If your field was shooting babies in the head with a high powered rifle; and all of the sudden you realized that your job made you do immoral bad things, would you change fields?
The advertisement in your signature points to www.coronahost.com, which claims to be running Microsoft IIS. So I am sure you will agree that while the theoretical discussion is interesting, in the real world there are forces that you simply can not control. The only thing that can be done is to helplessly complain.
Ohh, friggin' wah. The MAN is forcing you.. its NOT YOUR FAULT you're a corporate bitch.. its NOT YOUR FAULT the man can push you around.
Why not start looking for a better job instead of bitching and whinning on slashdot all day.
Try finding, especially in this depressed economy, an IT job that does not require you to use Microsoft software at least sometimes. I would estimate that this describes less than one tenth of one percent of jobs. It is virtually impossible to avoid. Switching jobs is not a solution to this problem.
More than that, this is a good reason why having only one major OS cannot be secure. If you can write an extremely good sequence number predictor for Windows 2000 sessions and get yourself a few nice deer stands on the periphery of the backbone (or heck, in the backbone - I'm not sure how feasible that is), you can 0wn the majority of corporations you're interested in attacking.
This is not true. Your location on the network does not matter if you are worried about sequence number prediction. If you are positioned so that you can see the traffic both ways, you do not need to predict sequence numbers. And, all but the most insecure networks are vulnerable to attacks from the internet solely based on a spoofed IP address. No major US corporation is going to have a hole like that these days - they at least realize that securing the outside of the firewall is important. If there were such a hole, the intelligence necessary to find out about its existance and the address to use would take about the same effort to obtain as other more practical ways into the network.
Everybody realized to be afraid of IP-address based authentication after the widely publicized IP spoofing attacks.
Personally, I think Bush's Department of Homeland Defense is going to be a complete crock if nothing is done about this and other computer security issues.
The US government actively attacks computer securitiy. This is a problem that can be totally solved with strong encryption. Who is the biggest opponent in the world to ubiquitous strong encryption?
1) I could very well be illegal without obtaing permission from a human. This would take too much time away from CmdrTaco adding spelling errors to my posts.
Obviously this is not the case, or Google and other businesses that are caching web sites would be out of business by now. Caching web proxies would not be so common, instead we have never heard of a legal attack against a caching web proxy. This excuse is without merit.
The FAQ also gives this as a reason:
But what happens if I cache the site, and they update themselves? Once again, I'm transmitting data that I shouldn't be, only this time my cache is out of date!
But this is such an easily solved problem, this must also be a dishonest excuse. Even updating the cache once per minute would not unduly load the victim sites. Using standard proxy software like Squid would completely solve this problem.
So the quick answer is: "Sure, caching would be neat." It would make things a lot easier when servers go down, but it's a complicated issue that would need to be thought through in great detail before being implemented.
Answered by: CmdrTaco
Last Modified: 6/14/00
Surely in the 2 years since this question has been answered, CmdrTaco has had time to work on the solution to this. This is his full time job. Not much effort is being spent on the development of the software that runs the site, and certainly with the number of editors and how sloppily it is done, this can not be taking more than an hour per day per editor, if that. There is no original content, it is all submitted. As a LNUX shareholder, I wonder what these guys really do all day.
Keep in mind it's still remarkably hard to spoof with each successive packet, even if you can predict sequence numbers.
No. You are completely and totally wrong. The only hard part is predicting the initial sequence number. For each successive packet, the only problem is guessing how much data was sent so that you can ack it and not end up closing the window. In practice, this is easy, as the amount of data that was sent should be predictable within a narrow range, and it is safe to send multiple guesses.
Much more reliable than magstripes, and a bit more convenient.
But vastly more insecure. Anyone can read the ID off your card and retransmit it. There is no encryption in the communication protocol. At least magstripes can only be read at extremely close range.
Microsoft has spent over $500 million on advertising for Xbox in the United States alone. The United States has an estimated population of 278,058,900. Which means Microsoft is spending about $1.80 per citizen to promote the Xbox.
Isn't this a terribly wrong way to go about an advertising campaign of this magnitude? At 105,480,101 households, that is about $4.74 per household. You could pay a generous $9.50 per hour for people to go door to door (averaging half an hour per household) promoting the Xbox. Surely this would be more effective than any advertising campaign.
? Some of the demos I've seen are impressive (and hypnotic) considering that the graphics and music are produced real time.
Are there any decent demos being made for Linux or other free OSes? It seems that the graphics performance is just too poor to produce anything interesting.
So if you if you signed a contract that states you will only take 1.5Mb/s of bandwidth and you modify a device to take more than 1.5Mb/s, you are stealing along with breaching a contract.
What if no contract was ever signed, and the only (unsigned) "agreement" does not specify a bandwidth limit.
*Every* phone connected to the PSTN in all *50* states(this includes COCOTs, CLEC owned equipment, etc.) is required to be able to dial 911
I was not discussing the legal requirements. I was discussing the actual, real-world situation. No one follows every law, and you therefore can not use the law to define what actually happens.
Not only that, it's required that it be able to dial 911 without dialing a 9 first (ie, if you're in a hotel and dial 911 on their PBX, it should dip into it's translation table and automatically dial 911 externally). 9-911 must also work.
Not every phone system allows you to dial "911" to get 911. Sometimes you must dial 9-911, regardless of what the law may say. Sometimes you even see phones labeled to this effect.
Why do webmasters have to "opt-out" rather than "opt-in" to be cached?
You are opting in when you make data publically accessible. It is part of the implicit social contract, due to the nature of information. Since it is such an obvious, natural, and desirable feature. A large proxy server will probably have several sites cached in their entirety. Retention time need not be considered at issue, due to the low cost of storage and the simply natural idea that if the information has even a slight value, it will recover the cost of storing it.
When I view anything, it is my natural right as well as access to air is, to be able to electronically retain a copy of it, if for no other reason than to aid my memory. You have no right to prevent me from retaining a picture I took that your car was in the background of.
. Doesn't anyone at the DOJ realize that keeping a history of web browsing is about the equivalent of having someone follow you around with a pen and some paper and record the address of every place you visit during the day?
Which is also the equivalent of putting cameras in public places, which makes it easy to track someone's movements throughout the entire day. Therefore, this will not be an effective argument against such monitoring to people who already consider things like cameras in public places to be a good idea.
happy in thier little walled garden seeing only what the content nazi's at AOL want them to see/pay for.
AOL provides an Internet-connected IP address, and software that handles the most commonly used Internet protocols. What more could they do to not be a "walled garden"?
It just so happens that one of the many things at which Linux excels is in viewing DVDs
Except that 1) you are committing a crime by posessing a DVD player for Linux, 2) The DVD players for Linux have terrible user interfaces, 3) The DVD players for Linux are unreliable at best, 4) The DVD players for Linux are some of the only software that can cause the entire X server to crash.
The reason that we are arrogant is that we were created in the image of our creator, and we thus have the very notion that all life must resemble the life we see on earth ingrained in our very being.
Huh? This doesn't make any sense. Is it supposed to refer to a creation myth?
Can't we have a sport that's based on talent and not $$$?
Sure, there's sand volleyball, for starters
While this is indeed true with respect to equipment, I do not believe that it is also true with respect to individual athletic ability. Besides simply the sort of advanced training a well-funded athlete receives, there is the severely unbalancing factor of body alteration. Currently it is mostly hormones, but genetic engineering is in our immediate future in its most simple forms. The future will only see greater use of genetic engineering, and in 20-200 years time (depending on who you ask) the use of nanotechnology, cybernetics, and surely other kinds of advanced enhancement of human athletic and mental skill.
Perhaps advanced medical techniques will make it possible to determine who has not scientifically altered their body, so that pure humans can compete on a level playing field. The altered competitions will probably be more exciting (as they are today), however. But they will be mainly contests of money and courage to undergo risky medical procedures.
Although I see it claimed all the time, I have never seen any actual numbers presented to show that Solaris really does scale well up to 128 CPU's, tho. SUN's own biggest server right now only goes up to 106 CPU's, although Fujitsu-Siemens has a Sparc server that handles 128 CPUs. I'm not saying that it _doesn't_ scale, but it would be nice to see SOME real-life case presented to actually _support_ sun's claims.
Sun sells you those large systems (E10/12/15K) expecting you to separate them into domains - entirely separate systems. Very few people are actually running one kernel on 64 or greater CPU systems.
Why is this news? It is easy to get a gigabit link between any two major cities in the US, if you are willing to pay. I transfer files at gigabit speeds all the time - granted, across a river and not across an ocean, but is it really any different?
During those millions of years, the light is always moving at light speed. It just keeps running into stuff.
When a photon puts an atom into a higher energy state, and then is released from this atom, how long does this process take? The length of the atom at light speed? Or longer, and if so, how much longer?
Slashdot Mirror
The advertisement in your signature points to www.coronahost.com, which claims to be running Microsoft IIS. So I am sure you will agree that while the theoretical discussion is interesting, in the real world there are forces that you simply can not control. The only thing that can be done is to helplessly complain.
Too bad that an OpenBSD system only exposing ssh to the internet would have been vulnerable to a remote root hole for years now.
Why not start looking for a better job instead of bitching and whinning on slashdot all day.
Try finding, especially in this depressed economy, an IT job that does not require you to use Microsoft software at least sometimes. I would estimate that this describes less than one tenth of one percent of jobs. It is virtually impossible to avoid. Switching jobs is not a solution to this problem.
This is not true. Your location on the network does not matter if you are worried about sequence number prediction. If you are positioned so that you can see the traffic both ways, you do not need to predict sequence numbers. And, all but the most insecure networks are vulnerable to attacks from the internet solely based on a spoofed IP address. No major US corporation is going to have a hole like that these days - they at least realize that securing the outside of the firewall is important. If there were such a hole, the intelligence necessary to find out about its existance and the address to use would take about the same effort to obtain as other more practical ways into the network.
Everybody realized to be afraid of IP-address based authentication after the widely publicized IP spoofing attacks.
Personally, I think Bush's Department of Homeland Defense is going to be a complete crock if nothing is done about this and other computer security issues.
The US government actively attacks computer securitiy. This is a problem that can be totally solved with strong encryption. Who is the biggest opponent in the world to ubiquitous strong encryption?
Obviously this is not the case, or Google and other businesses that are caching web sites would be out of business by now. Caching web proxies would not be so common, instead we have never heard of a legal attack against a caching web proxy. This excuse is without merit.
The FAQ also gives this as a reason:
But this is such an easily solved problem, this must also be a dishonest excuse. Even updating the cache once per minute would not unduly load the victim sites. Using standard proxy software like Squid would completely solve this problem.
Surely in the 2 years since this question has been answered, CmdrTaco has had time to work on the solution to this. This is his full time job. Not much effort is being spent on the development of the software that runs the site, and certainly with the number of editors and how sloppily it is done, this can not be taking more than an hour per day per editor, if that. There is no original content, it is all submitted. As a LNUX shareholder, I wonder what these guys really do all day.
No. You are completely and totally wrong. The only hard part is predicting the initial sequence number. For each successive packet, the only problem is guessing how much data was sent so that you can ack it and not end up closing the window. In practice, this is easy, as the amount of data that was sent should be predictable within a narrow range, and it is safe to send multiple guesses.
But vastly more insecure. Anyone can read the ID off your card and retransmit it. There is no encryption in the communication protocol. At least magstripes can only be read at extremely close range.
The small panda population is not surprising, considering their lack of desire to mate.
Isn't this a terribly wrong way to go about an advertising campaign of this magnitude? At 105,480,101 households, that is about $4.74 per household. You could pay a generous $9.50 per hour for people to go door to door (averaging half an hour per household) promoting the Xbox. Surely this would be more effective than any advertising campaign.
Are there any decent demos being made for Linux or other free OSes? It seems that the graphics performance is just too poor to produce anything interesting.
What if no contract was ever signed, and the only (unsigned) "agreement" does not specify a bandwidth limit.
I was not discussing the legal requirements. I was discussing the actual, real-world situation. No one follows every law, and you therefore can not use the law to define what actually happens.
Not only that, it's required that it be able to dial 911 without dialing a 9 first (ie, if you're in a hotel and dial 911 on their PBX, it should dip into it's translation table and automatically dial 911 externally). 9-911 must also work.
Not every phone system allows you to dial "911" to get 911. Sometimes you must dial 9-911, regardless of what the law may say. Sometimes you even see phones labeled to this effect.
Not ALL payphones in the US allow you to make free 911 calls. Those owned by the phone company always do, but COCOTs frequently do not.
You are opting in when you make data publically accessible. It is part of the implicit social contract, due to the nature of information. Since it is such an obvious, natural, and desirable feature. A large proxy server will probably have several sites cached in their entirety. Retention time need not be considered at issue, due to the low cost of storage and the simply natural idea that if the information has even a slight value, it will recover the cost of storing it.
When I view anything, it is my natural right as well as access to air is, to be able to electronically retain a copy of it, if for no other reason than to aid my memory. You have no right to prevent me from retaining a picture I took that your car was in the background of.
Which is also the equivalent of putting cameras in public places, which makes it easy to track someone's movements throughout the entire day. Therefore, this will not be an effective argument against such monitoring to people who already consider things like cameras in public places to be a good idea.
choices 4 and 1 are the same.
AOL provides an Internet-connected IP address, and software that handles the most commonly used Internet protocols. What more could they do to not be a "walled garden"?
It just so happens that one of the many things at which Linux excels is in viewing DVDs
Except that 1) you are committing a crime by posessing a DVD player for Linux, 2) The DVD players for Linux have terrible user interfaces, 3) The DVD players for Linux are unreliable at best, 4) The DVD players for Linux are some of the only software that can cause the entire X server to crash.
Since they purchased a license to the content, and not the physical media, shouldn't it be easy to get a replacement?
Huh? This doesn't make any sense. Is it supposed to refer to a creation myth?
While this is indeed true with respect to equipment, I do not believe that it is also true with respect to individual athletic ability. Besides simply the sort of advanced training a well-funded athlete receives, there is the severely unbalancing factor of body alteration. Currently it is mostly hormones, but genetic engineering is in our immediate future in its most simple forms. The future will only see greater use of genetic engineering, and in 20-200 years time (depending on who you ask) the use of nanotechnology, cybernetics, and surely other kinds of advanced enhancement of human athletic and mental skill.
Perhaps advanced medical techniques will make it possible to determine who has not scientifically altered their body, so that pure humans can compete on a level playing field. The altered competitions will probably be more exciting (as they are today), however. But they will be mainly contests of money and courage to undergo risky medical procedures.
Although I see it claimed all the time, I have never seen any actual numbers presented to show that Solaris really does scale well up to 128 CPU's, tho. SUN's own biggest server right now only goes up to 106 CPU's, although Fujitsu-Siemens has a Sparc server that handles 128 CPUs. I'm not saying that it _doesn't_ scale, but it would be nice to see SOME real-life case presented to actually _support_ sun's claims.
Sun sells you those large systems (E10/12/15K) expecting you to separate them into domains - entirely separate systems. Very few people are actually running one kernel on 64 or greater CPU systems.
Why is this news? It is easy to get a gigabit link between any two major cities in the US, if you are willing to pay. I transfer files at gigabit speeds all the time - granted, across a river and not across an ocean, but is it really any different?
When a photon puts an atom into a higher energy state, and then is released from this atom, how long does this process take? The length of the atom at light speed? Or longer, and if so, how much longer?
No. c is the speed of light in a vacuum. The slowed light down by passing it through a certain material.