The process of detecting what might be a DDOS would trigger an arms race. I therefore suggested that any sustained non productive traffic to a site that ADVERTISES that it is under sever load (attack) would be filtered as close to the keyboard as possible.
Doesn't have to be on the customer's premises, but certainly at the ISP.
Any sustained repetitive traffic to addresses on the advertised list get a second look, or a throttling or something.
If done at EACH level (ISP, UPstream ISP, Carrier, etc) and if there were a method of sever load advertising, DDOS attacks would get flattened quickly.
Perhaps we should be pointing out that the problem here is the DDoSers, not their victims.
And since the DDosers are the problem the fight should be taken closer to them, rather than starting at the target and working backwards. (Avoid fighting on your own turf, take the battle to the attacker's back yard).
Its like we need a DNS system for attack (load) management, where a site could simply broadcast that they are under heavy load (whether it is an actual attack or simply a slashdoting), and routers all over the net would stop sending repetitive traffic their way.
When backbone carriers get this notification they immediately start filtering sustained packet streams. Additionally they send the warning to each of their pairing partners, and ISPs for which they are an upstream.
If the carriers insisted that each of their subscriber ISPs established and use such system to heed load warnings and start automatically filtering repetitive traffic for those sites the system would pretty much manage high sustained attacks.
So you need something where joe sixpack sitting on his compromised computer reading his email would not have to even be aware that the ping flood running in the background was being killed off by his ISP. (I'm sure the DDOS attacks are more sophisticated than a ping flood, but the point stands. Sustained non-productive traffic can be distinguished from a web hit, or email check or gaming activity).
We use DNS like systems for spam signature detection, surely we can find a way to do it for routing of sustained high-load traffic.
What part of Magnuson-Moss puts the burden on the manufacturer to prove that a user modification was the cause of failure?
There are an infinite number of modifications that users might make. There is only one (or a very few) configurations tested, released and warranted by a manufacturer. How could any manufacturer possibly test an infinite number of combinations and permutations of unknown future hacks? There isn't enough time. There aren't enough engineers.
I suspect there is a little self serving interpretation of the law here, because unless parts are expected to be replaced due to wear and tear (tire on cars), its pretty standard in every industry in every country for the warranty to come off as soon you hack something.
Perhaps there is some legal angle to this. Since jailbreak is not illegal, having a method to detect it allows third parties to disenfranchise an Apple customer from doing what they have a right to do. Perhaps Apple does not want that liability.
Or perhaps Apple is standing up for the rights of their customers.
There may be some tendency to think that something that hashes too quickly would be trivial, but without even a glance at the methodology and a modicum of trials this is just like assuming the cute girl is an air-head without so much as a conversation.
Who are these guys anyway? You expect better from NIST.
No, enrichment machines to not require precise speed. You made that up. Post a link or retract it.
All it requires is high speed for a sustained periods. Precision is not a criteria. It doesn't matter whether it is 2000 rpm for 5 days or 2100 rpm for 5 days and 18 hours. There are no precision requirements for centrifuges. Its a trade off between the number of Gs you can induce over a period of time. There is no special precision requirement.
Its not like a paper machine where if one of the drying drums goes.002 rpms faster than the rest the web of wet paper breaks and the machine is useless.
Centrifuges are big machines, and you have to spin them up carefully using a stepped speed profile while getting up to speed or coming to a stop.
The worm simply radically alters the speed in unpredictable ways, spinning them up, then dropping to very low speeds, very quickly the jacking them up again. Doing this very fast breaks the machines. The worm's job is to break the machines.
The worm is not trying to alter the product. Its trying to break the machines. Do some reading on this subject, PLEASE.
I've never met a Muslim man that did NOT believe that men must dominate and women must be totally submissive. Even well educated western Muslims believe this, regardless of how much lip service they pay to equality.
You seem to claim the moral high ground, so come up with a solution to this problem that solves it now, not 400 years from now, or stop pontificating.
Shit, a lot of Afghan warlords think subjugation of women is a divine requirement, or are you going to defend that too?
Most of Islam thinks that the subjugation of women is a divine requirement.
Are you going to arrest them all?
I'm not defending anything. Because no one has provided any proof that this even happened, let alone that the US mercenaries were in any way involved, other than sending food dishes to the party. There is absolutely NOTHING in the released cable to suggest otherwise. Read before pontificating.
Enrichment does not require EXACT rpm. Its a centrifuge, nothing more.
Thousands of industrial applications require exact speed (far greater exactness than a centrifuge). Electrical Generators, Paper machines, rolling mills, sewage pumps, blower motors, automated bottling lines, automated assembly lines of all kinds.
Try not to make assertions your experience will not back up.
There is no allegation of beating. You made that up. There is no evidence the US corporation was in any way involved in the procurement of the boys. You made that up too. The corporation simply paid for a party. Allegedly boys were present.
The US state department had no one there to verify this. The cable was simply about convincing a journalist (who was also NOT there at the time) not to release a story for which there was no corroborating evidence. Who knows the motives of the journalist?
A whole lot of people are reading a whole lot of stuff into a rather vague cable. Have you actually followed the link and read the cable? Thought not.
It was targeted at a particular Siemens chipset. That chipset is used world wide and not just for centrifuges. (its already infected Iranian turbine generators).
But again, as I mentioned elsewhere in this thread, viruses and worms are built using the skeletons of other viruses and worms.
Iran will eventually figure out this tool, and tailor it to new targets. Centrifuges do not have GPS chips installed. They don't know where they are. At best the controllers that run them know a time zone and a language setting. How long will it take to adjust that?
Already asked and answered elsewhere in this thread.
These aren't sex slaves. They are male prostitutes at worst, boy toys at best, and something that is part of the local culture, and often sought out by the boys. There was no racket. It was not RUN by a US corporation. They hosted one party. Boys were present.
Your glee might be tempered a bit when this thing gets propagated to Europe, North America, and the rest of the world.
It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country.
Your local power company? Not so much.
Viruses and worms seem unlikely to honor boundaries forever. At least a surprise bombing run on a reactor in Iran is unlikely to hit Con-Edison in NY.
Stupid people do not make good jurors. Prosecutors know this. Defense Lawyers know this. They both want people smart enough to see their side of the evidence, but they know they can't have it all their way. They settle for people with no strong preconceptions.
Exactly.
I posted something similar above.
The process of detecting what might be a DDOS would trigger an arms race. I therefore suggested that any sustained non productive traffic to a site that ADVERTISES that it is under sever load (attack) would be filtered as close to the keyboard as possible.
Doesn't have to be on the customer's premises, but certainly at the ISP.
Any sustained repetitive traffic to addresses on the advertised list get a second look, or a throttling or something.
If done at EACH level (ISP, UPstream ISP, Carrier, etc) and if there were a method of sever load advertising, DDOS attacks would get flattened quickly.
Perhaps we should be pointing out that the problem here is the DDoSers, not their victims.
And since the DDosers are the problem the fight should be taken closer to them, rather than starting at the target and working backwards. (Avoid fighting on your own turf, take the battle to the attacker's back yard).
Its like we need a DNS system for attack (load) management, where a site could simply broadcast that they are under heavy load (whether it is an actual attack or simply a slashdoting), and routers all over the net would stop sending repetitive traffic their way.
When backbone carriers get this notification they immediately start filtering sustained packet streams. Additionally they send the warning to each of their pairing partners, and ISPs for which they are an upstream.
If the carriers insisted that each of their subscriber ISPs established and use such system to heed load warnings and start automatically filtering repetitive traffic for those sites the system would pretty much manage high sustained attacks.
So you need something where joe sixpack sitting on his compromised computer reading his email would not have to even be aware that the ping flood running in the background was being killed off by his ISP. (I'm sure the DDOS attacks are more sophisticated than a ping flood, but the point stands. Sustained non-productive traffic can be distinguished from a web hit, or email check or gaming activity).
We use DNS like systems for spam signature detection, surely we can find a way to do it for routing of sustained high-load traffic.
Heat is light, so take your choice.
Repair parts on cars is not the issue here.
People don't add parts to phones. Merely opening the case of an iphone voids the warranty.
Once you hack a phone and obtain root you will be unsuccessful trying to exercise your warranty on the brick you created.
I'm pretty sure Apple's lawyers prevail over a Dummies book with out getting out of bed in the morning.
What part of Magnuson-Moss puts the burden on the manufacturer to prove that a user modification was the cause of failure?
There are an infinite number of modifications that users might make. There is only one (or a very few) configurations tested, released and warranted by a manufacturer. How could any manufacturer possibly test an infinite number of combinations and permutations of unknown future hacks? There isn't enough time. There aren't enough engineers.
I suspect there is a little self serving interpretation of the law here, because unless parts are expected to be replaced due to wear and tear (tire on cars), its pretty standard in every industry in every country for the warranty to come off as soon you hack something.
And if they were waiting for a lawyer who understood the issue they would be waiting longer.
But a hash is just a hash. Its not designed as an encryption tool. It is predominantly used to determine if two blocks of arbitrary input are equal.
Was the binary file corrupted in transit? Compare the hash of the Original to the hash of the copy.
There are some cryptographic uses of hashs but they are tangential for the most part.
Did you not understand a word of what the GP stated?
Jailbreaking is not illegal, and is your right.
Apples objections were based on untenable arguments and had nothing to do with copyright infringements.
So Apple was wrong. Its still your right to jailbreak.
Apple is not obligated to honor the warranty on any jailbroken device. But that is an entirely separate issue.
Still, why bother to disable it?
Perhaps there is some legal angle to this. Since jailbreak is not illegal, having a method to detect it allows third parties to disenfranchise an Apple customer from doing what they have a right to do. Perhaps Apple does not want that liability.
Or perhaps Apple is standing up for the rights of their customers.
Wait, thats crazy talk. Lemmie go take my meds.
Exactly my reaction.
Is this a beauty contest or what?
There may be some tendency to think that something that hashes too quickly would be trivial, but without even a glance at the methodology and a modicum of trials this is just like assuming the cute girl is an air-head without so much as a conversation.
Who are these guys anyway? You expect better from NIST.
No, enrichment machines to not require precise speed.
You made that up. Post a link or retract it.
All it requires is high speed for a sustained periods. Precision is not a criteria. It doesn't matter whether it is 2000 rpm for 5 days or 2100 rpm for 5 days and 18 hours. There are no precision requirements for centrifuges. Its a trade off between the number of Gs you can induce over a period of time. There is no special precision requirement.
Its not like a paper machine where if one of the drying drums goes .002 rpms faster than the rest the web of wet paper breaks and the machine is useless.
Centrifuges are big machines, and you have to spin them up carefully using a stepped speed profile while getting up to speed or coming to a stop.
The worm simply radically alters the speed in unpredictable ways, spinning them up, then dropping to very low speeds, very quickly the jacking them up again. Doing this very fast breaks the machines. The worm's job is to break the machines.
The worm is not trying to alter the product. Its trying to break the machines. Do some reading on this subject, PLEASE.
So what is your solution hot shot?
Jail every Muslim man in the world?
I've never met a Muslim man that did NOT believe that men must dominate and women must be totally submissive. Even well educated western Muslims believe this, regardless of how much lip service they pay to equality.
You seem to claim the moral high ground, so come up with a solution to this problem that solves it now, not 400 years from now, or stop pontificating.
Shit, a lot of Afghan warlords think subjugation of women is a divine requirement, or are you going to defend that too?
Most of Islam thinks that the subjugation of women is a divine requirement.
Are you going to arrest them all?
I'm not defending anything. Because no one has provided any proof that this even happened, let alone that the US mercenaries were in any way involved, other than sending food dishes to the party. There is absolutely NOTHING in the released cable to suggest otherwise. Read before pontificating.
Enrichment does not require EXACT rpm. Its a centrifuge, nothing more.
Thousands of industrial applications require exact speed (far greater exactness than a centrifuge). Electrical Generators, Paper machines, rolling mills, sewage pumps, blower motors, automated bottling lines, automated assembly lines of all kinds.
Try not to make assertions your experience will not back up.
There is no allegation of beating. You made that up.
There is no evidence the US corporation was in any way involved in the procurement of the boys. You made that up too.
The corporation simply paid for a party. Allegedly boys were present.
The US state department had no one there to verify this.
The cable was simply about convincing a journalist (who was also NOT there at the time) not to release a story for which there was no corroborating evidence.
Who knows the motives of the journalist?
A whole lot of people are reading a whole lot of stuff into a rather vague cable. Have you actually followed the link and read the cable? Thought not.
Asked and answered elsewhere on this thread.
No, not true.
It was targeted at a particular Siemens chipset. That chipset is used world wide and not just for centrifuges. (its already infected Iranian turbine generators).
But again, as I mentioned elsewhere in this thread, viruses and worms are built using the skeletons of other viruses and worms.
Iran will eventually figure out this tool, and tailor it to new targets. Centrifuges do not have GPS chips installed. They don't know where they are. At best the controllers that run them know a time zone and a language setting. How long will it take to adjust that?
And when the Iranians finally figure out how it works and revise it and send it back to us it will be VERY Discriminating.
DOH!
If it didn't when sent, it will upon return.
Already asked and answered elsewhere in this thread.
These aren't sex slaves. They are male prostitutes at worst, boy toys at best, and something that is part of the local culture, and often sought out by the boys. There was no racket. It was not RUN by a US corporation. They hosted one party. Boys were present.
You need to learn to read your own sources.
Your glee might be tempered a bit when this thing gets propagated to Europe, North America, and the rest of the world.
It seems just as likely that the guys running Turbines for your local power company are no better equipped to handle this than Iran. In Iran, they have unlimited budget and first call upon the best brains in the country.
Your local power company? Not so much.
Viruses and worms seem unlikely to honor boundaries forever. At least a surprise bombing run on a reactor in Iran is unlikely to hit Con-Edison in NY.
But jurors are not expected or asked to decide points of law.
Jurors are asked to determine points of fact.
Did the defendant put a knife between the deceased 5th and 6th rib, not in self defense. Case law is hardly ever even mentioned in trial courts.
You sir are a moron.
Stupid people do not make good jurors. Prosecutors know this. Defense Lawyers know this. They both want people smart enough to see their side of the evidence, but they know they can't have it all their way. They settle for people with no strong preconceptions.
What good is a leak site if after the first leak it disappears from the public eye
If the public doesn't think it warrants their continued attention then it probably does not.
For the most part the public has looked at what was published and said "big fucking deal".
If his motive were true, he would publish it an let the chips fall where they may.