Actually, I'd rather have my next door neighbour know what I was searching for (and vice versa) than have any single person know what *everyone* was searching for. Power corrupts.
Did I say anythig about moral equivalence? No. I was talking in purely practical terms about the threat of a pre-emptive strike. The US clearly presents a greater threat to North Korea and Iran than vice versa.
Thank you, Paul Wolfowitz. Speaking of regime change, which of the following countries has, under its current regime, pre-emptively attacked another country?
North Korea
Iran
The United States
Clue: it's also the only country ever to have used nuclear weapons.
I was under the impression that glass already relfected a substantial amount of infrared light - isn't that how greenhouses work? Visible light passes through the glass, is absorbed by things inside the greenhouse and re-emitted as infrared, which is reflected by the glass and thus trapped inside the greenhouse.
Obviously I've misunderstood, otherwise this breakthrough wouldn't be worth writing about, so can someone please explain to me how greenhouses actually work, and why glass that reflects infrared wouldn't cause the room to get hotter rather than cooler?
You don't have to use dselect or tasksel for installation. Just answer "no" to both and the installer drops you to a shell where you can use lovely, lithe, kissable apt.
Oh dear, I just used sexual terms to describe a software management tool. I'm going to go and walk under a bus now.
What about twenty, twenty-five years from now? Conversation will become more ambiguous
Please tell me that your use of a high rising terminalin writing in this context was deliberately ironic. Otherwise the irony would be fantastic. Like, literally.
This paper predicts that a fast-scanning Nimda-like worm launched against a small "hit list" of known vulnerable machines could infect millions of machines in minutes - too fast for any human-mediated response. Such a worm could reach saturation point and begin destroying its hosts before most admins had even noticed what was happening. Even those who noticed would not have time to study the worm's behaviour, let alone analyze its code. Stealth code would therefore be unnecessary, except to make it more difficult for subsequent investigations to identify the source of the worm.
The hit list technique speeds up the initial phase of infection, which is normally slow and vulnerable to isolated failures. The list is compiled ahead of time by normal vulnerability scanning; the machines on the list are simultaneously infected to start the attack. Each copy of the worm then scans for and infects further vulnerable machines as quickly as possible, dividing the address space at each hop to avoid unnecessary overlaps (some redundancy might be desirable, but completely random scanning would be inefficient). The list can be divided in a topology-aware way to reduce congestion that might otherwise limit the rate of infection.
However, if you ask the same advocate why s/he wants a particular patent invalidated, it's usually to copy a patented algorithm and incorporate it into an open source product. That doesn't seem like innovation to me.
Your argument is circular. If you ask why a particular patent is bad, you're restricting the scope of the discussion to things that have already been patented, so of course innovation is out of the picture.
The most important problem with software patents, especially for independent developers, is that you don't know what might have been patented. Every time you write a piece of software you're potentially violating patents. Over-broad patents are a problem too, of course, and most people who complain about one complain about the other, but applying their complaints about one problem to the other problem doesn't prove them wrong.
Software patents chill innovation and prevent interoperability. The same software patent doesn't have to do both in order for both to be true.
3G phone subscribers are billed per packet, but there's no reason the providers have to bill all of their customers that way.
I think the idea is to find a use for 3G infrastructure that cost billions and isn't being used. 3G was expected to take off and didn't; WiFi wasn't expected to take off and did. Maybe 3G services will be popular in a few years, but in the meantime the owners can make some money by connecting WiFi hotspots to the net. Sounds like a great idea to me - some of the most attractive locations for 802.11 access points (buses, trains, parks) are difficult to wire up but have good cellular coverage.
This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it.
---------------- Black Ops 2004 @ LayerOne Dan Kaminsky ---------------- Introduction
Who am I?
Senior Security Consultant, Avaya Enterprise Security Practice
Author of "Paketto Keiretsu", a collection of advanced TCP/IP manipulation tools
Speaker at Black Hat Briefings
Black Ops of TCP/IP series
Gateway Cryptography w/ OpenSSH
Protocol Geek ---------------- What's On The Plate for Today?/* char descrip[256] = "You'll see"; */ ---------------- What is DNS
DNS: Domain Name System
Mechanism for translating human-readable names into machine routable addresses
"Like 411 for the Internet"
As 411 usually but not always yields simple phone numbers, DNS usually but not always yields IP addresses
A: Given name, find IP
MX: Given name, find Mail
PTR: Given IP, find name
TXT: Given name, find "stuff" ---------------- "Useful" Traits of DNS (Very Very Abridged)
Hierarchical.com says where to find addresses in.doxpara.com, and.doxpara.com says where to find addresses in foo.doxpara.com
Recursive vs. Iterative Lookups
Iterative Lookup: Ask a server a question, it tells you where to go to find out the answer
Recursive Lookup: Ask a server, it goes out and finds out the answer for you, and tells you
It queries the hierarchy...which you may control
Caching
Responses contain a TTL - Time To Live - within which future requests don't require another message to be sent ---------------- Primary Research Areas for DNS
Exploitation
1999-2000 were filled with exploits against BIND, the most common DNS server
Not terribly vulnerable now
DNS Spoofing
Returning false addresses = hijack people's outgoing net connections
DNS Tunneling ---------------- DNS Tunneling [1]
How
Client -> Server
What's the information for BATCH-OF-ENCODED-DATA.doxpara.com?
Server -> Client
The information? Why, it's "HERES-THAT-DATA-YOU-WERE-LOOKING-FOR"
Why?
DNS is extremely permeable - it will route through architectures where often nothing else will
Captive portals for Wireless Internet
"More";-) ---------------- Starting Simple: DNS Tunneling [0]
Who?
NSTX most popular
Creates a "virtual network device" that routes IP (actually, Ethernet frames) over DNS
Linux Only
Rumors of various botnets / malware using DNS as a covert channel ---------------- DNS Tunneling[2]: Entering Userspace
Perhaps he's imagining that P2P networks will be used to arrange physical transactions, eg long "loops" of barter transactions? However, even with that interpretation I don't see why peer-to-peer networks have to be involved; Ebay is centralized, for example.
I mean how do you trust totally unknown people to transfer your data/food/whatever between any two points?
I'm not sure about food but here's how it works for data:
Get the recipient's public key or public key fingerprint. This is the most general kind of "address" you can possibly have - it says nothing about where to find the recipient or how to deliver the message, but it allows you to verify that the message has been delivered. Generality is good in this context because we don't know what kinds of devices, protocols and media are going to be used to deliver the message.
Decide how much you're willing to pay for delivery of the message. "Payment" could mean micropayments in some kind of digital currency, or if you usually deal with the same set of neighbours it could simply mean adjusting someone's "credit balance" - in other words promising to pay them back in kind, one of these days, by forwarding a message for them.
Work out which of your neighbours has the best route to the recipient. If you don't know who might have a route, choose a neighbour randomly, use a rule of thumb, or send the message to everyone. If you send it to more than one neighbour, divide the credit between them.
Keep a copy of the message until the recipient acknowledges it, eg by sending a digitally signed reply containing the hash of the message. If no acknowledgement arrives, retransmit the message, possibly by a different route.
Remember which neighbours have recently been good at delivering messages to which destinations. If someone keeps accepting payment for delivering messages but the messages aren't getting through, stop trusting that person with your messages.
The crucial part is "keep a copy". That's why data is easier than food - the worst someone can do with your message is fail to deliver it, and then you can send another copy.
As a matter of fact, who would trust their credit card number to travel through a peer-to-peer network to get to the company he/she's ordering from?
Obviously you'd use end-to-end encryption and authentication.
FWIW, 2.6 is not suitable for desktop machines with 32MB RAM - it runs into swap storms in tight memory situations which 2.4 handles without a problem.
In such a load pattern, garbage collection can be performed when the load is low, and the GC hardly impacts performance at all.
Are you sure? A garbage collection sweep visits many pages of memory, possibly requiring disk activity to swap them in and potentially swapping out pages that you're going to need when the next CPU usage spike comes along.
I take your point that this is not censorship. Narrowly defined, censorship relates to the official suppression of material before publication. However, that leaves us without words to describe important phenomena such as the rounding up and destruction of banned works after publication, the official suppression of private communication, and the official limitation of certain kinds of speech to certain persons. "Censorship" is used to describe all these things because its meaning most closely fits what we are trying to discuss. Please forgive us for being sloppy, but the language evolves.
Many things are lazily called censorship, from takedown notices to banning someone from an IRC channel. Most of them are simply the publisher's refusal to help someone say something the publisher disagrees with. However, when the threat of legal action is involved, the publisher is refusing to help someone say something they are officially not allowed to say. Rather than being a discerning individual, the publisher becomes the instrument of official limitation of speech, and as such I think the title of censor is appropriate.
The problem highlighted by the article is that copyright is a form of official limitation of speech which is primarily policed by citizens, although their authority derives from the government. Thus a publisher can be faced with a takedown notice from someone claiming the legal authority of a government censor, with no reliable way of checking whether that person has the authority they are claiming. The publisher's least risky course of action is to comply with every takedown request, meaning that anyone who can write a plausible cease and desist letter can effectively remove documents from the web at will. A publisher who ignores takedown notices is likely to run across a genuine copyright holder sooner or later and be sued out of existence, so the most timid publishers will tend to survive.
Yup, there's a similar clause in the UK whereby if the government demands your encryption keys, it's a crime to tell anyone. But then again the UK doesn't (except via European law) have any laws promising free speech in the first place...
Slashdot Mirror
Actually, I'd rather have my next door neighbour know what I was searching for (and vice versa) than have any single person know what *everyone* was searching for. Power corrupts.
Did I say anythig about moral equivalence? No. I was talking in purely practical terms about the threat of a pre-emptive strike. The US clearly presents a greater threat to North Korea and Iran than vice versa.
Yeah, because nothing says peace like "poor and heavily armed". ;-)
- North Korea
- Iran
- The United States
Clue: it's also the only country ever to have used nuclear weapons.You mean another US ally, right?
Obviously I've misunderstood, otherwise this breakthrough wouldn't be worth writing about, so can someone please explain to me how greenhouses actually work, and why glass that reflects infrared wouldn't cause the room to get hotter rather than cooler?
Oh dear, I just used sexual terms to describe a software management tool. I'm going to go and walk under a bus now.
Please tell me that your use of a high rising terminal in writing in this context was deliberately ironic. Otherwise the irony would be fantastic. Like, literally.
How thoroughly evil. :-) Thanks for the link.
The hit list technique speeds up the initial phase of infection, which is normally slow and vulnerable to isolated failures. The list is compiled ahead of time by normal vulnerability scanning; the machines on the list are simultaneously infected to start the attack. Each copy of the worm then scans for and infects further vulnerable machines as quickly as possible, dividing the address space at each hop to avoid unnecessary overlaps (some redundancy might be desirable, but completely random scanning would be inefficient). The list can be divided in a topology-aware way to reduce congestion that might otherwise limit the rate of infection.
Your argument is circular. If you ask why a particular patent is bad, you're restricting the scope of the discussion to things that have already been patented, so of course innovation is out of the picture.
The most important problem with software patents, especially for independent developers, is that you don't know what might have been patented. Every time you write a piece of software you're potentially violating patents. Over-broad patents are a problem too, of course, and most people who complain about one complain about the other, but applying their complaints about one problem to the other problem doesn't prove them wrong.
Software patents chill innovation and prevent interoperability. The same software patent doesn't have to do both in order for both to be true.
I think the idea is to find a use for 3G infrastructure that cost billions and isn't being used. 3G was expected to take off and didn't; WiFi wasn't expected to take off and did. Maybe 3G services will be popular in a few years, but in the meantime the owners can make some money by connecting WiFi hotspots to the net. Sounds like a great idea to me - some of the most attractive locations for 802.11 access points (buses, trains, parks) are difficult to wire up but have good cellular coverage.
I tried to tell you but the lameness filter told me to try less repetition...
This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it.
/* char descrip[256] = "You'll see"; */
.com says where to find addresses in .doxpara.com, and .doxpara.com says where to find addresses in foo.doxpara.com
;-)
----------------
Black Ops 2004 @ LayerOne
Dan Kaminsky
----------------
Introduction
Who am I?
Senior Security Consultant, Avaya Enterprise Security Practice
Author of "Paketto Keiretsu", a collection of advanced TCP/IP manipulation tools
Speaker at Black Hat Briefings
Black Ops of TCP/IP series
Gateway Cryptography w/ OpenSSH
Protocol Geek
----------------
What's On The Plate for Today?
----------------
What is DNS
DNS: Domain Name System
Mechanism for translating human-readable names into machine routable addresses
"Like 411 for the Internet"
As 411 usually but not always yields simple phone numbers, DNS usually but not always yields IP addresses
A: Given name, find IP
MX: Given name, find Mail
PTR: Given IP, find name
TXT: Given name, find "stuff"
----------------
"Useful" Traits of DNS
(Very Very Abridged)
Hierarchical
Recursive vs. Iterative Lookups
Iterative Lookup: Ask a server a question, it tells you where to go to find out the answer
Recursive Lookup: Ask a server, it goes out and finds out the answer for you, and tells you
It queries the hierarchy...which you may control
Caching
Responses contain a TTL - Time To Live - within which future requests don't require another message to be sent
----------------
Primary Research Areas for DNS
Exploitation
1999-2000 were filled with exploits against BIND, the most common DNS server
Not terribly vulnerable now
DNS Spoofing
Returning false addresses = hijack people's outgoing net connections
DNS Tunneling
----------------
DNS Tunneling [1]
How
Client -> Server
What's the information for BATCH-OF-ENCODED-DATA.doxpara.com?
Server -> Client
The information? Why, it's "HERES-THAT-DATA-YOU-WERE-LOOKING-FOR"
Why?
DNS is extremely permeable - it will route through architectures where often nothing else will
Captive portals for Wireless Internet
"More"
----------------
Starting Simple:
DNS Tunneling [0]
Who?
NSTX most popular
Creates a "virtual network device" that routes IP (actually, Ethernet frames) over DNS
Linux Only
Rumors of various botnets / malware using DNS as a covert channel
----------------
DNS Tunneling[2]:
Entering Userspace
Starting "Simple"
NSTX requ
Perhaps he's imagining that P2P networks will be used to arrange physical transactions, eg long "loops" of barter transactions? However, even with that interpretation I don't see why peer-to-peer networks have to be involved; Ebay is centralized, for example.
I'm not sure about food but here's how it works for data:
- Get the recipient's public key or public key fingerprint. This is the most general kind of "address" you can possibly have - it says nothing about where to find the recipient or how to deliver the message, but it allows you to verify that the message has been delivered. Generality is good in this context because we don't know what kinds of devices, protocols and media are going to be used to deliver the message.
- Decide how much you're willing to pay for delivery of the message. "Payment" could mean micropayments in some kind of digital currency, or if you usually deal with the same set of neighbours it could simply mean adjusting someone's "credit balance" - in other words promising to pay them back in kind, one of these days, by forwarding a message for them.
- Work out which of your neighbours has the best route to the recipient. If you don't know who might have a route, choose a neighbour randomly, use a rule of thumb, or send the message to everyone. If you send it to more than one neighbour, divide the credit between them.
- Keep a copy of the message until the recipient acknowledges it, eg by sending a digitally signed reply containing the hash of the message. If no acknowledgement arrives, retransmit the message, possibly by a different route.
- Remember which neighbours have recently been good at delivering messages to which destinations. If someone keeps accepting payment for delivering messages but the messages aren't getting through, stop trusting that person with your messages.
The crucial part is "keep a copy". That's why data is easier than food - the worst someone can do with your message is fail to deliver it, and then you can send another copy.As a matter of fact, who would trust their credit card number to travel through a peer-to-peer network to get to the company he/she's ordering from?
Obviously you'd use end-to-end encryption and authentication.
Does their definition of hate speech include the Bible, which demands that homosexuals be put to death? (Leviticus 20:13)
FWIW, 2.6 is not suitable for desktop machines with 32MB RAM - it runs into swap storms in tight memory situations which 2.4 handles without a problem.
Releasing something doesn't make it a release. You can release a ferret, for example.
Are you sure? A garbage collection sweep visits many pages of memory, possibly requiring disk activity to swap them in and potentially swapping out pages that you're going to need when the next CPU usage spike comes along.
Note to self: get laptop and 10 foot ethernet cable. Sell chair and clothes.
News for nerds who pronounce Slashdot "Forward-slash dot".
Bear in mind that some of the machines connecting to this service might be connected to the internet, even if the main server isn't.
Many things are lazily called censorship, from takedown notices to banning someone from an IRC channel. Most of them are simply the publisher's refusal to help someone say something the publisher disagrees with. However, when the threat of legal action is involved, the publisher is refusing to help someone say something they are officially not allowed to say. Rather than being a discerning individual, the publisher becomes the instrument of official limitation of speech, and as such I think the title of censor is appropriate.
The problem highlighted by the article is that copyright is a form of official limitation of speech which is primarily policed by citizens, although their authority derives from the government. Thus a publisher can be faced with a takedown notice from someone claiming the legal authority of a government censor, with no reliable way of checking whether that person has the authority they are claiming. The publisher's least risky course of action is to comply with every takedown request, meaning that anyone who can write a plausible cease and desist letter can effectively remove documents from the web at will. A publisher who ignores takedown notices is likely to run across a genuine copyright holder sooner or later and be sued out of existence, so the most timid publishers will tend to survive.
Yup, there's a similar clause in the UK whereby if the government demands your encryption keys, it's a crime to tell anyone. But then again the UK doesn't (except via European law) have any laws promising free speech in the first place...