Well, I'll have to disagree with you utterly there. The real problem is that Vista announces that it will route and then drops the packets routed through it.
If we had dead host/IPv6 detection, then we'd cope with this scenario *and* all others where only partial IPv6 connectivity exists. We could label partial IPv6 connectivity as broken and refuse to work on those conditions, but this is not realistic.
I, too, am using 6to4 at home in order to get rid of NAT, but lately I've been having great trouble when traveling around with my IPv6-enabled laptop (running Debian).
See, whenever I get to a public access point (which uses public IPv4 addresses, rather than a private 192.168.x.x net) it turns out that any Vista computers connected to the same link auto-configure themselves to use 6to4 and then advertise over ICMP that they are willing to route traffic through their 6to4 net. However, it turns out that they just drop the traffic! My laptop, not knowing that, though, will try to route IPv6 traffic through them nevertheless, which just makes every IPv6 site (including my own) stop working. Viva Vista!
The real problem is that GNU/Linux doesn't detect broken IPv6 connectivity and keeps using the AAAA records it gets from DNS. This is very difficult to address because the fix requires a layering violation which doesn't fit into the existing API (which is structured this way for a reason, of course). The fact that GNU/Linux distributions, while suffering from this issue, passed some government IPv6 test means that the test is rather incomplete and does not deal with the reality of mobile devices roaming between networks with different levels of IPv6 support.
The GPL allows developers (and other service providers) to sell themselves into slavery. It doesn't allow them to enslave their users, that's all. I'm not sure if the FSF struck the right balance. It's more acute with the GPLv3 because it explicitly mentions that enslaving service providers is perfectly acceptable, and there are areas where user and service provider roles begin to blur (e.g. you may provide service--storage space and electrical power--to your ISP to run the router on your premises, so they don't have to give you source code for the GPL software on the router).
Nonetheless, restricting your contributors in this way isn't something I'd expect from a healthy free software project.
You really think an LLC or corporation requires thousands in fees, taxes and bribes? Have you ever heard of legalzoom.com or bizfilings.com? They'll get either one of those business entities established for you for under $500.
Won't you have to pay fees to each state you want to do business in, on top of that?
Though, the funny thing was that I thought the US government was not able to hold copyright.
It's not possible to enforce it against U.S. citizens, but it's possible to enforce it abroad. The lack of an explicit software license (free or not) is a bit surprising.
Psychiatrists have known for a long time that paedophiles are "born that way", that their perversion isn't really a product of their upbringing or past life experiences, just like homosexuality.
I'm not sure if equating pedophilia with homosexuality is that helpful. I suppose the key difference between the two is that in the latter case, you can have fulfilling sex life without significant risk that someone ends up being traumatized for their rest of their lives (if you stay away from Republican senators, that is).
Anyway, many genuinely believe in theories that suggest certain pictures encourage people to live out their inherently destructive sexual fantasies, eventually harming others. I suppose it's very difficult to refute those theories (even though there are some studies suggest that sexual predators had less access to pornography when growing up), and controlled experiments are probably out of the question. Maybe they are even true, to some extent, who knows. Obviously, this results in very tough choices because you need to weigh free speech against some more or less theoretical risk.
Sometimes, it's also said that a significant amount of child abuse occurs when children accidently watch pornography on the Internet, but I suppose that's just a misunderstanding.
What this is is some politicians passing a think-of-the-children law to look good, probably before elections or something.
On the other hand, prosecuting those who actually are into child pornography of the ugliest kind is not very popular among voters. It's a strange dichotomy.
I often wonder how much of the statistics of sexual abuse and child porn are inflated because of our age of consent laws. Not sure what they are in the UK, and this is about a proposed law in the UK, but in the US the age is usually around 18.
It's only 18 if you're soliciting sex over the Internet. State legislation varies. In many states, the age is 16 (or even lower, if both partners are roughly of the same age).
Der Spiegel has a tendency to exaggerate news stories as soon as journalists are affected. Typically, journalists are portrayed as primary targets, despite their actual involvement. So this part should be taken with a grain of salt, like when bloggers are writing about other bloggers.
And you're right about paying. Actually, I think you should that kind of stuff in the family, without relying on outside parties.
Deutsche Telekom might just have screened call data records on company phones (provided to employees and board members for company purposes). In this case, it's very difficult to say if this practice was illegal -- or even morally wrong.
If Google values security so much, why can't do they anything about their open redirectors? After all, this has been abused by spammers and phishing scammers for weeks, so maybe it's time to finally do something about it.
This is mainly about actual devices, not about mere software. Nonsense. MP3 is a data design and an algorithm. Looks like I misremembered the company name, or Sisvel has acquired much broader patents in the meantime. Oops.
And technically, those aren't software patents, they are patents that nowadays can be infringed by software. When some of them were filed, I doubt it was obvious that audio encoding without specialized hardware (probably involving lots of DSPs) would be feasible one day.
That being said, I still hope that some day, pure software will be considered as both non-patentable and incapable of infringing patents. However, that wouldn't have helped most (if not all) of those companies targeted in the raids because they presented hardware devices.
Most of the patents concerned were related to devices with MP3, MP4, and DVB standard functions for digital audio and video, blank CDs, and DVD copiers I thought software patents were illegal in Europe This is mainly about actual devices, not about mere software. MP3 is kind of interesting because a second essential[*] patent pool has established itself, completely separate from the Fraunhofer/Thomson pool that everybody has licensed.
[*] Essential for portable MP3 players and similar devices.
Guess that's the last time there'll be another IT fair in Germany. It's been this way for years, it's kind of a ritual. Somehow I doubt it's contributed significantly to Cebit's decline.
Most high end machines support ECC RAM if that is what you mean. No, mainframe CPUs typically run in pairs or triples and are supposed to recover from errors (not just cosmic rays, too).
It is exciting that the large CPU manufacturers are taking this seriously now, this might mean that we can fly COTS CPUs in the future space missions (a system I am working on is using a 25 MHz SPARC v7 (you cannot even get the v7 manual anymore), so you can immagine of how big difference it would be to have Intel stamping out 2-3 GHz rad-tolerant CPUs compared to what we are using now). I suppose the radiation in space is on a somewhat different level, so you still need special rad-hard chips. I guess you can consider yourself lucky if your locked on SPARC v7 because compared to other options, it's still reasonably close to some industry standard.
I saw a display in the visitors' center at CERN that detected cosmic rays. A cloud chamber, maybe. Detecting cosmic rays is not the problem. It's difficult to verify that a piece of hardware is actually fault tolerant with regard to cosmic rays. (I don't believe in mainframes, that's why I put the caveat into the original posting. 8-)
But you can't really verify it because those events are so rare. It seems to me that Intel's innovation is to use some sort of detector, instead of using two or more chips and a comparator. It's probably way cheaper, but it won't work if the majority of unexplainable events are not, in fact, caused by cosmic rays but by some other effect (perhaps something temperature-related).
And even by Microsoft's standards, the Singularity code release is a non-event as far as licensing is considered. Microsoft has been publishing software under free licenses for years, and pays for more free software work than your average company at a Linux fair.
Not really. If the caching resolver isn't trusted, it doesn't matter if it is DNSSEC-aware or not. The clients usually run only stub resolvers and rely on the caching resolver to do the hard work.
And given that the switch to the untrustworthy DNS resolvers typically occurs when the user installs some alleged video codec, it would be easy to add additional DNSSEC trust anchors at this stage, too. For X.509 web server CAs, it has already been demonstrated that this is feasible when Comscore, through its Marketscore brand, did exactly that in order to be able to route HTTPS traffic through its proxies and analyze it in the clear.
This could potentially provide a platform for attacks involving prediction of IP sequences and thus TCP data injection attacks. Only if you disable path MTU discovery, which is a pretty obscure scenario (except for BGP peers, but there are better protection mecahnisms for that case).
How exactly is this strategy going to protect you from a keylogger?
It protects against CSRF attacks (at least when done properly), which appears to be the only thing the author cares about. It seems to me that a it's just some security outlet trying to gain publicity by referring to a vulnerability that has been documented for over a decade (see RFC 2109, section 4.3.5).
IPv6 has better security provisions within the protocol itself, making the usual run of D- through to F- on Federal security audits less likely.
In reality, IPsec is much more widely implemented (and more reliably as well) on top of IPv4. Despite the fact that IPsec is a mandatory part of IPv6.
The protocol incorporates many of the features back-engineered into IPv4 as standard, producing a cleaner design with fewer compromises and fewer flaws
Such as? The design doesn't become cleaner just by calling "IP options" "extension headers".
Built-in support for protocol expansion means future updates should have less impact and be adoptable faster
Packets using this extension are widely dropped because many implementations can't forward them efficiently, or may even crash processing them.
Automatic configuration means fewer errors and less maintenance
We have DHCP for that in IPv4 land. Router advertisements haven't even reached feature parity yet. Not a problem per se, because there is DHCPv6.
Alignment of entries in the header means potentially greater throughput
Yeah, right. And to compensate any potential speed gains, extension headers were added. Unfortuantely, these days you need to look at L4 headers while forwarding packets, even on routers relatively close to the core, so the original design is worthless as far as header optimization is concerned.
Skript Kiddies will end up jumping off bridges as they won't know what to do
v6 tunnels are quite popular in some circles.
IPv6 is just IPv4 with longer addresses. Treat it as such, and you'll be able to reuse most of your IPv4 knowledge.
Slashdot Mirror
Well, I'll have to disagree with you utterly there. The real problem is that Vista announces that it will route and then drops the packets routed through it.
If we had dead host/IPv6 detection, then we'd cope with this scenario *and* all others where only partial IPv6 connectivity exists. We could label partial IPv6 connectivity as broken and refuse to work on those conditions, but this is not realistic.
I, too, am using 6to4 at home in order to get rid of NAT, but lately I've been having great trouble when traveling around with my IPv6-enabled laptop (running Debian).
See, whenever I get to a public access point (which uses public IPv4 addresses, rather than a private 192.168.x.x net) it turns out that any Vista computers connected to the same link auto-configure themselves to use 6to4 and then advertise over ICMP that they are willing to route traffic through their 6to4 net. However, it turns out that they just drop the traffic! My laptop, not knowing that, though, will try to route IPv6 traffic through them nevertheless, which just makes every IPv6 site (including my own) stop working. Viva Vista!
The real problem is that GNU/Linux doesn't detect broken IPv6 connectivity and keeps using the AAAA records it gets from DNS. This is very difficult to address because the fix requires a layering violation which doesn't fit into the existing API (which is structured this way for a reason, of course). The fact that GNU/Linux distributions, while suffering from this issue, passed some government IPv6 test means that the test is rather incomplete and does not deal with the reality of mobile devices roaming between networks with different levels of IPv6 support.
After some quick back-of-the-envelope math I'd even say heck, pass me $300k and I'll build the damn thing for you in under 6 months.
I think they're looking for something more long-term than just six months. 8-)
Anyway, 300K for processing an unknown number of documents in an unknown number of formats is a bit optimistic.
The GPL allows developers (and other service providers) to sell themselves into slavery. It doesn't allow them to enslave their users, that's all. I'm not sure if the FSF struck the right balance. It's more acute with the GPLv3 because it explicitly mentions that enslaving service providers is perfectly acceptable, and there are areas where user and service provider roles begin to blur (e.g. you may provide service--storage space and electrical power--to your ISP to run the router on your premises, so they don't have to give you source code for the GPL software on the router).
Nonetheless, restricting your contributors in this way isn't something I'd expect from a healthy free software project.
Won't you have to pay fees to each state you want to do business in, on top of that?
Though, the funny thing was that I thought the US government was not able to hold copyright.
It's not possible to enforce it against U.S. citizens, but it's possible to enforce it abroad. The lack of an explicit software license (free or not) is a bit surprising.
env should always be in /usr/bin. This will work on any POSIX.2-compliant system:
POSIX.2 doesn't even mention /usr. The location of env is not standardized.
He also recommends to turn on write-back caching. I'm not really sure if this is save. The cache on the SSD is probably not battery-backed.
Psychiatrists have known for a long time that paedophiles are "born that way", that their perversion isn't really a product of their upbringing or past life experiences, just like homosexuality.
I'm not sure if equating pedophilia with homosexuality is that helpful. I suppose the key difference between the two is that in the latter case, you can have fulfilling sex life without significant risk that someone ends up being traumatized for their rest of their lives (if you stay away from Republican senators, that is).
Anyway, many genuinely believe in theories that suggest certain pictures encourage people to live out their inherently destructive sexual fantasies, eventually harming others. I suppose it's very difficult to refute those theories (even though there are some studies suggest that sexual predators had less access to pornography when growing up), and controlled experiments are probably out of the question. Maybe they are even true, to some extent, who knows. Obviously, this results in very tough choices because you need to weigh free speech against some more or less theoretical risk.
Sometimes, it's also said that a significant amount of child abuse occurs when children accidently watch pornography on the Internet, but I suppose that's just a misunderstanding.
What this is is some politicians passing a think-of-the-children law to look good, probably before elections or something.
On the other hand, prosecuting those who actually are into child pornography of the ugliest kind is not very popular among voters. It's a strange dichotomy.
I often wonder how much of the statistics of sexual abuse and child porn are inflated because of our age of consent laws. Not sure what they are in the UK, and this is about a proposed law in the UK, but in the US the age is usually around 18.
It's only 18 if you're soliciting sex over the Internet. State legislation varies. In many states, the age is 16 (or even lower, if both partners are roughly of the same age).
Der Spiegel has a tendency to exaggerate news stories as soon as journalists are affected. Typically, journalists are portrayed as primary targets, despite their actual involvement. So this part should be taken with a grain of salt, like when bloggers are writing about other bloggers.
And you're right about paying. Actually, I think you should that kind of stuff in the family, without relying on outside parties.
Deutsche Telekom might just have screened call data records on company phones (provided to employees and board members for company purposes). In this case, it's very difficult to say if this practice was illegal -- or even morally wrong.
If Google values security so much, why can't do they anything about their open redirectors? After all, this has been abused by spammers and phishing scammers for weeks, so maybe it's time to finally do something about it.
And technically, those aren't software patents, they are patents that nowadays can be infringed by software. When some of them were filed, I doubt it was obvious that audio encoding without specialized hardware (probably involving lots of DSPs) would be feasible one day.
That being said, I still hope that some day, pure software will be considered as both non-patentable and incapable of infringing patents. However, that wouldn't have helped most (if not all) of those companies targeted in the raids because they presented hardware devices.
[*] Essential for portable MP3 players and similar devices.
But you can't really verify it because those events are so rare. It seems to me that Intel's innovation is to use some sort of detector, instead of using two or more chips and a comparator. It's probably way cheaper, but it won't work if the majority of unexplainable events are not, in fact, caused by cosmic rays but by some other effect (perhaps something temperature-related).
And even by Microsoft's standards, the Singularity code release is a non-event as far as licensing is considered. Microsoft has been publishing software under free licenses for years, and pays for more free software work than your average company at a Linux fair.
Not really. If the caching resolver isn't trusted, it doesn't matter if it is DNSSEC-aware or not. The clients usually run only stub resolvers and rely on the caching resolver to do the hard work.
And given that the switch to the untrustworthy DNS resolvers typically occurs when the user installs some alleged video codec, it would be easy to add additional DNSSEC trust anchors at this stage, too. For X.509 web server CAs, it has already been demonstrated that this is feasible when Comscore, through its Marketscore brand, did exactly that in order to be able to route HTTPS traffic through its proxies and analyze it in the clear.
How exactly is this strategy going to protect you from a keylogger?
It protects against CSRF attacks (at least when done properly), which appears to be the only thing the author cares about. It seems to me that a it's just some security outlet trying to gain publicity by referring to a vulnerability that has been documented for over a decade (see RFC 2109, section 4.3.5).
IPv6 has better security provisions within the protocol itself, making the usual run of D- through to F- on Federal security audits less likely.
In reality, IPsec is much more widely implemented (and more reliably as well) on top of IPv4. Despite the fact that IPsec is a mandatory part of IPv6.
The protocol incorporates many of the features back-engineered into IPv4 as standard, producing a cleaner design with fewer compromises and fewer flaws
Such as? The design doesn't become cleaner just by calling "IP options" "extension headers".
Built-in support for protocol expansion means future updates should have less impact and be adoptable faster
Packets using this extension are widely dropped because many implementations can't forward them efficiently, or may even crash processing them.
Automatic configuration means fewer errors and less maintenance
We have DHCP for that in IPv4 land. Router advertisements haven't even reached feature parity yet. Not a problem per se, because there is DHCPv6.
Alignment of entries in the header means potentially greater throughput
Yeah, right. And to compensate any potential speed gains, extension headers were added. Unfortuantely, these days you need to look at L4 headers while forwarding packets, even on routers relatively close to the core, so the original design is worthless as far as header optimization is concerned.
Skript Kiddies will end up jumping off bridges as they won't know what to do
v6 tunnels are quite popular in some circles.
IPv6 is just IPv4 with longer addresses. Treat it as such, and you'll be able to reuse most of your IPv4 knowledge.