As for us, asshole Feinstein look at us as if we are peons, slaves for the elites, that we do not have any right to enjoy the protection granted by the Constitution and the Bill of Rights, and that we ought to be stripped of everything, and kow-tow to her and her kinds.
I sometimes wonder how monsters like Feinstein get any votes at all while the likes of Feingold can lose to a climate change denier. We have only ourselves to blame.
4. Bruteforce the HMAC key required to get the stored hash using your username, password and salt
It seems far fetched someone would go through all of the trouble to deploy such a solution and yet select a key with insufficient entropy to protect the system from any remotely feasible brute force attack.
Looks like all their doing is storing an encryption key on a separate hardware component and offloading all operations requiring said key to hardware. Isn't this what TPM already does? Why reinvent the wheel?
Google, Twitter and Facebook adding SSL is useless in face of third party doctrine effectively declaring you have no right to any privacy (e.g. "tangible thing") online even in communications between individuals.
We need viable alternatives to massive centralized systems controlled by a handful of multi-billion dollar media and advertising companies.
On state attacking the way I see it more attacks from all parties the more pressure on all to deploy secure systems... this is ultimately in everyone's best interests. Closer the day when cost for a systems exploit approaches infinity where only viable attacks are physical force, social engineering and coercion the better for all.
Low intensity "cyber war" is better than complacency yielding brittle systems contributing to some cheese laden Hollywood doomsday plot line.
Does TPMS have a longer range than reflected light?
TPMS is an omnidirectional photon source which does not require direct unobstructed view of license plates. Photons emitted from TPMS have a wavelength of roughly three feet easily able to be observed thru walls and obstructions that would block any reflected optical frequency photons.
Collecting and processing those photons to track vehicles is a $10-$20 add-on to any computer. No fancy optics or CPU intensive image processing required.
Technology has changed and created new capabilities, but license plates have NEVER been private. Dont have to like it to accept it.
Fundamentally isn't there a difference between something done in public and how record of that information is used and collected? Theoretically the US government is not allowed to aggregate data and create dossiers on everyone even if it is done using data stored entirely in existing government databases.
Couldn't you stalk someone entirely in public and still go to jail for stalking? If you overhear a private radio conversation you can be liable for using information gained from the private conversation.
Just because something occurring in public is not private does I don't think it necessarily follows those being constantly spied on and tracked for monetary gain or worse have no recourse.
"Using a wireless telephone" is the part that is open to interpretation. I never said anything about any other object (map, etc.). The person had the phone in their hand. The vehicle was running and on a roadway (i.e. "driving"). I disagree that using smartphone functionality doesn't fall under the "using a wireless telephone" part of the statute.
I think I was making an argument in the broader context of what is effectively allowed by law not limited specifically a single law.
Lets say instead of a phone the object in hand while driving was a Garmin for the sake of argument assume the interface is materially similar to that of a smartphone mapping application. How does one being illegal when they are the same make any sense? In 2006 most people only made calls and sent text messages via their wireless telephones. Very few had access to smart phones and mapping applications at that time.
In some cases you need to know everything that is going out the door. For example if your company is the target of industrial espionage the last thing you want is your trade secrets going out through your firewall.
I wonder how many companies install these things thinking they have any chance of being effective against such threats?
You do know we're talking about Google, right? Why would Google not have those kinds of resources?
Nobody does, humanity lacks the tools necessary to accomplish this feat in general purpose software.
They scan the Internet every day, upload an hour of video every second, filter spam for hundreds of millions - better than anybody, and they made Android so they have the inside track on detecting undesirable code.
Then why has Google not used this mythical capability to plug all the security leaks in their own Android operating system? A quick search shows hundreds of documented failures.
Even my Google search results - the core competency that makes google google still contain as much useless garbage spam as ever.
These two things are unrelated.
Try explaining this to victims of a premium SMS scam.
Now you seem to be saying you're complaining about Android security because others complain about the security of your preferred system.
I think all of the major mobile platforms profit from selling out and treating the user like shit. I dislike them all.
That is not relevant. Also, it's a confession that your argument lacks merit. Maybe not the direction you wanted to go.
Why is it not relevant? What part of my argument lacks merit?
Now we are talking about a totally different thing - apps which require excessive permissions. As in, the end user gets to decide how much access he is willing to give each application. This is not malware at all and off topic for the discussion, but let's cover it.
Since when is Malware only defined as malware as long as it executes as root? An app that uploads all of my contacts to a criminal organization or participates in a premium dialing/SMS scam WITHOUT any root privileges **IS** malware to me and anyone effected by it.
The distinction of TFA is what is irrelevant. All that matters is what is actually happening in the real world not technical distinctions which most users do not understand.
This is restraining applications that want to be more than the end user wants them to be, giving the end user full disclosure when an update seeks to do things it didn't do before. You make it sound like a bad thing,
It is a proven failure. You can "inform" users and feel well they were warned and it is out of your hands all you want. "Full disclosure" as a security model is the same thing as clicking "I Accept" on the EULA without reading it. Users don't have a real choice to control what an application does they have a binary decision.. an ultimatum either you let me do this or you don't get shit. This model in the real world is a failure.
when in fact it's an enhancement above the other methods of application security provided by the system that empowers the user to be more restrictive than any algorithm could appropriately be. You make it sound like a bad thing. It's not.
All that is needed are user controlled options when installing an app the OS should ask you to pick from a menu of permissions or create a custom profile for that app. It should NOT present the user with an ultimatum.
I install a flashlight app and it does not get any I/O access to any network, touch the filesystem, access my GPS location..etc. The operating system should go as far as having the capability to lie convincingly to the application if requested by the user.
The "bad thing" occurs when the OS vendor has a vested interest in the app environment and ad revenues. Protecting the user is subjugated to making App vendors happy.
But that doesn't address one of the huge issues - software that runs on XP that won't run on Win 7 or 8 (especially 16bit software). In my experience, that's one of the main causes for not upgrading, and is the reason we still have an entire department on XP where I work.
Mr president that's not entirely accurate.
Windows 7 runs 16-bit apps just fine having done it in my case all worked fine. The catch is this capability only works on 32-bit systems. If you have Windows 7 64-bit then 16-bit apps will not run.
The ability is off by default, you have to go pretty deep in the options to turn it on, when you do turn it on, you get all sorts of warning telling you to watch out. And if you do turn it on and do something stupid, you may get malware
Alright so Joe Smith goes and installs an app requiring access to SMS, dialer, contact lists, phone number, network stack and file system. Most apps ask for everything as a matter of course and no user has any idea why. Seems like more than enough access to fuck over Joe Smith to me... what about you?
This is why I wanted to see the story posted. There is no significant risk as long as you use a trustworthy app store.
It is not possible to check every application to see if it is harmless or not. Nobody has those kinds of resources.
knew there were people to come to complain that Linux/Android was insecure and they needed a good correcting. Thanks.
I think it is 100% accurate to say Android is insecure by design in much the same way DOS era Windows file sharing is 100% insecure by design.
Android is intended for a mass market audience of people who know nothing about computers or software threats... Knowing this the designers decided the only access controls would be take it or leave it DEMANDS made by APPLICATIONS. This is why Android is insecure by design... it totally and utterly fails to protect the USER in the most basic rudimentary way possible.
Well sort of. If you restrict yourself to Google's Play store for software the rate was.1%. The rest, almost all of it in this case, came from other stores for Android software. Mostly Saudi Arabia and India. So it would be nice if Android were more interested in security, but on the other hand it isn't the huge dramatic result that would warrant the headline. Stay with Google Play and things are pretty safe.
Trusting security to app store screeners is not a viable solution. Either devices are designed to tolerate the most malicious software possible by default or they end up accounting for 97% of all mobile malware.
Even if there were no platform security vulnerabilities and the system worked 100% as intended I would not expect much to change. The core problem with Android is applications dictate privileges to the user in a take it or leave it manner rather than users having any ability to make decisions based on their interests. Fixing this problem, giving users the power undermines Google revenue streams.
Wonder what the value prop for quantum approach v. a few TB hard disks where (:RDRAND:) is used to fill each with the same garbage installed at each peer. A modern HDD is more than enough for years of voice, email, and file transfers all without any fancy lasers, beam splitters or having to part with countless thousands of dollars.
While in anything resembling a real network with lots of communicating parties the required number of disks quickly become impractical are there any remaining differences worth considering? There is still an initial classic key required on both sides subject to compromise as any deployed hard disk would. If you securely erase data at both peers as randomness is consumed you effectively have your forward secrecy. If hard disks are compromised...well does not the same risk apply to encryption key compromise? If you compromise initial classic keys you can own any future quantum rekey mechanism just the same by operating a MITM proxy.
Assuming traffic would have to be pretty specific and special to invest your time on quantum crypto vs any number of seemingly fine encryption algorithms providing forward secrecy with no known vulnerabilities..the potential market has got to be quite small for quantum crypto regardless of whether it works as advertised or not.
Between generous application of padlock gif's designed to make me feel safe and account specific image letting me know I'm logging into my bank and not some imposter bank... it would be impossible to get hacked. They even say so on their web site.
Remember years ago feeling board and actually getting ahold of one of their "IT" guys informing him of the dangers of requesting credentials directly from a home page loaded via HTTP... His response was... drumroll... it is posted to a secure site so the credentials are encrypted and can't be compromised.
There is no arguing with stupid or those who willfully subvert browser security features for marketing and or checking off security boxes on the compliance chart even if you (should) know better.
We need to replace both SSL/TLS AND the broken CA cert model with a new security system
I think care is needed in understanding the difference between failures of technology vs. failure in implementation.
For example the technology to enable PKI may be sound however deploying SSL CA's in the manner they have with hundreds of redundant, global, overlapping CAs may prove to be unreasonably difficult to secure or trust.
specifically designed so its NOT possible to build such a "trusted proxy" or otherwise MITM the connection even if you control the client
Every possible security protocol which will ever exist requires a useful source of trust as the basis for useful operation. Without trust security is ALWAYS a useless illusion.
If an untrustworthy source controls all the inputs and all the outputs there is no trust in that system, no sophisticated cryptographic concept or any amount of wishful thinking will ever change this.
If it is not an untrusted cert it will be manipulation of the browsers security stack or rendering system. About as pointless as implementing RFC 3514.
Their product is dying and they should be building a similar ecosystem like Google, not clinging to the past where people pay quadzillions for the platform software.
I think that a smartphone mount should be mandatory so that the device isn't in your hand. It's unfortunate that the court isn't willing to uphold the spirit of the law here.
Would it be against the law to have a paper map sprawled out all over the console? Is this any less distracting than a device which automatically tells you where you are at all times? If referencing paper maps is legal it is not clear to me "spirit" of law is consistent with your interpretation especially given GPS maps on cell phones didn't exist at the time this law was enacted.
Texting and driving is a huge safety issue, and I'd imaging that screwing around with a GPS (entering text) is similarly dangerous.
There is no information to suggest from ruling any inputting or screwing around was occurring at the time. "Spriggs was cited for looking at a map on his cellular telephone while holding the telephone in his hand and driving"
I'm sorry, I feel the time for amateur hours exploded in the 21th century. Competency was diluted among the many so-called experts answering the huge demand of engineers.
Perhaps I should have chosen different words. I think some distinction is needed between "LameCo, Inc" electing to let fruits of dead labor run the show and competency of those who would be charged with making unnecessary global changes effecting everyone.
So if the thief that was arrested was of a different skin color(analogous to how Slashdot treats MS compared to Google/Apple) would you still say the same thing? If someone is criticizing how 3% of the market does things, it sure helps to understand what the other 97% is doing differently to put things in perspective.
I'm not a fanboy for any vendor. I only care about what is best for users. I was referring to Microsoft specifically ( AKA topic of conversation). It is unnecessary for me to conduct a survey of what all everyone else is doing when commenting on the actions of a specific vendor. What others may or may not be doing is irrelevant to the fact that Microsoft is in the wrong for doing it. The color and or shape of their corporate logo is as irrelevant as "but they did it too".
But if the LAN is correctly setup, the collisions should be minimal.
I'm sorry the Internet is a production network. Time for amateur hour expired with the 20th century. We don't get to make assumptions out of ignorance anymore.
Is returning 127.0.53.53 instead of NOT FOUND a good idea? Not sure about that, since, for instance, a browser will say
When I type http://127.0.53.53/ into my browser I get a web site hosted on my computer. The entire 127/8 acts as a loopback not just 127.0.0.1. Quite a bit more problematic than "Cannot connect to..."
The proliferation of TLDs has no positive effect on the Internet community whatsoever short of enriching ICANN and it's seedy network of bottom feeders.
Well ok say it helps scamming phishers and enables organizations to part with even larger sums of cash in any efforts to protect their brands.
Lighting up names with a loopback address like this "127.0.53.53" garbage is about the level of crap we can come to expect from the total idiots at ICANN. If you need to associate an A record pick an address guaranteed to be black holed not one that causes machines to resolve to thyself... extraordinarily moronic...
In my view DNS operators should take responsibility to prevent damage to their customers by not blindly delegating * to root zone operators. Only delegate known TLDs and require manual blessing of all operators before admitting any new TLDs.
Slashdot Mirror
As for us, asshole Feinstein look at us as if we are peons, slaves for the elites, that we do not have any right to enjoy the protection granted by the Constitution and the Bill of Rights, and that we ought to be stripped of everything, and kow-tow to her and her kinds.
I sometimes wonder how monsters like Feinstein get any votes at all while the likes of Feingold can lose to a climate change denier. We have only ourselves to blame.
4. Bruteforce the HMAC key required to get the stored hash using your username, password and salt
It seems far fetched someone would go through all of the trouble to deploy such a solution and yet select a key with insufficient entropy to protect the system from any remotely feasible brute force attack.
Looks like all their doing is storing an encryption key on a separate hardware component and offloading all operations requiring said key to hardware. Isn't this what TPM already does? Why reinvent the wheel?
See also
http://tools.ietf.org/html/dra...
Google, Twitter and Facebook adding SSL is useless in face of third party doctrine effectively declaring you have no right to any privacy (e.g. "tangible thing") online even in communications between individuals.
We need viable alternatives to massive centralized systems controlled by a handful of multi-billion dollar media and advertising companies.
On state attacking the way I see it more attacks from all parties the more pressure on all to deploy secure systems... this is ultimately in everyone's best interests. Closer the day when cost for a systems exploit approaches infinity where only viable attacks are physical force, social engineering and coercion the better for all.
Low intensity "cyber war" is better than complacency yielding brittle systems contributing to some cheese laden Hollywood doomsday plot line.
Does TPMS have a longer range than reflected light?
TPMS is an omnidirectional photon source which does not require direct unobstructed view of license plates. Photons emitted from TPMS have a wavelength of roughly three feet easily able to be observed thru walls and obstructions that would block any reflected optical frequency photons.
Collecting and processing those photons to track vehicles is a $10-$20 add-on to any computer. No fancy optics or CPU intensive image processing required.
Technology has changed and created new capabilities, but license plates have NEVER been private. Dont have to like it to accept it.
Fundamentally isn't there a difference between something done in public and how record of that information is used and collected? Theoretically the US government is not allowed to aggregate data and create dossiers on everyone even if it is done using data stored entirely in existing government databases.
Couldn't you stalk someone entirely in public and still go to jail for stalking? If you overhear a private radio conversation you can be liable for using information gained from the private conversation.
Just because something occurring in public is not private does I don't think it necessarily follows those being constantly spied on and tracked for monetary gain or worse have no recourse.
Why? According to which law?
Anti-stalking laws?
We should have RFID incorporated into our license plates so that these scans can be done more efficiently and without optical recognition required.
Its called "tire pressure monitoring" not to be confused with "trusted platform module" and sports a much better range than any RFID I know of.
"Using a wireless telephone" is the part that is open to interpretation. I never said anything about any other object (map, etc.). The person had the phone in their hand. The vehicle was running and on a roadway (i.e. "driving"). I disagree that using smartphone functionality doesn't fall under the "using a wireless telephone" part of the statute.
I think I was making an argument in the broader context of what is effectively allowed by law not limited specifically a single law.
Lets say instead of a phone the object in hand while driving was a Garmin for the sake of argument assume the interface is materially similar to that of a smartphone mapping application. How does one being illegal when they are the same make any sense? In 2006 most people only made calls and sent text messages via their wireless telephones. Very few had access to smart phones and mapping applications at that time.
In some cases you need to know everything that is going out the door. For example if your company is the target of industrial espionage the last thing you want is your trade secrets going out through your firewall.
I wonder how many companies install these things thinking they have any chance of being effective against such threats?
You do know we're talking about Google, right? Why would Google not have those kinds of resources?
Nobody does, humanity lacks the tools necessary to accomplish this feat in general purpose software.
They scan the Internet every day, upload an hour of video every second, filter spam for hundreds of millions - better than anybody, and they made Android so they have the inside track on detecting undesirable code.
Then why has Google not used this mythical capability to plug all the security leaks in their own Android operating system? A quick search shows hundreds of documented failures.
http://web.nvd.nist.gov/
Even my Google search results - the core competency that makes google google still contain as much useless garbage spam as ever.
These two things are unrelated.
Try explaining this to victims of a premium SMS scam.
Now you seem to be saying you're complaining about Android security because others complain about the security of your preferred system.
I think all of the major mobile platforms profit from selling out and treating the user like shit. I dislike them all.
That is not relevant. Also, it's a confession that your argument lacks merit. Maybe not the direction you wanted to go.
Why is it not relevant? What part of my argument lacks merit?
Now we are talking about a totally different thing - apps which require excessive permissions. As in, the end user gets to decide how much access he is willing to give each application. This is not malware at all and off topic for the discussion, but let's cover it.
Since when is Malware only defined as malware as long as it executes as root? An app that uploads all of my contacts to a criminal organization or participates in a premium dialing/SMS scam WITHOUT any root privileges **IS** malware to me and anyone effected by it.
The distinction of TFA is what is irrelevant. All that matters is what is actually happening in the real world not technical distinctions which most users do not understand.
This is restraining applications that want to be more than the end user wants them to be, giving the end user full disclosure when an update seeks to do things it didn't do before. You make it sound like a bad thing,
It is a proven failure. You can "inform" users and feel well they were warned and it is out of your hands all you want. "Full disclosure" as a security model is the same thing as clicking "I Accept" on the EULA without reading it. Users don't have a real choice to control what an application does they have a binary decision .. an ultimatum either you let me do this or you don't get shit. This model in the real world is a failure.
when in fact it's an enhancement above the other methods of application security provided by the system that empowers the user to be more restrictive than any algorithm could appropriately be. You make it sound like a bad thing. It's not.
All that is needed are user controlled options when installing an app the OS should ask you to pick from a menu of permissions or create a custom profile for that app. It should NOT present the user with an ultimatum.
I install a flashlight app and it does not get any I/O access to any network, touch the filesystem, access my GPS location..etc. The operating system should go as far as having the capability to lie convincingly to the application if requested by the user.
The "bad thing" occurs when the OS vendor has a vested interest in the app environment and ad revenues. Protecting the user is subjugated to making App vendors happy.
But that doesn't address one of the huge issues - software that runs on XP that won't run on Win 7 or 8 (especially 16bit software). In my experience, that's one of the main causes for not upgrading, and is the reason we still have an entire department on XP where I work.
Mr president that's not entirely accurate.
Windows 7 runs 16-bit apps just fine having done it in my case all worked fine. The catch is this capability only works on 32-bit systems. If you have Windows 7 64-bit then 16-bit apps will not run.
The ability is off by default, you have to go pretty deep in the options to turn it on, when you do turn it on, you get all sorts of warning telling you to watch out. And if you do turn it on and do something stupid, you may get malware
Alright so Joe Smith goes and installs an app requiring access to SMS, dialer, contact lists, phone number, network stack and file system. Most apps ask for everything as a matter of course and no user has any idea why. Seems like more than enough access to fuck over Joe Smith to me... what about you?
http://xkcd.com/1200/
This is why I wanted to see the story posted. There is no significant risk as long as you use a trustworthy app store.
It is not possible to check every application to see if it is harmless or not. Nobody has those kinds of resources.
knew there were people to come to complain that Linux/Android was insecure and they needed a good correcting. Thanks.
I think it is 100% accurate to say Android is insecure by design in much the same way DOS era Windows file sharing is 100% insecure by design.
Android is intended for a mass market audience of people who know nothing about computers or software threats... Knowing this the designers decided the only access controls would be take it or leave it DEMANDS made by APPLICATIONS. This is why Android is insecure by design... it totally and utterly fails to protect the USER in the most basic rudimentary way possible.
Well sort of. If you restrict yourself to Google's Play store for software the rate was .1%. The rest, almost all of it in this case, came from other stores for Android software. Mostly Saudi Arabia and India. So it would be nice if Android were more interested in security, but on the other hand it isn't the huge dramatic result that would warrant the headline. Stay with Google Play and things are pretty safe.
Trusting security to app store screeners is not a viable solution. Either devices are designed to tolerate the most malicious software possible by default or they end up accounting for 97% of all mobile malware.
Even if there were no platform security vulnerabilities and the system worked 100% as intended I would not expect much to change. The core problem with Android is applications dictate privileges to the user in a take it or leave it manner rather than users having any ability to make decisions based on their interests. Fixing this problem, giving users the power undermines Google revenue streams.
Wonder what the value prop for quantum approach v. a few TB hard disks where (:RDRAND:) is used to fill each with the same garbage installed at each peer. A modern HDD is more than enough for years of voice, email, and file transfers all without any fancy lasers, beam splitters or having to part with countless thousands of dollars.
While in anything resembling a real network with lots of communicating parties the required number of disks quickly become impractical are there any remaining differences worth considering? There is still an initial classic key required on both sides subject to compromise as any deployed hard disk would. If you securely erase data at both peers as randomness is consumed you effectively have your forward secrecy. If hard disks are compromised...well does not the same risk apply to encryption key compromise? If you compromise initial classic keys you can own any future quantum rekey mechanism just the same by operating a MITM proxy.
Assuming traffic would have to be pretty specific and special to invest your time on quantum crypto vs any number of seemingly fine encryption algorithms providing forward secrecy with no known vulnerabilities ..the potential market has got to be quite small for quantum crypto regardless of whether it works as advertised or not.
...who has been surreptitiously using GPL'd code in their proprietary stacks...
Why would anyone bother when they could just use OpenSSL and not have to worry about it?
My bank is secure!!1!!!!
Between generous application of padlock gif's designed to make me feel safe and account specific image letting me know I'm logging into my bank and not some imposter bank... it would be impossible to get hacked. They even say so on their web site.
Remember years ago feeling board and actually getting ahold of one of their "IT" guys informing him of the dangers of requesting credentials directly from a home page loaded via HTTP... His response was ... drumroll... it is posted to a secure site so the credentials are encrypted and can't be compromised.
There is no arguing with stupid or those who willfully subvert browser security features for marketing and or checking off security boxes on the compliance chart even if you (should) know better.
We need to replace both SSL/TLS AND the broken CA cert model with a new security system
I think care is needed in understanding the difference between failures of technology vs. failure in implementation.
For example the technology to enable PKI may be sound however deploying SSL CA's in the manner they have with hundreds of redundant, global, overlapping CAs may prove to be unreasonably difficult to secure or trust.
specifically designed so its NOT possible to build such a "trusted proxy" or otherwise MITM the connection even if you control the client
Every possible security protocol which will ever exist requires a useful source of trust as the basis for useful operation. Without trust security is ALWAYS a useless illusion.
If an untrustworthy source controls all the inputs and all the outputs there is no trust in that system, no sophisticated cryptographic concept or any amount of wishful thinking will ever change this.
If it is not an untrusted cert it will be manipulation of the browsers security stack or rendering system. About as pointless as implementing RFC 3514.
Their product is dying and they should be building a similar ecosystem like Google, not clinging to the past where people pay quadzillions for the platform software.
Careful what you wish for.
I think that a smartphone mount should be mandatory so that the device isn't in your hand. It's unfortunate that the court isn't willing to uphold the spirit of the law here.
Would it be against the law to have a paper map sprawled out all over the console? Is this any less distracting than a device which automatically tells you where you are at all times? If referencing paper maps is legal it is not clear to me "spirit" of law is consistent with your interpretation especially given GPS maps on cell phones didn't exist at the time this law was enacted.
Texting and driving is a huge safety issue, and I'd imaging that screwing around with a GPS (entering text) is similarly dangerous.
There is no information to suggest from ruling any inputting or screwing around was occurring at the time. "Spriggs was cited for looking at a map on his cellular telephone while holding the telephone in his hand and driving"
I'm sorry, I feel the time for amateur hours exploded in the 21th century. Competency was diluted among the many so-called experts answering the huge demand of engineers.
Perhaps I should have chosen different words. I think some distinction is needed between "LameCo, Inc" electing to let fruits of dead labor run the show and competency of those who would be charged with making unnecessary global changes effecting everyone.
So if the thief that was arrested was of a different skin color(analogous to how Slashdot treats MS compared to Google/Apple) would you still say the same thing? If someone is criticizing how 3%
of the market does things, it sure helps to understand what the other 97% is doing differently to put things in perspective.
I'm not a fanboy for any vendor. I only care about what is best for users. I was referring to Microsoft specifically ( AKA topic of conversation). It is unnecessary for me to conduct a survey of what all everyone else is doing when commenting on the actions of a specific vendor. What others may or may not be doing is irrelevant to the fact that Microsoft is in the wrong for doing it. The color and or shape of their corporate logo is as irrelevant as "but they did it too".
But if the LAN is correctly setup, the collisions should be minimal.
I'm sorry the Internet is a production network. Time for amateur hour expired with the 20th century. We don't get to make assumptions out of ignorance anymore.
Is returning 127.0.53.53 instead of NOT FOUND a good idea? Not sure about that, since, for instance, a browser will say
When I type http://127.0.53.53/ into my browser I get a web site hosted on my computer. The entire 127/8 acts as a loopback not just 127.0.0.1. Quite a bit more problematic than "Cannot connect to..."
The proliferation of TLDs has no positive effect on the Internet community whatsoever short of enriching ICANN and it's seedy network of bottom feeders.
Well ok say it helps scamming phishers and enables organizations to part with even larger sums of cash in any efforts to protect their brands.
Lighting up names with a loopback address like this "127.0.53.53" garbage is about the level of crap we can come to expect from the total idiots at ICANN. If you need to associate an A record pick an address guaranteed to be black holed not one that causes machines to resolve to thyself... extraordinarily moronic...
In my view DNS operators should take responsibility to prevent damage to their customers by not blindly delegating * to root zone operators. Only delegate known TLDs and require manual blessing of all operators before admitting any new TLDs.