No, what do you think "security" is? It's the knowledge of safety.
If the public can't review something, they can't know it's safe. The proprietary code reviewers may have been smart enough to catch any flaws- but that's not enough. They'd also have to be trustworthy enough to reveal them, and not just keep them as a personal backdoor.
The sanely paranoid won't take anyone's word on security, they need the ability to check it personally.
And who says P2P is inefficient? Bit Torrent seems DAMN efficient to me.
BitTorrent is not truely P2P, to the extent Kazaa and gnutella are. It's more like a Napster situation.
Both Napster and BitTorrent have a centralized server that knows where the file is. The former had napster.com, the latter has whichever webserver is hosting the *.torrent file. Without a centralized computer doing some matchmaking, the peers would never learn about each other.
The difference between naptser and torrent is that there was a single napster server for all clients, while torrent allows anyone with a web page (or even a mailing list) to take that role for a particular file.
But remember how Napster was destroyed by lawsuits? BitTorrent is actually more vulnerable in some ways. Since all files were automatically indexed by Napster when a user shared them, Shawn Fanning could reasonably argue that the copyright status of any individual file was outside his knowledge. If the MPAA finds someone hosting torrent files of their products, they've got strong proof the hoster knew which files he was serving, and whether or not he was allowed to.
Anyway, the claim that "P2P is inefficient" comes from the truely P2P applications, which use no fixed server at all. The downloads are just as fast as any other straightforward file transfer, but the searching is hundreds of times worse than provided by Napster or a google-like torrent searcher. It's common to see idle Gnutella hosts eating up 90K connections just for all the incoming searches, even when no actual files are being transfered. (There has been research to alleviate this, but results have been mixed). I've never read numbers on what the search/transfer ratio Kazaa gets for bandwidth, hopefully it's better than Gnutella!
Actually, the US government recently reported (illegal) drug use to be down to it's lowest point of the past 20 years. The "drug war" feds have claimed full credit.
The general public will never believe online music-swapping is a crime until it gets treatment resembling activities which are universally viewed as criminal.
Suppose a store owner watches his video survelliance tapes and recognizes the name of someone removing a crate of 500 audio CDs from his storeroom. He's not 100% sure who it is, maybe not even 50%, but has strong suspicions. If he informs the police, they'll have a search warrant printed up, enter the perpetrator's home, and then, if the goods are found, certainly arrest him. (They might also be able to arrest on other evidence, even if he's already re-sold the CDs).
Notice that upon discovering he'd been robbed, the shopkeeper didn't call his lawyer- he called the cops. Filing a civil suit against the thief didn't even cross his mind.
So why doesn't an analogous situation occur in the digital world? The owner of some product suspects strongly that it has been 'stolen' by individuals whose names and addresses it has learned. If they've really committed a crime, then telephoning the local police should give them grounds to invoke traditional investigative powers and search the guy's computer.
Why does the RIAA mail summons to the infringers it has discovered? Why not just call the police on them? That was rhetorical- I know the answer: The police aren't really interested in arresting a 15-year old girl for nonpayment on her Destiny's Child collection. They'd rather spend their effort on serious crimes.
Until the music industry can convince the police to recategorize nonprofit copyright infringement as worthy of arrest, their efforts to vilify filesharing will be hampered. As The Simpsons, put it, "Once something's been approved by the government, it's no longer immoral".
Just a couple of trivial points: If every owner of a comuter paid 100 bucks or whatever at time of purchase (compulsory liscense, as in the television scenario that predates our current debacle)
There's two possible interpretations of "compulsory licensing". That's one of them, but there is another, as I described. Lawmakers might go down either road.
If 10 year old music was going into the public domain, all of these factions wouldn't be going insane I agree there. A non-crippled public domain would be wonderful for the development of useful technology. Even if the expiration date was 28 years ("Founders' Copyright") or even 56, there would be actual movies and TV shows with a non-trivial level of popular appeal in the public domain. (Even megahits like "Star Wars" are about 28 years old)
Filesharing, p2p, and VOD networks would have a legitmate mass of content to work with. They could actually concentrate on what is technologically necessary to provide a good level of service, instead of designing softare to avoid ligitation.
And if there was an actual significant amount of PD material available, the case could be made that we need technologies to tell what's copyrighted and what isn't. Today, for example, when my company burns original presentation video onto DVD-RW, the software inserts a warning stating that it's only a private backup, and we have no right to redistribute. That's how ingrained the notion is that "Everything worth copying is copyrighted, and always will be" ust the most obvious drawback.
nounderscores suggested a device like a stack of LCDs to provide 3-dimensional pixel addressing. (Multilayer LCDs, allowing for example 1024x768x3 pixels, have already been created).
The Actuality product you keep spamming about is nothing like that.
But unless these moderators know a way to stop photons in their tracks a few feet from where they were emitted
If the photons from a lightsabre actually stopped in their tracks, then the deadly beam would be invisible. Without photons, there's nothing to see.
That would be better in many combat situations, but less useful to present a fearsome threat or just win a pose-off.
The most physically plausible explanation for lightsabres is that the handle is simply a can holding a spool of carbon monofilament. Using their famous telekinetic ability to move objects without touching them, the Jedi operator simply extends the filament out into a stiff line and slices away. (The illumination is given off when stresses on the filament excite it to the point of incandescent heat)
I'm a big fan of Star Trek, but the holodeck is still simply science fiction to me. Same here.
But given that the people of the Enterprise can project force over a distance (either to generate interia against an object, or simply emit visible light), then the holodeck becomes a simple problem of software engineering. (Those two capabilities are trivial in comparison to the "shields" and "transporter" they already had)
Upon entering, each user is shuffled off to a corner by forcefields under his feet, so the total capacity of a 10x10 meter room is nearly 100 persons. He doesn't notice the movement, because remotely-generated light is being projected directly into his retinas. Simlarly, his body has been wrapped by a form-fitting force-field, which blocks the sensation of moving air. The patterns generated by those projectors match a digitaly simulated copy of the actual room, but loading different software will inject other 3d models into the simulated display.
The system could've been implemented more compactly as just little tubes surrounding the user (prehaps built into every bunk?), but the designers must've wanted to prevent feelings of claustrophobia.
Note that the plotline of holodeck episodes often focused on whether or not the safety-checks were still enabled- that's a piece of software which prevented the tacticle forcefield from impinging on anyone's vital organs, or blocking the flow of air through the nose.
The holodeck actually creates objects for its user to interact
If that were true, those objects would persist after being removed from the holodeck. But they always fade out at the doorway. For contrast, look at the beverage dispensers the crew uses- those objects are created by a transporter-like effect, and they are real matter.
Check out StNG episode 29, "Elementary, Dear Data" this covers some of the specs of the holodeck
If you paid attention to that episode, you'd see holodeck characters lingering at the doorway to the external corridor, fearful to cross because of the suspicion that they were NOT matter, but simply a projection maintained by the special room they were in. As soon as one of them leaves, he's erased from simulation.
(This is more blatant in the episode about rampaging holodeck gangsters)
otherwise you're going to quickly cover the area around the unit with a haze of whatever material you're using.
Unless prehaps it's a recirculating system- a suction device on the bottom of the display area collects the particles emmitted by the sprayer at the top. There would be some lossage, especially when new users are excitedly waving hands through the image, but it might be able to recover the bulk of the dust and reduce mess in the surroundings.
(Consider this post prior art if anyone later gets the idea to patent something like this!)
do we put " "'s " around "terrorists" when a hellfire missle from a robot plane kills a Terrorist?
What are you talking about? It seems to be an allusion to the US Predator Unmanned Aerial Vehicle which can launch Hellfire missiles against ground targets, including enemy soldiers.
I've never heard of that weapon being deployed against a terrorist. A man who fights for the Taliban is a "soldier". He can also be labeled an "oppressor" or many other bad things. But only a vanishingly small fraction of the people killed by US forces in Afganistan had ever committed something matching the US defintion of terrorism.
That post is a copy of a slashdot journal article posted months ago. The article has some problems, though, so I'll comment:
The best part of this interview is that Slashdot does not often interview criminals.
They do indeed! Kevin Mitnick is just one convicted criminal Slashdot has interviewed. If the alleged crime is relevant to computer technology, Slashdot will certainly do an interview. "Respectable journalists" interview criminals all the time.
This is where the story turns ugly.
Wrong. It was already ugly back when Sdem posted his false invitation.
Let's review who did what: Sdem: Used deceit & misrepresenation to extract private information from a naive computer user who didn't understand social engineering.
Fyodor: Used deceit & misrepresentation to extract private information from a naive compputer user who didn't understand software engineering.
What's different between them? Only the degree of publicity, and who started the fight.
So, if you're a doubter, email the Slashdot editorial staff. Fyodor is a Black Hat, and the eds know it.
Nothing done in full view of the public eye is "Black Hat". Black Hat means criminal, and criminal means some attempt is made to conceal the deed. If Fyodor had truely attempted to screw up Sdem's life, then by clever, long-term use of the compromised computer he could've easily done so. By immediately boasting of the intrusion, he gave up any chance to do real damage.
Is hacking into someone's PC wrong? Yes. Is it any worse than scratching a key down his car-door? Depends. Does that mean that everyone who does it should be labelled a "criminal"? Well, if you ask the US DoJ, 36% of Americans are "criminals". So it's hardly a badge of shame.
The testing process required to ensure that a patch will not affect thousands or tens of thousands of clients running critical applications is not trivial and usually cannot be done quickly.
If your application was built on a framework that's so unpredictable that fundamental security patches can break the app, then you've got problems. Either the programmers who wrote the app are stupid, or the designer who chose the framework is dangerously incompetent.
Whichever it is, they'll be easy enough to replace in today's job market.
The problem is that the US can't simply deny other nations such a presence. How could they? The first people that China lands on the moon will be for scientific reasons. Same thing with the lunar base. You simply can't blow up scientific missions - politically, that's suicide.
Moonshots are public events. Their prime goal is international PR, after all. Most likely, any nation returning humans to the moon will widely trumpt the full contents of the ship, and invite foreign scientists and dignitaries, etc. It will be difficult to the point of impossibility to conceal weapon abilities in such a mission.
If the entire program was secret, and all that was known is "China launched a 200 m^3 cylinder onto the lunar surface 6 hours ago", then the potential risks from something like that would be obvious to the whole world. It would be rather easy to get the world community to agree on an ultimatum to China: either bring inspectors onto the next moonshot, or face destruction. (Whether that destruction will occur on the moon itself, or to the Chinese launchpad, or even other Chinese property, is a strategic decision to be made by NASA + the Pentagon)
(The last bit regarding subversive intelligence is a stretch, yes.) More than a strech. That whole analogy is senseless.
fundamentally, the base on the Moon can easily prevent strikes against it - they have tons of energy available to them from the Sun,
Science fiction. It presupposes not only that a moonbase is a self-sustaining colony, but also that it's politically independent from terrestrial nations. Neither of those will be true within 75 years, and the latter fact means that Bejing is a hostage for any malefeasance the moon-base commits.
Do you care to try guess which IP's to spoof as? You probably could narrow it down a little if you monitored all of my traffic for a few days but you have no way of doing that from your desk.
To spoof ssh traffic, I need to be able to both snarf and inject packets at your internet provider. Anyone who's compromised your ISP to the point of being able to spoof already has a way of monitoring your traffic "from his desk".
There's no guessings- the attacker just watches for a long-lived connction on port 22, and uses that IP.
But thanks, hadn't really thought/didn't immediatly occur to me about controlling a router upstream.
Subverting a router at your ISP (directly upstream from you) would be the preferred technique for any federal law-enforcement types who wanted to spy on you. They have physical access anywhere they want, but might prefer not to spook the target into laying low by approaching his home directly. So a "man-in-the-middle" attack at the ISP will be their best plan.
Is FBI survelliance a valid concern for the home user interested in privacy? Maybe not- after all, the innocent have nothing to fear... the police are your friends...
I'd love to see some network infrastructure servers done in Ada.
That's a good idea. Time for the Ada-zealots to "put up or shut up". Those guys never seem to put out much code... and of course they become rarer every day. If their language was really more secure, correct, and easy (yes, they claim that!), then an sshd reimplementation would be a fine demonstration to prove it.
What a troll. Aiming to trick mods into "Informative", I suppose.
Any "linux user" who has openssh open to the world is a huge dumbass. What part of "firewall rules" don't you understand?
How would you suggest it be configured then? Just turn off remote login entirely? Or what other "firewall rule" could help in this situation?
I assume you are suggesting that people only allow ssh access from a specific, previously-known host. That removes much of ssh's utility (no more checking your system from a laptop in the hotel room), and even that sacrifice is not enough to be protective!
An attacker sniffing packets at your ISP can learn exactly which addresses you accept ssh connections over. Then he can spoof from that same address, and go right through the firewall.
The only way to protect yourself from unwanted outside connections is with correct crypto code.
That's a partial defense, and relates to a suggestion made in the mailing list announcement of the vulnerability.
However, if you're a paranoid or pessimistic kind of person, you shouldn't rely on hosts.allow to protect you.
Assuming that your ISP is taken over (either by hackers, or the FBI), they can re-number any internet packets destined to you. The hosts_access system will have no way to tell that a datastream is from a spoofed source. The "source address" field of IP packets can be falsified, and there's no way to tell.
However, in normal circumstances ssh can do a better job of verifying remote identity, by using more information than IP headers provide. It checks fingerprints of keys on the remote system, for example. But can we be sure that this feature is still working today, and hasn't been defeated by the latest exploit? That won't be known without expert analysis.
People on space colonies will have to learn how to get along better a lot more than anybody on Earth.
1. It's been suggested that no, they won't. One major factor that prevented a nuclear escalation during the Cold War years was the prospect of eliminating all human life. Viable space colonies take away that risk, freeing people to once again kill with abandon.
2. People organizing a space colony can exclude all but a select group of earth's makeup. There can be one spaceship for the Palestinians, one for the Nubians, and a specially big one for the dedicated, party-faithful Chinese. Space exploration may free humanity to pursue xenophobic bliss at a distance of millions of miles.
Sometimes the "Star Trek" series is held up as an impossible utopia, but a sociological look at the program suggests that their human culture very carefully segregates along racial lines. How else could Jean Picard be that pale after 300 years of breeding, and why else would Ben Sisko pick both his first and 2nd wife to share his same skin tone?
Remember that democracy idea that came from the last big frontier the human race had?
Your answer is false, and obviously so.
No, what do you think "security" is? It's the knowledge of safety.
If the public can't review something, they can't know it's safe. The proprietary code reviewers may have been smart enough to catch any flaws- but that's not enough. They'd also have to be trustworthy enough to reveal them, and not just keep them as a personal backdoor.
The sanely paranoid won't take anyone's word on security, they need the ability to check it personally.
And who says P2P is inefficient? Bit Torrent seems DAMN efficient to me.
BitTorrent is not truely P2P, to the extent Kazaa and gnutella are. It's more like a Napster situation.
Both Napster and BitTorrent have a centralized server that knows where the file is. The former had napster.com, the latter has whichever webserver is hosting the *.torrent file. Without a centralized computer doing some matchmaking, the peers would never learn about each other.
The difference between naptser and torrent is that there was a single napster server for all clients, while torrent allows anyone with a web page (or even a mailing list) to take that role for a particular file.
But remember how Napster was destroyed by lawsuits? BitTorrent is actually more vulnerable in some ways. Since all files were automatically indexed by Napster when a user shared them, Shawn Fanning could reasonably argue that the copyright status of any individual file was outside his knowledge. If the MPAA finds someone hosting torrent files of their products, they've got strong proof the hoster knew which files he was serving, and whether or not he was allowed to.
Anyway, the claim that "P2P is inefficient" comes from the truely P2P applications, which use no fixed server at all. The downloads are just as fast as any other straightforward file transfer, but the searching is hundreds of times worse than provided by Napster or a google-like torrent searcher. It's common to see idle Gnutella hosts eating up 90K connections just for all the incoming searches, even when no actual files are being transfered. (There has been research to alleviate this, but results have been mixed). I've never read numbers on what the search/transfer ratio Kazaa gets for bandwidth, hopefully it's better than Gnutella!
think manned space exploration is a waste.
There's no such thing as "manned space exploration" anymore. The last time a man explored space was in 1969.
Since then, manned space travel has continued, but it's a far cry from exploration. And yes, space travel is a waste.
New fighter-jet software is written in C++.
Actually, the US government recently reported (illegal) drug use to be down to it's lowest point of the past 20 years. The "drug war" feds have claimed full credit.
The general public will never believe online music-swapping is a crime until it gets treatment resembling activities which are universally viewed as criminal.
Suppose a store owner watches his video survelliance tapes and recognizes the name of someone removing a crate of 500 audio CDs from his storeroom. He's not 100% sure who it is, maybe not even 50%, but has strong suspicions. If he informs the police, they'll have a search warrant printed up, enter the perpetrator's home, and then, if the goods are found, certainly arrest him. (They might also be able to arrest on other evidence, even if he's already re-sold the CDs).
Notice that upon discovering he'd been robbed, the shopkeeper didn't call his lawyer- he called the cops. Filing a civil suit against the thief didn't even cross his mind.
So why doesn't an analogous situation occur in the digital world? The owner of some product suspects strongly that it has been 'stolen' by individuals whose names and addresses it has learned. If they've really committed a crime, then telephoning the local police should give them grounds to invoke traditional investigative powers and search the guy's computer.
Why does the RIAA mail summons to the infringers it has discovered? Why not just call the police on them? That was rhetorical- I know the answer: The police aren't really interested in arresting a 15-year old girl for nonpayment on her Destiny's Child collection. They'd rather spend their effort on serious crimes.
Until the music industry can convince the police to recategorize nonprofit copyright infringement as worthy of arrest, their efforts to vilify filesharing will be hampered. As The Simpsons, put it, "Once something's been approved by the government, it's no longer immoral".
Just a couple of trivial points: If every owner of a comuter paid 100 bucks or whatever at time of purchase (compulsory liscense, as in the television scenario that predates our current debacle)
There's two possible interpretations of "compulsory licensing". That's one of them, but there is another, as I described. Lawmakers might go down either road.
If 10 year old music was going into the public domain, all of these factions wouldn't be going insane
I agree there. A non-crippled public domain would be wonderful for the development of useful technology. Even if the expiration date was 28 years ("Founders' Copyright") or even 56, there would be actual movies and TV shows with a non-trivial level of popular appeal in the public domain. (Even megahits like "Star Wars" are about 28 years old)
Filesharing, p2p, and VOD networks would have a legitmate mass of content to work with. They could actually concentrate on what is technologically necessary to provide a good level of service, instead of designing softare to avoid ligitation.
And if there was an actual significant amount of PD material available, the case could be made that we need technologies to tell what's copyrighted and what isn't. Today, for example, when my company burns original presentation video onto DVD-RW, the software inserts a warning stating that it's only a private backup, and we have no right to redistribute. That's how ingrained the notion is that "Everything worth copying is copyrighted, and always will be"
ust the most obvious drawback.
nounderscores suggested a device like a stack of LCDs to provide 3-dimensional pixel addressing. (Multilayer LCDs, allowing for example 1024x768x3 pixels, have already been created).
The Actuality product you keep spamming about is nothing like that.
But unless these moderators know a way to stop photons in their tracks a few feet from where they were emitted
If the photons from a lightsabre actually stopped in their tracks, then the deadly beam would be invisible. Without photons, there's nothing to see.
That would be better in many combat situations, but less useful to present a fearsome threat or just win a pose-off.
The most physically plausible explanation for lightsabres is that the handle is simply a can holding a spool of carbon monofilament. Using their famous telekinetic ability to move objects without touching them, the Jedi operator simply extends the filament out into a stiff line and slices away. (The illumination is given off when stresses on the filament excite it to the point of incandescent heat)
I'm a big fan of Star Trek, but the holodeck is still simply science fiction to me.
Same here.
But given that the people of the Enterprise can project force over a distance (either to generate interia against an object, or simply emit visible light), then the holodeck becomes a simple problem of software engineering. (Those two capabilities are trivial in comparison to the "shields" and "transporter" they already had)
Upon entering, each user is shuffled off to a corner by forcefields under his feet, so the total capacity of a 10x10 meter room is nearly 100 persons. He doesn't notice the movement, because remotely-generated light is being projected directly into his retinas. Simlarly, his body has been wrapped by a form-fitting force-field, which blocks the sensation of moving air. The patterns generated by those projectors match a digitaly simulated copy of the actual room, but loading different software will inject other 3d models into the simulated display.
The system could've been implemented more compactly as just little tubes surrounding the user (prehaps built into every bunk?), but the designers must've wanted to prevent feelings of claustrophobia.
Note that the plotline of holodeck episodes often focused on whether or not the safety-checks were still enabled- that's a piece of software which prevented the tacticle forcefield from impinging on anyone's vital organs, or blocking the flow of air through the nose.
The holodeck actually creates objects for its user to interact
If that were true, those objects would persist after being removed from the holodeck. But they always fade out at the doorway. For contrast, look at the beverage dispensers the crew uses- those objects are created by a transporter-like effect, and they are real matter.
Check out StNG episode 29, "Elementary, Dear Data" this covers some of the specs of the holodeck
If you paid attention to that episode, you'd see holodeck characters lingering at the doorway to the external corridor, fearful to cross because of the suspicion that they were NOT matter, but simply a projection maintained by the special room they were in. As soon as one of them leaves, he's erased from simulation.
(This is more blatant in the episode about rampaging holodeck gangsters)
otherwise you're going to quickly cover the area around the unit with a haze of whatever material you're using.
Unless prehaps it's a recirculating system- a suction device on the bottom of the display area collects the particles emmitted by the sprayer at the top. There would be some lossage, especially when new users are excitedly waving hands through the image, but it might be able to recover the bulk of the dust and reduce mess in the surroundings.
(Consider this post prior art if anyone later gets the idea to patent something like this!)
Nice to see you agree with me so completely.
do we put " "'s " around "terrorists" when a hellfire missle from a robot plane kills a Terrorist?
What are you talking about? It seems to be an allusion to the US Predator Unmanned Aerial Vehicle which can launch Hellfire missiles against ground targets, including enemy soldiers.
I've never heard of that weapon being deployed against a terrorist. A man who fights for the Taliban is a "soldier". He can also be labeled an "oppressor" or many other bad things. But only a vanishingly small fraction of the people killed by US forces in Afganistan had ever committed something matching the US defintion of terrorism.
Responsible software vendors release security advisories coordinating with other vendors.
Responsible software vendors are honest with their customers, and inform them of potentially dangerous problems as soon as possible.
That post is a copy of a slashdot journal article posted months ago. The article has some problems, though, so I'll comment:
The best part of this interview is that Slashdot does not often interview criminals.
They do indeed! Kevin Mitnick is just one convicted criminal Slashdot has interviewed. If the alleged crime is relevant to computer technology, Slashdot will certainly do an interview. "Respectable journalists" interview criminals all the time.
This is where the story turns ugly.
Wrong. It was already ugly back when Sdem posted his false invitation.
Let's review who did what:
Sdem: Used deceit & misrepresenation to extract private information from a naive computer user who didn't understand social engineering.
Fyodor: Used deceit & misrepresentation to extract private information from a naive compputer user who didn't understand software engineering.
What's different between them? Only the degree of publicity, and who started the fight.
So, if you're a doubter, email the Slashdot editorial staff. Fyodor is a Black Hat, and the eds know it.
Nothing done in full view of the public eye is "Black Hat". Black Hat means criminal, and criminal means some attempt is made to conceal the deed. If Fyodor had truely attempted to screw up Sdem's life, then by clever, long-term use of the compromised computer he could've easily done so. By immediately boasting of the intrusion, he gave up any chance to do real damage.
Is hacking into someone's PC wrong? Yes. Is it any worse than scratching a key down his car-door? Depends. Does that mean that everyone who does it should be labelled a "criminal"? Well, if you ask the US DoJ, 36% of Americans are "criminals". So it's hardly a badge of shame.
The testing process required to ensure that a patch will not affect thousands or tens of thousands of clients running critical applications is not trivial and usually cannot be done quickly.
If your application was built on a framework that's so unpredictable that fundamental security patches can break the app, then you've got problems. Either the programmers who wrote the app are stupid, or the designer who chose the framework is dangerously incompetent.
Whichever it is, they'll be easy enough to replace in today's job market.
The problem is that the US can't simply deny other nations such a presence. How could they? The first people that China lands on the moon will be for scientific reasons. Same thing with the lunar base. You simply can't blow up scientific missions - politically, that's suicide.
Moonshots are public events. Their prime goal is international PR, after all. Most likely, any nation returning humans to the moon will widely trumpt the full contents of the ship, and invite foreign scientists and dignitaries, etc. It will be difficult to the point of impossibility to conceal weapon abilities in such a mission.
If the entire program was secret, and all that was known is "China launched a 200 m^3 cylinder onto the lunar surface 6 hours ago", then the potential risks from something like that would be obvious to the whole world. It would be rather easy to get the world community to agree on an ultimatum to China: either bring inspectors onto the next moonshot, or face destruction. (Whether that destruction will occur on the moon itself, or to the Chinese launchpad, or even other Chinese property, is a strategic decision to be made by NASA + the Pentagon)
(The last bit regarding subversive intelligence is a stretch, yes.)
More than a strech. That whole analogy is senseless.
fundamentally, the base on the Moon can easily prevent strikes against it - they have tons of energy available to them from the Sun,
Science fiction. It presupposes not only that a moonbase is a self-sustaining colony, but also that it's politically independent from terrestrial nations. Neither of those will be true within 75 years, and the latter fact means that Bejing is a hostage for any malefeasance the moon-base commits.
Do you care to try guess which IP's to spoof as? You probably could narrow it down a little if you monitored all of my traffic for a few days but you have no way of doing that from your desk.
To spoof ssh traffic, I need to be able to both snarf and inject packets at your internet provider. Anyone who's compromised your ISP to the point of being able to spoof already has a way of monitoring your traffic "from his desk".
There's no guessings- the attacker just watches for a long-lived connction on port 22, and uses that IP.
But thanks, hadn't really thought/didn't immediatly occur to me about controlling a router upstream.
Subverting a router at your ISP (directly upstream from you) would be the preferred technique for any federal law-enforcement types who wanted to spy on you. They have physical access anywhere they want, but might prefer not to spook the target into laying low by approaching his home directly. So a "man-in-the-middle" attack at the ISP will be their best plan.
Is FBI survelliance a valid concern for the home user interested in privacy? Maybe not- after all, the innocent have nothing to fear... the police are your friends...
I'd love to see some network infrastructure servers done in Ada.
That's a good idea. Time for the Ada-zealots to "put up or shut up". Those guys never seem to put out much code... and of course they become rarer every day. If their language was really more secure, correct, and easy (yes, they claim that!), then an sshd reimplementation would be a fine demonstration to prove it.
What a troll. Aiming to trick mods into "Informative", I suppose.
Any "linux user" who has openssh open to the world is a huge dumbass. What part of "firewall rules" don't you understand?
How would you suggest it be configured then? Just turn off remote login entirely? Or what other "firewall rule" could help in this situation?
I assume you are suggesting that people only allow ssh access from a specific, previously-known host. That removes much of ssh's utility (no more checking your system from a laptop in the hotel room), and even that sacrifice is not enough to be protective!
An attacker sniffing packets at your ISP can learn exactly which addresses you accept ssh connections over. Then he can spoof from that same address, and go right through the firewall.
The only way to protect yourself from unwanted outside connections is with correct crypto code.
openssh (1:3.4p1-1) testing; urgency=high
* thanks to the security team for their work
* no thanks to ISS/Theo de Raadt for their handling of these bugs
-- Matthew Vernon Fri, 28 Jun 2002 17:20:59 +0100
That's a partial defense, and relates to a suggestion made in the mailing list announcement of the vulnerability.
However, if you're a paranoid or pessimistic kind of person, you shouldn't rely on hosts.allow to protect you.
Assuming that your ISP is taken over (either by hackers, or the FBI), they can re-number any internet packets destined to you. The hosts_access system will have no way to tell that a datastream is from a spoofed source. The "source address" field of IP packets can be falsified, and there's no way to tell.
However, in normal circumstances ssh can do a better job of verifying remote identity, by using more information than IP headers provide. It checks fingerprints of keys on the remote system, for example. But can we be sure that this feature is still working today, and hasn't been defeated by the latest exploit? That won't be known without expert analysis.
People on space colonies will have to learn how to get along better a lot more than anybody on Earth.
1. It's been suggested that no, they won't. One major factor that prevented a nuclear escalation during the Cold War years was the prospect of eliminating all human life. Viable space colonies take away that risk, freeing people to once again kill with abandon.
2. People organizing a space colony can exclude all but a select group of earth's makeup. There can be one spaceship for the Palestinians, one for the Nubians, and a specially big one for the dedicated, party-faithful Chinese. Space exploration may free humanity to pursue xenophobic bliss at a distance of millions of miles.
Sometimes the "Star Trek" series is held up as an impossible utopia, but a sociological look at the program suggests that their human culture very carefully segregates along racial lines. How else could Jean Picard be that pale after 300 years of breeding, and why else would Ben Sisko pick both his first and 2nd wife to share his same skin tone?
Remember that democracy idea that came from the last big frontier the human race had?
The move to Athens?