind of stuff. I'd recommend it to anyone who's going to be spending time on a Ma-- in OS X.
Your need for more specifics I agree with, but the general rule is valid as well. For example, bestiality and group sex may be something you want to hold off on until the kid is somewhat older. How old? Well, that's a good question, and it should be debated. But the point is that there should be some filters for that sort of thing.
Simple -- censorship should exist in *either* world. Filtering for young people and such, fine, but not censorship. Virtual reality should be just that -- a representation of reality.
" I think you mean "Hear, hear!", not "Here, here!""
He was calling attention to his post.:)
(imagine him pointing down at the page while exclaiming, "Here, here!")...furthermore, I think you have too much time on your hands, which, unfortunately, doesn't look good for me since I not only know about your post, but am replying to it.
cp is rock solid for me -- it just doesn't do much more than copy... As we add features and systems become more powerful, problems will come up regardless of the vendor.
The question isn't one of whether or not there are problems, the question is how they are dealt with, and *that* is where the focus should be for a report card like this.
"Not really, they just wanted to rule themselves, like most other peoples on this earth.... They were first claimed by the British, then were turned over to New Zealand, and in 1974 they gained their independence to manage themselves."
I see. Well, that's what I get for taking a cursory glance; thanks for the input.
"The world's first free national wireless grid is no longer with us, after waves from Cyclone Heta swept over Niue's thirty metre cliffs, destroying everything."
A tradgedy, to be sure, but 1. this free wireless network was probably smaller than a few of our free *city* networks, and 2. why is this a separate country in the first place? Admittedly I've only taken a cursory glance at the situation, but it seems like the idea of them being a nation is more *cool* than it is practical or feasible -- especially given the degree to which a cyclone can destroy the place.
"Current theroies as to what may have gone wrong include the possibility that the landers on-board clock is incorrect and that the lander has been transmitting at incorrect times."
Or maybe they're using kilos as their base time unit.:)
The reason the SCO heat is not affecting Linux deployments all that much is simple - most Linux admins are knowledgeable enough to gather that it's only a matter of time before the entire SCO thing blows over. Armed with this knowledge, they are able to make a convincing argument to management that there is nothing to worry about, and any Linux projects on the table are able to move forward as planned.
I am sure there are exceptions, but my guess is that this is the overall trend.
"Actually to be fair, you don't run as the administrator account in XP by default."
As others have noted, yes, you do. The main user you are asked to create when you setup a machine is an admin, and that is the account that most home users use.
He raises good points (I actually read the article), but one thing that OSX will always have over current versions of Windows, however, is the fact that in OSX you don't run as root/admin by default when you start off or create new users.
Until this is fixed, the same attacks will be much more effective against Windows users just because of the rights the current user has on the box.
All software is, and will continue to be for the forseeable future, vulnerable. The question for the users and security people is, "How will company x handle themselves when a vunlerability is discovered in their product?"
This question, and its answer, is the most important issue when deciding who you trust with your data.
Slashdot Mirror
Many here have posted about how the complexity of the "knocking" challenges could be significantly advanced that it would be hard to brute force. Well, this is good and everything, but you have to consider that if you are on a high-traffic site, you don't want the server side to have to be spending a whole lot of resources on determining whether or not a constant stream of incoming SYNs are part of a "knocking" sequence.
I imagine if this caught on there'd be technology to offload this burden onto, but until then it could be hairy for a site trying to do this with a complex challenge and a lot of incoming requests.
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Hmm. Not *precisely* the kind of publicity the Mac folks were probably looking for, but with their marketshare almost any publicity is good publicity. I just think it's cool that all the FBI Infosec guys are on OS X. Makes me feel good about my migration to the platform as well (as soon as Apple posts the much-awaited G5 price adjustment).
I don't quite understand how people are good at mining data off of *nix but not off of a Mac though -- that part didn't make too much sense. I find it hard to believe that the people they were referring to were on OS9, and if they were on OSX then the boxes basically *are* *nix machines...
Last weekend at DefCon?
(checking calendar)
Flaimbait? Come on, mods -- this was *not* flaimbait. I was merely pointing out that there wouldn't be much harm done in watching the trailer. I guess this *could* be construed as negative, but it wasn't meant to be...
:)
Whatever happened to focusing on *positive* feedback anyway? I guess people read those guidelines as much as they read the articles.
Remember, it's only a spoiler if the movie is actually *good*. This one has a huge PTS (potential to suck) rating, with only a moderate PTR (potential to rock). Given those facts, I can afford a peek at what amounts to some backstage stuff usually included on the DVD.
Not that they don't have smart folks to come up with ideas too, but I would keep some of these to yourself and consider proposing them to Google. There could be something in it for you. :)
I for one am dumping (or at least sidelining) my other webmail accounts immediately if "googlemail" has the features I need. When is the last time you saw Google down?
At the moment, they can do little wrong in my eyes, and I thouroughly expect to enjoy anything coming out of their company. I just hope that as they grow into the beast they are sure to become that they don't lose the purity and creativity that sets them apart from the rest.
Improve your Google efficiency:
http://www.dmiessler.com/google
I just got this book the other day, as I am about to go to OSX on the desktop (notice I didn't say Mac -- I'm having trouble accepting that I'm joining the cult). Anyway, the book is awesome.
I am particularly interested in learning the keyboard shortcuts and other efficiency-oriented material, and the book is full of this kind of stuff. I'd recommend it to anyone who's going to be spending time on a Ma-- in OS X.
"who counts as young? filtering for what?"
Your need for more specifics I agree with, but the general rule is valid as well. For example, bestiality and group sex may be something you want to hold off on until the kid is somewhat older. How old? Well, that's a good question, and it should be debated. But the point is that there should be some filters for that sort of thing.
Did you miss the fact that *should" have been *shouldn't* ???
Wow. That was lame...
Simple -- censorship should exist in *either* world. Filtering for young people and such, fine, but not censorship. Virtual reality should be just that -- a representation of reality.
" I think you mean "Hear, hear!", not "Here, here!""
:)
...furthermore, I think you have too much time on your hands, which, unfortunately, doesn't look good for me since I not only know about your post, but am replying to it.
He was calling attention to his post.
(imagine him pointing down at the page while exclaiming, "Here, here!")
cp is rock solid for me -- it just doesn't do much more than copy... As we add features and systems become more powerful, problems will come up regardless of the vendor.
The question isn't one of whether or not there are problems, the question is how they are dealt with, and *that* is where the focus should be for a report card like this.
"Not really, they just wanted to rule themselves, like most other peoples on this earth. ... They were first claimed by the British, then were turned over to New Zealand, and in 1974 they gained their independence to manage themselves."
I see. Well, that's what I get for taking a cursory glance; thanks for the input.
"A tradgedy to be sure,..." ...although not quite as bad as my spelling of tragedy. :(
...perhaps a good reason to seek professional help.
"The world's first free national wireless grid is no longer with us, after waves from Cyclone Heta swept over Niue's thirty metre cliffs, destroying everything."
A tradgedy, to be sure, but 1. this free wireless network was probably smaller than a few of our free *city* networks, and 2. why is this a separate country in the first place? Admittedly I've only taken a cursory glance at the situation, but it seems like the idea of them being a nation is more *cool* than it is practical or feasible -- especially given the degree to which a cyclone can destroy the place.
"Current theroies as to what may have gone wrong include the possibility that the landers on-board clock is incorrect and that the lander has been transmitting at incorrect times."
:)
Or maybe they're using kilos as their base time unit.
The reason the SCO heat is not affecting Linux deployments all that much is simple - most Linux admins are knowledgeable enough to gather that it's only a matter of time before the entire SCO thing blows over. Armed with this knowledge, they are able to make a convincing argument to management that there is nothing to worry about, and any Linux projects on the table are able to move forward as planned.
I am sure there are exceptions, but my guess is that this is the overall trend.
"Local admin is certainly not the same as Domain admin."
True, but the issue doesn't involve a domain. I was referring to the default setup of users on a standard install of a home-use machine.
"It does not have "additional priviledges". You posted one wrong post and you follow up with another. Quit while you are behind."
What part of full admin access doesn't qualify it as "additional priviledges"?
"Actually to be fair, you don't run as the administrator account in XP by default."
As others have noted, yes, you do. The main user you are asked to create when you setup a machine is an admin, and that is the account that most home users use.
He raises good points (I actually read the article), but one thing that OSX will always have over current versions of Windows, however, is the fact that in OSX you don't run as root/admin by default when you start off or create new users.
Until this is fixed, the same attacks will be much more effective against Windows users just because of the rights the current user has on the box.
...it's about *how it's handled*.
All software is, and will continue to be for the forseeable future, vulnerable. The question for the users and security people is, "How will company x handle themselves when a vunlerability is discovered in their product?"
This question, and its answer, is the most important issue when deciding who you trust with your data.