Because, of course, ISPs could also forge legitimate looking TCP RST packets. If you read the methodology page, you'll learn that:
It's much harder to fake the timing of a spoofed reset.
This round trip time (RTT) is tracked internally by TCP protocol layers, however it can also be measured by external monitoring devices or software at the endpoints.
When sending bulk data during a TCP connection, the RTT between two TCP endpoints usually settles into a narrow, predictable range. Spoofed resets which are injected into the stream will usually have an RTT well below the measured average.
Reset packet spoofers could attempt to evade this detection technique and improve their "stealthiness" by first measuring the RTT of a connection that they are planning to disrupt, then delaying the transmission of their spoofed reset until timing falls within the "expected" RTT. The problem with this approach is the significant risk that the spoofed reset will arrive too late from the standpoint of the receiving endpoint.
In short, spoofed resets have only a relatively narrow time window in which they can be both effective at disrupting connections and simultaneously be resistant to detection as potentially anomalous events. So yeah, in theory the ISP could, but anomalies are detected in a way that's hard to get around and still work.
We're not all smelly hippies who hate money and wear hand knitted nettle underpants. What? Nooo! I thought I had finally found a place where I conform...
I've had printer techs who couldn't take a printer apart. I've had server technicians who couldn't handle basic terminology. I had hours and hours of sitting on the phone with optiplex capacitor problems trying to convince them to just fricking replace the motherboard like they claimed they were doing on their website. This is fricking GOLD corporate support here! I'm glad they got nailed, they richly deserved it. "but if we switch to open source, we won't have corporate support and no one's ass will be on the line if stuff breaks!"
Given that there exists hardware to inspect packets for p2p traffic, how hard would it be to for a person of unpleasant intent to get hold of some of that and start mining 'encrypted' health information. It's true that one can identify encrypted protocols by doing traffic analysis: take the mean and variance of packet size and delay in both directions, and you got 8 dimensions; look at those 8 for a set of known protocols, and find the nearest match for your unknown stream; also, the number of similar-looking connections could be used if you can watch that (say, you're the ISP or otherwise close to the sender).
However, there's a difference between saying "this is bittorrent" and "this is {wow-update.exe,ubuntu.iso,elephantsdream.avi} transmitted over bittorrent". Similarly for health records. Since we're talking about a web service, any encryption is likely to be https/SSL. Assuming different kinds of https can be distinguished, the adversary might learn that this is "health records". That's a far cry from learning "pneumonia".
So unless the crypto gets broken, assuming crypto is used and applied correctly, I wouldn't start pulling the old tin foil hat out of the closet.
What bothers me is that all this is built on top of tcp/ip, and that is inherently insecure. Unless you do a proof by semantic shift, https is "built on top of tcp/ip", and therefor inherently insecure. The same goes for ssh. Do you really think https and ssh are insecure?
Virtualized code can run and access memory when in the userspace ring exactly like native code. The kernel ring takes some hacking, and when you run on top of another OS, access to disk will have to go through the other OS, which slows things down somewhat.
So yes and no: some things happen at native speeds, some are slowed down. What does this mean for the performance of your favorite application? That depends on what it does. Editing and saving code in emacs should be non-noticably slower. A good candidate for major slowdown is databases, since they tend to hammer the disk pretty hard.
How is the US government involved any more than Holland's or France's? By (in popular view) being more similar to the Chinese than the Dutch and French are (for some values of populus).
The ISP's need to realize they cant have it both ways. I think the whole problem is that the ISPs are having it both ways and getting away with it. Someone needs to do something about it, but I think that any Someone with real influence has been bribed by^W^W^H receiving contributions from the ISPs.
The USA must be a sad place to live (even without Bush).
The fact pattern is not unique: A sells a copy of a work to B under a contractual license. B breaches the contract. A sues for copyright infringement, because B only received a copy under the terms of the license. When B breached, his license was invalid, so his rights to the copy are lost. A wins. If it didn't work like this, you could never license anything to anybody except under the existing copyright language. Meaning, for example, that the GPL would not be valid, nor would any software license. Call me stupid, but isn't the GPL a copyright license, not a contract? That is, the GPL says "by default copyright lets you do {a, b, c}, and {d, e, f} only with holder's permission. I now permit you to do d, e, and the cases of f where you also distribute your source code." That is to say, your rights under the GPL are always a superset of your rights on a work that's "(C) 2008 Bag O. Douche -- All Rights Reserved." and the same is not true for contracts where you (typically) waive your right to reverse engineer the code.
It's a hack, in that it uses off-the-shelf equipment for things outside its normal purpose, if we agree to define the purpose of wifi devices to enable consumers to consume their own bandwidth without futzing about with cables. The ISP ToS would agree with this definition. Common usage patterns seems to concur. Where this deviates from the is obvious: not on the using-wifi-for-wireless-communication but on the only-for-you part of the equation. This may cause minor issues with the ISP ToS.
Getting hit with 180 grains of lead at 1200 fps does a ton more damage than getting tased, Last I checked, it was 135 HP per bullet (head shot), vs. 5 HP for one second of tasing. I'm not sure how the framerate enters into it, but damn I want your video card!;)
Good point, but think about all the energy (for data transmission, writing to disk, reading from disk many times over and client-side rendering) that could have been saved if you hadn't made that post.
corporate schizophrenia More like corporate multiple personality disorder, but that one and schizophrenia are often confused, even though they're quite distinct.
Schizophrenia: auditory hallucinations (hearing voices) and paranoid or bizarre delusions. Multiple Personality Disorder (aka dissociative identity disorder): "a single person displays multiple distinct identities or personalities, each with its own pattern of perceiving and interacting with the environment".
Handing a computer to a kid who[se] brain is damaged from malnutrition Those kids are not among the intended audience of the XOs. But thanks for playing.;)
In other words, will these specs help us watch south park with free software? I assume you have a free OS. Point firefox (MPL or GPL or LGPL) to mrtwig.net. Download the.avi torrent with rtorrent (GPL), and play it with mplayer (GPL). I mean, I've heard from a friend that this works. I've never done it myself.
You can already watch South Park using no non-free software. Do you expect the release to let you use even less non-free software?;)
(that would make good material for a "Richard Stallman facts").
Pure direct vote democracy is probably the second quickest ways to pure evil. Especially if the vote tallying algorithm has Pareto optimality and independence of irrelevant alternatives (http://en.wikipedia.org/wiki/Arrow%27s_impossibility_theorem).
The quickest way to evil is of course to deliberately fail to achieve the Primary Main Objective;)
This is also the group least likely to buy commercial games, even if they were released for Linux.
No games =>... Ever played Nexuiz? Tremulous? Sauerbraten? Warsow? OpenArena? There are high-quality* free software (non-commercial) games...
(*) Quality is defined as entertaining me. I think contemporary commercial non-free games entertain me about as well, and are slightly prettier while doing it; I haven't heard of any revolutions in game design. However, my play experience of contemporary commercial non-free games is limited to Wii Sports, Twilight Princess and Super Mario Galaxy.
If the civilization lives, say, 200 million light years away, it could have been making a beeline for us since the beginning of mankind and still not be anywhere near reaching us. Of course, robot overlords are known to posses an implementation of Laplace's Demon and so would have left early in order to arrive in time. In fact, they could be walking among us even now without us knowing it.
(do you know the suspicion that your beliefs about the quality of what you write is affected by your hangover?)
Slashdot Mirror
>:(
However, there's a difference between saying "this is bittorrent" and "this is {wow-update.exe,ubuntu.iso,elephantsdream.avi} transmitted over bittorrent". Similarly for health records. Since we're talking about a web service, any encryption is likely to be https/SSL. Assuming different kinds of https can be distinguished, the adversary might learn that this is "health records". That's a far cry from learning "pneumonia".
So unless the crypto gets broken, assuming crypto is used and applied correctly, I wouldn't start pulling the old tin foil hat out of the closet. What bothers me is that all this is built on top of tcp/ip, and that is inherently insecure. Unless you do a proof by semantic shift, https is "built on top of tcp/ip", and therefor inherently insecure. The same goes for ssh. Do you really think https and ssh are insecure?
Here's my understanding of how it works:
Virtualized code can run and access memory when in the userspace ring exactly like native code. The kernel ring takes some hacking, and when you run on top of another OS, access to disk will have to go through the other OS, which slows things down somewhat.
So yes and no: some things happen at native speeds, some are slowed down. What does this mean for the performance of your favorite application? That depends on what it does. Editing and saving code in emacs should be non-noticably slower. A good candidate for major slowdown is databases, since they tend to hammer the disk pretty hard.
Definitely insightful. Def-def-definitely insightful.
This is the year of Linux on the... wait, motherboard? Who changed the script?
The USA must be a sad place to live (even without Bush).
IANAL, TINLA, just curious here. Anyone knows?
(speaking of RIAA scum, my captcha is "vilified")
It's a hack, in that it uses off-the-shelf equipment for things outside its normal purpose, if we agree to define the purpose of wifi devices to enable consumers to consume their own bandwidth without futzing about with cables. The ISP ToS would agree with this definition. Common usage patterns seems to concur. Where this deviates from the is obvious: not on the using-wifi-for-wireless-communication but on the only-for-you part of the equation. This may cause minor issues with the ISP ToS.
Good point, but think about all the energy (for data transmission, writing to disk, reading from disk many times over and client-side rendering) that could have been saved if you hadn't made that post.
:D
Did I get your point?
Schizophrenia: auditory hallucinations (hearing voices) and paranoid or bizarre delusions.
Multiple Personality Disorder (aka dissociative identity disorder): "a single person displays multiple distinct identities or personalities, each with its own pattern of perceiving and interacting with the environment".
Definitely MPD. Def-definitely, definitely MPD.
[Factoid of the day was provided by wikipedia]
You can already watch South Park using no non-free software. Do you expect the release to let you use even less non-free software?
(that would make good material for a "Richard Stallman facts").
The quickest way to evil is of course to deliberately fail to achieve the Primary Main Objective
No games =>
(*) Quality is defined as entertaining me. I think contemporary commercial non-free games entertain me about as well, and are slightly prettier while doing it; I haven't heard of any revolutions in game design. However, my play experience of contemporary commercial non-free games is limited to Wii Sports, Twilight Princess and Super Mario Galaxy.
(do you know the suspicion that your beliefs about the quality of what you write is affected by your hangover?)