I'm not going that far; what I'm saying is that if I'm running an ISP and I know that I own the 23.45.67.* block, I won't let packets with a source address of 98.x.x.x or what have you out of my network.
I'm not saying you need to validate every packet that comes out (way too computationally expensive, i imagine), just that the same way you set up ingress filters preventing packets with a return address of 127.0.0.1 or 10.x.x.x and whatnot come in, you should prevent those obviously falsified packets from ever going out.
Like sane egress routing checks set up on the individual ISPs end?
No, it won't prevent DDoS attacks, but if the checks are set up so as to prevent packets with spoofed IPs from ever leaving their segment, then the people being attacked can see who's attacking, drop packets from them and notify the ISP hosting the (inadvertent?) attacker, letting them know what's happening.
No, really. Two-odd years ago I was working for a (now since long-dead) startup, and our initial name was, you guessed it... X-Box. I wasn't so wowed by it, but whatever, I'm a developer, not a marketroid.
So I head out to check it out on Internic, and it turns out that someone had snatched the site up a few weeks before we wanted it. Shit.
So I check the site out, see that nothing's there. Portscan it (yes, I'm a bad person) and find out no fucking services are up and running on it. E-mail the provider, get forwarded to the owner, and he's got the huevos to tell me "I've got some very exciting functionality coming out from my website in the next year, but I'd be willing to part with it for $10,000." I scream various and sundry obscenities, call him a squatting shitbag (not to his face), but he stands firm on it.
Who knew the douche was sitting on such a goddamned goldmine?
When the cops come busting down your door, comply, comply, comply.
Also, ABSOLUTELY remember where you're going to school and don't march or protest or do anything stupid like that. It sure as shit beats the alternative: Diallo-esque caps in your back as you try to run.
>Anybody with the ability to create this kind of system must be able to see the terrible implications of its use. Who, being of sound mind and technological intellect would voluntarily work to the potential end that this paper has predicted? Maybe I can say this as a mere undergrad not yet out in the workforce, but there must be some sort of job consiousness in everybody. Am I completely wrong?
There will be no Nuremberg trial for these brave, bold innovators of technology, and apparently you also forgot about the Stanford Prison Experiment. But it's OK, we all have brainfarts from time to time.
That analogue too much for you to pull? See also: Milgram's experiments in obedience done around the time of the aforementioned Nuremberg trials.
If you're having an ADD day, let me sum up: otherwise good, rational people can do otherwise inexplicably horrific, evil things because someone told them to do it.
Lack of authority and the desire to keep your family fed are powerfully motivating forces; even if they can't find anyone over here to do the engineering for them (they can) then they can always look overseas and import smart, cheap labor. You can thank the US government for quietly and markedly increasing immigration visas from places like India and Russia while decrying the GREAT MEXICAN EVIL later.
I thought Radiohead was a shitty Pink Floyd rip-off?
Also, by 2016 we should all be listening to nothing but electronica, because the same braindead sheep^H^H^H^H well-informed cultural critics that inexplicably named Basement Jaxx one of the top albums of the '90s has been heralding this newfangled "electronica" as the music of the future.
I don't know about you, but I look forward to a future of BMW buying out Aube and Coca Cola snatching up the latest MSBR release for the backing music.
I hope Richard Ashcroft cracks down on music by those goddamned homosexuals. They're corrupting my morals or something.
Now shut up and give me some more Fucked Pix, you lazy bastard.
(virtual instruments? literally sucked, no doubt...)
I wasn't aware that JavaScript had any object model to interact with outside of its context as a web page or what have you, which is to say: using JS, I can't detect when the back/next button is clicked and use it to trigger an event.
Apparently (according to the "Privacy Foundation"'s website, it piggybacks onto the base functionality that some clients provide that notify you when someone has read your message, and add in text to the payload when someone forwards (responds?) to the message.
They also claim that this has been in the wild since '98 at least, despite no big hubub over it? Fishy, fishy, fishy. I'm waiting to see the 'sploit code to buy it myself.
Something about being my full-time computer for three years of college; many, many "backup" copies of various and sundry software was installed and uninstalled, sometimes multiple times. It just keeps on ticking, and I'm not really sure how.
Standby mode? Ha ha. This old clunker doesn't have it. I leave a screensaver on, but the monitor stays off unless I need to get at the BBS to fix an issue with the doors hanging, so it's a moot point anyhow.
I've got my P/100 (with a whopping 16 MB of RAM) running Win95, and a 5 node Syncrhonet BBS.
It'll stay up for weeks at a time (power outages aside). Plus I play NetHack on it. I've even used Word now and then because my newer box still doesn't have a perfectly legitimate backup copy installed onto it yet.
I'm still wondering how I haven't killed that box yet.
Well, what the fudge do you think your taxes are doing, other than lining the pockets of already-wealthy politicians and subsidizing corporations?
I'd rather see money go towards actually feeding and improving the well-being of _other_ Americans, but hey. As long as we're doing away with that pesky isolationist theory, we might as well help other not-so-well-off nations and hey. Giving our poor computers isn't such a bad idea, either.
Assuming (nasty word, that) we improve their condition first, otherwise it's sort of one of those "let them eat cake" situations.
> So, is it OK to do this in an attempt to give the good guys a jump on the bad guys?
It's generally accepted practice (tho by no means mandated) among security researchers that they give the exploited company 48-ish business hours to patch whatever exploit they find before releasing it into the open. As was the case with BIND, researchers can and have sat on major bugs with no workarounds for much longer periods at the developers' request.
So would you rather hear a company announcement or wait for CERT to alert everyone (maybe) or Johnny Q. Scriptmonkey to point out the fact that you've got a glaringly open hole that you didn't know existed and don't know how to fix?
> I'd ask him how well does Win2K run DNS? And if he can make it work better than the company that wrote it?
Bra-vo. Way to rise above.
According to MS's release, their DNS servers were the victim of a (D)DoS attack. Half-witted network topography aside, are there any operating systems out there that I'm not aware of with a magical TCP/IP stack that will allow them to transcend saturated pipes?
Not even touching 95/98 vs. Linux; as far as I'm concerned, it's apples and orangutans.
Linux' market share is also far less than that of Windows NT, plus it's not as much of a target for security researchers/hackers; if you were to get analogues to David Litchfield and (especially) Georgi Guninski examining Linux and its related bugs I daresay it'd be a much different story.
And do we scream bloody murder over every app that's got a buffer overflow, as opposed to just the kernel? Do we grant leniency to Linux because "it's just a kernel", ignoring what may be a litany of 3rd party apps shipping with your average distribution that open up gaping holes, while counting IE holes as NT/Win2K holes?
This whole "MY OS IS MORE SECURE THAN YOUR OS" argument is tired and pointless: OpenBSD is more secure than your OS (i'm speaking *nix/NT) and any other OS, if properly installed, is pretty much equally secure.
See also: an answer without a question.
See also: you can cure cancer by cutting a patient's head off; doesn't mean their condition's gonna improve anytime soon.
If you're not in the know, BountyQuest is a site to sort of publically ask "So, uh. Anyone have any prior art on this?" before they go ahead and patent it.
Nice in theory, but honestly it's about as valid as oh, say.... your average "hacker challenge"...
...I know a chap, ex-Forces, pretty high ranking, clearances, blah blah blah, now working in IT.
One interview he was on went swimmingly well, he didn't get the job. He asked why, was told (point-blank) something to the effect of "you're ex-military and you'll be after my job in weeks."
I'm not saying this is anything widespread, just that if you go on interviews, maybe don't ask so many questions about promotions?
> Why the hell should I pay their abortions? I am not scared of their babies!
Take the good with the bad. I've pioneered a new cure for cancer that the FDA won't approve for some reason: cutting the heads off of cancer patients sure solves their cancer problem, but it causes a rash of new ones.
If you think the decision (if it's true...) to withold funding from other nations' healthcare is based on anything other than a moral "mandate", you're deluding yourself. I don't give a fuck if I disagree with the morals of another country. I'd sure as shit rather see them do all sorts of GODLESS things and have healthy babies than watch the piles of the dead mount. That our own country could use the extra health aid as badly as others whether or not anyone else wants to admit it or not is besides the point; it's nice to see some money actually helping people other than giant corporations.
Or am I missing something here? Can you can come up with a plausible reason (other than enforcement of personal beliefs on others) why the "less government"'s head is wasting more of my tax money re-researching RU-486 when the FDA's studies as well as decades of use in Europe has already shown its initial findings to be on the money? (cprm doesn't outlaw copyright, but it sure does seem to infringe on my rights...)
Anti-abortion, pro-execution.
God I love you, Bush.
No. Really I do. Saw some sound bite on the news about how he's planning to rescind paying for other countries' healthcare if they have legal abortions.
Glad to know that in a country where church and state are supposedly divorced, someone who the majority (plurality?) of the country didn't vote for is free to enforce his myopic morals on other countries. Doubly glad knowing that it's OK for his mistresses to have abortions, just not other people's actual wives.
Laws on hacking are inexplicably awful (if i steal from a supermarket, am i not allowed in supermarket or anywhere that has foodstuffs in it for years afterwords i've repaid my debt to society with prison time?) and I really hope that he just makes them worse.
I'm just really hoping that he vomits up enough moral atrocities in his 4 years that people think twice before voting for one of the Big Two parties again. Bush could be the best thing that ever happened to this country.
I love that richkid cokewhore chimptwin bumbling mongoloid.
That's right, kids! Microsoft's not the only one who can do it!
What is all this blabbering about? Anyone with half a clue knows that VBScript and JScript are server-side languages; you can use them client-side (IE only, naturally), but the smart money's on ECMAScript there.
So what's the point again?
Slashdot Mirror
I'm not going that far; what I'm saying is that if I'm running an ISP and I know that I own the 23.45.67.* block, I won't let packets with a source address of 98.x.x.x or what have you out of my network.
I'm not saying you need to validate every packet that comes out (way too computationally expensive, i imagine), just that the same way you set up ingress filters preventing packets with a return address of 127.0.0.1 or 10.x.x.x and whatnot come in, you should prevent those obviously falsified packets from ever going out.
Like sane egress routing checks set up on the individual ISPs end?
No, it won't prevent DDoS attacks, but if the checks are set up so as to prevent packets with spoofed IPs from ever leaving their segment, then the people being attacked can see who's attacking, drop packets from them and notify the ISP hosting the (inadvertent?) attacker, letting them know what's happening.
No, really. Two-odd years ago I was working for a (now since long-dead) startup, and our initial name was, you guessed it... X-Box. I wasn't so wowed by it, but whatever, I'm a developer, not a marketroid.
So I head out to check it out on Internic, and it turns out that someone had snatched the site up a few weeks before we wanted it. Shit.
So I check the site out, see that nothing's there. Portscan it (yes, I'm a bad person) and find out no fucking services are up and running on it. E-mail the provider, get forwarded to the owner, and he's got the huevos to tell me "I've got some very exciting functionality coming out from my website in the next year, but I'd be willing to part with it for $10,000." I scream various and sundry obscenities, call him a squatting shitbag (not to his face), but he stands firm on it.
Who knew the douche was sitting on such a goddamned goldmine?
When the cops come busting down your door, comply, comply, comply.
Also, ABSOLUTELY remember where you're going to school and don't march or protest or do anything stupid like that. It sure as shit beats the alternative: Diallo-esque caps in your back as you try to run.
Wonderful how we can type so much and say so little, isn't it?
>Anybody with the ability to create this kind of system must be able to see the terrible implications of its use. Who, being of sound mind and technological intellect would voluntarily work to the potential end that this paper has predicted? Maybe I can say this as a mere undergrad not yet out in the workforce, but there must be some sort of job consiousness in everybody. Am I completely wrong?
There will be no Nuremberg trial for these brave, bold innovators of technology, and apparently you also forgot about the Stanford Prison Experiment. But it's OK, we all have brainfarts from time to time.
That analogue too much for you to pull? See also: Milgram's experiments in obedience done around the time of the aforementioned Nuremberg trials.
If you're having an ADD day, let me sum up: otherwise good, rational people can do otherwise inexplicably horrific, evil things because someone told them to do it.
Lack of authority and the desire to keep your family fed are powerfully motivating forces; even if they can't find anyone over here to do the engineering for them (they can) then they can always look overseas and import smart, cheap labor. You can thank the US government for quietly and markedly increasing immigration visas from places like India and Russia while decrying the GREAT MEXICAN EVIL later.
I thought Radiohead was a shitty Pink Floyd rip-off?
Also, by 2016 we should all be listening to nothing but electronica, because the same braindead sheep^H^H^H^H well-informed cultural critics that inexplicably named Basement Jaxx one of the top albums of the '90s has been heralding this newfangled "electronica" as the music of the future.
I don't know about you, but I look forward to a future of BMW buying out Aube and Coca Cola snatching up the latest MSBR release for the backing music.
I hope Richard Ashcroft cracks down on music by those goddamned homosexuals. They're corrupting my morals or something.
Now shut up and give me some more Fucked Pix, you lazy bastard.
(virtual instruments? literally sucked, no doubt...)
I wasn't aware that JavaScript had any object model to interact with outside of its context as a web page or what have you, which is to say: using JS, I can't detect when the back/next button is clicked and use it to trigger an event.
Apparently (according to the "Privacy Foundation"'s website, it piggybacks onto the base functionality that some clients provide that notify you when someone has read your message, and add in text to the payload when someone forwards (responds?) to the message.
They also claim that this has been in the wild since '98 at least, despite no big hubub over it? Fishy, fishy, fishy. I'm waiting to see the 'sploit code to buy it myself.
Something about being my full-time computer for three years of college; many, many "backup" copies of various and sundry software was installed and uninstalled, sometimes multiple times. It just keeps on ticking, and I'm not really sure how.
Standby mode? Ha ha. This old clunker doesn't have it. I leave a screensaver on, but the monitor stays off unless I need to get at the BBS to fix an issue with the doors hanging, so it's a moot point anyhow.
I've got my P/100 (with a whopping 16 MB of RAM) running Win95, and a 5 node Syncrhonet BBS.
It'll stay up for weeks at a time (power outages aside). Plus I play NetHack on it. I've even used Word now and then because my newer box still doesn't have a perfectly legitimate backup copy installed onto it yet.
I'm still wondering how I haven't killed that box yet.
Did his mistress' family come upon a windfall of Dells or something?
Well, what the fudge do you think your taxes are doing, other than lining the pockets of already-wealthy politicians and subsidizing corporations?
I'd rather see money go towards actually feeding and improving the well-being of _other_ Americans, but hey. As long as we're doing away with that pesky isolationist theory, we might as well help other not-so-well-off nations and hey. Giving our poor computers isn't such a bad idea, either.
Assuming (nasty word, that) we improve their condition first, otherwise it's sort of one of those "let them eat cake" situations.
> So, is it OK to do this in an attempt to give the good guys a jump on the bad guys?
It's generally accepted practice (tho by no means mandated) among security researchers that they give the exploited company 48-ish business hours to patch whatever exploit they find before releasing it into the open. As was the case with BIND, researchers can and have sat on major bugs with no workarounds for much longer periods at the developers' request.
So would you rather hear a company announcement or wait for CERT to alert everyone (maybe) or Johnny Q. Scriptmonkey to point out the fact that you've got a glaringly open hole that you didn't know existed and don't know how to fix?
> I guess the point, the attrition.org statistics aren't really saying what you want them to say.
There are lies, damned lies, and statistics.
> I'd ask him how well does Win2K run DNS? And if he can make it work better than the company that wrote it?
Bra-vo. Way to rise above.
According to MS's release, their DNS servers were the victim of a (D)DoS attack. Half-witted network topography aside, are there any operating systems out there that I'm not aware of with a magical TCP/IP stack that will allow them to transcend saturated pipes?
Not even touching 95/98 vs. Linux; as far as I'm concerned, it's apples and orangutans.
Linux' market share is also far less than that of Windows NT, plus it's not as much of a target for security researchers/hackers; if you were to get analogues to David Litchfield and (especially) Georgi Guninski examining Linux and its related bugs I daresay it'd be a much different story.
And do we scream bloody murder over every app that's got a buffer overflow, as opposed to just the kernel? Do we grant leniency to Linux because "it's just a kernel", ignoring what may be a litany of 3rd party apps shipping with your average distribution that open up gaping holes, while counting IE holes as NT/Win2K holes?
This whole "MY OS IS MORE SECURE THAN YOUR OS" argument is tired and pointless: OpenBSD is more secure than your OS (i'm speaking *nix/NT) and any other OS, if properly installed, is pretty much equally secure.
I seem to remember people making the same argument against computers...
See also: an answer without a question.
See also: you can cure cancer by cutting a patient's head off; doesn't mean their condition's gonna improve anytime soon.
If you're not in the know, BountyQuest is a site to sort of publically ask "So, uh. Anyone have any prior art on this?" before they go ahead and patent it.
Nice in theory, but honestly it's about as valid as oh, say.... your average "hacker challenge"...
Will they be doling out statistics regarding how many perfectly legitimate sites are being blocked out by their own software?
But I'm sure this information will be very valuable to the marketroids who haven't figured out that kids like Britney Spears and the Backdoor Boys.
> such sensible leaders as George W. Bush Ha ha.
...I know a chap, ex-Forces, pretty high ranking, clearances, blah blah blah, now working in IT.
One interview he was on went swimmingly well, he didn't get the job. He asked why, was told (point-blank) something to the effect of "you're ex-military and you'll be after my job in weeks."
I'm not saying this is anything widespread, just that if you go on interviews, maybe don't ask so many questions about promotions?
> Why the hell should I pay their abortions? I am not scared of their babies!
Take the good with the bad. I've pioneered a new cure for cancer that the FDA won't approve for some reason: cutting the heads off of cancer patients sure solves their cancer problem, but it causes a rash of new ones.
If you think the decision (if it's true...) to withold funding from other nations' healthcare is based on anything other than a moral "mandate", you're deluding yourself. I don't give a fuck if I disagree with the morals of another country. I'd sure as shit rather see them do all sorts of GODLESS things and have healthy babies than watch the piles of the dead mount. That our own country could use the extra health aid as badly as others whether or not anyone else wants to admit it or not is besides the point; it's nice to see some money actually helping people other than giant corporations.
Or am I missing something here? Can you can come up with a plausible reason (other than enforcement of personal beliefs on others) why the "less government"'s head is wasting more of my tax money re-researching RU-486 when the FDA's studies as well as decades of use in Europe has already shown its initial findings to be on the money? (cprm doesn't outlaw copyright, but it sure does seem to infringe on my rights...)
Anti-abortion, pro-execution.
God I love you, Bush.
No. Really I do. Saw some sound bite on the news about how he's planning to rescind paying for other countries' healthcare if they have legal abortions.
Glad to know that in a country where church and state are supposedly divorced, someone who the majority (plurality?) of the country didn't vote for is free to enforce his myopic morals on other countries. Doubly glad knowing that it's OK for his mistresses to have abortions, just not other people's actual wives.
Laws on hacking are inexplicably awful (if i steal from a supermarket, am i not allowed in supermarket or anywhere that has foodstuffs in it for years afterwords i've repaid my debt to society with prison time?) and I really hope that he just makes them worse.
I'm just really hoping that he vomits up enough moral atrocities in his 4 years that people think twice before voting for one of the Big Two parties again. Bush could be the best thing that ever happened to this country.
I love that richkid cokewhore chimptwin bumbling mongoloid.
That's right, kids! Microsoft's not the only one who can do it! What is all this blabbering about? Anyone with half a clue knows that VBScript and JScript are server-side languages; you can use them client-side (IE only, naturally), but the smart money's on ECMAScript there. So what's the point again?