Yes and no. If you do the packet injection after the SSL session is negotiated, yes (since you'll no longer be able to read the HTTP get or post). If you do the packet injection before the SSL session is negotiated (and setup your own SSL session with your own self-signed certificate), no.
Someone correct me if I'm wrong, but I believe the way it works is to hijack the TCP connection. If you can do that, you can take over anything (though obviously authentication schemes will still blow up and complain about wrong authentication).
Or is Craigs List the ghetto of the internet? It's always appeared to be fairly trashy to me with it's ugly ameturish interface and rampant crappy advertising.
That's like saying fire gives off heat, and my body gives off heat. Fire damages all IC based products, so over time the heat from my body might cause damage to the memory.
Instead of spending all this money on one site whose solution is worse than our current problem, we should be spending it to make sure the sites we have are made more secure.
This isn't a solution to the long term problem. The waste needs to be secure for several hundred, or thousand years (I'm not realy sure which). That's just too monumental a task to maintain this mass of storage sites that are near population centers for that long, that aren't geologically suited for long-term storage. It's possible that the transportation plans aren't well thought out (I really haven't researched the topic). But it seems quite obvious to me that you just simply have to devise a permanent storage area for this waste.
If we didn't produce enough nuclear weapons to counter Soviet aggression and expansionism, pollution was going to be the least of our problems.
Yah, we'd only be able to destroy the Soviet Union 4 times over instead of 8 times over. I'm sure the extra destructive capability was such a greater deterrant than what we already had.
Do you honestly think the Soviets would attack us, knowing they'd still have their country destroyed? An H-bomb going off in each of your major cities will destroy your civilization overnight. More destructive capability doesn't really increase that fear.
Actually I almost wonder if the whole thing isn't a publicity stunt. It certainly has increased the media coverage of an album release that otherwise would have had about none. I for one would have had no idea U2 has released another album.
What choice do they have if it gets to P2P before any other channel? If they didn't release it on iTunes the ONLY way to get it would be illegally through P2P. Many people that would have just bought the album (given no other choice) would take that route. On the other hand if they release it on iTunes you capture part of that DL market. They were obviously already going to release it on iTunes at a later date, so there's no compromise of distributor deals, etc.
In other words you can either compete with the black market, or just roll over and play dead. U2 has decided to compete.
Perhaps it will take a century or more for history to truly appreciate the scope of that they did.
I hope the engineers who actually did most of the work will be the ones appreciated. It's easy to credit Armstrong, Aldrin, and Collins, but I just don't put them in the same category as the great explorers like Magellan or Columbus (though I'm not certain Columbus deserves all that much praise based on his behavior and motivations). If you're talking great hero, look at Ernest Shackleton who was shipwrecked along with his crew on the antarctic from 1914-1916. He and all his men survived an almost unimaginable journey.
That's not to say there's anything wrong with Astronauts, they just aren't the great men and great heroes that people make them out to be.
Speculation is great and all, but don't treat it like it's anything near facts. I think it has a lot to say about business owners attitudes toward the convention, but I'm not sure it says anything about what will actually happen.
The business owners may know their business, but I'll bet you they have absolutely no experience about how political conventions affect their business.
If they did, then you're entitled by sec. 3C to pass that offer along, but if they didn't then you'd better have burned your friend the SRPM CDs as well.
Redhat is also bound by the GPL, so they have to provide source code. If they don't, they're violating the GPL. If Redhat goes out of business you're right, you'd be obligated to provide source code (or find someone else that does).
In this case though, unless these subscriptions are transferrable (which they appear to not be) then it is not enough to just say "get it from this company" because that company will not give it to them.
No, actually they WILL give it to you, they'll just charge you $20 to become a subscriber, or $50 for a CD. As others have pointed out, you don't have any obligation to provide the source for free.
The sites that have reposted the seavsoft binaries without offering source are violating the GPL
No, you only have to offer source code if you've modified the code. If I download a redhat install disk, then give it to my friend I'm not violating the GPL by not providing him with source code.
It's not a new scheme, it's been around for years. I do agree with you that it's a stupid practice though. Mostly I think they do it because they can. Once you've graduated to multiple processors the vendors figure you're living in the big leagues and you won't mind paying the big bucks.
but you'll never see a company like Redhat do this
Only because Redhat doesn't have a big pile of money sitting around doing nothing. If they did Redhat would invest the money in product development, another company, etc. It's not neccessarily a healthy thing that MS can't think of anything better to do with the money.
This seems like just a way to make the stock price rise. Someone correct me if I'm wrong, but:
1. Give away a big one time dividend (stock is immeidately worth that much more/share).
2. Buy back your shares, increasing demand for them, thus increasing the value.
3. Buy back your shares, creating less total shares (since I'd assume the shares would no longer be outstading shares and not traded), thus increasing the value of each share.
It's interesting, but kinda weird. As another poster said, they couldn't figure out what else to do with the big pile of money they had sitting around.
Why would you need higher resolution in a video camera, anyways?
Because video camera resolution stinks? He's shooting a movie, as in maybe he wants to show it on a big screen and not have it look like a crappy TV show?
I think the key is that useage of the added capacity will grow more slowly. Sure some people will have p2p apps that soak up a lot of bandwidth, but the majority of people won't use up all that capacity right away. It'll take time for people to find uses for all the extra capacity. So at least in theory the growth of the backbones can happen more slowly.
If you're not bouncing mail that landed in the catchall address, you are not being used as a "bounce relay" for that mail.
Your SMTP server should never bounce anything it doesn't accept in the first place. You shouldn't be accepting mail for addresses you can't deliver to. If you have an intermediary SMTP server it's a different story of course. OTOH, if you reject that mail to the (forged by virus) sender, there is a chance the non-sender will open it and become infected with the virus.
True, but as I said in another post I doubt the virus would bother to bounce the message.
Not usually. Unless the receiving computer accepted the mail it's up to the sending computer to decide what to do with the mail at that point. The virus software isn't going to bother to send the bounce message, and neither will a spammers software.
No, it's not a good idea. Looking through my mail server (and other mail servers I administer) I've seen A LOT of attempts by spammers to harvest email addresses by just trying a lot of common names on the domain (and some strange not so common addresses). If you had a wildcard address, you'd get all that spam to that box.
With no wildcard email address if people miss-spell a name on your domain, they'll get a prompt bounce message (and they'll probbably figure out the miss-spelling). With a wildcard they'll never figure out the miss-spelling, and may continue to use that wrong address.
There's also the problem of auto-generated virus bounce messages from other peoples servers. Most viruses lie about their from address, and can even make up a @yourdomain.tld. If you had a wildcard all those erroneous "you sent a virus" messages would go to your wildcard box instead of just bouncing.
Unless you want an account that's deluged with spam and like wading through it every so often on the off-chance someone sent a message to admin or postmaster, I'd not create a wildcard box.
If you're really curious, or paranoid reverse engineering the compiled code is difficult, but nowhere near impossible. People have certainly done it and released their own modified (but unauthorized) clients for the distributed.net RC5 project.
The risk of being caught doing h-bomb@home is too great. There's an enormous amount of trust placed upon individual clients. Imagine if someone found out, they could possibly screw up your results in some clever or subtle manor through modifying your client and submitting erroneous results. You'd also be giving out free code to anyone who wants to do their own h-bomb/bioweapon, etc simulation.
One yardstick might be people who take off-the-cuff remarks that are supposed to be humourous and pick them apart as if they were hard logical statements written in textbooks.
Uhh.. huh? Do you start out with the assumption that people are a danger to themselves or others, then require people to disprove that? He didn't SAY anything indicating he was dangerous, therefore we assume he ISN'T, get it?
2) I have read that cell companies say that the phones would confuse the cell network due to being able to "see" so many towers. I don't buy that as I have used my cell on top of a 250ft tower on top of a tall mountain well within the range of at least 10 cell towers. No problem as far as I could see.
Were you going 500 miles an hour at the time? The problem with cell phones and airplanes is that they can see multiple towers, and are switching between them at a very high rate. The switching between towers creates a lot of traffic (overhead) for the cell system, and it wasn't designed to handle 100 people on an aircraft generating that much traffic every time it passes near a large city.
You can bet that cell phones are not a danger to make planes crash. That isn't the reason they are banned. You can bet on that.
I don't think anyone is insane enough to actually believe the plane is going to suddenly fall out of the sky because someone (or a whole plane full of people) are talking on a cell phone. Some devices that emit RF could possibily interfere with radio communications on a plane (while the vast majority cannot). While it's unlikely that such interference could contribute to a plane crash, given the wrong circumstances it's possible. Seperating out the small amount of bad devices from good devices is a task left to engineers, not flight crews. It's far easier to just ban all devices than it is to do the almost-impossible task of having the crew figure out which devices could cause harm, and which couldn't.
Cringley's right of course, for the most part the whole thing is a CYA kind of thing. People are weird and paranoid about flight and will leap to conclusions about anything mysterious. Wireless devices and flying are both mysterious. I guarantee you if RF emitting devices were allowed on planes there'd be a mad-crazy group of people that'd being going apeshit after every plane crash claiming that the cellphones made the plane go down.
So how long DO we have to wait until Black Hawk Down becomes funny? I think 10 years and being covered by a major motion picture is just about on the edge....
1) does SSL prevent this attack from working?
Yes and no. If you do the packet injection after the SSL session is negotiated, yes (since you'll no longer be able to read the HTTP get or post). If you do the packet injection before the SSL session is negotiated (and setup your own SSL session with your own self-signed certificate), no.
Someone correct me if I'm wrong, but I believe the way it works is to hijack the TCP connection. If you can do that, you can take over anything (though obviously authentication schemes will still blow up and complain about wrong authentication).
My question is, is IPV6 immune to this at all?
Or is Craigs List the ghetto of the internet? It's always appeared to be fairly trashy to me with it's ugly ameturish interface and rampant crappy advertising.
That's like saying fire gives off heat, and my body gives off heat. Fire damages all IC based products, so over time the heat from my body might cause damage to the memory.
Instead of spending all this money on one site whose solution is worse than our current problem, we should be spending it to make sure the sites we have are made more secure.
This isn't a solution to the long term problem. The waste needs to be secure for several hundred, or thousand years (I'm not realy sure which). That's just too monumental a task to maintain this mass of storage sites that are near population centers for that long, that aren't geologically suited for long-term storage. It's possible that the transportation plans aren't well thought out (I really haven't researched the topic). But it seems quite obvious to me that you just simply have to devise a permanent storage area for this waste.
If we didn't produce enough nuclear weapons to counter Soviet aggression and expansionism, pollution was going to be the least of our problems.
Yah, we'd only be able to destroy the Soviet Union 4 times over instead of 8 times over. I'm sure the extra destructive capability was such a greater deterrant than what we already had.
Do you honestly think the Soviets would attack us, knowing they'd still have their country destroyed? An H-bomb going off in each of your major cities will destroy your civilization overnight. More destructive capability doesn't really increase that fear.
Actually I almost wonder if the whole thing isn't a publicity stunt. It certainly has increased the media coverage of an album release that otherwise would have had about none. I for one would have had no idea U2 has released another album.
What choice do they have if it gets to P2P before any other channel? If they didn't release it on iTunes the ONLY way to get it would be illegally through P2P. Many people that would have just bought the album (given no other choice) would take that route. On the other hand if they release it on iTunes you capture part of that DL market. They were obviously already going to release it on iTunes at a later date, so there's no compromise of distributor deals, etc.
In other words you can either compete with the black market, or just roll over and play dead. U2 has decided to compete.
Perhaps it will take a century or more for history to truly appreciate the scope of that they did.
I hope the engineers who actually did most of the work will be the ones appreciated. It's easy to credit Armstrong, Aldrin, and Collins, but I just don't put them in the same category as the great explorers like Magellan or Columbus (though I'm not certain Columbus deserves all that much praise based on his behavior and motivations). If you're talking great hero, look at Ernest Shackleton who was shipwrecked along with his crew on the antarctic from 1914-1916. He and all his men survived an almost unimaginable journey.
That's not to say there's anything wrong with Astronauts, they just aren't the great men and great heroes that people make them out to be.
Speculation is great and all, but don't treat it like it's anything near facts. I think it has a lot to say about business owners attitudes toward the convention, but I'm not sure it says anything about what will actually happen.
The business owners may know their business, but I'll bet you they have absolutely no experience about how political conventions affect their business.
If they did, then you're entitled by sec. 3C to pass that offer along, but if they didn't then you'd better have burned your friend the SRPM CDs as well.
Redhat is also bound by the GPL, so they have to provide source code. If they don't, they're violating the GPL. If Redhat goes out of business you're right, you'd be obligated to provide source code (or find someone else that does).
In this case though, unless these subscriptions are transferrable (which they appear to not be) then it is not enough to just say "get it from this company" because that company will not give it to them.
No, actually they WILL give it to you, they'll just charge you $20 to become a subscriber, or $50 for a CD. As others have pointed out, you don't have any obligation to provide the source for free.
The sites that have reposted the seavsoft binaries without offering source are violating the GPL
No, you only have to offer source code if you've modified the code. If I download a redhat install disk, then give it to my friend I'm not violating the GPL by not providing him with source code.
It's not a new scheme, it's been around for years. I do agree with you that it's a stupid practice though. Mostly I think they do it because they can. Once you've graduated to multiple processors the vendors figure you're living in the big leagues and you won't mind paying the big bucks.
but you'll never see a company like Redhat do this
Only because Redhat doesn't have a big pile of money sitting around doing nothing. If they did Redhat would invest the money in product development, another company, etc. It's not neccessarily a healthy thing that MS can't think of anything better to do with the money.
This seems like just a way to make the stock price rise. Someone correct me if I'm wrong, but:
1. Give away a big one time dividend (stock is immeidately worth that much more/share).
2. Buy back your shares, increasing demand for them, thus increasing the value.
3. Buy back your shares, creating less total shares (since I'd assume the shares would no longer be outstading shares and not traded), thus increasing the value of each share.
It's interesting, but kinda weird. As another poster said, they couldn't figure out what else to do with the big pile of money they had sitting around.
Why would you need higher resolution in a video camera, anyways?
Because video camera resolution stinks? He's shooting a movie, as in maybe he wants to show it on a big screen and not have it look like a crappy TV show?
I think the key is that useage of the added capacity will grow more slowly. Sure some people will have p2p apps that soak up a lot of bandwidth, but the majority of people won't use up all that capacity right away. It'll take time for people to find uses for all the extra capacity. So at least in theory the growth of the backbones can happen more slowly.
If you're not bouncing mail that landed in the catchall address, you are not being used as a "bounce relay" for that mail.
Your SMTP server should never bounce anything it doesn't accept in the first place. You shouldn't be accepting mail for addresses you can't deliver to. If you have an intermediary SMTP server it's a different story of course.
OTOH, if you reject that mail to the (forged by virus) sender, there is a chance the non-sender will open it and become infected with the virus.
True, but as I said in another post I doubt the virus would bother to bounce the message.
Not usually. Unless the receiving computer accepted the mail it's up to the sending computer to decide what to do with the mail at that point. The virus software isn't going to bother to send the bounce message, and neither will a spammers software.
is this a good idea or not?
No, it's not a good idea. Looking through my mail server (and other mail servers I administer) I've seen A LOT of attempts by spammers to harvest email addresses by just trying a lot of common names on the domain (and some strange not so common addresses). If you had a wildcard address, you'd get all that spam to that box.
With no wildcard email address if people miss-spell a name on your domain, they'll get a prompt bounce message (and they'll probbably figure out the miss-spelling). With a wildcard they'll never figure out the miss-spelling, and may continue to use that wrong address.
There's also the problem of auto-generated virus bounce messages from other peoples servers. Most viruses lie about their from address, and can even make up a @yourdomain.tld. If you had a wildcard all those erroneous "you sent a virus" messages would go to your wildcard box instead of just bouncing.
Unless you want an account that's deluged with spam and like wading through it every so often on the off-chance someone sent a message to admin or postmaster, I'd not create a wildcard box.
If you're really curious, or paranoid reverse engineering the compiled code is difficult, but nowhere near impossible. People have certainly done it and released their own modified (but unauthorized) clients for the distributed.net RC5 project.
The risk of being caught doing h-bomb@home is too great. There's an enormous amount of trust placed upon individual clients. Imagine if someone found out, they could possibly screw up your results in some clever or subtle manor through modifying your client and submitting erroneous results. You'd also be giving out free code to anyone who wants to do their own h-bomb/bioweapon, etc simulation.
One yardstick might be people who take off-the-cuff remarks that are supposed to be humourous and pick them apart as if they were hard logical statements written in textbooks.
Uhh.. huh? Do you start out with the assumption that people are a danger to themselves or others, then require people to disprove that? He didn't SAY anything indicating he was dangerous, therefore we assume he ISN'T, get it?
2) I have read that cell companies say that the phones would confuse the cell network due to being able to "see" so many towers. I don't buy that as I have used my cell on top of a 250ft tower on top of a tall mountain well within the range of at least 10 cell towers. No problem as far as I could see.
Were you going 500 miles an hour at the time? The problem with cell phones and airplanes is that they can see multiple towers, and are switching between them at a very high rate. The switching between towers creates a lot of traffic (overhead) for the cell system, and it wasn't designed to handle 100 people on an aircraft generating that much traffic every time it passes near a large city.
You can bet that cell phones are not a danger to make planes crash. That isn't the reason they are banned. You can bet on that.
I don't think anyone is insane enough to actually believe the plane is going to suddenly fall out of the sky because someone (or a whole plane full of people) are talking on a cell phone. Some devices that emit RF could possibily interfere with radio communications on a plane (while the vast majority cannot). While it's unlikely that such interference could contribute to a plane crash, given the wrong circumstances it's possible. Seperating out the small amount of bad devices from good devices is a task left to engineers, not flight crews. It's far easier to just ban all devices than it is to do the almost-impossible task of having the crew figure out which devices could cause harm, and which couldn't.
Cringley's right of course, for the most part the whole thing is a CYA kind of thing. People are weird and paranoid about flight and will leap to conclusions about anything mysterious. Wireless devices and flying are both mysterious. I guarantee you if RF emitting devices were allowed on planes there'd be a mad-crazy group of people that'd being going apeshit after every plane crash claiming that the cellphones made the plane go down.
So how long DO we have to wait until Black Hawk Down becomes funny? I think 10 years and being covered by a major motion picture is just about on the edge....