Once you have the patched version go here to get the entries needed to block all root zones from doing this.
Or if you're running BIND 9.2.3rc3 just add:
options {
root-delegation-only exclude { "cc"; "de"; "lv"; "museum"; "org"; "us"; };
};
This SHOULD be the default behavior for TLDs IMHO and I'm glad they're introducing the exclude list behavior.
I've got an electric heat pump. As long as FirstEnergy doesn't blow the grid again I'll be comfy cozy this winter. Just build more nukeulear power plants.
This practice helped ensure intra-release stability for commercial users. It is considered an acceptable practice and is used by other distros, like Debian stable.
Backporting patches is fine as long as they add a custom header to things to return the distribution-specific information. For example, with this recent spat of OpenSSH vulnerabilities my patched Red Hat 9 boxes still show they're running OpenSSH 3.5p1, while my Debian (granted, unstable, but it applies to stable as well) boxes show: "SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9". At least I can quickly scan my boxes and know what's upgraded and what's not. It may not matter with 2 or 3, but when you have 300-400 to worry about some can slip through.
Daer UE,
Patanst r teh suckzorz!!!! Say ON TO TEHM!!!
Loev,
Anonimouse cowerd
Can someone translate this? I take it this is in French since it is directed at Brussels. Babelfish is unable to translate though so perhaps it's German?
Dear anonymous poster, if you had read the article you would realize they blame the wind NOT being strong ENOUGH... Yes Kitty Hawk had 25 MPH winds thats probably why it did fly.
What are you talking about? That's exactly what the poster said. The flyer didn't get off the ground this time around because of "measily 5 mph winds" compared to the 25 mph winds the Wright Brothers had 100 years ago in NC. I don't see the problem with his posting.
People can know their system is patched by patching their system. They dont need to test the exploit on it.
Actually, yes, some of us need to. Part of our security policy is to test an exploit (if available) against the patched system to verify the system is not vulnerable. Blindly accepting that "yes, the magic version number has changed so I am safe" is not reasonable for many people. It's always best to disseminate exploits as fast and as far as possible to get people to patch their systems. Take for example the recent Windows RPC vulnerabilities. 75% of the people wouldn't have patched it this year if it hadn't have been for the Blaster worm.
GATOR!!!
How many times have the courts told you that's a BAD THING!
In the corner, no playtime for a week.
No, he's right. It's not Gator, it's Doubleclick. The ad is one of those huge annoying inline ads for "Microsoft Windows Small Business Server 2003" "Get your FREE 6-month trial now."
Then again, I had to switch from Firebird to Internet Explorer in order to see it since I had all the ad sites zapped out and blocked. I use IE when I want to see the Internet as the braindead epileptic seizure-inducing vomit-infested cess pool that the common users see it as on a daily basis.
As for the topic of Sun, this is going to be another spectacular failure that nobody will pay any attention to. If you want to run Solaris, buy Sun products, if you want to run Linux, buy ANYTHING else. Sun has shown they have no long term goals of supporting or expanding their Linux offerings so why lock yourself into their system? Sun is basically doing what Microsoft would do if they were to offer a Linux system... throw the geeks a bone and garner some good will. That's about it. Nobody is really going to use it though.
Also, restricting access to those with 50 gig share limits(I use hubs with 80 gig and higher limits) provides some sense of security to the major sharers. The people sharing on those hubs are the ones the RIAA wants to get, but they'll have a harder time if they need to have 50 gigs of share to connect to the server.
Right. Where would the RIAA come up with over 50 gigs of media content? It's not like they own all the music in the world right?
I wish we could all just work together, share ideas (much in the same manner that Linux engineers share programming code), and unite to accomplish one common goal, such as a manned mission to Mars.
This would lower taxes, make a Mars mission occur much sooner, and encourage a gentle more loving dialogue between the mainstream nations and rogue nations.
That was the goal of the ISS. It's tens of billions of dollars over budget, other nations have not gotten their modules finished or demanded cash from the US (Russia has done this for example in the past) and is basically a huge boondoggle. International cooperation on space exploration doesn't work. It's better to make it into a race.
Look at Bill Gates. He hasn't always been rich, now he has more money than anybody.
Well, actually yes, he was always rich. His parents were lawyers. Do you think he just got an academic scholarship to Harvard and decided to flunk out? Now, he probably wasn't super-rich like he is now, but most of us would kill someone for $1 million. With the right investing you could live nicely on that for the rest of your life without working.
The "PowerBooks are coming next Tuesday" rumors were more frequent on rumor sites than SCO stories on Slashdot.
Well if they told you new Powerbooks were coming out next Tuesday then who would buy the Powerbooks on the shelves THIS Tuesday? Everyone would just wait until next Tuesday for the new Powerbooks at the same price and Apple would be screwed. See, that's how an Apple apologist talks.. It's rubbing off on me. Actually Apple is screwing the consumer by pretending there is no new model and then dumping it on the public. Those that just bought a new Powerbook are screwed. Anyway, time to order that new 15" Powerbook.
It would mean I could get rid of the 'emergency Plan B' device I keep in my bedroom, one of those magnets they use to move cars.
Kids these days. So unimaginative. You're supposed to search the Internet to find plans to make thermite and use that to destroy your hard drive. *rolls eyes*.:-)
I seem to remember certain 'default' browser settings, that would automaticly re-direct unknown queries to a related MSN search page.
Having an application do that is completely different than having what is essentially one of the only Internet "utilities" do it without your consent. Redirecting queries is the job of an application, not the DNS root servers. There's a reason looking up non-registered domains returns an NXDOMAIN, because the RFC says it is should!
The most important one, IMHO, is to compute a list of close matches and present these choices to the user. They may use the Soundex algorithm or some other tricks to see if characters are transposed, if one characters is wrong, if one is missing, etc. If well implemented, this would solve 60% of the problem.
NO NO NO NO NO NO NO! DNS is a directory service for god's sake, not a god damn search engine. If you want a search engine then go to Google like everyone else does. If people are too stupid to assume typing in "www.whitehouse.com" will take them to the White House's homepage then they deserve to get tits in the face. Type in White House in Google, hit feeling lucky and you'll get the right page right off. DNS maps domain names to IP addresses and vice versa, nothing more. Don't pervert it into some god damn spell checking search engine.
That's fucking awesome! The ISC rocks. Verisign has no right to abuse their position like that. Way to go for people fighting the power!
I said it a long time ago, but there's a very simple way to fix this problem. Alternic was offering a solution 7 or 8 years ago for the Network Solutions monopoly. If BIND decided to distribute a seperate set of root servers in a cache file and enough ISPs used it the Internet DNS system as we know it today could change overnight.;-) There is NOTHING giving ICANN or Verisign any power except our own complacency to not change a single file in our DNS server. It's laziness.
Verisign's actions here are a particularly heinous form of "embrace-and-extend". Here, they're "embracing" an entire technology freely provided to them, and "extending" it in a blatantly proprietary manner
I hope BIND makes it configurable enough to kill off the.cc and.ws wildcards as well.
So BIND blocks this won't Verisign just make another "patch" and fix the glitch?
Not if they make it in a configurable way to let you choose what IP Verisign is redirecting to. Then again, Verisign is a bunch of Dope Smoking Pedophiles, as referenced by this Internet Web site they have registered. Let's not forget they're also a bunch of Clueless DNS whores. Oh yes, and I heard Verisign supports terrorists at this page: here...
Verisign needs to be shut down for these un-American and clearly criminal web sites. Someone notify John Ashcroft, quickly!
How much do you want to bet they'll just sweep it under the carpet and hope people forget? If you follow misc@ carefully you have probably seen it done before. Lets make some noise and force Theo to finally update that!
Well this is a striking blow against the open source movement IMHO. One OpenSSH exploit is devasting, two OpenSSH exploits makes me want to consider going back to F-Secure SSHD. Very very sad situation when the source code is available for all to see and exploit.
so I wanted to route e-mail to it to a black hole. I ended up using an address some company said was a black hole address. It would be much better if I could dump it on Verisign instead.
Easy, send it to hostmaster@verisign.com. Or postmaster@verisign.com.
This is fucking hilarious. 9-15-2003: Verisign breaks the Internet. 9-16-2003: FTC investigation begins, NSF urges ICANN to revoke Verisign's write privileges to the root DNS zones.
Slashdot Mirror
Or if you're running BIND 9.2.3rc3 just add: options { root-delegation-only exclude { "cc"; "de"; "lv"; "museum"; "org"; "us"; }; }; This SHOULD be the default behavior for TLDs IMHO and I'm glad they're introducing the exclude list behavior.
I've got an electric heat pump. As long as FirstEnergy doesn't blow the grid again I'll be comfy cozy this winter. Just build more nukeulear power plants.
Backporting patches is fine as long as they add a custom header to things to return the distribution-specific information. For example, with this recent spat of OpenSSH vulnerabilities my patched Red Hat 9 boxes still show they're running OpenSSH 3.5p1, while my Debian (granted, unstable, but it applies to stable as well) boxes show: "SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9". At least I can quickly scan my boxes and know what's upgraded and what's not. It may not matter with 2 or 3, but when you have 300-400 to worry about some can slip through.
Can someone translate this? I take it this is in French since it is directed at Brussels. Babelfish is unable to translate though so perhaps it's German?
What are you talking about? That's exactly what the poster said. The flyer didn't get off the ground this time around because of "measily 5 mph winds" compared to the 25 mph winds the Wright Brothers had 100 years ago in NC. I don't see the problem with his posting.
Sadly, no, he designed this site. :-/
BTW: Where does it say that all GNU projects have to have really crappy web sites?
Actually, yes, some of us need to. Part of our security policy is to test an exploit (if available) against the patched system to verify the system is not vulnerable. Blindly accepting that "yes, the magic version number has changed so I am safe" is not reasonable for many people. It's always best to disseminate exploits as fast and as far as possible to get people to patch their systems. Take for example the recent Windows RPC vulnerabilities. 75% of the people wouldn't have patched it this year if it hadn't have been for the Blaster worm.
No, he's right. It's not Gator, it's Doubleclick. The ad is one of those huge annoying inline ads for "Microsoft Windows Small Business Server 2003" "Get your FREE 6-month trial now."
Then again, I had to switch from Firebird to Internet Explorer in order to see it since I had all the ad sites zapped out and blocked. I use IE when I want to see the Internet as the braindead epileptic seizure-inducing vomit-infested cess pool that the common users see it as on a daily basis.
As for the topic of Sun, this is going to be another spectacular failure that nobody will pay any attention to. If you want to run Solaris, buy Sun products, if you want to run Linux, buy ANYTHING else. Sun has shown they have no long term goals of supporting or expanding their Linux offerings so why lock yourself into their system? Sun is basically doing what Microsoft would do if they were to offer a Linux system... throw the geeks a bone and garner some good will. That's about it. Nobody is really going to use it though.
Right. Where would the RIAA come up with over 50 gigs of media content? It's not like they own all the music in the world right?
That was the goal of the ISS. It's tens of billions of dollars over budget, other nations have not gotten their modules finished or demanded cash from the US (Russia has done this for example in the past) and is basically a huge boondoggle. International cooperation on space exploration doesn't work. It's better to make it into a race.
Well, actually yes, he was always rich. His parents were lawyers. Do you think he just got an academic scholarship to Harvard and decided to flunk out? Now, he probably wasn't super-rich like he is now, but most of us would kill someone for $1 million. With the right investing you could live nicely on that for the rest of your life without working.
An eternity of burning in the Lake of Fire under Satan's rule!!!
Just kidding, give $100 million to the Vatican and you're all set in the afterlife.
Well if they told you new Powerbooks were coming out next Tuesday then who would buy the Powerbooks on the shelves THIS Tuesday? Everyone would just wait until next Tuesday for the new Powerbooks at the same price and Apple would be screwed. See, that's how an Apple apologist talks.. It's rubbing off on me. Actually Apple is screwing the consumer by pretending there is no new model and then dumping it on the public. Those that just bought a new Powerbook are screwed. Anyway, time to order that new 15" Powerbook.
On the other hand, amateur radio had a geek following when your grandfather was still in diapers.
Kids these days. So unimaginative. You're supposed to search the Internet to find plans to make thermite and use that to destroy your hard drive. *rolls eyes*. :-)
Like Verisign? After this stunt they have proved they have no business managing the .net and .com zones.
Having an application do that is completely different than having what is essentially one of the only Internet "utilities" do it without your consent. Redirecting queries is the job of an application, not the DNS root servers. There's a reason looking up non-registered domains returns an NXDOMAIN, because the RFC says it is should!
NO NO NO NO NO NO NO! DNS is a directory service for god's sake, not a god damn search engine. If you want a search engine then go to Google like everyone else does. If people are too stupid to assume typing in "www.whitehouse.com" will take them to the White House's homepage then they deserve to get tits in the face. Type in White House in Google, hit feeling lucky and you'll get the right page right off. DNS maps domain names to IP addresses and vice versa, nothing more. Don't pervert it into some god damn spell checking search engine.
I said it a long time ago, but there's a very simple way to fix this problem. Alternic was offering a solution 7 or 8 years ago for the Network Solutions monopoly. If BIND decided to distribute a seperate set of root servers in a cache file and enough ISPs used it the Internet DNS system as we know it today could change overnight. ;-) There is NOTHING giving ICANN or Verisign any power except our own complacency to not change a single file in our DNS server. It's laziness.
I hope BIND makes it configurable enough to kill off the .cc and .ws wildcards as well.
Not if they make it in a configurable way to let you choose what IP Verisign is redirecting to. Then again, Verisign is a bunch of Dope Smoking Pedophiles, as referenced by this Internet Web site they have registered. Let's not forget they're also a bunch of Clueless DNS whores. Oh yes, and I heard Verisign supports terrorists at this page: here...
Verisign needs to be shut down for these un-American and clearly criminal web sites. Someone notify John Ashcroft, quickly!
Well this is a striking blow against the open source movement IMHO. One OpenSSH exploit is devasting, two OpenSSH exploits makes me want to consider going back to F-Secure SSHD. Very very sad situation when the source code is available for all to see and exploit.
Easy, send it to hostmaster@verisign.com. Or postmaster@verisign.com.
This is fucking hilarious.
9-15-2003: Verisign breaks the Internet.
9-16-2003: FTC investigation begins, NSF urges ICANN to revoke Verisign's write privileges to the root DNS zones.
Why don't YOU go look it up?