The largest bank in Canada, RBC, implemented this a few years ago.
As far as I know, Facebook is just used as a message platform to inform the users of the transfer, so this is not really a big deal. However, that being stated, most social platforms have better authentication solutions than most banks in the world, which makes me trust some sites more than my own bank.
Oracle likely made their calculations, and have determined they can extract plenty of money from the Dyn customers to make the acquisition worth it. I, for one, will be moving away from Dyn ASAP, after being a satisfied customer for ~15 years. Does anyone have any suggestions for a reliable and secure DNS?
In your opinion, what does OpenBSD/OpenSSL/etc. need from the community? Now that you received a large donation to keep the lights on, what is next on the list of things that would help move things forward?
The concepts for the time, in my opinion, are mind blowing. I hope there are some people in this world who are considering some equal mind blowing ideas for these times, although I do not think they could ever get pulled together into one demo like what Doug Engelbart did.
BGP is at a layer higher than ip, so whether you are using IPv4 or IPv6 (or any other protocol), it does not matter.
(And yes, i realize that the implementations of BGP often involve sending TCP/IP and UDP/IP packets around, but the point is that switching to IPv6 is not going to change your BGP configuration or BGP tables.)
> IANAL, but on the other hand, if no computer language or library API can enjoy copyright protection, then it appears to me that it doesn't have GPL or Creative Commons protection either (since being required to follow these licences follows from the copyright holder's discretion)... > Be careful what you wish for google...
IANAL as well, but i believe copyright != license. A license usually involves copyright, but, by definition, the reverse is not true.
However, copyright infringement penalties often have much larger penalties than disobeying a license. This does not really make logical sense, but as the MAFIAA prioritizes their short term greed over logic and the health of the industry (and US senators and congressmen need MAFIAA's money to get re-elected), it is how the world works.
Anyone else with me that just suggests to use wireless instead?
Sure, i have gigabit and 10gb in my server room, and one gigabit wire going from the server room to where i watch 1080p movies (which i have used once for about 5 minutes), but otherwise, 802.11b/g/n works fine. If it is an issue with conflicting channels with the neighbours, you are not trying hard enough.
And for the next time you build a house: There is no standard wire that will last forever. Coax was the standard about 20 years ago (and it/really/ appeared to be that way, especially as it can handle more GB/s reliably than the cat5), and the cat5 will only last until 1gb/s (with Cat6) or 10gb/s (fibre) is the standard. Thus, you should have wire conduits, with fibre's limited ability to turn corners in mind. Another option is to have the ability to drop wire easily from the attic between the walls all the way to the basement, and/or to have removable ceiling tiles. Be careful with insulating though, because a big whole in an outside wall can ruin your heating bill.
IMHO, Microsoft's lawyers (collectively) are faster and better than Microsoft's developers (collectively).
Just from that, I believe your arguments are mostly moot.
Also, Microsoft's legal department and development/maintenance team are two separate entities. Legal will do what it needs to do to protect the company (which is what it is trying to do here) and get more money. Microsoft's developers (whether hired by Microsoft full time or via a contract) will try to avoid boring work, which is why they used the GPL code.
However, I still agree that contacting the person/company/organization/corporation before spreading the news is the right thing to do, but it is not absolutely necessary. I do not doubt that the lawyers at Microsoft will use the full extent of the law (and even go beyond when it can) to protect Microsoft and themselves, so I would not want to ever (non-anonymously) release a vulnerability.
That being said, Microsoft: Please fix the vulnerabilities I sent to you last year, as I am very tempted to spread them or use them. I know your people can sleep knowing a few critical vulnerabilities exist with IIS and Windows, but I sometimes cannot.
Excerpt: " Fisher Plaza, a self-styled carrier hotel in Seattle, and home to multiple datacenter and colocation providers, has had a major issue in one of its buildings late last night, early this morning. The best information I am aware of is that there was a failure in the main/generator transfer switch which resulted in a fire. The sprinkler system activated. From speaking to the fire battalion chief, I am under the impression that Seattle Fire did use water on the fire as well, but I am unsure of this. "
(Btw: Water + Lots of electricity = not good. I bet the electricity got turned off.)
I would copy and paste the rest with reference, but people are posting more details as they come.
...and I think the others are usually a lot easier to install. Microsoft's takes at least 5 steps (with steps like 1. "Download, Configure, Install MySQL").
Meanwhile, on many other systems, it is a lot less work: Ubuntu: 1. In the Programs menu, click "Add/Remove" 2. Select the CMS (or whatever) that you want, and click "Install" 3. Enjoy.
Other debian systems: 1. apt-get install my-favourite-cms
Freebsd: 1. cd/usr/ports/www/my-favourite-cms; make install
And finally, a quick comparison between this new Microsoft way and the usual ways with GNU Linux/BSD: Installing is easier with GNU Linux/BSD Configuration is easier with GNU Linux/BSD Support is generally more available with GNU Linux/BSD Writing plugins is generally a whole lot easier with GNU Linux/BSD because the code is available
Especially with the new tools available, I believe IIS deserves to die.
And I believe your argument of "booby trapping" something can be turned against you:
The software companies generally booby trap the software agreement, so basically any person will agree to it whether they are in their right mind or if a kid or cat is agreeing to it.
For instance, if I install Windows XP, the only option at one point is to hit F8 to agree to the license. Therefore banging on all devices (including the keyboard) will generally cause the computer to believe that you agreed to the license. I do not believe a contract that has random scribbles all over it is considered a valid contract.
I still do not believe the EULA has been tested in court in any major country, as all law suits have assumed that it is valid, which might go against my/this argument.
Apparently many Solaris systems restarted. People at NANOG are reporting this.
A few banks' systems were rebooted as well: TD, Scotia, American Savings Bank, US Bank, and many more...
I saw many operating systems rebooting, even though this did not happen the last time in 2005.
Good thing I use ZFS on FreeBSD, and after I changed the loader.conf, I have a system that has stayed up for more than 2 months now, including last night.
I know it may be from the 1980's, but my NFS is working just fine between my Solaris/Linux/FreeBSD machines. And yes, I do have plans to migrate to ZFS.
I have actually done some theoretical calculations based upon other people/scientist's "crazy" theories, and it is possible that an explosion the equivalent to a 3 gigaton TNT explosion ( http://en.wikipedia.org/wiki/TNT_equivalent ) to be created. Depending on where is happens, it might create a crater or hump ( http://nuclearweaponarchive.org/Library/Effects/UndergroundEffects.html ), but probably a crater between 10 kilometers to 18 kilometers wide. This explosion would probably create an earthquake between 8.5 and 10.5 on the ritcher scale ( http://en.wikipedia.org/wiki/Richter_magnitude_scale ) that is felt in Geneve, Switzerland, and an earth quake between 7 and 8.5 felt in Paris, France.
The fun thing is that the amplitude of the quake would be very large, and the ground might not even shake more than twice due to the size of the whole thing.
Please note that these calculations assume that all the equipment works perfectly (, or a error of less than a thousandth of a percent). I did account for error in the calculations, especially how practical large/nuclear explosions tend to have caused slightly larger earthquakes than calculated ( http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=AD0617181 ).
Other notes: There exists a chance that a huge explosion would just create a big crater with a small tunnel going toward the center of the earth. If you have trouble visualizing this, try visualizing the Death Star.
Is anyone else putting their aluminum foil hats on and thinking that these scientists are absolutely mad?! And why did these mad scientists get to have a chance to destroy the world before me?
...and I have it on good authority* that a Canadian also bought the email address, which was paid for today. Since Canadians appear to be the only people winning these auctions, I guess Canadians care more about what happens in the US more than Americans do.
* I am assuming I do not have multiple personalities that lie to each other.
(I realize that my statement of "Canadians care more" will be marked as flamebait, but prove me wrong, d*mnit!)
What happened with the t-shirts that were supposed to be handed out at the Toronto, Ontario gathering? Around 55 disappointed people showed up. Fortunately, though, moods quickly changed when we realized that the beer was cheap and, especially, the bar had WiFi!
(I have not seen the t-shirts on eBay yet, but I am guessing it is just a matter of time before the local organizer loses his patience and starts selling them.)
(psst... If the organizer is reading this... meet me behind Eaton Center (near Yonge and Dundas, opposite the court house and City Hall, where most of the corruption happens), and I will give you $50 CDN for some of that sweet t-shirt.)
I know that this will be probably marked as flamebait, but I have to at least partially agree with my fellow Canadian (Theo). To me, all forms of virtualization are never going to provide 100% security. To me, virtualization is a lot like using a NAT in a network: For a person smart enough, the 'security' in a NAT is easy to get around (check out http://www.google.com/search?q=+site:www.merit.edu+nanog+nat+security for evidence).
However, what Theo skips over is that both NAT and virtualization are great for keeping out the riff-raff. At least on my home connection, the network traffic outside of the NAT is at least 2 packets/second of bad stuff (measured via FreeBSD 7.0's security log/emails), and inside the NAT the traffic is less than a packet/day of bad stuff (when all Winblows machines are off). I believe virtualization can do the same and keep virii/spyware/bugs/etc. contained and better monitored.
So in conclusion: In theory, I believe Theo is right. In practice, virtualization is probably a good thing for enterprises, just as NAT is a good thing for home users.
I am hoping that people will stop yelling at each other and realize that Theo likes everything to be practically and theoretically secure, and most of us just care that our machines are "practically secure enough." However, as botnets perhaps become more profitable, it seems that they are getting smarter, and have been using multiple exploits for quite some time, so Theo might have a point.
Is it just me, or is this another chance to create a group that will just suck all the money in and be corrupt? What is the likelihood that this group would be able to satisfy everyone and have enough power to keep elections from being rigged?//Thanks God for being born in Canada///Not that we are much different.
From glancing at the articles, this Microsoft/Novell issue seems to be even bigger than what the slashdot crowd and news articles have stated.
IANAL, but in order for a project to sue someone, all authors of that project need to be behind the lawsuit. Since Novell is probably out of the picture, all projects that any Novell employee has been a part of now can be copied by Microsoft without Microsoft ever worrying about getting sued.
It seems that Novell has sold the Linux soul (and the GPL2). Yes, the American system of copyrights is stupid for one company to sell a copyright of software it does not fully own, but the American government does not care.
This scares me a ton, especially since I cannot think of anything that I can do to stop it.
Slashdot Mirror
Does not fulfill all of your requirements, but it is simple, and has web and mobile apps:
https://trello.com/
Made by https://www.joelonsoftware.com... , who has a style that most, but not all, developers like.
The largest bank in Canada, RBC, implemented this a few years ago.
As far as I know, Facebook is just used as a message platform to inform the users of the transfer, so this is not really a big deal.
However, that being stated, most social platforms have better authentication solutions than most banks in the world, which makes me trust some sites more than my own bank.
Oracle likely made their calculations, and have determined they can extract plenty of money from the Dyn customers to make the acquisition worth it.
I, for one, will be moving away from Dyn ASAP, after being a satisfied customer for ~15 years.
Does anyone have any suggestions for a reliable and secure DNS?
Discussion at new.ycombinator:
https://news.ycombinator.com/i...
Perhaps a slightly better mirror / archive of the text:
https://web.archive.org/web/20...
In your opinion, what does OpenBSD/OpenSSL/etc. need from the community?
Now that you received a large donation to keep the lights on, what is next on the list of things that would help move things forward?
I believe this is something that should be mandatory for all computer engineering/science students should watch, along with getting a bit of a history lesson:
http://www.youtube.com/watch?v=JfIgzSoTMOs
http://www.youtube.com/watch?v=a11JDLBXtPQ
http://www.youtube.com/watch?v=61oMy7Tr-bM
http://www.youtube.com/watch?v=fNXLK78ZaFo
http://www.youtube.com/watch?v=7zz1SwCTCEE
http://www.youtube.com/watch?v=6dVNxlLYTsQ
http://www.youtube.com/watch?v=XiJA7_Sw9aM
http://www.youtube.com/watch?v=EI8LZKW5Lwk
http://www.youtube.com/watch?v=VYDg2wr2QfI
The concepts for the time, in my opinion, are mind blowing. I hope there are some people in this world who are considering some equal mind blowing ideas for these times, although I do not think they could ever get pulled together into one demo like what Doug Engelbart did.
Was done in January and again in February:
http://liliputing.com/2012/02/blackberry-playbook-price-drops-to-199-permanently.html
http://www.pcworld.com/article/247202/rim_selling_playbook_tablets_for_300_each.html
http://www.theglobeandmail.com/technology/tech-news/rim-chops-all-playbook-prices-to-299/article4085706/
http://www.berryreview.com/2012/01/29/shop-blackberry-confusingly-returns-playbook-prices-to-199-16gb-299-64gb/
Yay slashdot!
BGP is at a layer higher than ip, so whether you are using IPv4 or IPv6 (or any other protocol), it does not matter.
(And yes, i realize that the implementations of BGP often involve sending TCP/IP and UDP/IP packets around, but the point is that switching to IPv6 is not going to change your BGP configuration or BGP tables.)
> IANAL, but on the other hand, if no computer language or library API can enjoy copyright protection, then it appears to me that it doesn't have GPL or Creative Commons protection either (since being required to follow these licences follows from the copyright holder's discretion)...
> Be careful what you wish for google...
IANAL as well, but i believe copyright != license. A license usually involves copyright, but, by definition, the reverse is not true.
However, copyright infringement penalties often have much larger penalties than disobeying a license.
This does not really make logical sense, but as the MAFIAA prioritizes their short term greed over logic and the health of the industry (and US senators and congressmen need MAFIAA's money to get re-elected), it is how the world works.
Anyone else with me that just suggests to use wireless instead?
Sure, i have gigabit and 10gb in my server room, and one gigabit wire going from the server room to where i watch 1080p movies (which i have used once for about 5 minutes), but otherwise, 802.11b/g/n works fine. If it is an issue with conflicting channels with the neighbours, you are not trying hard enough.
And for the next time you build a house: There is no standard wire that will last forever. Coax was the standard about 20 years ago (and it /really/ appeared to be that way, especially as it can handle more GB/s reliably than the cat5), and the cat5 will only last until 1gb/s (with Cat6) or 10gb/s (fibre) is the standard.
Thus, you should have wire conduits, with fibre's limited ability to turn corners in mind. Another option is to have the ability to drop wire easily from the attic between the walls all the way to the basement, and/or to have removable ceiling tiles. Be careful with insulating though, because a big whole in an outside wall can ruin your heating bill.
According to http://tw.wowarmory.com/character-achievements.xml?r=Wrathbringer&cn=%E5%B0%8F%E7%81%B0&gn=%E7%A5%9E%E6%A8%A3 , he still has one world event to attend. He also has not reached the top of the ladder for 2v2, 3v3, or 5v5 matches.
However, he did finish 165 out of 164 player versus player matches. I am not sure how that works.
Also, why are we presuming this person is a he?
I find it hard to believe you can post that just a few hours after the "Microsoft Tries To Censor Bing Vulnerability" story was posted ( http://yro.slashdot.org/story/09/11/09/2319233/Microsoft-Tries-To-Censor-Bing-Vulnerability ).
IMHO, Microsoft's lawyers (collectively) are faster and better than Microsoft's developers (collectively).
Just from that, I believe your arguments are mostly moot.
Also, Microsoft's legal department and development/maintenance team are two separate entities. Legal will do what it needs to do to protect the company (which is what it is trying to do here) and get more money. Microsoft's developers (whether hired by Microsoft full time or via a contract) will try to avoid boring work, which is why they used the GPL code.
However, I still agree that contacting the person/company/organization/corporation before spreading the news is the right thing to do, but it is not absolutely necessary.
I do not doubt that the lawyers at Microsoft will use the full extent of the law (and even go beyond when it can) to protect Microsoft and themselves, so I would not want to ever (non-anonymously) release a vulnerability.
That being said,
Microsoft:
Please fix the vulnerabilities I sent to you last year, as I am very tempted to spread them or use them. I know your people can sleep knowing a few critical vulnerabilities exist with IIS and Windows, but I sometimes cannot.
More information is available from the NANOG (North American Network Operator's Group) list: http://comments.gmane.org/gmane.org.operators.nanog/65992 .
Excerpt:
"
Fisher Plaza, a self-styled carrier hotel in Seattle, and home to multiple
datacenter and colocation providers, has had a major issue in one of its
buildings late last night, early this morning.
The best information I am aware of is that there was a failure in the
main/generator transfer switch which resulted in a fire. The sprinkler
system activated. From speaking to the fire battalion chief, I am under the
impression that Seattle Fire did use water on the fire as well, but I am
unsure of this.
"
(Btw: Water + Lots of electricity = not good. I bet the electricity got turned off.)
I would copy and paste the rest with reference, but people are posting more details as they come.
...and I think the others are usually a lot easier to install. Microsoft's takes at least 5 steps (with steps like 1. "Download, Configure, Install MySQL").
Meanwhile, on many other systems, it is a lot less work:
Ubuntu:
1. In the Programs menu, click "Add/Remove"
2. Select the CMS (or whatever) that you want, and click "Install"
3. Enjoy.
Other debian systems:
1. apt-get install my-favourite-cms
Freebsd: /usr/ports/www/my-favourite-cms; make install
1. cd
And finally, a quick comparison between this new Microsoft way and the usual ways with GNU Linux/BSD:
Installing is easier with GNU Linux/BSD
Configuration is easier with GNU Linux/BSD
Support is generally more available with GNU Linux/BSD
Writing plugins is generally a whole lot easier with GNU Linux/BSD because the code is available
Especially with the new tools available, I believe IIS deserves to die.
And I believe your argument of "booby trapping" something can be turned against you:
The software companies generally booby trap the software agreement, so basically any person will agree to it whether they are in their right mind or if a kid or cat is agreeing to it.
For instance, if I install Windows XP, the only option at one point is to hit F8 to agree to the license. Therefore banging on all devices (including the keyboard) will generally cause the computer to believe that you agreed to the license.
I do not believe a contract that has random scribbles all over it is considered a valid contract.
I still do not believe the EULA has been tested in court in any major country, as all law suits have assumed that it is valid, which might go against my/this argument.
In other news, IANAL.
Apparently many Solaris systems restarted. People at NANOG are reporting this. A few banks' systems were rebooted as well: TD, Scotia, American Savings Bank, US Bank, and many more...
I saw many operating systems rebooting, even though this did not happen the last time in 2005.
Good thing I use ZFS on FreeBSD, and after I changed the loader.conf, I have a system that has stayed up for more than 2 months now, including last night.
Ummm... there are many network file systems out there that have worked fine for a long time. See http://en.wikipedia.org/wiki/Network_File_System
.
I know it may be from the 1980's, but my NFS is working just fine between my Solaris/Linux/FreeBSD machines. And yes, I do have plans to migrate to ZFS.
I have actually done some theoretical calculations based upon other people/scientist's "crazy" theories, and it is possible that an explosion the equivalent to a 3 gigaton TNT explosion ( http://en.wikipedia.org/wiki/TNT_equivalent ) to be created. Depending on where is happens, it might create a crater or hump ( http://nuclearweaponarchive.org/Library/Effects/UndergroundEffects.html ), but probably a crater between 10 kilometers to 18 kilometers wide. This explosion would probably create an earthquake between 8.5 and 10.5 on the ritcher scale ( http://en.wikipedia.org/wiki/Richter_magnitude_scale ) that is felt in Geneve, Switzerland, and an earth quake between 7 and 8.5 felt in Paris, France. The fun thing is that the amplitude of the quake would be very large, and the ground might not even shake more than twice due to the size of the whole thing.
Please note that these calculations assume that all the equipment works perfectly (, or a error of less than a thousandth of a percent). I did account for error in the calculations, especially how practical large/nuclear explosions tend to have caused slightly larger earthquakes than calculated ( http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=AD0617181 ).
Other notes: There exists a chance that a huge explosion would just create a big crater with a small tunnel going toward the center of the earth. If you have trouble visualizing this, try visualizing the Death Star.
Is anyone else putting their aluminum foil hats on and thinking that these scientists are absolutely mad?! And why did these mad scientists get to have a chance to destroy the world before me?
...and I have it on good authority* that a Canadian also bought the email address, which was paid for today. Since Canadians appear to be the only people winning these auctions, I guess Canadians care more about what happens in the US more than Americans do.
* I am assuming I do not have multiple personalities that lie to each other.
(I realize that my statement of "Canadians care more" will be marked as flamebait, but prove me wrong, d*mnit!)
What happened with the t-shirts that were supposed to be handed out at the Toronto, Ontario gathering?
Around 55 disappointed people showed up. Fortunately, though, moods quickly changed when we realized that the beer was cheap and, especially, the bar had WiFi!
(I have not seen the t-shirts on eBay yet, but I am guessing it is just a matter of time before the local organizer loses his patience and starts selling them.)
(psst... If the organizer is reading this... meet me behind Eaton Center (near Yonge and Dundas, opposite the court house and City Hall, where most of the corruption happens), and I will give you $50 CDN for some of that sweet t-shirt.)
I know that this will be probably marked as flamebait, but I have to at least partially agree with my fellow Canadian (Theo). To me, all forms of virtualization are never going to provide 100% security. To me, virtualization is a lot like using a NAT in a network: For a person smart enough, the 'security' in a NAT is easy to get around (check out http://www.google.com/search?q=+site:www.merit.edu+nanog+nat+security for evidence).
However, what Theo skips over is that both NAT and virtualization are great for keeping out the riff-raff. At least on my home connection, the network traffic outside of the NAT is at least 2 packets/second of bad stuff (measured via FreeBSD 7.0's security log/emails), and inside the NAT the traffic is less than a packet/day of bad stuff (when all Winblows machines are off). I believe virtualization can do the same and keep virii/spyware/bugs/etc. contained and better monitored.
So in conclusion:
In theory, I believe Theo is right.
In practice, virtualization is probably a good thing for enterprises, just as NAT is a good thing for home users.
I am hoping that people will stop yelling at each other and realize that Theo likes everything to be practically and theoretically secure, and most of us just care that our machines are "practically secure enough." However, as botnets perhaps become more profitable, it seems that they are getting smarter, and have been using multiple exploits for quite some time, so Theo might have a point.
This is just a reminder:
SUPERLIMINAL MESSAGES ALSO WORK
In other news, the lameness filter is lame.
Is it just me, or is this another chance to create a group that will just suck all the money in and be corrupt? //Thanks God for being born in Canada ///Not that we are much different.
What is the likelihood that this group would be able to satisfy everyone and have enough power to keep elections from being rigged?
From glancing at the articles, this Microsoft/Novell issue seems to be even bigger than what the slashdot crowd and news articles have stated.
IANAL, but in order for a project to sue someone, all authors of that project need to be behind the lawsuit. Since Novell is probably out of the picture, all projects that any Novell employee has been a part of now can be copied by Microsoft without Microsoft ever worrying about getting sued.
It seems that Novell has sold the Linux soul (and the GPL2). Yes, the American system of copyrights is stupid for one company to sell a copyright of software it does not fully own, but the American government does not care.
This scares me a ton, especially since I cannot think of anything that I can do to stop it.
What's wrong with my 10 gigabit ethernet? ( via my Intel PCI Express 10GbE CX4 cards).