a good network design should not allow this to happen in the first place. If a client is sending incorrect commands to the network or is eating up the token, etc, the router should cut off that node's access to the network
A router is just another node on a token-ring - it can't do the stuff you're talking about in the general case. If some broken-ring adaptor screws up, the router is typically just as baffled as anyone else. token-ring is over-complicated, over-costly nonsense. With really cheap switched ethernet available, no new network should ever use it, and old networks should migrate, as new NICs and hub costs will eat you alive.
Token ring is over-complicated. It is very dificult for vendors tro get the drivers right, taking 2 or 3 or 4 tries for most of them. Shops that go purely Big Blue do have better luck. But it IS ancient tecnology, 100Mb tokenring, anyone? The standard may exist but I wouldn't touch it with *your* dick. And if you think source-route bridging is cool, - YUCK. The only thing worse is transparent bridging. Bridging SUCKs. 40 second reroute times, 7 hop network diameter limits (if you follow the standard - you might increase network diameter, but only by increasing reroute time) - arghhh. Give me a routed network anyday.
I use Mozilla often, but not exclusively. It tends to hang (or appear to hang) on large pages, and that's certainly the world we were in with Slashdot/WTC coverage. Thanks for the tip.
your post, viewed on netscape, is lttered with question marks where there should be single quotes. This is usually (tho not always) the result of using Microschlock software. See http://www.fourmilab.ch/webtools/demoroniser/ for more information. (And my apologies if you weren't using MS crapware.)
This isn't the way to address this. We (the US) are now COMPELLED to go totally hardline. If we roll over for this in ANY we, we guarantee ourselves a steady diet of this in the future.
If Palestinins did this, they have killed any chance for poeace in this generation - and the real killing is probably just beginning.
As a side note, if our airline security is so good these days, how come they were abler to use 3 (or is it 4 - just heard Camp David got hit, don't know if this is true or not) airplanes as weapons?
We've already seen several organizations win lawsuits against GPL/warranty free
software writers because of damage that software caused to the organization. Several
involved the RIAA vs mp3/p2p software writers. Several involved the MPAA vs media
player authors. You might say that warranty exemption has become quite
meaningless in today's economy.
The first and third sentences appear to deal with liability to someone who used the software and lost time/money/product because of it. But the soecnd sentence sounds much more like copyright/DMCA issues, with RIAA vs. p2p sounding suspiciously like the Naptster suit. What is the deal here anyhow? If it's IP issues, warranty exemption is the wrong way to go. If it's warranty issues, what in the world do MPAA/RIAA/p2p issues have to do with it? When something makes this little sense, there's something fishy going on. These folks aren't saying everything they know.
The article noted included the point of view that Linux could be MORE secure due to the availablitlity of more 3rd party software in that regard - a point of view that is clearly new to you, given your comment.
Actually, people who know me think I've got a pretty good sense of humor. I just think that a lot of stuff that gets posted is silly crap (in this case, literally) while I know from experience that good stuff gets ignored. The twin articles from Security Focus, for example, one saying Linux could be more secure due to more third party support and the other saying OpenBSD was more secure by design, would have been good for days of debates and flames, and is actually significant, at least if you run either. This current story is just dumb.
Here are some articles I've submitted:
* 2001-03-16 18:07:27 EFFer vs. SPAMCOP: "Spam war gags Gilmore" (articles,news) (rejected)
* 2001-05-17 01:24:28 Why Linux|OpenBSD will never be as secure as OpenBSD|Linux (articles,linux) (rejected)
* 2001-05-19 01:31:39 Forrester Research: Death of Web 'inevitable' (articles,internet) (rejected)
I'm sure glad trivia like mine was rejected so that there'd be room for fascinating stories like this one. Makes me wonder who you have to blow arounde here to get an article accepted.
2. Alan Hourihane has tried to obtain documentation for the latest
Trident chipsest (CyberBladeXP and CyberBladeXPm) without success.
He offered to sign an NDA with a 'source code exception clause'
a clause which allowed distribution of unobfuscated source
developed with the help of documentation otherwise covered by the
NDA.
Trident appearantly didn't accept a 'source code exception clause'.
We therefore assumed that Trident Microsystems has modified its policy
of providing technical documentation.
If Trident says you can't distribute unobfuscated source code based on NDA-covered infromation and XFree86 says they won't accept an NDA with these terms, the roadblock remains. Trident can say they support OSS all they want and that nothing has changed, but it still makes it impossible for XF86 to use the information.
I tested in openSSH2.5.1p2 - the login password is sent in one packet, so the inter-key timing attack is crap for this.
The interkey timing applies ONLY AFTER the initial login. The cracker would have to have to somehow know you were exceuting something that involved entering a password, then capture the packets with your keystrokes.
This is getting way more play than it deserves, IMO.
Unfortunately, unless proprietary media formats, such as Winblowz Media Player or DVD CSS, are totaly torpedoed or else supported on Linux, the consumer market will not move en masse away from windows. Sadly, we may lose the home desktop because of this DRM crapola. I say this even though I like Linux and despise Microsoft.
Why does it say "Ran across this article on the IS-IT-TRUE.org site" then the link doesn't point to is-it-true.org, but instead to some server that is not even accepting connections on port 80?
ideally you could just block the customers with infected IIS servers,
Which accomplishes NOTHING for the current situation. Blocking inbound port 80 to the infected is worthless - they are ALREADY infected. Blocking outbound port 80, which WOULD do some good, will also stop them from using a web browser, which is bound to piss them off.
Actually, they moved it to akamai, a large network of servers distributed across the internet. Requests are spread out over several servers, thereby making the site as a whole more resistant to DDOS. (They just happen to be Linux). Microsoft did the same thing with their DNS servers after these were DDOS'd earlier this year. A network like Akamai may be the only real defense against a good DDOS (syn flood, spoofed IPs) that doesn't involve ignoring some lgeitimate requests as well as the trash.
Most courts still find licenses imposed after purcahse to be meaningless. These are nothing more (unless you live in Maryland or Virginia, where UCITA has already passed) than an attempt to convince you that you don't have the rights that you in fact do.
This is why UCITA is such an evil piece of crap. EULAs would be binding under UCITA.
Slashdot Mirror
a good network design should not allow this to happen in the first place. If a client is sending incorrect commands to the network or is eating up the token, etc, the router should cut off that node's access to the network
A router is just another node on a token-ring - it can't do the stuff you're talking about in the general case. If some broken-ring adaptor screws up, the router is typically just as baffled as anyone else. token-ring is over-complicated, over-costly nonsense. With really cheap switched ethernet available, no new network should ever use it, and old networks should migrate, as new NICs and hub costs will eat you alive.
Token ring is over-complicated. It is very dificult for vendors tro get the drivers right, taking 2 or 3 or 4 tries for most of them. Shops that go purely Big Blue do have better luck. But it IS ancient tecnology, 100Mb tokenring, anyone? The standard may exist but I wouldn't touch it with *your* dick. And if you think source-route bridging is cool, - YUCK. The only thing worse is transparent bridging. Bridging SUCKs. 40 second reroute times, 7 hop network diameter limits (if you follow the standard - you might increase network diameter, but only by increasing reroute time) - arghhh. Give me a routed network anyday.
I use Mozilla often, but not exclusively. It tends to hang (or appear to hang) on large pages, and that's certainly the world we were in with Slashdot/WTC coverage. Thanks for the tip.
your post, viewed on netscape, is lttered with question marks where there should be single quotes. This is usually (tho not always) the result of using Microschlock software. See http://www.fourmilab.ch/webtools/demoroniser/ for more information. (And my apologies if you weren't using MS crapware.)
..because there's no way a terroroist could find an unaltered copy of gnupg anywhere.
Right.
error '80020009'
Exception occurred.
/default.asp, line 133
More of that innovative MS technology at work.
This isn't the way to address this. We (the US) are now COMPELLED to go totally hardline. If we roll over for this in ANY we, we guarantee ourselves a steady diet of this in the future.
If Palestinins did this, they have killed any chance for poeace in this generation - and the real killing is probably just beginning.
As a side note, if our airline security is so good these days, how come they were abler to use 3 (or is it 4 - just heard Camp David got hit, don't know if this is true or not) airplanes as weapons?
We've already seen several organizations win lawsuits against GPL/warranty free
software writers because of damage that software caused to the organization. Several
involved the RIAA vs mp3/p2p software writers. Several involved the MPAA vs media
player authors. You might say that warranty exemption has become quite
meaningless in today's economy.
The first and third sentences appear to deal with liability to someone who used the software and lost time/money/product because of it. But the soecnd sentence sounds much more like copyright/DMCA issues, with RIAA vs. p2p sounding suspiciously like the Naptster suit. What is the deal here anyhow? If it's IP issues, warranty exemption is the wrong way to go. If it's warranty issues, what in the world do MPAA/RIAA/p2p issues have to do with it? When something makes this little sense, there's something fishy going on. These folks aren't saying everything they know.
But the issue is still not allocating enough digits lexically, eg using:
$filename = time() . $filename;
instead of:
$filename = sprint("%012d", time()) . $filename;
which gives extra zeroes up front. (is 12 enough digits for the LONG term?)
But a web server monitoring bathroom usage - that's interesting? Sheesh.
The article noted included the point of view that Linux could be MORE secure due to the availablitlity of more 3rd party software in that regard - a point of view that is clearly new to you, given your comment.
Get a sense of humor, jeez.
Actually, people who know me think I've got a pretty good sense of humor. I just think that a lot of stuff that gets posted is silly crap (in this case, literally) while I know from experience that good stuff gets ignored. The twin articles from Security Focus, for example, one saying Linux could be more secure due to more third party support and the other saying OpenBSD was more secure by design, would have been good for days of debates and flames, and is actually significant, at least if you run either. This current story is just dumb.
Here are some articles I've submitted:
* 2001-03-16 18:07:27 EFFer vs. SPAMCOP: "Spam war gags Gilmore" (articles,news) (rejected)
* 2001-05-17 01:24:28 Why Linux|OpenBSD will never be as secure as OpenBSD|Linux (articles,linux) (rejected)
* 2001-05-19 01:31:39 Forrester Research: Death of Web 'inevitable' (articles,internet) (rejected)
I'm sure glad trivia like mine was rejected so that there'd be room for fascinating stories like this one. Makes me wonder who you have to blow arounde here to get an article accepted.
From the email:
2. Alan Hourihane has tried to obtain documentation for the latest
Trident chipsest (CyberBladeXP and CyberBladeXPm) without success.
He offered to sign an NDA with a 'source code exception clause'
a clause which allowed distribution of unobfuscated source
developed with the help of documentation otherwise covered by the
NDA.
Trident appearantly didn't accept a 'source code exception clause'.
We therefore assumed that Trident Microsystems has modified its policy
of providing technical documentation.
If Trident says you can't distribute unobfuscated source code based on NDA-covered infromation and XFree86 says they won't accept an NDA with these terms, the roadblock remains. Trident can say they support OSS all they want and that nothing has changed, but it still makes it impossible for XF86 to use the information.
more people tried it and found more and more things (little things) wrong.
It still disappears for no good reason on a regular basis. Not a "little" bug.
And how is the cracker supposed to know this is happening?
I tested in openSSH2.5.1p2 - the login password is sent in one packet, so the inter-key timing attack is crap for this.
The interkey timing applies ONLY AFTER the initial login. The cracker would have to have to somehow know you were exceuting something that involved entering a password, then capture the packets with your keystrokes.
This is getting way more play than it deserves, IMO.
Unfortunately, unless proprietary media formats, such as Winblowz Media Player or DVD CSS, are totaly torpedoed or else supported on Linux, the consumer market will not move en masse away from windows. Sadly, we may lose the home desktop because of this DRM crapola. I say this even though I like Linux and despise Microsoft.
"I have found a proof of this theorem which is too long to fit in this margin." Think it actuallly exists?
Why does it say "Ran across this article on the IS-IT-TRUE.org site" then the link doesn't point to is-it-true.org, but instead to some server that is not even accepting connections on port 80?
ideally you could just block the customers with infected IIS servers,
Which accomplishes NOTHING for the current situation. Blocking inbound port 80 to the infected is worthless - they are ALREADY infected. Blocking outbound port 80, which WOULD do some good, will also stop them from using a web browser, which is bound to piss them off.
I hope that donations to EFF are reaching Dmitry's defense team. I donated specifically to fight DMCA and this looks like as good a case as any.
http://eff.org
Actually, they moved it to akamai, a large network of servers distributed across the internet. Requests are spread out over several servers, thereby making the site as a whole more resistant to DDOS. (They just happen to be Linux). Microsoft did the same thing with their DNS servers after these were DDOS'd earlier this year. A network like Akamai may be the only real defense against a good DDOS (syn flood, spoofed IPs) that doesn't involve ignoring some lgeitimate requests as well as the trash.
Microsoft's did it in advance with the EULA
Most courts still find licenses imposed after purcahse to be meaningless. These are nothing more (unless you live in Maryland or Virginia, where UCITA has already passed) than an attempt to convince you that you don't have the rights that you in fact do.
This is why UCITA is such an evil piece of crap. EULAs would be binding under UCITA.