Because, AFAIK, Gnuetella and Kazzaa (and others) are just that hardcore. They don't require central servers (AKA: a company) to be in place for the clients to form and function as a network. This is why Napster was able to be shutdown so easily, the index of music available on Napster was loaded into a live database at Napster HQ, not in a distributed index across the clients.
It is, practically speaking, not possible to shut down modern p2p applications, once released into the wild, because they programs themselves form the network. Of course, if there are bugs, or lacking features, you need some central codebase to improve upon, etc.
Fine by me. My router+firewall should be doing IPv4 nat to the inside world. from my external router interface to ISP and on should be IPv6. If I choose to do NAT or not is my business, but the ISP can open up all kinds of options just by trying to do IPv6 if supported and fallback if not. Makes perfect sense to me.
You would want it to prefer the in-order chunks, but if the availability of chuck X++ is two low (slow, availability issues) then you would fall back to the generic BT random order.
I always wondered why programs like Notepad, Hyperterminal and Solitaire weren't just regularly installed apps. Essentially they have never been updated, as have a few dozen other utilities in Windows(which isn't a problem, if it works don't break it). Why not just pull the intregrated/special case from Notepad(to get rid of it you have to go into the Windows Components are in Add/Remove Programs) and just make it a standalone app. Give it a version number. Let it evolve over time, even if you include it by defualt.
You could make Windows be much more stripped down, and MSI/WMI install all those useful(but standalone) apps. You could let users uninstall them, since they are just another program, using the same methods third-party software uninstalls.
Basically, why does Microsoft always make special-cases(like how it treats installing/uninstalling apps like Solitaire or Notepad) when the existing structure (that all third-party apps use) exists and works great? It would make the system cleaner, I would think.
Which is totally true. If you design securely(OpenBSD is a great example) you will be fine for many forms of attacks, even if you haven't patched. OpenBSD (their TCP/IP stack was a good example of this) isn't affected by certain types of attacks because of their secure by design mantra, even though they never patched specifically for the attack, their design kept them away from ever being vulnerable.
In the end, though, you can't just rely on a single vector. Secure by design, patching, pentesting... They all need to be done, not just one. Even secure designs can have holes, and patches can be too late, and pentesting, like you said in the GP, can only protect you from the hole of the week. All three in conjunction, however, can give you a rock solid application.
Which for you or me, is an awesome feature we can use. For the average user, this is a scary thing and will become a moot point when they just say 'allow always' because they know that will work.
They see bonzai buddy or the weather app as useful, not as malicious software. Or they don't know about it at all and so ignore the warnings that some software is wanting to run ("hmm, must be a computer thing. *click*").
Now, if we could come with presets, like Firefox, IE, and say, AIM.(as a very rudimentary example) can be flagged as 'generally ok' while a spyware scanner can flag bad software as 'malicious, then we would be able to give something more useful.
But then, we are combining the file/memory scanning of anti-virus program, the network monitoring of a active firewall program and the signature list of a spyware/adware blocking program... Which is really how it should be. spyware/adware/crapware should just be another signature in the same scanning engine your av software uses. Otherwise you are just duplicating work.
So this is way late to the thread, but I will mention it anyway.
This guy has a couple good 'no duh' points and several really stupid ones. Let me elaborate:
#1) Default Permit
This I agree with, in the case of firewalls in a corporate environment, where the input/output can be predetermined and controlled. Everything should be blocked except for the handful of things that need to get through.
#2) Enumerating Badness
This idea BLOWS for desktop applications, which is what he advocates. Why is it bad? Because while he only has "30"-or so applications he uses, as most people do, those 30 are different for most users. You can't enumerate all legit software, it can't be done. You can enumerate most of it. But then you get to a list comparable to 70,000 virus signatures you are trying to leave behind. Besides, if I write my own application, my anti-virus software would need an accurate, detailed signature of what the application looks and acts like to be able to identify and allow it... Something I cannot reasonably do. Which is why we have companies creates the signatures, for the (comparably) finite number of viruses and trojans. Default Deny on a desktop, especially personal ones, is a broken, unmaintainable, BAD idea.
Even in a corporate environment, which has more home-grown apps, you would need custom signatures for each internal app to function. Something not practical for an IT department to create. The idea just doesn't hold on a PC.
#3) Penetrate and Patch
His argument: if you had designed it securely, you wouldn't need to pentest it.
Ok, but how do you know your implementation was complete to the design, or that your design didn't have a hole in it? Well, you have to test it... pentest it, that is.
Yes, it is a great idea to securely design your apps, with secure-by-design principles. Afterwards, you STILL need to test it in a live environment to ensure you didn't forget or miss any steps. That is only a logical step. Pentesting even the most secure of networks is critical, to be able to PROVE they are secure. You can't just say 'because I said it was!' and expect that to fly.
#5) Educating Users
He contradicts himself. He says that you shouldn't have to educate users because they should already be educated... Which is a chicken/egg problem he never admits to. You should do both: hire competent, smart people, AND train them in the policies and guidelines of their environment.
Any coworker would, more or less, will have constant access to your account passwords. Most attacks come from within, where security is often weaker, then from the outside.
Don't rely on one layer, including physical, for security
IBM makes Thinkpads. Although, not even that anymore.
Anyway. To use non-bastardized standards, you can still do a CONTROL + ESCAPE to simulate the Windows key. (conveniently the far bottom-left and far top-right button, easy to find).
And always, you can right-click My Computer and select Properties to get that system information. OR, got to Control Panel and double-click System.
There was a program that tried to use the language of Esperanto (a made-up language designed specifically to be very consistent and guessable with regards to how syntax and words are used, very easy to learn and understand quickly) to be a middleman for translation.
The idea being that you take any input language, Japanese for instance, and get a working Jap Esperanto translator. Being as Esperanto is so consistent and reliable in how it is designed, it should be easier to do than a straight Jap Eng translator.
To finish, you write a Esperanto English translator. By leveraging the consistent language of Esperanto, researchers thought they could write a true universal translator of sorts.
Don't know what ever came of it, but it was an interesting idea.
There is no good evidence, or inclination, that such a independent Googlenet exists or is getting worked on. Quite hypothesizing on bullshit stories from bad reporters.
Google is buying unused fiber. The location and extent to which (to my knowledge) hasn't been specified. The most LIKELY reason they are doing this? To take out a middleman in their operating budgets!
Why, when Google's livlihood comes from Internet services and thus, bandwidth, should Google be paying someone else to get from point A to B? Google should buy their own fiber between datacenters (and elsewhere, maybe connecting to directly to major Internet hubs or ISPs) and save gazillions on bandwidth.
The more Google grows, the more data they have to store, replicate and feed out. More data means more bandwidth.
Everything about Googlenet and wireless is bullshit speculation. The most obvious GUESS at what Google is doing is trying to lower operating costs, as any good business should do.
You might already have done/known about this, but if not, humor me:
In iTunes, go to Music Store, on the front page, (top-ish left) there is an America flag and a "Choose Store ->" link... Clicking that will let you switch to another countries store, such as Japan's...
You can then do searches or choose Genre -> J-Pop and buy music for 200 yen (which is deducted from your credit card in USD after being converted.
Maybe you have done this and the selection is limited, but as far as I know, anything you can get while in Japan is available to you from the US (or wherever) via the Choose Store page. Hope this solves all your problems and cures world hunger.
or they could live in reality and try and you know, make money rather than doing what armchair CEOs tell them to do without having thought it through.
The third-party drivers, the custom hacks, the support costs, the loss of the 'just works' experience... Mac as a brand, Apple as a company, could not survive that transition. Maybe they will someday(soon?) but not this day and not tomorrow and most likely not the day after that.
Cisco is NOT RESPONSIBLE for how its products are used and they shouldn't be. A company should not be a moral judge on my use of their product./. is all about this when gun control comes up and the X gun company is sued because one of their guns was used in a murder. The gun company wasn't the one that pulled the trigger, as long as the gun was sold properly(often the reseller's responsibility, not the manufacturer's) then they are no way liable. It is the moron that killed a person that is responsible for his or her actions.
China is a sovereign state. Like it or not, it is their playground and they make the rules. Cisco can be morally against it, but as a publicly traded company, they don't get to pass judgement on how their products get used(or even get to know, sometimes).
You don't have to like it, Cisco doesn't have to like it. But you can't just decide one day that a company has to determine if the use of their product is "ok" with their personal views and should be sold to the customer or not. The customer does what they want, period.
Re:And the Machine of 2015 will be built by...?
on
The Future of the Net
·
· Score: 1
er, the rough equivalent of moore's law (computers get faster over time) and simple logic show us that we will, if need be, get to an overabundance of bandwidth available to us. If you do the math on what bandwidth a house actually needs, even if all 4-10 members are power using all their internet applications (games, bittorrent, voip, streaming video, etc) you still are only getting a few meg tops, mabye spiking higher for rediculous torrent speeds and such, but in reality not much higher than that.
Bandwidth, and the evolution of TCP/IP for more efficient use of it(look at internet2 and various optimizations they have done for speed tests, all of which could be mimicked in Windows or Linux) are not limiting factors...
The upper layer protocols will iron themselves out, just like they do now. Proposals, drafts, trials, testing and evolution.
(And, as awful as it is for many that subscribe to other faiths or no faith at all, millions may perish one day soon).
Yea... Millions... Except, more.
There are, roughly, 1 billion Christian/Protestants in the world. Ther are, roughly 1 billion Christian/Catholics in the world. Now because of their tradition and some more unique views (Catholics believe in 'good works', etc vs modern protestants believe more in a pure faith.. And mormons, that have added significantly to the base religions(a whole new testament))... we can roughly say that 2 billion "Christians" exist, but in reality, 1 prostetant's more techincal faith contradict with anothers. The way Catholics believe they get to heaven is not the same as other denominations, though the core belief is generally the same.
Ok, so yada yada, 2 billion christians.
Now, there are 6.3 (and growing) people in the world. Assuming that every "christian" is saved, that they have a clean slate, are not liars or "sunday christians" and are on the up-and-up with regards to Christ, that leaves 2 out of every 3 people not even having a CHANCE at salvation.
2 out of 3. Just one of the many things to think about.
PS: During the end days, 7 year tribulation, etc, there are likely to be converts (if the way I have heard the book of revelations is remotely accurate, given how metaphorically it was written). So this number could surely increase, but only by so much.
Many billions of people will like be sent to hell, not just millions.
Yea, praise Google and all that... Except my town near Salem, OR is grossly mislabeled on Maps. One of the 2 main roads in town is cut off at roughly halfway. This is a couple mile long road that feeds directly into the interstate, and is not labeled properly at all... As long as you want to stay on the Northeast end of it, you are fine, though.
It isn't like Google is one short attention span hardcore coder that just jumps from project to project. Neglecting the old as he moves to the new... Google, in fact, is an entire company. Some people in that company work on the google maps project, some on the local, some on news, etc, etc... And yes, some of them are slower at releases than others, or go through more R&D or get multiple projects that get time-shared.
Just because Google Maps is going break neck doesn't make Google Local go any slower in development(or lack thereof).
You are made they use linux(and other open source tools) but dont 'give back' enough? Well, they seem to be following the terms of the GPL, etc... Just because you wish they open sourced their algorithm(something they have no reason, legal or ethical or logical, to do) doesn't mean they are bad people because they don't. It means you are just demanding something you have no right to.
"Our share" is the service they provide to us. They are a company, not a socialist state.
Slashdot Mirror
Because, AFAIK, Gnuetella and Kazzaa (and others) are just that hardcore. They don't require central servers (AKA: a company) to be in place for the clients to form and function as a network. This is why Napster was able to be shutdown so easily, the index of music available on Napster was loaded into a live database at Napster HQ, not in a distributed index across the clients.
It is, practically speaking, not possible to shut down modern p2p applications, once released into the wild, because they programs themselves form the network. Of course, if there are bugs, or lacking features, you need some central codebase to improve upon, etc.
Fine by me. My router+firewall should be doing IPv4 nat to the inside world. from my external router interface to ISP and on should be IPv6. If I choose to do NAT or not is my business, but the ISP can open up all kinds of options just by trying to do IPv6 if supported and fallback if not. Makes perfect sense to me.
You would want it to prefer the in-order chunks, but if the availability of chuck X++ is two low (slow, availability issues) then you would fall back to the generic BT random order.
I always wondered why programs like Notepad, Hyperterminal and Solitaire weren't just regularly installed apps. Essentially they have never been updated, as have a few dozen other utilities in Windows(which isn't a problem, if it works don't break it). Why not just pull the intregrated/special case from Notepad(to get rid of it you have to go into the Windows Components are in Add/Remove Programs) and just make it a standalone app. Give it a version number. Let it evolve over time, even if you include it by defualt.
You could make Windows be much more stripped down, and MSI/WMI install all those useful(but standalone) apps. You could let users uninstall them, since they are just another program, using the same methods third-party software uninstalls.
Basically, why does Microsoft always make special-cases(like how it treats installing/uninstalling apps like Solitaire or Notepad) when the existing structure (that all third-party apps use) exists and works great? It would make the system cleaner, I would think.
Try this: http://media.cube.ign.com/articles/651/651334/vids _1.html
Which is totally true. If you design securely(OpenBSD is a great example) you will be fine for many forms of attacks, even if you haven't patched. OpenBSD (their TCP/IP stack was a good example of this) isn't affected by certain types of attacks because of their secure by design mantra, even though they never patched specifically for the attack, their design kept them away from ever being vulnerable.
In the end, though, you can't just rely on a single vector. Secure by design, patching, pentesting... They all need to be done, not just one. Even secure designs can have holes, and patches can be too late, and pentesting, like you said in the GP, can only protect you from the hole of the week. All three in conjunction, however, can give you a rock solid application.
They see bonzai buddy or the weather app as useful, not as malicious software. Or they don't know about it at all and so ignore the warnings that some software is wanting to run ("hmm, must be a computer thing. *click*").
Now, if we could come with presets, like Firefox, IE, and say, AIM.(as a very rudimentary example) can be flagged as 'generally ok' while a spyware scanner can flag bad software as 'malicious, then we would be able to give something more useful.
But then, we are combining the file/memory scanning of anti-virus program, the network monitoring of a active firewall program and the signature list of a spyware/adware blocking program... Which is really how it should be. spyware/adware/crapware should just be another signature in the same scanning engine your av software uses. Otherwise you are just duplicating work.
Because this is their first line of x86 64-bit servers from AMD. Their current 64-bit servers are all UltraSPARC.
This guy has a couple good 'no duh' points and several really stupid ones. Let me elaborate:
#1) Default Permit
This I agree with, in the case of firewalls in a corporate environment, where the input/output can be predetermined and controlled. Everything should be blocked except for the handful of things that need to get through.
#2) Enumerating Badness
This idea BLOWS for desktop applications, which is what he advocates. Why is it bad? Because while he only has "30"-or so applications he uses, as most people do, those 30 are different for most users. You can't enumerate all legit software, it can't be done. You can enumerate most of it. But then you get to a list comparable to 70,000 virus signatures you are trying to leave behind. Besides, if I write my own application, my anti-virus software would need an accurate, detailed signature of what the application looks and acts like to be able to identify and allow it... Something I cannot reasonably do. Which is why we have companies creates the signatures, for the (comparably) finite number of viruses and trojans. Default Deny on a desktop, especially personal ones, is a broken, unmaintainable, BAD idea.
Even in a corporate environment, which has more home-grown apps, you would need custom signatures for each internal app to function. Something not practical for an IT department to create. The idea just doesn't hold on a PC.
#3) Penetrate and Patch
His argument: if you had designed it securely, you wouldn't need to pentest it.
Ok, but how do you know your implementation was complete to the design, or that your design didn't have a hole in it? Well, you have to test it... pentest it, that is.
Yes, it is a great idea to securely design your apps, with secure-by-design principles. Afterwards, you STILL need to test it in a live environment to ensure you didn't forget or miss any steps. That is only a logical step. Pentesting even the most secure of networks is critical, to be able to PROVE they are secure. You can't just say 'because I said it was!' and expect that to fly.
#5) Educating Users
He contradicts himself. He says that you shouldn't have to educate users because they should already be educated... Which is a chicken/egg problem he never admits to. You should do both: hire competent, smart people, AND train them in the policies and guidelines of their environment.
Any coworker would, more or less, will have constant access to your account passwords. Most attacks come from within, where security is often weaker, then from the outside.
Don't rely on one layer, including physical, for security
IBM makes Thinkpads. Although, not even that anymore.
Anyway. To use non-bastardized standards, you can still do a CONTROL + ESCAPE to simulate the Windows key. (conveniently the far bottom-left and far top-right button, easy to find).
And always, you can right-click My Computer and select Properties to get that system information. OR, got to Control Panel and double-click System.
all KINDS of choices.
There was a program that tried to use the language of Esperanto (a made-up language designed specifically to be very consistent and guessable with regards to how syntax and words are used, very easy to learn and understand quickly) to be a middleman for translation.
The idea being that you take any input language, Japanese for instance, and get a working Jap Esperanto translator. Being as Esperanto is so consistent and reliable in how it is designed, it should be easier to do than a straight Jap Eng translator.
To finish, you write a Esperanto English translator. By leveraging the consistent language of Esperanto, researchers thought they could write a true universal translator of sorts.
Don't know what ever came of it, but it was an interesting idea.
Yes, there is a client. GAIM, the most popular IM software on Linux can connect to a jabber server with ease. As can Apple's own iChat IM software.
Google Talk, the software, is Windows only though.
Have you EVER used e-mail before? Same concept here. Read the article before you trash what you don't understand.
There is no good evidence, or inclination, that such a independent Googlenet exists or is getting worked on. Quite hypothesizing on bullshit stories from bad reporters.
Google is buying unused fiber. The location and extent to which (to my knowledge) hasn't been specified. The most LIKELY reason they are doing this? To take out a middleman in their operating budgets!
Why, when Google's livlihood comes from Internet services and thus, bandwidth, should Google be paying someone else to get from point A to B? Google should buy their own fiber between datacenters (and elsewhere, maybe connecting to directly to major Internet hubs or ISPs) and save gazillions on bandwidth.
The more Google grows, the more data they have to store, replicate and feed out. More data means more bandwidth.
Everything about Googlenet and wireless is bullshit speculation. The most obvious GUESS at what Google is doing is trying to lower operating costs, as any good business should do.
You might already have done/known about this, but if not, humor me:
In iTunes, go to Music Store, on the front page, (top-ish left) there is an America flag and a "Choose Store ->" link... Clicking that will let you switch to another countries store, such as Japan's...
You can then do searches or choose Genre -> J-Pop and buy music for 200 yen (which is deducted from your credit card in USD after being converted.
Maybe you have done this and the selection is limited, but as far as I know, anything you can get while in Japan is available to you from the US (or wherever) via the Choose Store page. Hope this solves all your problems and cures world hunger.
or they could live in reality and try and you know, make money rather than doing what armchair CEOs tell them to do without having thought it through.
The third-party drivers, the custom hacks, the support costs, the loss of the 'just works' experience... Mac as a brand, Apple as a company, could not survive that transition. Maybe they will someday(soon?) but not this day and not tomorrow and most likely not the day after that.
Cisco is NOT RESPONSIBLE for how its products are used and they shouldn't be. A company should not be a moral judge on my use of their product. /. is all about this when gun control comes up and the X gun company is sued because one of their guns was used in a murder. The gun company wasn't the one that pulled the trigger, as long as the gun was sold properly(often the reseller's responsibility, not the manufacturer's) then they are no way liable. It is the moron that killed a person that is responsible for his or her actions.
China is a sovereign state. Like it or not, it is their playground and they make the rules. Cisco can be morally against it, but as a publicly traded company, they don't get to pass judgement on how their products get used(or even get to know, sometimes).
You don't have to like it, Cisco doesn't have to like it. But you can't just decide one day that a company has to determine if the use of their product is "ok" with their personal views and should be sold to the customer or not. The customer does what they want, period.
er, the rough equivalent of moore's law (computers get faster over time) and simple logic show us that we will, if need be, get to an overabundance of bandwidth available to us. If you do the math on what bandwidth a house actually needs, even if all 4-10 members are power using all their internet applications (games, bittorrent, voip, streaming video, etc) you still are only getting a few meg tops, mabye spiking higher for rediculous torrent speeds and such, but in reality not much higher than that.
Bandwidth, and the evolution of TCP/IP for more efficient use of it(look at internet2 and various optimizations they have done for speed tests, all of which could be mimicked in Windows or Linux) are not limiting factors...
The upper layer protocols will iron themselves out, just like they do now. Proposals, drafts, trials, testing and evolution.
(And, as awful as it is for many that subscribe to other faiths or no faith at all, millions may perish one day soon).
Yea... Millions... Except, more.
There are, roughly, 1 billion Christian/Protestants in the world. Ther are, roughly 1 billion Christian/Catholics in the world. Now because of their tradition and some more unique views (Catholics believe in 'good works', etc vs modern protestants believe more in a pure faith.. And mormons, that have added significantly to the base religions(a whole new testament))... we can roughly say that 2 billion "Christians" exist, but in reality, 1 prostetant's more techincal faith contradict with anothers. The way Catholics believe they get to heaven is not the same as other denominations, though the core belief is generally the same.
Ok, so yada yada, 2 billion christians.
Now, there are 6.3 (and growing) people in the world. Assuming that every "christian" is saved, that they have a clean slate, are not liars or "sunday christians" and are on the up-and-up with regards to Christ, that leaves 2 out of every 3 people not even having a CHANCE at salvation.
2 out of 3. Just one of the many things to think about.
PS: During the end days, 7 year tribulation, etc, there are likely to be converts (if the way I have heard the book of revelations is remotely accurate, given how metaphorically it was written). So this number could surely increase, but only by so much.
Many billions of people will like be sent to hell, not just millions.
The day Google is down is the day the internet dies. They are all about failover, uptime and massive, massive load balancing.
Yea, praise Google and all that... Except my town near Salem, OR is grossly mislabeled on Maps. One of the 2 main roads in town is cut off at roughly halfway. This is a couple mile long road that feeds directly into the interstate, and is not labeled properly at all... As long as you want to stay on the Northeast end of it, you are fine, though.
It isn't like Google is one short attention span hardcore coder that just jumps from project to project. Neglecting the old as he moves to the new... Google, in fact, is an entire company. Some people in that company work on the google maps project, some on the local, some on news, etc, etc... And yes, some of them are slower at releases than others, or go through more R&D or get multiple projects that get time-shared.
Just because Google Maps is going break neck doesn't make Google Local go any slower in development(or lack thereof).
It would seem so, yes.
What is google obligated to give back?
You are made they use linux(and other open source tools) but dont 'give back' enough? Well, they seem to be following the terms of the GPL, etc... Just because you wish they open sourced their algorithm(something they have no reason, legal or ethical or logical, to do) doesn't mean they are bad people because they don't. It means you are just demanding something you have no right to.
"Our share" is the service they provide to us. They are a company, not a socialist state.