Anyhting having to do with USB or Firewire support
What's wrong with firewire? On my machine I have firewire and use it for a digital video camera. To grab video off the camera, I plug the camera in, run dvgrab, and hit play on the camera, and AVIs start appearing in the current directory. Couldn't be that much easier...
But in actual fact, the style comes first, and the structure is a hypothetical afterthought.
That doesn't make any sense to me. If i'm writing something that has the chronological jump you describe, it was the structure - the jump - that came first, and the linebreak is the afterthought. I didn't just write something and decide arbitrarily to put an extra line break in to make it look nice. I put the linebreak in because of the structure of the document. Not vice versa.
It's funny that nobody notices that an IP address really gives you a 48-bit address, not a 32-bit address.
There's a 16-bit identifier for the destination port, after all.
Nobody notices it because the port number is not part of the address at all. The port number is transport-layer specific. The port numbers for TCP are completely independant of those for UDP. And some transport layer protocols don't even have port numbers (such as ICMP, GRE, the IPSec protocols...).
the sshd thing is simple to solve. change the bloody port on each server. do you have to use 22?
Gotta ssh into one of my machines at home. What port was that on again? 8022? 9022? Can't remember... I'll just try 8022 and see... oops, 8022 is machine X, 9022 must be the machine I want. Port numbers are so much more intuitive than hostnames.
Time to add a new machine to the network. Its running sshd. Gotta log into the NAT router and figure out what port can be used. And remember that it was that port.
Boy, that is so simple. Almost as simple as just sshing to machinex.domain or machiney.domain.
fsck ftp. use sftp. and scp.
Yeah, just fsck every other protocol too that happens to assume that the network is set up the correct way.
I agree that there are a number of protocols that these places use that simply cannot be NATed, but IMO they need to quit catering to these broken-ass apps, NAT the system and tell the users to get software that plays nice.
Um, you have it backwards. There is nothing broken about those apps. They are using the internet the correct way. NAT is breaking them. These places need to quit crippling their users to cater to broken-ass networks.
For starters Adobe Preimeir sucks huge amounts of ass on Windows AND Mac. Its interface is crap and its buggy as hell and crashes too often when you are in the middle of a large editing project.
I wonder if you would have still said that if Adobe hadn't canceled premier on the Mac...
You totally missed the point. The definition of the word 'spoofing' is to use an IP address that is not assigned to you. If I'm using addresses on a/24 that is assigned to me, then I am not spoofing. That is obvious.
The spoofing he is talking about is using other addresses/networks that are not assigned to you at all, but are close enough to you so that egress filtering doesn't stop your spoofing.
As an example, I could emit packets through my cable modem with source addresses belonging to my next door neighbors (who are also subscribers to the same ISP) because we both have IP addresses assigned to us that are on the same subnet. But that is assuming that there is no link layer equipment stopping me, as I mentioned in my prior post.
Well, in all honesty I would have never called the tech support line of a consumer broadband service and expected entry level tech support to have even heard the word OpenBSD before. Most of them are practically trained monkeys that only know how to tell you what pretty pictures to click in windows to check that the network card is set up right and reboot. But that's probably more than most of their customers know, so why pay more money to hire knowledgeable people into 1st level tech support.
I have cable too, and a router machine running linux. I keep an old pentium with win98 on it sitting next to the cable modem so that if I ever have to call them (or, god forbid, have them come over) I can just hook that up and turn it on and let them tinker with that.
Get two hosts behind NAT, and they are unable to establish connections between themselves.
This is sometimes true, and is usually considered a benefit. Put servers on the public Internet, put client workstations behind NAT.
The differences between the two aren't so cut and dry. Workstations may run services on it. Game servers are file sharing services being two popular ones. There's also File servers, remote display servers, SSH servers... plenty of server type things that need inbound connections but run on a workstation.
Because my workstation is behind NAT on IPv4, I have to either VPN in, or SSH to the firewall, and then onto my workstation.
Have you ever heard of port forwarding? Basically, you can take a high port (say, 60125) and forward any connections to a IP/Port on your internal network.
And what if you have a number of machines that run the same services? Now from the outside you have to have all kinds of different ports forwarded and you have to remember what port number corresponds to what machine.
And then there are IP protocols that don't work very well with NAT, like PPTP and IPsec.
Simple. By having their root delegate.com to their own fucking nameserver, and making it differ from ICANN's when the people democratically want it to differ.
Well, then they would have to maintain a copy of the entire.com zone in their own fucking name servers, keep it in sync with icann's fucking nameservers and apply their differences. Now even if they could obtain a copy of.com and all the other icann TLDs somehow (I believe they stopped making copies of the tld zones publicly available on ftp.internic.net years ago blaming spam), having a different version of those TLDs kind of destroys the feature of opennic being a superset of icann and thus backward compatible. I suspect a lot of opennic users use opennic relying on the backwards compatibility.
If ICANN steals fuck-you-ICANN-motherfuckers.com from an ICANN-critic and gives it to an ICANN-supporter, OpenNIC will not do anything about that. They will not have that domain name assigned to it's rightful owner.
And how on earth would Opennic do anything about it, considering their root delegates.com to icann's nameserver?
Yeah, actually it does. The Dell ones we recently priced were $2000 each. As for the installation, interesting. Does it automatically find a server to install from and begin the installation or is human intervention required?
This isn't an anti-Sun flame... but there is a PC serial console card that costs $350: the PC Weasel.
Have plenty of extension cords of various lengths (50+ feet). You may not have your attendees spread out this far and wide, but all of the electrical outlets near where your people are sitting may be all on the same circut. If that's the case, you may wind up tripping the circut breaker. That happened to me a few times. But you can easily solve that problem by running exetnsion cords to other rooms which are hopefully on other circuts.
Try developing on a MSSQL database with PHP, ASP or PERL and then using an Oracle database in the production enviroment. I have seen this one too many times in my web career. With CF I is a matter of changes 3 variables to accomplish the port. With PHP, ASP and PERL you either have to change a dozen or so functions or classes to accomplish the task.
I can do that with my perl-based sites too. I change the DBI connect string in my PerlHandler, and voila, it works on all the pages.
Let's not forget that with one simple tag placed in the application.cfm, I can catch any error that bubbles up on my website, then have that error email me, allowing the user to only see an error page that I designed telling them that the error is being looked at. PHP, ASP and PERL throws the error to the webpage that the user sees. What great security that is!
That's not true either. You can catch exceptions in perl with eval and report them anyway you want. I already do this with one of my sites. I can even set it up so that when you're logged in as a certain user (developer), it will send the error message to the browser and if you're logged in as anyone else it will log the error and tell the user it has been reported.
No it isn't. End User License Agreements are meant to apply to End Users, who don't have the right to redistrubite the software due to copyright. End Users can use GPLed software without accepting the terms of the GPL, because the GPL only applies to redistribution, nothing to do with Usage. So, it is not an End User License Agreement because it does not apply to End Users.
GPLed software is copyrighted, meaning only the copyright holder can make copies (except fair use copies). But, the copyright holder of a GPLed work is willing to grant you the right to make copies of your own if you agree to do it by the terms of the GPL. If you don't agree to it, then just go right on ahead using the software however you like to the extent of the law.
Palladium emulator + the cracked private key for my machine = sharable data
Yeah that will certainly work. That's a good point, that the data only has to be decrypted once and it is out there forever. But I'd imagine that once they find out that key has been cracked, they will put it on some kind of blacklist, so noone will be willing to send "protected" data to a machine with that key anymore.
it doesn't really matter how hard it is, so long as one single person can crack it.
Every palladium-disabled machine out there will have a different key. Getting the key out of one won't help you get the key out of another.
Really, I can't say I've read too much about how it works, but likely it'll have MS/Intel's _public_ key stored so that it can check the certificates of code that you try to run to make sure that it's trusted.
Yeah, they will have those public keys in there, but every machine will also have a private key of its own embedded in hardware. That's how palladium aims to prevent you from copying your data from one computer to another. The "protected" data will be encrypted based on a key that is unique to you, making the encrypted data useless to anyone else.
It would be possible, but the virtual machine would have to have the keys to decrypt the programs or data that are "secured". In the usual implementation of paladium, those keys are embedded in hardware that won't reveal them easily.
I highly doubt you'll ever see microsoft putting keys to do that in software like a virtual machine, since that would negate the whole point of palladium.
I didn't think anyone would sink so low as to actually mention this as feature,
Well what the hell did you think I was talking about for the past 3 posts? There are only two documented ways of filtering in postfix, and I obviously wasn't talking about spooling the mail to temp files.
With postfix, stdin for filters is non-seekable. The reason is the funky queue file layout that Wietse chose.
The queue has nothing to do with postfix advanced filters. The message to be scanned won't be queued at all unless the filter is unavailable or too busy or something like that. Under normal conditions it will only be written to disk by your filter (if your filter does so).
now Postfix needs temp files for virus scanners and whatnot,
That's a lie. I am setting up a postfix system right now for virus & spam scanning such that no temporary files are needed. How to do this is documented clearly in README_FILES/FILTER_README in the postfix source distribution.
Slashdot Mirror
Anyhting having to do with USB or Firewire support
What's wrong with firewire? On my machine I have firewire and use it for a digital video camera. To grab video off the camera, I plug the camera in, run dvgrab, and hit play on the camera, and AVIs start appearing in the current directory. Couldn't be that much easier...
But in actual fact, the style comes first, and the structure is a hypothetical afterthought.
That doesn't make any sense to me. If i'm writing something that has the chronological jump you describe, it was the structure - the jump - that came first, and the linebreak is the afterthought. I didn't just write something and decide arbitrarily to put an extra line break in to make it look nice. I put the linebreak in because of the structure of the document. Not vice versa.
It's funny that nobody notices that an IP address really gives you a 48-bit address, not a 32-bit address.
There's a 16-bit identifier for the destination port, after all.
Nobody notices it because the port number is not part of the address at all. The port number is transport-layer specific. The port numbers for TCP are completely independant of those for UDP. And some transport layer protocols don't even have port numbers (such as ICMP, GRE, the IPSec protocols...).
the sshd thing is simple to solve. change the bloody port on each server. do you have to use 22?
Gotta ssh into one of my machines at home. What port was that on again? 8022? 9022? Can't remember... I'll just try 8022 and see... oops, 8022 is machine X, 9022 must be the machine I want. Port numbers are so much more intuitive than hostnames.
Time to add a new machine to the network. Its running sshd. Gotta log into the NAT router and figure out what port can be used. And remember that it was that port.
Boy, that is so simple. Almost as simple as just sshing to machinex.domain or machiney.domain.
fsck ftp. use sftp. and scp.
Yeah, just fsck every other protocol too that happens to assume that the network is set up the correct way.
I agree that there are a number of protocols that these places use that simply cannot be NATed, but IMO they need to quit catering to these broken-ass apps, NAT the system and tell the users to get software that plays nice.
Um, you have it backwards. There is nothing broken about those apps. They are using the internet the correct way. NAT is breaking them. These places need to quit crippling their users to cater to broken-ass networks.
For starters Adobe Preimeir sucks huge amounts of ass on Windows AND Mac. Its interface is crap and its buggy as hell and crashes too often when you are in the middle of a large editing project.
I wonder if you would have still said that if Adobe hadn't canceled premier on the Mac...
You totally missed the point. The definition of the word 'spoofing' is to use an IP address that is not assigned to you. If I'm using addresses on a /24 that is assigned to me, then I am not spoofing. That is obvious.
The spoofing he is talking about is using other addresses/networks that are not assigned to you at all, but are close enough to you so that egress filtering doesn't stop your spoofing.
As an example, I could emit packets through my cable modem with source addresses belonging to my next door neighbors (who are also subscribers to the same ISP) because we both have IP addresses assigned to us that are on the same subnet. But that is assuming that there is no link layer equipment stopping me, as I mentioned in my prior post.
If your network is 192.168.1.0/24, and your source IP is not, it should drop it
That's exactly what he's talking about. If you're on 192.168.1.0/24, you've got up to 256 addresses to choose from for spoofing.
But I don't agree with this whole idea of IP spoofing to provide p2p annonymity. Spoofing addresses is abuse of the network, period.
Also, spoofing isn't viable long-term for technical reasons too... smart switches, PPP, some broadband equipment...
Well, in all honesty I would have never called the tech support line of a consumer broadband service and expected entry level tech support to have even heard the word OpenBSD before. Most of them are practically trained monkeys that only know how to tell you what pretty pictures to click in windows to check that the network card is set up right and reboot. But that's probably more than most of their customers know, so why pay more money to hire knowledgeable people into 1st level tech support.
I have cable too, and a router machine running linux. I keep an old pentium with win98 on it sitting next to the cable modem so that if I ever have to call them (or, god forbid, have them come over) I can just hook that up and turn it on and let them tinker with that.
I don't think there ever was a released Netscape 1, was there? Netscape 1 was the commercialization of Mosaic
Yeah, there was. I remember using Netscape 1.1N for the longest time long ago on my old Mac LC III.
Get two hosts behind NAT, and they are unable to establish connections between themselves.
This is sometimes true, and is usually considered a benefit. Put servers on the public Internet, put client workstations behind NAT.
The differences between the two aren't so cut and dry. Workstations may run services on it. Game servers are file sharing services being two popular ones. There's also File servers, remote display servers, SSH servers... plenty of server type things that need inbound connections but run on a workstation.
Because my workstation is behind NAT on IPv4, I have to either VPN in, or SSH to the firewall, and then onto my workstation.
Have you ever heard of port forwarding? Basically, you can take a high port (say, 60125) and forward any connections to a IP/Port on your internal network.
And what if you have a number of machines that run the same services? Now from the outside you have to have all kinds of different ports forwarded and you have to remember what port number corresponds to what machine.
And then there are IP protocols that don't work very well with NAT, like PPTP and IPsec.
Yeah I know... sounds like this book was written by the bullshit generator.
Simple. By having their root delegate .com to their own fucking nameserver, and making it differ from ICANN's when the people democratically want it to differ.
.com zone in their own fucking name servers, keep it in sync with icann's fucking nameservers and apply their differences. Now even if they could obtain a copy of .com and all the other icann TLDs somehow (I believe they stopped making copies of the tld zones publicly available on ftp.internic.net years ago blaming spam), having a different version of those TLDs kind of destroys the feature of opennic being a superset of icann and thus backward compatible. I suspect a lot of opennic users use opennic relying on the backwards compatibility.
Well, then they would have to maintain a copy of the entire
If ICANN steals fuck-you-ICANN-motherfuckers.com from an ICANN-critic and gives it to an ICANN-supporter, OpenNIC will not do anything about that. They will not have that domain name assigned to it's rightful owner.
.com to icann's nameserver?
And how on earth would Opennic do anything about it, considering their root delegates
Yeah, actually it does. The Dell ones we recently priced were $2000 each. As for the installation, interesting. Does it automatically find a server to install from and begin the installation or is human intervention required?
This isn't an anti-Sun flame... but there is a PC serial console card that costs $350: the PC Weasel.
Have plenty of extension cords of various lengths (50+ feet). You may not have your attendees spread out this far and wide, but all of the electrical outlets near where your people are sitting may be all on the same circut. If that's the case, you may wind up tripping the circut breaker. That happened to me a few times. But you can easily solve that problem by running exetnsion cords to other rooms which are hopefully on other circuts.
Try developing on a MSSQL database with PHP, ASP or PERL and then using an Oracle database in the production enviroment. I have seen this one too many times in my web career. With CF I is a matter of changes 3 variables to accomplish the port. With PHP, ASP and PERL you either have to change a dozen or so functions or classes to accomplish the task.
I can do that with my perl-based sites too. I change the DBI connect string in my PerlHandler, and voila, it works on all the pages.
Let's not forget that with one simple tag placed in the application.cfm, I can catch any error that bubbles up on my website, then have that error email me, allowing the user to only see an error page that I designed telling them that the error is being looked at. PHP, ASP and PERL throws the error to the webpage that the user sees. What great security that is!
That's not true either. You can catch exceptions in perl with eval and report them anyway you want. I already do this with one of my sites. I can even set it up so that when you're logged in as a certain user (developer), it will send the error message to the browser and if you're logged in as anyone else it will log the error and tell the user it has been reported.
The GPL is a EULA whether you like it or not
No it isn't. End User License Agreements are meant to apply to End Users, who don't have the right to redistrubite the software due to copyright. End Users can use GPLed software without accepting the terms of the GPL, because the GPL only applies to redistribution, nothing to do with Usage. So, it is not an End User License Agreement because it does not apply to End Users.
GPLed software is copyrighted, meaning only the copyright holder can make copies (except fair use copies). But, the copyright holder of a GPLed work is willing to grant you the right to make copies of your own if you agree to do it by the terms of the GPL. If you don't agree to it, then just go right on ahead using the software however you like to the extent of the law.
Now compare that to commercial EULAs.
Palladium emulator + the cracked private key for my machine = sharable data
Yeah that will certainly work. That's a good point, that the data only has to be decrypted once and it is out there forever. But I'd imagine that once they find out that key has been cracked, they will put it on some kind of blacklist, so noone will be willing to send "protected" data to a machine with that key anymore.
it doesn't really matter how hard it is, so long as one single person can crack it.
Every palladium-disabled machine out there will have a different key. Getting the key out of one won't help you get the key out of another.
Really, I can't say I've read too much about how it works, but likely it'll have MS/Intel's _public_ key stored so that it can check the certificates of code that you try to run to make sure that it's trusted.
Yeah, they will have those public keys in there, but every machine will also have a private key of its own embedded in hardware. That's how palladium aims to prevent you from copying your data from one computer to another. The "protected" data will be encrypted based on a key that is unique to you, making the encrypted data useless to anyone else.
It would be possible, but the virtual machine would have to have the keys to decrypt the programs or data that are "secured". In the usual implementation of paladium, those keys are embedded in hardware that won't reveal them easily.
I highly doubt you'll ever see microsoft putting keys to do that in software like a virtual machine, since that would negate the whole point of palladium.
I didn't think anyone would sink so low as to actually mention this as feature,
Well what the hell did you think I was talking about for the past 3 posts? There are only two documented ways of filtering in postfix, and I obviously wasn't talking about spooling the mail to temp files.
With postfix, stdin for filters is non-seekable. The reason is the funky queue file layout that Wietse chose.
The queue has nothing to do with postfix advanced filters. The message to be scanned won't be queued at all unless the filter is unavailable or too busy or something like that. Under normal conditions it will only be written to disk by your filter (if your filter does so).
Please get your facts straight next time.
now Postfix needs temp files for virus scanners and whatnot,
That's a lie. I am setting up a postfix system right now for virus & spam scanning such that no temporary files are needed. How to do this is documented clearly in README_FILES/FILTER_README in the postfix source distribution.
Arithmetic according to C: float x = 3.14159; float y = 1/2 * x; Value of y? zero.
Like a sibling comment said, that isn't exactly news to anyone who knows C... you need to either change 1/2 to 1.0/2.0 or cast them to floats.