Well, if many of the cases hinge upon the identity of an IP address, cant the ISP's require signed certificates with some sort of CAPTCHA that verifies identity?
I mean, doesnt the whole identity problem go away if we can validate a IP tunnel to a 1024 bit key assigned to our name?
Yes. TCPA. Ugly, nasty, DRM to the extreme... but it solves the identity problem.
I was a juror in a court case in which the guy was tried for DUI. The only thing is we didnt think he did the D part (the driving). The cop said he drove, but was a narc officer and was hired as a rentacop for a Pow-wow or something. We believed the defendant and not the cop.
It took us a whole 5 minutes to find him not guilty of any crime. We then find out in chambers (we go out the back way through the Judges chambers) that the Defendants Lawyer was a public defender. I'll say he did a smash-up job.
This one chewed up the prosecution and spit them out in a fine mist. I would have never guessed he was a Public Defender.
---True, but this doesn't work too well, if the child doesn't enjoy the same things as the parent. I think a more formal education system isn't a bad thing, but the bureaucracy of the federal system has munged things up. For more urban areas, charter school systems are working out rather well... I think that at some point a more divisive school system will come into place... not everyone benefits from a "classic" education. Some people would be better in an apprenticeship or a trade program...
Well, a classic education is no longer being taught. Where's the Socratic logic class in High School? Where's Latin? Why arent Plato's works discussed? Where are the Geometers? What about teaching Leibniz calculus to high schoolers? Even elementary students know what acceleration is.
All the tough stuff is substituted for the 100'th time how to add 2 fractions. Who else is there to blame except for the teachers and administration?
---Others would do better from education geared more towards arts, language, or math/sciences. I think that the "well-rounded" requirements of x-years language, x-years math, x-years science is wasted on many people. Some would have done better to have x+1 years language, and no math beyond basic math and science. Not everyone is meant to be shaped from the same mold... I think we need to stop forcing people into them.
And I doubt even that would work. Just as the Greeks did, I believe that apprenticeship would be the best route. There, one would learn a skill inside and out, and eventually be prepared to do for themselves and then apprentice someone. Though, I deign to pidgeonhole someone for the rest of their life, but I do have the idea that the younger do have an idea what they wish to do.
---Have you actually spoken to the people in the lower 50% of our population? And you want those people to home school their kids? I'm not saying it can't work for a lot of people, but smart people usually hang around other smart people, it's easy to forget that many people exist that do not car about education in the least, and that probably could not divide two numbers without a calculator.
I actually have faith in the "lower 50%" only because many of them have not been blessed with decent high schooling, or have little to no options. Moreso now than ever information and knowledge is easy to obtain, but the real art is finding it.
And I remind myself when I think I'm smarter than them: I may know physics of motion and can do the math required, but people who play sports know that exact same formulas intuitively. People who are not scientifically inclined are almost always artistically inclined, something I will not be.
And after looking at the real skills these lesser 50% have, there's a few rotten eggs. They're there in all societies.
---Not to mention the people who turn home schooling into bible schooling. Not that it's bad unless they crack down on critical thinking or don't teach evolution at all or something, but you know some people will do that.
I was Catholic. I studied the Bible from Genesis to Revelations (well, skipping over begats and much Revelations).
Unfortunately, the only real answer is home schooling and DIY.
I have real chemistry sets, physics toys, bio lab instructables, legos for prototype construction, Linux for software devel, PIC set for embedded work, and much more.
SciAm back in the day had a build-yourself bubble chamber and linear accelerator, and it worked. Boys Life, the boy scouting magazine, back in the day had instructions how to build your own fireworks including colors and shaping of charge.
When it comes down to it, we have gotten afraid to do anything because of "DANGER". That includes teaching. Anyways, what real criterion are required to really teach someone? If we look at the ancient Greeks, it was the motivation of the learner and not of a forced teaching.
John Taylor Gatto has a book about this very topic. Go look it up on Google.
That's exactly it. GPRS uses no server. It instead uses a License flag along with coords. Any receiver can pick this signal up, and that means non-amateurs.
You say to use your server. Wrong. Instead, you would use someone else's server that you cannot modify. That would be better than saying "I stored it on my equipment".
Instead of using some recorder, we can transmit this on the HAM bands via GPRS, and have it recorded via a local digipeter for a webserver.
We now have hard-ish logs to cook, along with federal laws backing us up, as it is illegal to transmit on a radio that you are not in the vicinity of. And since the data is real-time, you can argue that we have local logs X, and server logs based on my Federal License at Y.
Heck, even in Linux, if a attacker wanted to root a machine, they could seed the logs with bad queries. Those queries were ANSI control codes for telnet, which could branch sessions and run separate programs. It could also blank the screen and other nasties.
No system is secure when there's errors in the parser, whether it be text or movie. They can at least get your user's rights to the system. Then it's just an elevation away.
---(non-executable stuff is always safe to download)
Hardly. I can think of quite a few examples of non-executable files that can house nasties. Essentially, one finds a buffer overflow in a parser. MP3 stacks and video codecs are favorites to find holes and stupid stuff in. Also, exe's can be put in WMV's and other MS codecs too.
Once the overflow is ran by the unsuspecting user/admin, code is then ran as permission of that program. Better hope it's not an admin
There really isnt any "manual" you can learn about this kind of stuff. However, we all have the toolkit to test and investigate with it at our homes.
1. Search fragrouter in google first. All hits on front page are on topic. Get it and compile cleanly. I prefer Debian, but works for all Linux.
2. Go buy a router from any ol box store. I prefer the WRT54G ones that can be modded to run either DD-WRT or OpenWRT.
3. Get some test machines up and running, including a separate machine running DHCP on the "Internet" side of the router. You'll want to fake a internet connection with this, so tell the router to pull DHCP from the "Internet" box. The Internet Box is your attacking machine. You will want to set up NAT if it's not already.
4. Set up fragrouter and proper routing utils on the attacking box ("Internet" machine). You can use your real network as the attacked network, as you wont cause damage. fragrouter has something like 14 options of bad routing. You can use this in conjunction of other routing daemons and others that exploit active services already existing on the el'cheapo router.
5. Since you have inside knowledge about your network, you can easily guess the subnet mask and ip addressing scheme and "hack through" the NAT.
I've done precisely that on many routers, including mid-range ciscos. And as I said before, the only machines that are immune from fragmenting attacks are ones that piece back together packets before they are passed on to the internal network. OpenBSD, FreeBSD, and Linux can do this reliably ONLY with a large amount of ram and fast CPU.
Not true at all. It's a common misconception that NAT protects anything at all. Why so?
NAT uses translation routing based upon multiple inside computers to one outside address. The key here is the NAT device does NOT reconstruct packets if they are heavily fragmented. Even upper end Ciscos and Junipers are vulnerable to fragment based attacks.
The key is you construct a IP-IP tunnel to target victim, try to guess the internal IP addressing scheme, and then use a program called Fragrouter to properly "make mal-fragmented packets". Once you do this, it will hop over damn near every router.
I think there's a setting in IPF that forces reconstruction before passing packets. That's the only defense, along with a proactive filtering in both directions.
Slashdot Mirror
Well, if many of the cases hinge upon the identity of an IP address, cant the ISP's require signed certificates with some sort of CAPTCHA that verifies identity?
I mean, doesnt the whole identity problem go away if we can validate a IP tunnel to a 1024 bit key assigned to our name?
Yes. TCPA. Ugly, nasty, DRM to the extreme... but it solves the identity problem.
Kinda cool, those public defenders.
I was a juror in a court case in which the guy was tried for DUI. The only thing is we didnt think he did the D part (the driving). The cop said he drove, but was a narc officer and was hired as a rentacop for a Pow-wow or something. We believed the defendant and not the cop.
It took us a whole 5 minutes to find him not guilty of any crime. We then find out in chambers (we go out the back way through the Judges chambers) that the Defendants Lawyer was a public defender. I'll say he did a smash-up job.
This one chewed up the prosecution and spit them out in a fine mist. I would have never guessed he was a Public Defender.
I dont care what the AC says about my "authority on the bible". I claim nothing but reading it. Seriously, try reading it yourself.
---True, but this doesn't work too well, if the child doesn't enjoy the same things as the parent. I think a more formal education system isn't a bad thing, but the bureaucracy of the federal system has munged things up. For more urban areas, charter school systems are working out rather well... I think that at some point a more divisive school system will come into place... not everyone benefits from a "classic" education. Some people would be better in an apprenticeship or a trade program...
Well, a classic education is no longer being taught. Where's the Socratic logic class in High School? Where's Latin? Why arent Plato's works discussed? Where are the Geometers? What about teaching Leibniz calculus to high schoolers? Even elementary students know what acceleration is.
All the tough stuff is substituted for the 100'th time how to add 2 fractions. Who else is there to blame except for the teachers and administration?
---Others would do better from education geared more towards arts, language, or math/sciences. I think that the "well-rounded" requirements of x-years language, x-years math, x-years science is wasted on many people. Some would have done better to have x+1 years language, and no math beyond basic math and science. Not everyone is meant to be shaped from the same mold... I think we need to stop forcing people into them.
And I doubt even that would work. Just as the Greeks did, I believe that apprenticeship would be the best route. There, one would learn a skill inside and out, and eventually be prepared to do for themselves and then apprentice someone. Though, I deign to pidgeonhole someone for the rest of their life, but I do have the idea that the younger do have an idea what they wish to do.
---Have you actually spoken to the people in the lower 50% of our population? And you want those people to home school their kids? I'm not saying it can't work for a lot of people, but smart people usually hang around other smart people, it's easy to forget that many people exist that do not car about education in the least, and that probably could not divide two numbers without a calculator.
I actually have faith in the "lower 50%" only because many of them have not been blessed with decent high schooling, or have little to no options. Moreso now than ever information and knowledge is easy to obtain, but the real art is finding it.
And I remind myself when I think I'm smarter than them: I may know physics of motion and can do the math required, but people who play sports know that exact same formulas intuitively. People who are not scientifically inclined are almost always artistically inclined, something I will not be.
And after looking at the real skills these lesser 50% have, there's a few rotten eggs. They're there in all societies.
---Not to mention the people who turn home schooling into bible schooling. Not that it's bad unless they crack down on critical thinking or don't teach evolution at all or something, but you know some people will do that.
I was Catholic. I studied the Bible from Genesis to Revelations (well, skipping over begats and much Revelations).
I'm no longer Catholic.
Unfortunately, the only real answer is home schooling and DIY.
I have real chemistry sets, physics toys, bio lab instructables, legos for prototype construction, Linux for software devel, PIC set for embedded work, and much more.
SciAm back in the day had a build-yourself bubble chamber and linear accelerator, and it worked. Boys Life, the boy scouting magazine, back in the day had instructions how to build your own fireworks including colors and shaping of charge.
When it comes down to it, we have gotten afraid to do anything because of "DANGER". That includes teaching. Anyways, what real criterion are required to really teach someone? If we look at the ancient Greeks, it was the motivation of the learner and not of a forced teaching.
John Taylor Gatto has a book about this very topic. Go look it up on Google.
If I can see it, it CAN be recorded.
If you emit spurious signals, I will filter them.
High energy, low interacting cosmic rays are ok.
Mid-energy, high interacting radioactive iodine and strontium on biologic systems are not.
The 20k$ question is if that dust would actually provide a serious threat... That is the question.
Tomorrow you'll see the exact opposite. It's just Dell and their weird pricing.
The "Free" software is also supposedly illegal as they didnt pay the mathematics patent fees.
Dell is only doing things legal. I cant blame them for that, nor can the MPEG2 patent holders.
As a part 97 FCC license holder, I am also interested.
Im pirating PRECISELY because of rampant drm.
I get more quality, more rights, and more freedom... and a better price to boot.
Wow. A internet petition. A beacon of light.
We all know how successful they are in breaking the evil $organization.
Just do like everybody else and host your pirate shit on a out-of-US server or hack a in-US one.
Thats like, umm, you know, right?
That's exactly it. GPRS uses no server. It instead uses a License flag along with coords. Any receiver can pick this signal up, and that means non-amateurs.
You say to use your server. Wrong. Instead, you would use someone else's server that you cannot modify. That would be better than saying "I stored it on my equipment".
First we can use GPS gear to get our locale.
Instead of using some recorder, we can transmit this on the HAM bands via GPRS, and have it recorded via a local digipeter for a webserver.
We now have hard-ish logs to cook, along with federal laws backing us up, as it is illegal to transmit on a radio that you are not in the vicinity of. And since the data is real-time, you can argue that we have local logs X, and server logs based on my Federal License at Y.
Whatever.
The NDA only lasted a year, and consisted of their questions and my opinion about said product.
The NDA only realistically covered a whole 1 hour. I got paid 75$ for not talking about a hour, while getting free product.
They get the market research they need, I get free product and money. They only said not to discuss about it for 1 year. Fair terms.
Under what law is a EULA legal?
I see first Sale Doctrine trumping that crap, yet other judges saying EULAs are legal documents. What kind of legal documents are they?
Reoccurring services, I can understand. Boxed software that you PAY for, I think not.
Heck, even in Linux, if a attacker wanted to root a machine, they could seed the logs with bad queries. Those queries were ANSI control codes for telnet, which could branch sessions and run separate programs. It could also blank the screen and other nasties.
No system is secure when there's errors in the parser, whether it be text or movie. They can at least get your user's rights to the system. Then it's just an elevation away.
---(non-executable stuff is always safe to download)
Hardly. I can think of quite a few examples of non-executable files that can house nasties. Essentially, one finds a buffer overflow in a parser. MP3 stacks and video codecs are favorites to find holes and stupid stuff in. Also, exe's can be put in WMV's and other MS codecs too.
Once the overflow is ran by the unsuspecting user/admin, code is then ran as permission of that program. Better hope it's not an admin
Im sure if you buy a "subscription" they eliminate that garbage.
Then again, they probably lack those skills. They cant even read the front page for dupes.
And if you hack the radio, you'll get more bars. You'll also get a mugshot too.
There really isnt any "manual" you can learn about this kind of stuff. However, we all have the toolkit to test and investigate with it at our homes.
1. Search fragrouter in google first. All hits on front page are on topic. Get it and compile cleanly. I prefer Debian, but works for all Linux.
2. Go buy a router from any ol box store. I prefer the WRT54G ones that can be modded to run either DD-WRT or OpenWRT.
3. Get some test machines up and running, including a separate machine running DHCP on the "Internet" side of the router. You'll want to fake a internet connection with this, so tell the router to pull DHCP from the "Internet" box. The Internet Box is your attacking machine. You will want to set up NAT if it's not already.
4. Set up fragrouter and proper routing utils on the attacking box ("Internet" machine). You can use your real network as the attacked network, as you wont cause damage. fragrouter has something like 14 options of bad routing. You can use this in conjunction of other routing daemons and others that exploit active services already existing on the el'cheapo router.
5. Since you have inside knowledge about your network, you can easily guess the subnet mask and ip addressing scheme and "hack through" the NAT.
I've done precisely that on many routers, including mid-range ciscos. And as I said before, the only machines that are immune from fragmenting attacks are ones that piece back together packets before they are passed on to the internal network. OpenBSD, FreeBSD, and Linux can do this reliably ONLY with a large amount of ram and fast CPU.
Good Luck.
> $35 Billion in savings? How much is that in napkins?
It's governmental napkins. The study cost $34.9 billion and $.1 billion for Halliburton making them.
Not true at all. It's a common misconception that NAT protects anything at all. Why so?
NAT uses translation routing based upon multiple inside computers to one outside address. The key here is the NAT device does NOT reconstruct packets if they are heavily fragmented. Even upper end Ciscos and Junipers are vulnerable to fragment based attacks.
The key is you construct a IP-IP tunnel to target victim, try to guess the internal IP addressing scheme, and then use a program called Fragrouter to properly "make mal-fragmented packets". Once you do this, it will hop over damn near every router.
I think there's a setting in IPF that forces reconstruction before passing packets. That's the only defense, along with a proactive filtering in both directions.