I don't see a problem with what he's trying to do.
The problem he's having is that he's asking for an OpenNIC web site, and not receiving the page. The problem is as follows:
The "address" of the site he's looking for is present in two separate places in the request he's making. The IP Header includes the IP address of the site, and the HTTP header includes the URL, which includes the server name.
When he requests a webpage from an OpenNIC TLD, his machine correctly resolves the hostname, and constructs an request, which is sent through his ISP. The web proxy intercepts the request, and tries to proxy his request, so that it can be cached for later lookups.
Apparently, the Web cache is not configured to lookup machines under OpenNIC TLDs. That's reasonable, but that shouldn't stop a web browser from being able to see the web page.
If the web proxy can't identify the hostname present in the URL, it should simply pass it through, allowing the client (who already knows the IP), and the Web Server (who also, clearly, already knows it's own IP) to communicate. This would prevent the client from gaining the benefit of the cache, but would allow the client and server to communicate.
By accusing the poster of "[choosing] to disregard the other relevant standards," I can only assume your talking about his testing the web requests through a telnet client. I think that was an excellent troubleshooting procedure. It clearly identified the source of the problem.
HTTP does have it's own rules, but none of those rules should override TCP/IP. If this user makes a request to a web server (he's obviously already identified the IP address of the server, or he wouldn't be attempting an HTTP request). The caching proxy shouldn't be hijacking his request for any reason. It may be misconfiguration, or it may be broken proxy software, but it certainly isn't the user's fault.
> unique identification number linked to a public key directory (for authentication) and credit/debit card numbers.
It doesn't matter if someone captures your credit card number. They only need to capture your "speedpass number", which they can use at McDonalds to purchase fries on your dime. This is like having a pin to protect your password (you don't have to reveal your password, just use the pin), and writing that pin in large characters on your shirt for anyone to read. It adds a layer of complexity, but doesn't add any security.
A cryptographic solution might be to have someone beam a random number to the speedpass, encrypted with your speedpass public key, and having the speedpass beam back the decrypted random number. But that sort of thing can get expensive.
Seeing a isolated snapshot of the situation doesn't provide alot of information, so I'm a little confused. How is it possible that a DOS alone could drive an ISP out of business. Was it really a healthy business that was destroyed by a DOS, or was this the straw that broke the camel's back. It was mentioned that they did have insurance, but that the insurance wouldn't cover "rebuilding their network". "[A] Firewall brute force attack [resulted in] successful hash and destruction of the firewall" = bad password, no backups. I'm just trying to figure out what kind of DOS can lead to the destruction of an otherwise healthy network and company. The press release paints the picture of a smoking crater, but of course, it's all just data. There's no defense against the various flood attacks, but they should be easiest to trace, and temporarily filtering the flooding IP's should prevent widespread damage. Any ISP admins care to comment.
Other than saving face, ("Hackers did it" vs. "unchecked spending did it"), is there any practical advantage to claiming that evil hackers destroyed the business. Something just doesn't add up.
This would be ironic if Cringely was right in his recent column.
"What game developers should keep in mind is Microsoft's long tradition in the PC software business of introducing titles and initiatives that eventually just fade away."
Nvidia wouldn't be the first folks caught like that. Still, I was looking forward to getting a GeForce 256.
With this option on, you can type the beginning of a directory or filename, and tab your way through all files starting with those characters. Ex: typing cd pro {TAB} will get you to C:\Program Files (if that's the first directory starting with a "P" on your drive). typing cd pro {TAB}{TAB} would get you to C:\Providers (or the next "P" directory in alphabetical order).
I loved this story. Let me just say that I have been a proud WWN reader for a couple of months now, and highly recommend it to anyone who likes The Onion. WWN is not so obviously a satirical publication, as the onion, but it is lampooning itself constantly. Every issue, I'm afraid that the cover story will be "WWN Staff admits WWN is a hoax. Longest running joke in America finally comes clean. Noted Experts baffled." For the uninitiated, read Dear Dotti and Ed Anger. You wont be disappointed.
I think the microsoft's competitors get the real credit for advances in pc computing (assuming, of course, and without any evidence, yet) that another OS or platform wouldn't be on top if Billy G. hadn't bought QDOS to begin with.
Raise a glass to:
The various incarnations of (now) caldera's OpenDOS, OS/2, MacOS, AmigaOS, etc.
All the third party vendors driven under by Microsoft bundling.
Thank the folks who wrote Winsock.
Thank the original author of QDOS, too.
And, of course, CP/M
These are the people microsoft have copied, and the reason why MSDOS 1.0 isn't still the default OS installed on the PC's of the world.
["These people are not your friends. If everyone screams at them and says 'you are scum,' they'll stop," said Cohen. He also recommended that administrators configure their firewalls to refuse traffic to the codebreakers.org site.]
Hmmm.. The second option seems more practical.. but what the heck. What's everybody doing the day after refund day. We could all scream together..
Slashdot Mirror
A great chance to try out Internet Explorer under Linux, just for giggles. Works like a charm. Tee-hee
I don't see a problem with what he's trying to do.
The problem he's having is that he's asking for an OpenNIC web site, and not receiving the page. The problem is as follows:
The "address" of the site he's looking for is present in two separate places in the request he's making. The IP Header includes the IP address of the site, and the HTTP header includes the URL, which includes the server name.
When he requests a webpage from an OpenNIC TLD, his machine correctly resolves the hostname, and constructs an request, which is sent through his ISP. The web proxy intercepts the request, and tries to proxy his request, so that it can be cached for later lookups.
Apparently, the Web cache is not configured to lookup machines under OpenNIC TLDs. That's reasonable, but that shouldn't stop a web browser from being able to see the web page.
If the web proxy can't identify the hostname present in the URL, it should simply pass it through, allowing the client (who already knows the IP), and the Web Server (who also, clearly, already knows it's own IP) to communicate. This would prevent the client from gaining the benefit of the cache, but would allow the client and server to communicate.
By accusing the poster of "[choosing] to disregard the other relevant standards," I can only assume your talking about his testing the web requests through a telnet client. I think that was an excellent troubleshooting procedure. It clearly identified the source of the problem.
HTTP does have it's own rules, but none of those rules should override TCP/IP. If this user makes a request to a web server (he's obviously already identified the IP address of the server, or he wouldn't be attempting an HTTP request). The caching proxy shouldn't be hijacking his request for any reason. It may be misconfiguration, or it may be broken proxy software, but it certainly isn't the user's fault.
> unique identification number linked to a public key directory (for authentication) and credit/debit card numbers.
It doesn't matter if someone captures your credit card number. They only need to capture your "speedpass number", which they can use at McDonalds to purchase fries on your dime. This is like having a pin to protect your password (you don't have to reveal your password, just use the pin), and writing that pin in large characters on your shirt for anyone to read. It adds a layer of complexity, but doesn't add any security.
A cryptographic solution might be to have someone beam a random number to the speedpass, encrypted with your speedpass public key, and having the speedpass beam back the decrypted random number. But that sort of thing can get expensive.
Here is a series of pictures of the gentleman purchasing the sparrow.
Seeing a isolated snapshot of the situation doesn't provide alot of information, so I'm a little confused. How is it possible that a DOS alone could drive an ISP out of business. Was it really a healthy business that was destroyed by a DOS, or was this the straw that broke the camel's back. It was mentioned that they did have insurance, but that the insurance wouldn't cover "rebuilding their network". "[A] Firewall brute force attack [resulted in] successful hash and destruction of the firewall" = bad password, no backups. I'm just trying to figure out what kind of DOS can lead to the destruction of an otherwise healthy network and company. The press release paints the picture of a smoking crater, but of course, it's all just data. There's no defense against the various flood attacks, but they should be easiest to trace, and temporarily filtering the flooding IP's should prevent widespread damage. Any ISP admins care to comment.
Other than saving face, ("Hackers did it" vs. "unchecked spending did it"), is there any practical advantage to claiming that evil hackers destroyed the business. Something just doesn't add up.
Use it wisely
This would be ironic if Cringely was right in his recent column.
"What game developers should keep in mind is Microsoft's long tradition in the PC software business of introducing titles and initiatives that eventually just fade away."
Nvidia wouldn't be the first folks caught like that. Still, I was looking forward to getting a GeForce 256.
From a great tip site
With this option on, you can type the beginning of a directory or filename, and tab your way through all files starting with those characters.
Ex: typing cd pro {TAB} will get you to C:\Program Files (if that's the first directory starting with a "P" on your drive). typing cd pro {TAB}{TAB} would get you to C:\Providers (or the next "P" directory in alphabetical order).
Turn File Name Completion on using the Registry:
HKEY_Current_User\..\Software\Microsoft\Command Processor\CompletionChar=0x9
I loved this story. Let me just say that I have been a proud WWN reader for a couple of months now, and highly recommend it to anyone who likes The Onion. WWN is not so obviously a satirical publication, as the onion, but it is lampooning itself constantly. Every issue, I'm afraid that the cover story will be "WWN Staff admits WWN is a hoax. Longest running joke in America finally comes clean. Noted Experts baffled." For the uninitiated, read Dear Dotti and Ed Anger. You wont be disappointed.
Foofboy.
Noted Expert.
I'm not going to believe it until the Wall Street Journal picks it up and prints it as gospel on Monday.
Just like that killer security product that could destroy hardware over the internet. Remember that?
:)
On Debian, there's a file "/etc/login.access" that allows you to configure local vs. remote logins by group, or source network.
Try "man login.access"
How about key escrew? :)
I think the microsoft's competitors get the real credit for advances in pc computing (assuming, of course, and without any evidence, yet) that another OS or platform wouldn't be on top if Billy G. hadn't bought QDOS to begin with.
Raise a glass to:
The various incarnations of (now) caldera's OpenDOS, OS/2, MacOS, AmigaOS, etc.
All the third party vendors driven under by Microsoft bundling.
Thank the folks who wrote Winsock.
Thank the original author of QDOS, too.
And, of course, CP/M
These are the people microsoft have copied, and the reason why MSDOS 1.0 isn't still the default OS installed on the PC's of the world.
["These people are not your friends. If everyone screams at them and says 'you are scum,' they'll stop," said Cohen. He also recommended that administrators configure their firewalls to refuse traffic to the codebreakers.org site.]
Hmmm.. The second option seems more practical.. but what the heck. What's everybody doing the day after refund day. We could all scream together..
:)