The Firefox developers are serious security professionals. They have probably attended over two conferences on security, and may even own a copy of "Linux Hacking Exposed". So stop questioning their logic; they have obviously spent centuries longer than you considering this topic.
That doesn't make them infallible. In this case, they're forgetting that "some" is better than "none".
Anyway, as the article below clearly shows, the only part of SSL that matters is being able to verify the identity of the host. It's way more important than preventing random packet sniffers from seeing your stuff.
http://www.networkworld.com/community/node/31124
It looks like the attack in that article relies on conning a CA into giving you a cert you shouldn't have. And if you can do that, a site with a CA-signed cert is no safer than one with a self-signed cert.
Because CA-signed ssl certs cost $$ for often no measurable (as in $$) benefit, HTTPS doesn't work with name-based virtual hosting, and new browsers treat self-signed SSL as evil incarnate.
Depending on the situation, it CAN be more dangerous. I'm much less likely to share sensitive information over a plain http connection. If I see the little lock and I haven't been warned, I get all warm and fuzzy that I'm actually talking to my bank. If I go to Bank of America and get a self-signed warning, I know something is afoot.
So either don't show the lock, or just don't color the address bar. I'm not saying it should be treated the same as a CA-signed cert, just that treating it as worse than unencrypted is bad. If you go to Bank of America and there's no lock or colored address bar, does that also tell you something is afoot? Or could someone phish you with a fake over plain http?
They don't lie, they assume that if a site is self-signed it has been hijacked which is very resonable, if my bank suddenly changed to self-signed I'd want a proper warning.
So do like SSH does, and complain if the cert changes. This would also protect against someone conning a CA into giving out bogus certs.
Where I work we have Solaris 9 and 10 boxes running literally unattended for 600+ days - they are shared boxes, meaning lot many different applications run on the same OS/FS/Memory/CPUs.
When a particular app goes haywire and starts (many of them are 64-bit apps) - that particular app just gets a NULL back when there is no longer any memory available. The app can hopefully then calm itself down or release some of its caches etc. but the main point is that the other apps are unaffected and so is the OS.
Or maybe it won't, since we already know that it probably isn't written very well (or maybe you just didn't buy enough ram for your server). And other programs will end up unable to allocate more memory when they need it.
I would not even begin to think how Linux could handle this. It has this insane notion of handing out virtually any amount of memory to applications whether or not there is actually that much memory and swap available. So when things get out of control the ugly and stupid OOM killer thinks it knows better which app to kill - depending on your luck you could end up with sshd or some other good behaving app being killed to give memory to this bad app.
You do realize that out-of-memory behavior is configurable, right? The default setting is to use the OOM killer, but it's trivial to tell it to behave "properly".
Is there any reason to not use SSL every time one sends a password?
Firefox 3, and I think other newer browsers, lie to people by strongly implying that HTTPS with self-signed certificates is far more dangerous than bare unencrypted HTTP.
There's probably a Linux equivalent of processor sets, CPU shares and the Fair Shares Scheduler, but again I've never found one.
Newer kernels allow you to put processes into a tree and assign priorities at each level, or assign priorities per user. Look for "CFS" or "Completely Fair Scheduler" and "group scheduling" or "fair user scheduling". Not sure how exactly this compares, my only run-in with it has been that various system cron jobs that used to run at nice 19 don't act like they're at nice 19 any more.
In that case why can't the market just bypass the speculators, by the consumers buying from the producers directly? Or maybe the speculators are actually doing something useful, like letting the producers contract for stable, predictable prices years in advance, without requiring the consumers to purchase equally far in advance based on questionable demand forecasts.
You say "open borders are more libertarian than the H1-B system", which is true, but a generous H-1B program would mean a more open border than what we have now. The grandparent is correct, that it's hypocritical to oppose a step in what you claim is the "right" direction.
IIRC, this particular change wasn't made "properly".
You say a generous H-1B program would "create an underclass of workers" -- but a truly open border would be even worse in this respect, since it would drastically increase the number of U.S. resident programmers willing to work for bottom dollar.
No, "underclass" as in "fewer legal options". My understanding is that a H-1B comes with requirements about always having a job (and maybe requirements that the employer fill out extra paperwork?), this makes it a bit harder to go to a different employer if you're being treated like crap.
And if you as a programmer don't think you're going to be seriously competing against China- and India-resident programmers in a few years, you haven't been paying attention.
I've heard that some companies are finding that the language and time-zone barriers involved often make this totally not worth it.
That's because you don't understand differences between labor and commodity. More oil means lower prices; more workers means more jobs and more work done.
Maybe overall and eventually, but it takes time for things to adjust.
The more workers you have, the larger is your economy, and EVERYBODY is better off.
That doesn't work if the new workers are all in one field, you end up with high unemployment and/or low pay for a while until people get displaced to other lines of work ("I just can't find a job as a programmer any more, I think I'll learn how to farm switchgrass instead.").
I find it interesting that Slashdotters and the posted articles tend to be quite libertarian on many issues, with one of the exceptions being protection of the tech jobs market. Isn't it a bit hypocritical or am I missing something?
What you're missing is that open borders are more libertarian than the H-1B system, which supposedly serves to create an underclass of workers with much less leverage to get reasonable (compared to other people here) pay.
Why does everybody allways acts like they are being cheated out of their money when caught breaking traffic laws? They are laws, you know them and they improve safety.
Perhaps because the current system has the built-in assumption that you won't usually get caught, so perfect enforcement would make the fines and points against your license stack up way faster than designed? Or maybe because it sometimes appears to be more of a revenue-generation system than a safety-enhancement system...
They are being unrealistically greedy, and negotiation will probably follow because it is almost certainly in their interests to accept a realistic level of royalties rather than making no money at all.
And yet we can see from history (such as the airplanes mentioned in TFA...) that this doesn't happen reliably.
Basically, as long as patents are awarded in the spirit they were originally intended, market forces will normally do the rest.
I'm not so sure of this, since it seems to only look at one side of the picture. Much progress requires cooperation, and exclusive rights grant people the opportunity to forbid such cooperation. We know that this does happen (and actually seems to be built in to human nature, success is relative to your neighbors instead of absolute), the questions are just how it compares to the benefit that comes from providing incentives for research, and whether there's a way to provide those incentives without the downsides of exclusivity.
In which case, he will need to either compensate the patent holders for using the protected inventions he is building on,
RTFA, this apparently doesn't work so well when there are too many patent holders. What happens when there are 3 who each want 50%?
sell the rights to his idea to a larger group that can take advantage of it,
And it gets integrated into an existing product lineup at a price chosen to not impact sales of other parts of that lineup, rather than standing on its own and possibly disrupting the industry to the benefit of the general public.
or wait until the existing protections expire.
Which holds everything back by a couple decades, making everyone worse off.
Unless states submit themselves to a common rule of international law, there will never be a chance for peace.
And if the do, you suddenly have a chance to force your morality (drug war, no sex before you're 18, etc) or business model (overbearing "IP" crap) on the entire world, thru a group of rulers who have approximately no connection to reality (because reality is local and everywhere). And there still won't be peace.
at that bandwidth they'd have to be on the local network
Or be a medium-large botnet.
(and that's pretty much the only way to do this attack anyway - any ISP worth the money will drop any packets with fake source addresses on the floor before they get routed externally, so it'd have to be an internal attack)
So why was the original problem considered to be such a big deal? Any DNS poisoning attack requires that you pretend to be the real DNS server, so if it's only possible from the local network why was that big coordinated patch worth the effort?
What sort of preventative action? This already relies on the packets looking like the come from the real nameserver, so you can't just block them without cutting off large parts of the DNS hierarchy from your customers...
This isn't about evil servers. It's about impersonating servers by spoofing their address, and about how the passwords build into the question/response packets aren't long enough to prevent this.
Why can't the resolvers make sure to never have multiple outstanding requests that could potentially give the same answer? Check the cache for known zone boundaries and implied non-boundaries (if the server for foo.com also answers requests for x.y.z.foo.com, there's no zone boundary in between), and only send one request crossing a particular potential boundary at a time to a particular server (like a.c.foo.com and b.c.foo.com, we don't know yet that.c.foo.com is answered by the same server as.foo.com, since nothing under that domain is in the cache).
those airframes also carry the same combat load as an F-16 and the missions being carried out are just as complex if not more demanding than with piloted missions.
When a guy operating a UAV joystick is pulling 9 G's and risking being a KIA or POW, then we'll call it as demanding as an F-16 mission, K?
demanding != dangerous, and mentally demanding != physically demanding
Slashdot Mirror
The Firefox developers are serious security professionals. They have probably attended over two conferences on security, and may even own a copy of "Linux Hacking Exposed". So stop questioning their logic; they have obviously spent centuries longer than you considering this topic.
That doesn't make them infallible. In this case, they're forgetting that "some" is better than "none".
Anyway, as the article below clearly shows, the only part of SSL that matters is being able to verify the identity of the host. It's way more important than preventing random packet sniffers from seeing your stuff.
http://www.networkworld.com/community/node/31124
It looks like the attack in that article relies on conning a CA into giving you a cert you shouldn't have. And if you can do that, a site with a CA-signed cert is no safer than one with a self-signed cert.
Because CA-signed ssl certs cost $$ for often no measurable (as in $$) benefit, HTTPS doesn't work with name-based virtual hosting, and new browsers treat self-signed SSL as evil incarnate.
Maybe the two weeks notice is a hint to google that it might be a good idea to fix the default setting or make all connections encrypted?
Depending on the situation, it CAN be more dangerous. I'm much less likely to share sensitive information over a plain http connection. If I see the little lock and I haven't been warned, I get all warm and fuzzy that I'm actually talking to my bank. If I go to Bank of America and get a self-signed warning, I know something is afoot.
So either don't show the lock, or just don't color the address bar. I'm not saying it should be treated the same as a CA-signed cert, just that treating it as worse than unencrypted is bad. If you go to Bank of America and there's no lock or colored address bar, does that also tell you something is afoot? Or could someone phish you with a fake over plain http?
They don't lie, they assume that if a site is self-signed it has been hijacked which is very resonable, if my bank suddenly changed to self-signed I'd want a proper warning.
So do like SSH does, and complain if the cert changes. This would also protect against someone conning a CA into giving out bogus certs.
Where I work we have Solaris 9 and 10 boxes running literally unattended for 600+ days - they are shared boxes, meaning lot many different applications run on the same OS/FS/Memory/CPUs .
When a particular app goes haywire and starts (many of them are 64-bit apps) - that particular app just gets a NULL back when there is no longer any memory available. The app can hopefully then calm itself down or release some of its caches etc. but the main point is that the other apps are unaffected and so is the OS.
Or maybe it won't, since we already know that it probably isn't written very well (or maybe you just didn't buy enough ram for your server). And other programs will end up unable to allocate more memory when they need it.
I would not even begin to think how Linux could handle this. It has this insane notion of handing out virtually any amount of memory to applications whether or not there is actually that much memory and swap available. So when things get out of control the ugly and stupid OOM killer thinks it knows better which app to kill - depending on your luck you could end up with sshd or some other good behaving app being killed to give memory to this bad app.
You do realize that out-of-memory behavior is configurable, right? The default setting is to use the OOM killer, but it's trivial to tell it to behave "properly".
Is there any reason to not use SSL every time one sends a password?
Firefox 3, and I think other newer browsers, lie to people by strongly implying that HTTPS with self-signed certificates is far more dangerous than bare unencrypted HTTP.
There's probably a Linux equivalent of processor sets, CPU shares and the Fair Shares Scheduler, but again I've never found one.
Newer kernels allow you to put processes into a tree and assign priorities at each level, or assign priorities per user. Look for "CFS" or "Completely Fair Scheduler" and "group scheduling" or "fair user scheduling". Not sure how exactly this compares, my only run-in with it has been that various system cron jobs that used to run at nice 19 don't act like they're at nice 19 any more.
In that case why can't the market just bypass the speculators, by the consumers buying from the producers directly? Or maybe the speculators are actually doing something useful, like letting the producers contract for stable, predictable prices years in advance, without requiring the consumers to purchase equally far in advance based on questionable demand forecasts.
1. Legalize drugs and prostitution.
2. ???
3. PROFIT!!!
But how do they profit when they can't steal^Wseize your property on a whim any more?
Technology does not change people.
Yes it does, it's called the "greater internet fuckwad theory".
You say "open borders are more libertarian than the H1-B system", which is true, but a generous H-1B program would mean a more open border than what we have now. The grandparent is correct, that it's hypocritical to oppose a step in what you claim is the "right" direction.
IIRC, this particular change wasn't made "properly".
You say a generous H-1B program would "create an underclass of workers" -- but a truly open border would be even worse in this respect, since it would drastically increase the number of U.S. resident programmers willing to work for bottom dollar.
No, "underclass" as in "fewer legal options". My understanding is that a H-1B comes with requirements about always having a job (and maybe requirements that the employer fill out extra paperwork?), this makes it a bit harder to go to a different employer if you're being treated like crap.
And if you as a programmer don't think you're going to be seriously competing against China- and India-resident programmers in a few years, you haven't been paying attention.
I've heard that some companies are finding that the language and time-zone barriers involved often make this totally not worth it.
That's because you don't understand differences between labor and commodity. More oil means lower prices; more workers means more jobs and more work done.
Maybe overall and eventually, but it takes time for things to adjust.
The more workers you have, the larger is your economy, and EVERYBODY is better off.
That doesn't work if the new workers are all in one field, you end up with high unemployment and/or low pay for a while until people get displaced to other lines of work ("I just can't find a job as a programmer any more, I think I'll learn how to farm switchgrass instead.").
I find it interesting that Slashdotters and the posted articles tend to be quite libertarian on many issues, with one of the exceptions being protection of the tech jobs market. Isn't it a bit hypocritical or am I missing something?
What you're missing is that open borders are more libertarian than the H-1B system, which supposedly serves to create an underclass of workers with much less leverage to get reasonable (compared to other people here) pay.
Why does everybody allways acts like they are being cheated out of their money when caught breaking traffic laws? They are laws, you know them and they improve safety.
Perhaps because the current system has the built-in assumption that you won't usually get caught, so perfect enforcement would make the fines and points against your license stack up way faster than designed? Or maybe because it sometimes appears to be more of a revenue-generation system than a safety-enhancement system...
Still, you'd think that we could at least get most of our larger cities wired at comparable speeds to the rest of the civilized world...
They are being unrealistically greedy, and negotiation will probably follow because it is almost certainly in their interests to accept a realistic level of royalties rather than making no money at all.
And yet we can see from history (such as the airplanes mentioned in TFA...) that this doesn't happen reliably.
Basically, as long as patents are awarded in the spirit they were originally intended, market forces will normally do the rest.
I'm not so sure of this, since it seems to only look at one side of the picture. Much progress requires cooperation, and exclusive rights grant people the opportunity to forbid such cooperation. We know that this does happen (and actually seems to be built in to human nature, success is relative to your neighbors instead of absolute), the questions are just how it compares to the benefit that comes from providing incentives for research, and whether there's a way to provide those incentives without the downsides of exclusivity.
In which case, he will need to either compensate the patent holders for using the protected inventions he is building on,
RTFA, this apparently doesn't work so well when there are too many patent holders. What happens when there are 3 who each want 50%?
sell the rights to his idea to a larger group that can take advantage of it,
And it gets integrated into an existing product lineup at a price chosen to not impact sales of other parts of that lineup, rather than standing on its own and possibly disrupting the industry to the benefit of the general public.
or wait until the existing protections expire.
Which holds everything back by a couple decades, making everyone worse off.
Unless states submit themselves to a common rule of international law, there will never be a chance for peace.
And if the do, you suddenly have a chance to force your morality (drug war, no sex before you're 18, etc) or business model (overbearing "IP" crap) on the entire world, thru a group of rulers who have approximately no connection to reality (because reality is local and everywhere). And there still won't be peace.
What's so funny about an illegal war?
Where can I find a legal one?
Who put the humor tag on this story?
Probably someone who likes word games, or thinks it's funny when AIs get tripped up by ambiguous terms.
Where's the outrage against Russia's invasion of a sovereign country?
Without knowing the background, how do we know that outrage would be appropriate? Now, "oh crap, I hope it doesn't spread" might be appropriate...
at that bandwidth they'd have to be on the local network
Or be a medium-large botnet.
(and that's pretty much the only way to do this attack anyway - any ISP worth the money will drop any packets with fake source addresses on the floor before they get routed externally, so it'd have to be an internal attack)
So why was the original problem considered to be such a big deal? Any DNS poisoning attack requires that you pretend to be the real DNS server, so if it's only possible from the local network why was that big coordinated patch worth the effort?
What sort of preventative action? This already relies on the packets looking like the come from the real nameserver, so you can't just block them without cutting off large parts of the DNS hierarchy from your customers...
This isn't about evil servers. It's about impersonating servers by spoofing their address, and about how the passwords build into the question/response packets aren't long enough to prevent this.
Why can't the resolvers make sure to never have multiple outstanding requests that could potentially give the same answer? Check the cache for known zone boundaries and implied non-boundaries (if the server for foo.com also answers requests for x.y.z.foo.com, there's no zone boundary in between), and only send one request crossing a particular potential boundary at a time to a particular server (like a.c.foo.com and b.c.foo.com, we don't know yet that .c.foo.com is answered by the same server as .foo.com, since nothing under that domain is in the cache).
those airframes also carry the same combat load as an F-16 and the missions being carried out are just as complex if not more demanding than with piloted missions. When a guy operating a UAV joystick is pulling 9 G's and risking being a KIA or POW, then we'll call it as demanding as an F-16 mission, K?
demanding != dangerous, and mentally demanding != physically demanding