Pretty soon you'll see privately-owned firefighting companies, mark my words.
USA is going out of their mind with the "private is the solution to anything" concept. They have private armies, private cops (these armed guys that patrol closed-behind-fences residential areas), private prisons, so private firefighters isn't much of a stretch.
I have no particular problems with the private sector, but I do think that some services should NOT be subject to generating benefits (because nowadays you not only need to make benefits, but also double digit growth and margins). In my mind, nobody should make more money because there are more wars, more crime or more fires.
That was the point of my OP. The paper doesn't describe what you said. It says the client initiates the Mosh UDP session once it got the destination UDP port (the port the server listens on) from the SSH session. A firewall would never allow that. Also, opening a wide range of ports is a... let's say... challenging idea. This goes against all rules of network security known to network administrators.
Reading the linked research paper a bit, and something strikes me.
We use the existing infrastructure for authenticating hosts and users. To bootstrap an SSP connection, the user ïrst logs in to the remote host using conventional means, such as SSH or Kerberos. From there, the user or her script runs the server: an unprivileged process that chooses a random shared encryption key and begins listening on a UDP port. The server conveys the port number and key over the initial connection back to the client, which uses the information to start talking to the server over UDP.
You open a SSH connection (client->server:22). This port is allowed on the firewall, it lets you through. But then the server decides to listen on UDP:(random port) and tells the client, back through the (encrypted) initial connection, which UDP port to contact. So you initiate a SSP UDP session on that port. How does the firewall knows it should let you through? Since the port number is communicated on an encrypted session, it doesn't have access to that information.
So how does this work in a secure environment? The paper doesn't mention any mean for the server to communicate with the network which port its listening on.
You do realize that/. has got an international audience, right? Why should I know/care about some music festival in Texas when we've got equally large in Europe?
He was still leading a French army though. Would you call a battle won by a Puerto Rican general using American troop a Puerto Rican win, or American win?
Fuck you and your dumb American patriotism. Find me how many wars America won on its own. America probably wouldn't even exist if it wasn't for France.
Flight International test pilot -- and former Red Arrows team leader -- Peter Collins gives the Dassault Rafale a ringing endorsement in this week's magazine. "If I had to go into combat, on any mission, against anyone, I would, without question, choose the Rafale," Collins concludes in his six-page flight test report published in our Dubai Air Show preview issue.
In 2010, there was a Red Flag exercise. Rafale won 6 out of 7 fights (lost the long-range due to F-22's improved stealth). In medium range it still wins because its cameras can see the F-22. Even in Dassault this was a surprise, as the internal motto is "second only to the F-22." As for the F-35, who cares about a plane that nobody but the US can afford (read: are willing to finance so to keep jobs), if even.
America is a great country, but it's not the best country. There's no best country. America is barely a teenager in the history of nations, and it fucking shows by how dumb some of you guys are.
For the record, I Googled as you suggested, and I don't think there's anything to be ashamed of. History didn't start 100 years ago. Also keep in mind that until recently (and especially in the middle ages) the power of balance was not as, well, unbalanced as it is today for the US so these victories actually meant something. Having a fucking 100 years war of attrition is not like dropping "smart" bombs on Fallujah.
I have to use a Blackberry 6800 and I'm offended by all of that scrolling talk. I'd be glad if there was no lag in the phone, let alone having scrolling.
I don't know what kind of layers you're talking about, but in networking, applications are all the way to the top, and then SSL, TCP, IP and so on. In fact I can't think of any case where the application isn't the highest layer.
i read somewhere that the number of people in the UK who declared themselves as Jedi Knights exceeds the number of people who declared themselves to be Sikhs
What about the number of Siths?
Well they should ask their Winamp friends why their software crashes when it imports the 80GB+ of music I store on my NAS, when Winamp imports it like a breeze.
IE6 is no longer supported (for several months now), it's not like Microsoft is pushing this without forewarning. Also the cost of potential data leaks due to unpatched/unsupported/unsafe browsers totally shadows the cost of upgrading a shitty intranet website. So if people have "budget constraints" about this, they don't understand the concept of security and how it can hurt their business.
It's not just governments. Enterprises do this too. Later generation firewalls are now capable of doing in-line, on-the-fly SSL main-in-the-middle to monitor HTTPS traffic. The browsers wouldn't trigger a certificate alarm (as they usually do in case of phishing or MITM attacks) because the company can push their own CA to the computers on their domain.
The reason for this is to make sure viruses or exploits cannot be encrypted. But of course it also means your company could, in theory, grab e-mail account passwords or look into bank accounts if you do this from the company network.
Every Chinese company has to be owned at least at 51% by their government. They are communists, remember?
I'm not feeling bad one bit for Cisco. They wanted to cut costs by outsourcing in China, and it bit them in the ass. They settled out of court so we don't know what the end deal was, but the word around the campfire is that Cisco now gets paid any time Huawey sells something.
Some people do this in hardware now with no performance impact (DPI is traditionally very processor intensive). They don't look at things in term of TCP anymore, but by application. You can block, say, Facebook and Twitter but allow RMTPT (Flash video streaming over HTTP). And you can easily block any traffic on port 80 that you don't recognize as HTTP. This exists because people used to do protocol tunneling to circumvent traditional firewalls (HTTP in DNS over UDP for example). Modern DPI devices are designed to detect those creative methods with no performance (and therefore delay) impact.
You do need a lot of hardware, but not as much as 3 years ago. And when you have a government-sized budget for this, nothing is impossible.
I hate mentioning only Palo Alto, but in my knowledge (I'm a network test equipment vendor employee - I test the performance of these devices for a living) they are the only ones to do that in hardware. Checkpoint does the exact same thing but as far as I know it's not done in hardware - they do claim it has no performance impact but I haven't had a chance to test this myself.
Gartner published a report (here hosted by PA, reg. unfortunately required) that goes over all these challenges. I'm fairly sure somebody in Iran read this report and implemented it.
Don't get me wrong, I'm sure there were others, more subtle and hidden "tips."
It was also the first time people that weren't Representatives were allowed inside the Assembly during deliberations. I didn't check that fact by myself, but it was said on the news back when it happened.
I didn't (and won't) vote for Sarkozy, and I hate that law, but it was not "snuck in." There was no public debate, true, and RIAA-like types did give free music download coupons and that sort of things to the deputies, but in the end it was a democratic vote where the majority (held by Sarkozy's party, the UMP) won.
This is democracry or, rather, oligarchy, but you can't say it was "snuck in."
I think the higher security worry should be that this could be used to silently plug a pre-configured Wifi device on a PC. What if you make it discreet, using some sort of rootkit and use a program to extract data from the device - and the networks it has access to?
People already use this today, see Stuxnet. This would allow for an extra communication device and could come handy. You'd avoid wired networks security measures, and short of scambling wireless frequencies or scanning for odd signals, which not many companies do because they have no reason to, you're defenseless. Scary.
As I was saying, I run XBMC on Ubuntu Server, which actually runs better than under Windows, so the OS license fee is a moot point.
I also happen to own an Xbox 360 to play games. I just think a HTPC is better for this than the Xbox 360 (and, therefore, the vanilla Xbox). This was not true 10 years ago when HTPC didn't really exist and the Xbox was a superior choice.
So you're saying a media center and a Xbox are mutually exclusive? I can see the advantages of bundling that together (less cables, less space on the shelf), but to me they are totally overshadowed by the downsides (noise, power consumption, hassle to setup...). Can you even easily switch from the regular OS to XBMC with the bootloaders?
Back with the original Xbox, its (relative) small form factor and power for the time made it a great media center that's true, and I'm glad this gave us XMBC.
However nowadays you get video hardware acceleration chips, low-power dual core CPUs and all you need to run a media center for less than $200, in a case much smaller than an Xbox (even the new, slim one), much less power consumption and much less noise. I'm running XMBC on Ubuntu Server using an Asus S1-AT5NM10E (the mouthful) witch tops at 2% CPU when displaying a 1080p/DTS movie.
I don't see why anyone would want to run XBMC on an Xbox in this day and age.
That's great because it just so happens that the bandwidth limitations usually are in the Core and Backhaul networks (well that and decade-old DSLAMs I suppose). Last-mile throughput problem could be easily solved today by getting everybody on the FTTH wagon - so the problem really is money, not technology.
Slashdot Mirror
Pretty soon you'll see privately-owned firefighting companies, mark my words.
USA is going out of their mind with the "private is the solution to anything" concept. They have private armies, private cops (these armed guys that patrol closed-behind-fences residential areas), private prisons, so private firefighters isn't much of a stretch.
I have no particular problems with the private sector, but I do think that some services should NOT be subject to generating benefits (because nowadays you not only need to make benefits, but also double digit growth and margins). In my mind, nobody should make more money because there are more wars, more crime or more fires.
I, for one, welcome our new American overlords.
That was the point of my OP. The paper doesn't describe what you said. It says the client initiates the Mosh UDP session once it got the destination UDP port (the port the server listens on) from the SSH session. A firewall would never allow that. Also, opening a wide range of ports is a... let's say... challenging idea. This goes against all rules of network security known to network administrators.
You open a SSH connection (client->server:22). This port is allowed on the firewall, it lets you through. But then the server decides to listen on UDP:(random port) and tells the client, back through the (encrypted) initial connection, which UDP port to contact. So you initiate a SSP UDP session on that port. How does the firewall knows it should let you through? Since the port number is communicated on an encrypted session, it doesn't have access to that information. So how does this work in a secure environment? The paper doesn't mention any mean for the server to communicate with the network which port its listening on.
So each "illegal" download doesn't equal to a lost sale? Who would have thought? I'm shocked.
Pretty sure you can turn this around saying it's for defense purposes, or "research." Isn't "security researcher" the official term for "white hat" ?
I care about the context of the article? I don't think the article was about US music festivals, was it?
You do realize that /. has got an international audience, right? Why should I know/care about some music festival in Texas when we've got equally large in Europe?
He was still leading a French army though. Would you call a battle won by a Puerto Rican general using American troop a Puerto Rican win, or American win?
How about this ?
In 2010, there was a Red Flag exercise. Rafale won 6 out of 7 fights (lost the long-range due to F-22's improved stealth). In medium range it still wins because its cameras can see the F-22. Even in Dassault this was a surprise, as the internal motto is "second only to the F-22." As for the F-35, who cares about a plane that nobody but the US can afford (read: are willing to finance so to keep jobs), if even.
America is a great country, but it's not the best country. There's no best country. America is barely a teenager in the history of nations, and it fucking shows by how dumb some of you guys are.
For the record, I Googled as you suggested, and I don't think there's anything to be ashamed of. History didn't start 100 years ago. Also keep in mind that until recently (and especially in the middle ages) the power of balance was not as, well, unbalanced as it is today for the US so these victories actually meant something. Having a fucking 100 years war of attrition is not like dropping "smart" bombs on Fallujah.
I think I got trolled.
I have to use a Blackberry 6800 and I'm offended by all of that scrolling talk. I'd be glad if there was no lag in the phone, let alone having scrolling.
I don't know what kind of layers you're talking about, but in networking, applications are all the way to the top, and then SSL, TCP, IP and so on. In fact I can't think of any case where the application isn't the highest layer.
Well they should ask their Winamp friends why their software crashes when it imports the 80GB+ of music I store on my NAS, when Winamp imports it like a breeze.
IE6 is no longer supported (for several months now), it's not like Microsoft is pushing this without forewarning. Also the cost of potential data leaks due to unpatched/unsupported/unsafe browsers totally shadows the cost of upgrading a shitty intranet website. So if people have "budget constraints" about this, they don't understand the concept of security and how it can hurt their business.
The reason for this is to make sure viruses or exploits cannot be encrypted. But of course it also means your company could, in theory, grab e-mail account passwords or look into bank accounts if you do this from the company network.
Every Chinese company has to be owned at least at 51% by their government. They are communists, remember?
I'm not feeling bad one bit for Cisco. They wanted to cut costs by outsourcing in China, and it bit them in the ass. They settled out of court so we don't know what the end deal was, but the word around the campfire is that Cisco now gets paid any time Huawey sells something.
Some people do this in hardware now with no performance impact (DPI is traditionally very processor intensive). They don't look at things in term of TCP anymore, but by application. You can block, say, Facebook and Twitter but allow RMTPT (Flash video streaming over HTTP). And you can easily block any traffic on port 80 that you don't recognize as HTTP. This exists because people used to do protocol tunneling to circumvent traditional firewalls (HTTP in DNS over UDP for example). Modern DPI devices are designed to detect those creative methods with no performance (and therefore delay) impact.
You do need a lot of hardware, but not as much as 3 years ago. And when you have a government-sized budget for this, nothing is impossible.
I hate mentioning only Palo Alto, but in my knowledge (I'm a network test equipment vendor employee - I test the performance of these devices for a living) they are the only ones to do that in hardware. Checkpoint does the exact same thing but as far as I know it's not done in hardware - they do claim it has no performance impact but I haven't had a chance to test this myself.
Gartner published a report (here hosted by PA, reg. unfortunately required) that goes over all these challenges. I'm fairly sure somebody in Iran read this report and implemented it.
Don't get me wrong, I'm sure there were others, more subtle and hidden "tips." It was also the first time people that weren't Representatives were allowed inside the Assembly during deliberations. I didn't check that fact by myself, but it was said on the news back when it happened.
I didn't (and won't) vote for Sarkozy, and I hate that law, but it was not "snuck in." There was no public debate, true, and RIAA-like types did give free music download coupons and that sort of things to the deputies, but in the end it was a democratic vote where the majority (held by Sarkozy's party, the UMP) won. This is democracry or, rather, oligarchy, but you can't say it was "snuck in."
I think the higher security worry should be that this could be used to silently plug a pre-configured Wifi device on a PC. What if you make it discreet, using some sort of rootkit and use a program to extract data from the device - and the networks it has access to?
People already use this today, see Stuxnet. This would allow for an extra communication device and could come handy. You'd avoid wired networks security measures, and short of scambling wireless frequencies or scanning for odd signals, which not many companies do because they have no reason to, you're defenseless. Scary.
As I was saying, I run XBMC on Ubuntu Server, which actually runs better than under Windows, so the OS license fee is a moot point.
I also happen to own an Xbox 360 to play games. I just think a HTPC is better for this than the Xbox 360 (and, therefore, the vanilla Xbox). This was not true 10 years ago when HTPC didn't really exist and the Xbox was a superior choice.
So you're saying a media center and a Xbox are mutually exclusive? I can see the advantages of bundling that together (less cables, less space on the shelf), but to me they are totally overshadowed by the downsides (noise, power consumption, hassle to setup...). Can you even easily switch from the regular OS to XBMC with the bootloaders?
Back with the original Xbox, its (relative) small form factor and power for the time made it a great media center that's true, and I'm glad this gave us XMBC.
However nowadays you get video hardware acceleration chips, low-power dual core CPUs and all you need to run a media center for less than $200, in a case much smaller than an Xbox (even the new, slim one), much less power consumption and much less noise. I'm running XMBC on Ubuntu Server using an Asus S1-AT5NM10E (the mouthful) witch tops at 2% CPU when displaying a 1080p/DTS movie.
I don't see why anyone would want to run XBMC on an Xbox in this day and age.
That's great because it just so happens that the bandwidth limitations usually are in the Core and Backhaul networks (well that and decade-old DSLAMs I suppose). Last-mile throughput problem could be easily solved today by getting everybody on the FTTH wagon - so the problem really is money, not technology.