NSA here. We want everyone to use IPV6 because it makes tracking everything down to your dog's internet enabled nipple piercing that much easier. So stop this nonsense about sticking with IPv4. Were watching you.
Restoring end to end for everyone is worth way more to continued freedom of Internet use than any NSA boogieman.
IPv6 privacy addresses are widely supported. Big data stalking firms currently have no problems discovering individual devices behind IPv4 NATs.
I know everyone hates Comcast, but they have 40%+ ipv6 deployment rates, and also the US wireless carriers have 40%+ deployment rates.
Nobody with a biz connection can get a static prefix allocation and nobody at Comcast gives a s**t enough to communicate any kind of timeline for when it will happen.
Many or even most will move on, but once the pressure for new IPV4 addresses is off
The day the pressure is off is the day the world has moved to IPv6. Content is unlikely to be willing to lose access to any percent of eyeballs for any reason.
Yeah, but if you read the database with a different program that has a different idea of which number means NULL then all your NULL entries are suddenly numbers.
Database access interfaces include management of concept of NULL even if a suitable analogue of the concept is not directly supported by underlying programming environment. Being lazy and or using shitty APIs have predictable results including committing totally preventable errors. NULL exists to prevent exactly this type of failure from ever occurring.
And maybe someone thought they'd be clever and store data more efficiently by using only 8 bits to store their TINYINT, then messed it up their handling of NULL.
There always seems to be an infinite array of excuses for fucking up and then being surprised when hit with equally screwed up outcomes. "being clever" in particular is responsible for quite a variety of sad/amusing screw ups.
I understand bugs happen yet there is no excuse for this type of failure any more than there is an excuse for SQLi. It is entirely preventable. These things only happen when coders do things they should know to be wrong at the time they are doing them. They took a shortcut and it burned them. There is no excuse or justification.
Awe, thats cute, you're one of those spoiled kids that doesn't know how the computer works because you use high level languages that abstract everything from you.
To store 'NULL' you have to encode it SOMEHOW for the processor to have any usefulness to it, that encoding could ALWAYS have another meaning.
Who gives two shits about what the processor is doing? The processor isn't the interface or the logical representation actual people are managing.
Whether databases use separate bit fields or simply reduce published range of a datatype by 1 to make physical room for expressing 'NULL' who exactly cares? Why is it relevant at all?
In systems which properly express NULL values NULL is NULL, NULL is not 0 ever.
Processors have absolutely no concept of NULL, so NULL is effectively ZERO to any programmer who actually understands how computers actually work.
So if I owned property within 30 miles, I can't fly my little RC plane or Quadcopter in my backyard?
The FAA apparently feels it is entitled to make any law it wants by decree even though FAA modernization act specifically bans FAA from imposing regulations specifically targeting model aircraft. They obviously don't care they'll do it anyway as much as *WE* allow them to get away with it.
Used to be excited about "new" technology because it sometimes had a purpose and offered users value and capabilities. Today all anyone can do is fuck with people. Everyone wants to be a spyware or malware vendor and they don't want to do anything useful in return for a paycheck. Much of the consumer crap being churned out today is not only worthless but hostile and even dangerous.
Why would I want a Windows phone when I'm required to have a MS account, can't use my devices GPS without uploading my location to Microsoft, can't have a local phone book without giving all of my contacts to Microsoft, can't install software not approved by Microsoft, can't use wifi without participating in MS crowd sourced skyhook spying. I'm fed up with the childish games and people constantly justifying their actions by citing who else is doing it too.
The opportunity cost of so much wasted potential is beyond sad.
We do rundown tests every 6 months where the UPS runs itself on battery for some period of time (15 minutes) and checks the battery state?
Why abuse batteries like this? What did they do to you?
When not being boiled by crappy chargers they are discharged to low SOC at unnecessarily high rate for no useful reason (~$10 BOM hit for useful dummy load obviously out of the question). To pour salt on the wound same crappy chargers spend days trickling current back into batteries because UPS manufacturers don't care.
People wonder why they have to pay to replace batteries so often when they appear to just sit there idle 99.99% of the time.
It would be a very merry Christmas for all if patents end up expiring due to non payment of maintenance fees.
USPTO IT please stay home and celebrate Christmas then celebrate the new year away from USPTO systems for the whole of 2016. Nobody will mind a brief 1 year outage... honest.
I don't like these scanners either, but please don't be an idiot.
The amount of ionizing radiation you get from the scanner is radically smaller than the extra amount you are going to get from spending time in an aircraft at 38000 ft, or eating a banana.
Flying across the country will subject you to about 4,000 microrem. The TSA scanners, about 5 microrem. Independent (non-TSA affiliated) tests of over 700 scanners showed all were at or below their radiation targets.
It is not possible to compare numbers like this. The type of radiation and area/organs exposed are all critically important.
X-ray scanners tend to deposit most of their energy close to the skin (1" or so) The exposure profile is different from random gamma strikes with a normal distribution throughout the body.
There are plenty of good reasons to object to these scanners without introducing pseudscientific bullshit into it. Doing so just gives the other side of this debate more ammo to shoot down our side, who look like loons when they spout this kind of stuff.
If LNT is correct people are getting cancer and dying as a result of x-ray body scanners. While your _individual_ risk is low giving a shit about unnecessary and entirely preventable deaths does not seem like a "bullshit" argument to me.
Choosing convenience over security with continuing to allow known weak and broken ciphers, PCI just lost all credibility. May as well dissolve it.
What is wrong with AES CBC ciphers in TLS 1.0 with record splitting? A workaround known and implemented since at least 2002?
Honestly the credibility lost for me was crying wolf on TLS 1.0 without supporting technical merit. This is a fixed problem for vast majority of clients.
A short while ago a drone backed out a few city blocks in California after touching power lines. Unlike fixed wing remote controlled aircraft, drones can take off anywhere including street corners. This, of course means they can come down nearby
-- Into traffic -- Powerlines -- Descend vertically into telephony/power equipment, thus bypassing fences.
Kites have caused far worse outages than a few city blocks. People have been electrocuted to death on account of shoes thrown in power lines. Auto accidents daily lead to power outages even though driving is a regulated activity.
No one is saying that these are deliberate but accidents do happen and like your driver's licence helps pay for public education regarding the rules of the road, the potential for error, mistakes and oversight means that there's a public good in ensuring safe navigation of the skies.
I believe promulgation of law based on specific incidents and "feelings" is not in the public good. There must be fact based statistical account of actual harms. All proposed solutions must be merit based considering harms imposed by the solution as well as evidence of effectiveness of mitigating original harms. Lawmakers must be made fully aware of underlying evidence prior to rendering political considerations.
Failure to govern leads to shit like:
Terrorists use encryption therefore encryption must be outlawed.
Baseball bats and frying pans have been used as deadly weapons therefore they must be registered or banned or not sold to anyone on a "no fly list".
Since the majority of domestic violence incidents happen at home with many tens of millions affected government must require cameras and microphones in every room of every home to keep people safe.
I can go on forever with this crap. Just being pissed off your lights went out is far from evidence drone regulation makes sense.
Remember seeing this back at the beginning of 2013. Why does it take three years for one single solitary status code to be "approved"? There sure as heck was not continuous ongoing work or discussion commensurate with the delay.
I often get the distinct impression nobody including authors actually care about documents they are working on.
Try that first before equating the United States with Nazi Germany
I find it interesting when people invoke Godwin in a dismissive tone as if people are crazy for drawing comparisons. Nazi Germany was allowed to occur because of a whole series of events and defects in human character which really do have parallels everywhere.
The act clearly states on page 1740 that personal information needs to be removed from data that is shared.
You misunderstand the context. This is for sharing of data already in possession of the government with non government consumers. The point many people find objectionable/w CISA is summary transport of their data to the government with no legal recourse... This does not address that. It only addresses retransmission outside of the government domain.
act also states that any violation of this will require notification of the person if this is not followed.
You mean this:
"any United States person whose personal information is known or determined to have been shared by a Federal entity"
This is a continuation of the same misunderstanding above. What matters is the information flowing **INTO** the government.
The act also states that privacy and civil liberties factors are included.
The entire point of the bill is wholesale bulk collection without legal recourse. Nobody gets in trouble for sharing data about actual threats with the government.
Before people need to read the and attempt to understand before jumping to conclusions.
The majority of network break-ins are as result of companies or governments being asleep behind the wheel. There needs to be monitoring to find when break-ins happen.
Companies and governments asleep behind the wheel will now wake up and monitor their systems to find when break-ins happen...because CISA exists?
I am waiting for a coherent example of who this helps or who in the past this would have helped. Which company has ever gotten in trouble for sharing in good faith information about threats they face with a government agency?
When break-ins happen companies need to be able to share signatures to look for break-ins on other networks.
What prevents people from sharing signatures today? Where are all of those lawsuits from use of existing managed security products?
My guess is there will be procedures that state that personal information not relevant to the break-in will need to be removed or destroyed from the information that is shared.
I vividly recall picking my nose watching c-span when amendment after amendment to clarify and correct these very issues were systematically defeated.
There is shit for requirements of filtering information going into the government system. Once in the system filtering requirements (e.g. suggestions) apply only to propagation of information out of the government domain.
There are well over a million incidents of violent crime in the US every year including four 9/11's of people killed each and every year. Yet people elect to freak out about rounding errors... Could his have anything at all to do with 24x7 terrorism propaganda being piped out of the media?
Millions of people are treated at hospitals for falls every year roughly another four 9/11s worth of death by falling each and every year. Nobody spends any time reporting on falls or murders of random "unimportant" people.
The people who WANT YOU to be AFRAID are the Media and the Government because fear increases viewership and makes those governed by "consent" more willing to cede power to government.
Meanwhile CES is busy creating unnecessary bottlenecks where people who have not been checked for WMD will mass in the name of safety for their own protection.
In the end, people and companies just don't want to pay for anything if they can.
Companies will beg you to take their money if it supports something they care about. Having nobody to call when SHTF scares everyone from the bean counters to the IT trenches. This is why RedHat makes bank.
As a result, open source companies need to find other income streams and everybody tries to "opt-out" of that if they can.
If your new business model involves whoring out your integrity who is going to want to do business with you?
There is a troubling trend in media to give a voice to nonsense. Reporting anonymous twitter messages or the ranting's of fools to cherry pick or reinforce narratives that may very well have no basis in reality.
If you want to report on what people think about a subject then conduct a poll. Random quotes from random folks are completely worthless.
Slashdot Mirror
NSA here. We want everyone to use IPV6 because it makes tracking everything down to your dog's internet enabled nipple piercing that much easier. So stop this nonsense about sticking with IPv4. Were watching you.
Restoring end to end for everyone is worth way more to continued freedom of Internet use than any NSA boogieman.
IPv6 privacy addresses are widely supported. Big data stalking firms currently have no problems discovering individual devices behind IPv4 NATs.
I know everyone hates Comcast, but they have 40%+ ipv6 deployment rates, and also the US wireless carriers have 40%+ deployment rates.
Nobody with a biz connection can get a static prefix allocation and nobody at Comcast gives a s**t enough to communicate any kind of timeline for when it will happen.
Most people and small businesses don't have the skills necessary to take care of a resource that isn't behind NAT.
It's 2016... TTL for this excuse has long expired.
So it's more like "expect to be quickly and constantly pwned."
SPI is more secure and easier to configure than NAT.
Many or even most will move on, but once the pressure for new IPV4 addresses is off
The day the pressure is off is the day the world has moved to IPv6. Content is unlikely to be willing to lose access to any percent of eyeballs for any reason.
Yeah, but if you read the database with a different program that has a different idea of which number means NULL then all your NULL entries are suddenly numbers.
Database access interfaces include management of concept of NULL even if a suitable analogue of the concept is not directly supported by underlying programming environment. Being lazy and or using shitty APIs have predictable results including committing totally preventable errors. NULL exists to prevent exactly this type of failure from ever occurring.
And maybe someone thought they'd be clever and store data more efficiently by using only 8 bits to store their TINYINT, then messed it up their handling of NULL.
There always seems to be an infinite array of excuses for fucking up and then being surprised when hit with equally screwed up outcomes. "being clever" in particular is responsible for quite a variety of sad/amusing screw ups.
I understand bugs happen yet there is no excuse for this type of failure any more than there is an excuse for SQLi. It is entirely preventable. These things only happen when coders do things they should know to be wrong at the time they are doing them. They took a shortcut and it burned them. There is no excuse or justification.
Awe, thats cute, you're one of those spoiled kids that doesn't know how the computer works because you use high level languages that abstract everything from you.
To store 'NULL' you have to encode it SOMEHOW for the processor to have any usefulness to it, that encoding could ALWAYS have another meaning.
Who gives two shits about what the processor is doing? The processor isn't the interface or the logical representation actual people are managing.
Whether databases use separate bit fields or simply reduce published range of a datatype by 1 to make physical room for expressing 'NULL' who exactly cares? Why is it relevant at all?
In systems which properly express NULL values NULL is NULL, NULL is not 0 ever.
Processors have absolutely no concept of NULL, so NULL is effectively ZERO to any programmer who actually understands how computers actually work.
Completely irrelevant.
Furthermore, how is this any worse than Google's password manager behavior?
Like a washed up dictator hauled in front of the hauge to answer for their crimes popping off "but Hitler did it too" ? Like that worse?
Please for the love of god enough bandwagon fallacies.
So if I owned property within 30 miles, I can't fly my little RC plane or Quadcopter in my backyard?
The FAA apparently feels it is entitled to make any law it wants by decree even though FAA modernization act specifically bans FAA from imposing regulations specifically targeting model aircraft. They obviously don't care they'll do it anyway as much as *WE* allow them to get away with it.
See also:
https://www.aclu.org/constitut...
Used to be excited about "new" technology because it sometimes had a purpose and offered users value and capabilities. Today all anyone can do is fuck with people. Everyone wants to be a spyware or malware vendor and they don't want to do anything useful in return for a paycheck. Much of the consumer crap being churned out today is not only worthless but hostile and even dangerous.
Why would I want a Windows phone when I'm required to have a MS account, can't use my devices GPS without uploading my location to Microsoft, can't have a local phone book without giving all of my contacts to Microsoft, can't install software not approved by Microsoft, can't use wifi without participating in MS crowd sourced skyhook spying. I'm fed up with the childish games and people constantly justifying their actions by citing who else is doing it too.
The opportunity cost of so much wasted potential is beyond sad.
People who facilitated this need to be fired and or hauled off to jail.
We do rundown tests every 6 months where the UPS runs itself on battery for some period of time (15 minutes) and checks the battery state?
Why abuse batteries like this? What did they do to you?
When not being boiled by crappy chargers they are discharged to low SOC at unnecessarily high rate for no useful reason (~$10 BOM hit for useful dummy load obviously out of the question). To pour salt on the wound same crappy chargers spend days trickling current back into batteries because UPS manufacturers don't care.
People wonder why they have to pay to replace batteries so often when they appear to just sit there idle 99.99% of the time.
It would be a very merry Christmas for all if patents end up expiring due to non payment of maintenance fees.
USPTO IT please stay home and celebrate Christmas then celebrate the new year away from USPTO systems for the whole of 2016. Nobody will mind a brief 1 year outage... honest.
I don't like these scanners either, but please don't be an idiot.
The amount of ionizing radiation you get from the scanner is radically smaller than the extra amount you are going to get from spending time in an aircraft at 38000 ft, or eating a banana.
Flying across the country will subject you to about 4,000 microrem. The TSA scanners, about 5 microrem. Independent (non-TSA affiliated) tests of over 700 scanners showed all were at or below their radiation targets.
It is not possible to compare numbers like this. The type of radiation and area/organs exposed are all critically important.
X-ray scanners tend to deposit most of their energy close to the skin (1" or so) The exposure profile is different from random gamma strikes with a normal distribution throughout the body.
There are plenty of good reasons to object to these scanners without introducing pseudscientific bullshit into it. Doing so just gives the other side of this debate more ammo to shoot down our side, who look like loons when they spout this kind of stuff.
If LNT is correct people are getting cancer and dying as a result of x-ray body scanners. While your _individual_ risk is low giving a shit about unnecessary and entirely preventable deaths does not seem like a "bullshit" argument to me.
Not crying wolf, TLS 1.0 includes too many weak and broken ciphers
Acceptable cipher suites are configurable by client and server independent of TLS version.
you just cite 1 that might be "good enough" and not all servers allow a specific single cipher to be specified
No, I cited a _class_ of them.
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-SHA
AES256-SHA
DHE-RSA-AES128-SHA
AES128-SHA
There are other good algorithms besides AES:
DHE-RSA-CAMELLIA128-SHA
CAMELLIA256-SHA
DHE-RSA-CAMELLIA256-SHA
CAMELLIA128-SHA
Choosing convenience over security with continuing to allow known weak and broken ciphers, PCI just lost all credibility. May as well dissolve it.
What is wrong with AES CBC ciphers in TLS 1.0 with record splitting? A workaround known and implemented since at least 2002?
Honestly the credibility lost for me was crying wolf on TLS 1.0 without supporting technical merit. This is a fixed problem for vast majority of clients.
Any ideas how FAA's own interpretation of the "special rule" for model aircraft would allow them to continue with drone registration?
https://www.faa.gov/uas/media/...
The only out they seem to grant to themselves is general regulation non specific to model aircraft.
A short while ago a drone backed out a few city blocks in California after touching power lines. Unlike fixed wing remote controlled aircraft, drones can take off anywhere including street corners. This, of course means they can come down nearby
-- Into traffic
-- Powerlines
-- Descend vertically into telephony/power equipment, thus bypassing fences.
Kites have caused far worse outages than a few city blocks. People have been electrocuted to death on account of shoes thrown in power lines. Auto accidents daily lead to power outages even though driving is a regulated activity.
No one is saying that these are deliberate but accidents do happen and like your driver's licence helps pay for public education regarding the rules of the road, the potential for error, mistakes and oversight means that there's a public good in ensuring safe navigation of the skies.
I believe promulgation of law based on specific incidents and "feelings" is not in the public good. There must be fact based statistical account of actual harms. All proposed solutions must be merit based considering harms imposed by the solution as well as evidence of effectiveness of mitigating original harms. Lawmakers must be made fully aware of underlying evidence prior to rendering political considerations.
Failure to govern leads to shit like:
Terrorists use encryption therefore encryption must be outlawed.
Baseball bats and frying pans have been used as deadly weapons therefore they must be registered or banned or not sold to anyone on a "no fly list".
Since the majority of domestic violence incidents happen at home with many tens of millions affected government must require cameras and microphones in every room of every home to keep people safe.
I can go on forever with this crap. Just being pissed off your lights went out is far from evidence drone regulation makes sense.
Utilities are like consumer router manufacturers. They don't give a shit about security and they don't even try.
Remember seeing this back at the beginning of 2013. Why does it take three years for one single solitary status code to be "approved"? There sure as heck was not continuous ongoing work or discussion commensurate with the delay.
I often get the distinct impression nobody including authors actually care about documents they are working on.
Have you read the act?
Have you?
Try that first before equating the United States with Nazi Germany
I find it interesting when people invoke Godwin in a dismissive tone as if people are crazy for drawing comparisons. Nazi Germany was allowed to occur because of a whole series of events and defects in human character which really do have parallels everywhere.
The act clearly states on page 1740 that personal information needs to be removed from data that is shared.
You misunderstand the context. This is for sharing of data already in possession of the government with non government consumers. The point many people find objectionable /w CISA is summary transport of their data to the government with no legal recourse... This does not address that. It only addresses retransmission outside of the government domain.
act also states that any violation of this will require notification of the person if this is not followed.
You mean this:
"any United States person whose personal information is known or determined to have been shared by a Federal entity"
This is a continuation of the same misunderstanding above. What matters is the information flowing **INTO** the government.
The act also states that privacy and civil liberties factors are included.
The entire point of the bill is wholesale bulk collection without legal recourse. Nobody gets in trouble for sharing data about actual threats with the government.
Before people need to read the and attempt to understand before jumping to conclusions.
Good advice.
The majority of network break-ins are as result of companies or governments being asleep behind the wheel. There needs to be monitoring to find when break-ins happen.
Companies and governments asleep behind the wheel will now wake up and monitor their systems to find when break-ins happen ...because CISA exists?
I am waiting for a coherent example of who this helps or who in the past this would have helped. Which company has ever gotten in trouble for sharing in good faith information about threats they face with a government agency?
When break-ins happen companies need to be able to share signatures to look for break-ins on other networks.
What prevents people from sharing signatures today? Where are all of those lawsuits from use of existing managed security products?
My guess is there will be procedures that state that personal information not relevant to the break-in will need to be removed or destroyed from the information that is shared.
I vividly recall picking my nose watching c-span when amendment after amendment to clarify and correct these very issues were systematically defeated.
There is shit for requirements of filtering information going into the government system. Once in the system filtering requirements (e.g. suggestions) apply only to propagation of information out of the government domain.
There are well over a million incidents of violent crime in the US every year including four 9/11's of people killed each and every year. Yet people elect to freak out about rounding errors... Could his have anything at all to do with 24x7 terrorism propaganda being piped out of the media?
Millions of people are treated at hospitals for falls every year roughly another four 9/11s worth of death by falling each and every year. Nobody spends any time reporting on falls or murders of random "unimportant" people.
The people who WANT YOU to be AFRAID are the Media and the Government because fear increases viewership and makes those governed by "consent" more willing to cede power to government.
Meanwhile CES is busy creating unnecessary bottlenecks where people who have not been checked for WMD will mass in the name of safety for their own protection.
In the end, people and companies just don't want to pay for anything if they can.
Companies will beg you to take their money if it supports something they care about. Having nobody to call when SHTF scares everyone from the bean counters to the IT trenches. This is why RedHat makes bank.
As a result, open source companies need to find other income streams and everybody tries to "opt-out" of that if they can.
If your new business model involves whoring out your integrity who is going to want to do business with you?
There is a troubling trend in media to give a voice to nonsense. Reporting anonymous twitter messages or the ranting's of fools to cherry pick or reinforce narratives that may very well have no basis in reality.
If you want to report on what people think about a subject then conduct a poll. Random quotes from random folks are completely worthless.