Memcached uses UDP, so you put the target's IP in the source IP field of the datagram and it responds (with a much larger packet). It's intended to be used on a local network (or even loopback), but it's often misconfigured. As you say, in an ideal world, ISPs shouldn't allow packages off their network with a source address that isn't from their network, but it's also not always trivial to identify the correct set of IPs to permit (traffic transiting your network has to be handled as well as traffic originating on your network, and if you've got a bunch of customers who all own their own/24s, plus a bunch of downstream networks that may or may not be routing over your network, depending on dynamic configuration, and may only be routing outbound traffic over your network and having a different path for the return then this gets complicated quickly).
Your link doesn't support your assertion. We use GitHub for a load of stuff at work and I didn't have any problems pushing or pulling, or reviewing pull requests, and our CI system didn't report any failures to pull, so I'm not sure where you get that from.
It does support ASCII, but Slashdot includes a meta tag indicating UTF-8 support. As a result, Safari submits web forms as UFT-8. Slashcode then interprets these as ASCII (actually, some random 8-bit code page) and gets confused by the multi-byte UTF-8 characters.
I can understand the 'and I wouldn't mind seeing it' bit: If pedophiles are going to be asking children for naked pictures, then doing so where other adults can see gives more of an opportunity to explain to the child why it's a really bad idea to cooperate and to forward the request to law enforcement. I'd much rather would-be child molesters used Facebook to talk to children than something like Signal or Telegram.
In this case, it actually is. If someone posts something in a public place saying 'hey, any underage girls / boys want to send me naked pictures?' then it's pretty easy to take down the post. But presumably pedophiles are not doing that, they're sending direct messages. Is it therefore acceptable for Facebook to inspect every direct message (i.e. no end-to-end encryption on WhatsApp anymore) and block anything illegal? Should they just disable end-to-end encryption for under-18s and block illegal content? Can they even legally do that, without running afoul of various minor-protection laws in different jurisdictions? Should they then warn you that you're talking to an under-18 (and would this help pedophiles identify targets)?
40 years ago, state of the art AI was roughly equivalent to a cat in terms of what it could do. Now, it's roughly equivalent to a cat, but runs in a much smaller box. I'm not sure how you think that we can go from here to 'super-intelligent AI' in a few years.
Even if only binaries. Even if you build with a multi-platform framework like Qt or Xamarin, you still have to use Xcode to build and deploy for iOS.
That's not quite true. You can build on any platform, though you will need the SDKs (which are included with XCode and are not legally redistributable), but you will need to run the code-signing tool on a Mac (and it's quite painful to use from a command line). If you're using a cross-platform toolkit then you can do all of your development on a non-Apple machine and then do the final sign-and-publish step on a Mac.
This is only true if the domain uses DNSSEC. Most laptops / phones trust whatever DNS server the access point that they're connected to tells them to use via DHCP. If you set up a malicious AP then you can return your own server address for the compromised domains. If you deploy malware that infects a few thousand vulnerable WiFi routers then you can do this on a large scale quite easily.
But why the fuck isn't the PUBLIC key signed, and the end user sends a message to the private key to verify it is authentic?
It is. You generate a certificate signing request (CSR) from your certificate (which embeds the public key and the metadata fields such as organisation name, host name and so on). You send the CSR to your certificate authority (CA). The CA then gives you back a signed certificate (which may strip out some fields from the cert that the CA doesn't want to attest to). The key exchange phase of TLS then sends the certificate to the client, which can walk the certificate chain to verify that someone (hopefully someone trustworthy) is willing to attest that the public key belongs to the organisation that you think you are communicating with. The client then encrypts using the public key and the server decrypts using the private key.
I will personally just stick to self signed certificates for exactly this private key threat model
You use self-signed certs for a threat model that doesn't exist? This problem existed only because they had customers that decided to outsource certificate creation to them, which is a bad idea and would have failed a security audit.
but obviously the entire chain of trust is untrustworthy in this day and age
If you get a CA to sign your certificate then, at worst, it is no less secure than if you don't. You are still free to distribute the hash out of band and check it. You are still able to use certificate pinning to ensure that you notice if it has unexpectedly changed. And if you don't sign it, then a malicious CA (e.g. one compromised by an intelligence agency) is still able to sign a cert claiming to be yours and have other people trust it. If you use DNSSEC and publish CAA records then you can at least narrow this down to one CA that they must compromise.
Just for a start, hospital groups would need to set up an accounts payable system for charging people
Hospitals don't. If the police are called (which they will be if there's a fight and you call an ambulance) then they already have a mechanism for fining you.
That's a comment in an unrelated story. The original owners always put a front-page story up explaining downtime, if possible during the outage in the case of an intermittent problem.
Slashdot being down wasn't too much of a problem, but the killer was that SourceForge was accessible only via HTTP, not via HTTPS. This broken things like CocoaPods (or Go or Rust's dependency schemes), so it was impossible to automatically fetch and build projects using this kind of tool if any of the dependencies were on SourceForge. I suspect that a lot of these projects are going to be cloning their dependencies on GitHub and moving their dependency over there. I built OSMAnd's iOS version during the downtime and had to manually patch the pod to grab one of the dependencies from a GitHub fork instead.
This wouldn't have mattered so much if there had been a 'We are currently experiencing a DDoS, please be patient' message on SourceForge, and if HTTP and HTTPS had been down (during an attack, being able to access the contents only via a mechanism that does nothing to prevent tampering made me very nervous). Instead, I was left with the feeling that SF is considered a legacy system that no one cares about. This is more or less how GNA worked in the months before they finally killed it.
I wonder how much your insurance company actually paid. I've seen it claimed that healthcare providers in the US overcharge a lot because insurance companies only pay a fraction of the cost. I've also seen it argued that a significant number of people don't pay and so the costs end up being spread between the 40% who both have an injury / illness and can pay instead of the 80% of the general population who can pay.
Why do you think Fascism and being a superpower are mutually exclusive? Nazi Germany, the canonical Fascist state, was pretty much a superpower and the USSR adopted a lot of Fascist ideas (militarism, strong central personality-based leadership, merging of corporation and state). During its rise, the British Empire also had a lot of these attributes (including concentration camps and a quasi-governmental East India Company).
There's no rule that says that superpowers have to be nice...
That doesn't necessarily follow. A Prime Minister can decide to retire at any point with their legacy intact., the problem is that the position attracts people who are bad at judging when it's time for someone else. The benefit of term limits is that they're forced to step down for a while. The Chinese limit of consecutive terms is probably a good one: if you take a few years off and still look like the best bet then you can come back, but you can also leave gracefully.
I have never heard of anyone being charged for the ambulance.
I believe that you can now be charged if you need an ambulance as a result of starting a fight. There was some discussion recently over whether people who do stupid things (the guy who cemented his head into a microwave was the example given) should also be covered by this rule. The fines are still much cheaper than getting an ambulance in the USA, but they're intended to discourage people from taking a scarce resource away from those that need it.
In this case, you do nothing to refute my original point. They would be able to study our technology, because they would be able to look inside it as a subatomic level. If they can do that, then they'd trivially be able to attack it, but they'd also be able to attack us in far more mundane ways.
If you want to keep your ant hill analogy: I want to send a bomb into the middle of an anthill. Please tell me which tunnels I should use. This is trivial if you have visibility into the structure of the ant hill, but is very hard otherwise, irrespective of our intellectual and technological advantage over the ants.
Oh right, it worked in Germany, a country with a population density 2.5x the USA (which ranks 180th...)
Those numbers are more interesting if you look at the median population density (i.e. the population density where most people live). The clustering of the US population in costal cities means that it's often higher than European cities. Something may not work for 100% of the population of the USA, but if it works for 70% or so then that's a big impact.
Building a new car is more polluting than the running an old car
In total? Mostly true. Inside the city limits? Not so much. People who live in the city have to breathe the air and limiting the amount of pollution that they're allowed to emit into the air that everyone has to breathe will improve the air quality for everyone. It may increase pollution where the cars are made, but that's a separate regulatory issue.
Unfortunately, though Google Play Services is completely optional, that means that you're limited to apps from F-Droid. That means a bunch of things like airline apps are unavailable. And if you install Play Services, then there's no way of preventing it from spying on you, because it runs with insane privileges. I'd love to have a version of LineageOS that supported the Play Store but properly sandboxed all of the apps that come from it so that they think that they're the only thing installed on the device.
My partner had a Lumia 1020 and really liked it. The UI designers made a few questionable decisions, but it was better than iOS or Android. Nokia's Here Maps was pretty good, but was spun off to a consortium of German car makers and discontinued for Windows Phone. It never got an update past 8.1, so died for the same reason as my old Android phone: it no longer supported newer versions of TLS and older ones were increasingly being disabled for security. This meant that she couldn't connect to things like the mail server.
The hardware was great (the camera was really impressive), but it lacked a bunch of useful apps. A few from the top of my head:
No mobile banking.
No third-party browsers, and mobile Edge is not very good.
No third-party mail clients, though the built-in one is okay.
No apps for any of the airlines that we used while she owned it.
No third-party map apps (I particularly like OSMAnd~ from the F-Droid store - enough that I've donated to the project)
No musicpd client (fairly niche, but anything slightly niche is going to be missing)
No good CalDAV / CardDAV support (built-in on iOS, supported via DAVDroid on Android), so syncing with any kind of non-Microsoft calendar system is a pain.
No NextCloud / ownCloud client.
There were a few useful things though. Audible ships a Windows Phone app, for example. My bank used to provide a Windows Phone app, but discontinued it about 2-3 years ago.
iOS has no restrictions on the language that you use. watchOS and tvOS require that you upload LLVM IR to the App Store (this is probably coming to iOS soon, for now it's an option), but that just means that your compiler must be able to emit LLVM IR - this is even possible for Java these days. In contrast, Windows Phone would initially (I thought they'd relaxed this restriction, but I'm not sure) only run.NET binaries. That basically meant C#, F#, Visual Basic, or a few other things like Python and Ruby dialects (but not most of the C libraries that these languages depend on).
I imagine that the ChromeOS (Linux) kernel is already built with KVM support, but the default security policy does not permit the user to create VMs. At first glance, it looks as if that commit is permitting the user to issue the KVM-related syscalls.
I used to run Windows 98 and Fedora 1.0 in an x86 emulator on a 1.25GHz PowerPC Mac with 1GB of RAM. Even most low-end Chromebooks are more powerful than that old machine. The overhead of the virtualisation is pretty low (10-20%) and if it's a container then it's negligible. The real cost is from the stuff that you run inside the VM.
Slashdot Mirror
Memcached uses UDP, so you put the target's IP in the source IP field of the datagram and it responds (with a much larger packet). It's intended to be used on a local network (or even loopback), but it's often misconfigured. As you say, in an ideal world, ISPs shouldn't allow packages off their network with a source address that isn't from their network, but it's also not always trivial to identify the correct set of IPs to permit (traffic transiting your network has to be handled as well as traffic originating on your network, and if you've got a bunch of customers who all own their own /24s, plus a bunch of downstream networks that may or may not be routing over your network, depending on dynamic configuration, and may only be routing outbound traffic over your network and having a different path for the return then this gets complicated quickly).
Your link doesn't support your assertion. We use GitHub for a load of stuff at work and I didn't have any problems pushing or pulling, or reviewing pull requests, and our CI system didn't report any failures to pull, so I'm not sure where you get that from.
Maybe it's the FSF: Richard Stallman is one of the most vocal critics of GitHub...
It does support ASCII, but Slashdot includes a meta tag indicating UTF-8 support. As a result, Safari submits web forms as UFT-8. Slashcode then interprets these as ASCII (actually, some random 8-bit code page) and gets confused by the multi-byte UTF-8 characters.
I can understand the 'and I wouldn't mind seeing it' bit: If pedophiles are going to be asking children for naked pictures, then doing so where other adults can see gives more of an opportunity to explain to the child why it's a really bad idea to cooperate and to forward the request to law enforcement. I'd much rather would-be child molesters used Facebook to talk to children than something like Signal or Telegram.
In this case, it actually is. If someone posts something in a public place saying 'hey, any underage girls / boys want to send me naked pictures?' then it's pretty easy to take down the post. But presumably pedophiles are not doing that, they're sending direct messages. Is it therefore acceptable for Facebook to inspect every direct message (i.e. no end-to-end encryption on WhatsApp anymore) and block anything illegal? Should they just disable end-to-end encryption for under-18s and block illegal content? Can they even legally do that, without running afoul of various minor-protection laws in different jurisdictions? Should they then warn you that you're talking to an under-18 (and would this help pedophiles identify targets)?
40 years ago, state of the art AI was roughly equivalent to a cat in terms of what it could do. Now, it's roughly equivalent to a cat, but runs in a much smaller box. I'm not sure how you think that we can go from here to 'super-intelligent AI' in a few years.
Even if only binaries. Even if you build with a multi-platform framework like Qt or Xamarin, you still have to use Xcode to build and deploy for iOS.
That's not quite true. You can build on any platform, though you will need the SDKs (which are included with XCode and are not legally redistributable), but you will need to run the code-signing tool on a Mac (and it's quite painful to use from a command line). If you're using a cross-platform toolkit then you can do all of your development on a non-Apple machine and then do the final sign-and-publish step on a Mac.
This is only true if the domain uses DNSSEC. Most laptops / phones trust whatever DNS server the access point that they're connected to tells them to use via DHCP. If you set up a malicious AP then you can return your own server address for the compromised domains. If you deploy malware that infects a few thousand vulnerable WiFi routers then you can do this on a large scale quite easily.
But why the fuck isn't the PUBLIC key signed, and the end user sends a message to the private key to verify it is authentic?
It is. You generate a certificate signing request (CSR) from your certificate (which embeds the public key and the metadata fields such as organisation name, host name and so on). You send the CSR to your certificate authority (CA). The CA then gives you back a signed certificate (which may strip out some fields from the cert that the CA doesn't want to attest to). The key exchange phase of TLS then sends the certificate to the client, which can walk the certificate chain to verify that someone (hopefully someone trustworthy) is willing to attest that the public key belongs to the organisation that you think you are communicating with. The client then encrypts using the public key and the server decrypts using the private key.
I will personally just stick to self signed certificates for exactly this private key threat model
You use self-signed certs for a threat model that doesn't exist? This problem existed only because they had customers that decided to outsource certificate creation to them, which is a bad idea and would have failed a security audit.
but obviously the entire chain of trust is untrustworthy in this day and age
If you get a CA to sign your certificate then, at worst, it is no less secure than if you don't. You are still free to distribute the hash out of band and check it. You are still able to use certificate pinning to ensure that you notice if it has unexpectedly changed. And if you don't sign it, then a malicious CA (e.g. one compromised by an intelligence agency) is still able to sign a cert claiming to be yours and have other people trust it. If you use DNSSEC and publish CAA records then you can at least narrow this down to one CA that they must compromise.
Just for a start, hospital groups would need to set up an accounts payable system for charging people
Hospitals don't. If the police are called (which they will be if there's a fight and you call an ambulance) then they already have a mechanism for fining you.
That's a comment in an unrelated story. The original owners always put a front-page story up explaining downtime, if possible during the outage in the case of an intermittent problem.
Slashdot being down wasn't too much of a problem, but the killer was that SourceForge was accessible only via HTTP, not via HTTPS. This broken things like CocoaPods (or Go or Rust's dependency schemes), so it was impossible to automatically fetch and build projects using this kind of tool if any of the dependencies were on SourceForge. I suspect that a lot of these projects are going to be cloning their dependencies on GitHub and moving their dependency over there. I built OSMAnd's iOS version during the downtime and had to manually patch the pod to grab one of the dependencies from a GitHub fork instead.
This wouldn't have mattered so much if there had been a 'We are currently experiencing a DDoS, please be patient' message on SourceForge, and if HTTP and HTTPS had been down (during an attack, being able to access the contents only via a mechanism that does nothing to prevent tampering made me very nervous). Instead, I was left with the feeling that SF is considered a legacy system that no one cares about. This is more or less how GNA worked in the months before they finally killed it.
I wonder how much your insurance company actually paid. I've seen it claimed that healthcare providers in the US overcharge a lot because insurance companies only pay a fraction of the cost. I've also seen it argued that a significant number of people don't pay and so the costs end up being spread between the 40% who both have an injury / illness and can pay instead of the 80% of the general population who can pay.
Why do you think Fascism and being a superpower are mutually exclusive? Nazi Germany, the canonical Fascist state, was pretty much a superpower and the USSR adopted a lot of Fascist ideas (militarism, strong central personality-based leadership, merging of corporation and state). During its rise, the British Empire also had a lot of these attributes (including concentration camps and a quasi-governmental East India Company).
There's no rule that says that superpowers have to be nice...
That doesn't necessarily follow. A Prime Minister can decide to retire at any point with their legacy intact., the problem is that the position attracts people who are bad at judging when it's time for someone else. The benefit of term limits is that they're forced to step down for a while. The Chinese limit of consecutive terms is probably a good one: if you take a few years off and still look like the best bet then you can come back, but you can also leave gracefully.
I have never heard of anyone being charged for the ambulance.
I believe that you can now be charged if you need an ambulance as a result of starting a fight. There was some discussion recently over whether people who do stupid things (the guy who cemented his head into a microwave was the example given) should also be covered by this rule. The fines are still much cheaper than getting an ambulance in the USA, but they're intended to discourage people from taking a scarce resource away from those that need it.
In this case, you do nothing to refute my original point. They would be able to study our technology, because they would be able to look inside it as a subatomic level. If they can do that, then they'd trivially be able to attack it, but they'd also be able to attack us in far more mundane ways.
If you want to keep your ant hill analogy: I want to send a bomb into the middle of an anthill. Please tell me which tunnels I should use. This is trivial if you have visibility into the structure of the ant hill, but is very hard otherwise, irrespective of our intellectual and technological advantage over the ants.
Oh right, it worked in Germany, a country with a population density 2.5x the USA (which ranks 180th...)
Those numbers are more interesting if you look at the median population density (i.e. the population density where most people live). The clustering of the US population in costal cities means that it's often higher than European cities. Something may not work for 100% of the population of the USA, but if it works for 70% or so then that's a big impact.
Building a new car is more polluting than the running an old car
In total? Mostly true. Inside the city limits? Not so much. People who live in the city have to breathe the air and limiting the amount of pollution that they're allowed to emit into the air that everyone has to breathe will improve the air quality for everyone. It may increase pollution where the cars are made, but that's a separate regulatory issue.
Unfortunately, though Google Play Services is completely optional, that means that you're limited to apps from F-Droid. That means a bunch of things like airline apps are unavailable. And if you install Play Services, then there's no way of preventing it from spying on you, because it runs with insane privileges. I'd love to have a version of LineageOS that supported the Play Store but properly sandboxed all of the apps that come from it so that they think that they're the only thing installed on the device.
My partner had a Lumia 1020 and really liked it. The UI designers made a few questionable decisions, but it was better than iOS or Android. Nokia's Here Maps was pretty good, but was spun off to a consortium of German car makers and discontinued for Windows Phone. It never got an update past 8.1, so died for the same reason as my old Android phone: it no longer supported newer versions of TLS and older ones were increasingly being disabled for security. This meant that she couldn't connect to things like the mail server.
The hardware was great (the camera was really impressive), but it lacked a bunch of useful apps. A few from the top of my head:
There were a few useful things though. Audible ships a Windows Phone app, for example. My bank used to provide a Windows Phone app, but discontinued it about 2-3 years ago.
iOS has no restrictions on the language that you use. watchOS and tvOS require that you upload LLVM IR to the App Store (this is probably coming to iOS soon, for now it's an option), but that just means that your compiler must be able to emit LLVM IR - this is even possible for Java these days. In contrast, Windows Phone would initially (I thought they'd relaxed this restriction, but I'm not sure) only run .NET binaries. That basically meant C#, F#, Visual Basic, or a few other things like Python and Ruby dialects (but not most of the C libraries that these languages depend on).
I imagine that the ChromeOS (Linux) kernel is already built with KVM support, but the default security policy does not permit the user to create VMs. At first glance, it looks as if that commit is permitting the user to issue the KVM-related syscalls.
I used to run Windows 98 and Fedora 1.0 in an x86 emulator on a 1.25GHz PowerPC Mac with 1GB of RAM. Even most low-end Chromebooks are more powerful than that old machine. The overhead of the virtualisation is pretty low (10-20%) and if it's a container then it's negligible. The real cost is from the stuff that you run inside the VM.