Sometimes I wonder what kind of world MAFIAA actually imagines. I prefer to assume it's somehow coherent given how much they must have invested into developing this obviously wrong philosophy. Now the question: suppose they actually succeeded and Google went bankrupt. Given that their goal right now is obviously to harm they way we look for information, is there any other system they propose in place of the current one?
I am using OpenSUSE 13.1 right now with ext4 partitions and I am pondering migrating to OpenSUSE 13.2 with btrfs or simply updating the distro with ''zypper dup'' and keeping my ext4 fs.
If you are using btrfs, what has been your experience? Better performance? As stable as ext4?
You can't really say how much disk space you have (especially if you use compression and snapshots), overfilling the hard drive might leave you in a situation when you can't basically do anything other than reformatting the filesystem, and from my personal experience support for directories with loads of files is much worse than in ext4. My advice - don't bother.
"Apparently the researchers didn't analyze OS fingerprints at all."
Did you look into their paper? This is apparently not true. They focused on the ICMP data set but also looked into others, in particular the service probes that you mentioned. One of their validation sets is using that data set.
Okay, point taken about the service fingerprints, but I still see no mention for the OS fingerprints. If they looked at the data format that is there, they could get much more out of the set. (they'd also find more mess by the way as there was some weird bug that destroyed quite a few samples there)
Apparently the researchers didn't analyze OS fingerprints at all. There is some metadata that the original researcher(s) forgot to remove (as well as a lot more mess). Service fingerprints are interesting as well. I did a lot of research on this data set and I have to say that while messy, this is also a really amazing data set. This article is IMHO biased.
I don't get the problem. Do these guys really believe that whatever water you put into creating food is completely gone and will never appear again on this planet?
Hashing is just not going to help there. The DNS domain space is basically so little that it could probably even be bruteforced offline, not to mention web crawlers. You can easily download the rDNS for the whole internet as of 2012 from Internet Census 2012 database for free (http://internetcensus2012.bitbucket.org/paper.html). While it's not forward DNS, I would expect to get a very high match rate just by hashing it all. Definitely feasible.
Agreed. For one, I hoped that Microsoft was took over by a woman, which could mean that finally someone who cares about the look-and-feel is in control of the company. By the way, he's Indian, so it looks like it's a normal name there: https://en.wikipedia.org/wiki/...
I'm surprised to actually find that they chose Apache License for the project instead of their GPL-incompatible MS-PL. I have no idea what Chassis Manager is actually useful for (and a skeptic inside of me tells me that probably nothing unless you pay for their other products), but it's interesting to see that they actually released 36k lines of code as free software.
Personally I think that the biggest problem with Slashdot is the abundance of comments like this. Seriously, it might not meet your standards. I understand. Now get over it and stop wasting my time writing it for the thousandth time or actually submit an article that raises the bar. Whining is not really going to change anything.
Sorry, but I really had to.
There's no such thing as proper architecture at the first try. By programming, you explore the problems you have to face. In "The Mythical Man-Month", Fred Brooks says that it's not first or second system that is correctly design, but usually the third. Rewriting is a part of a process.
You forgot that refactoring might decrease the maintenance costs. It's possible that the developer just found it too hard to add any new functionality to the existing codebase and figured that refactoring is the only way to go. Seriously, it's not always enough for a project to work. Actually, it usually isn't.
I agree. But that's what makes this model useless. We shouldn't outsource trust to CA's, but push it to the users. Let them decide who do they trust. If, after the VeriSign fiasco they don't trust VeriSign anymore, they should be able to revoke the trust without losing the ability to view 1/4 of the internet. Seriously, guys, go watch any Moxie's talk and you'll understand the issue much better.
Does this mean that we'll finally give up on this sick certificate-based trust scheme? It's not like Moxie hadn't proposed his own solutions, even with implementations... why don't we make THESE internet standards? Making encryption stronger is just pointless if you can fake a ceritificate.
I'm under the impression that you're confusing things. Noone said that you'd be forced to run an exit node, or even a relay. I believe it's just about making the protocol a standard.
Slashdot Mirror
Sounds like someone really hates them. First the DDoS, now the compromise...
And add some HTTP authentication so that you won't even be able to contact owncloud without entering password.
Sometimes I wonder what kind of world MAFIAA actually imagines. I prefer to assume it's somehow coherent given how much they must have invested into developing this obviously wrong philosophy. Now the question: suppose they actually succeeded and Google went bankrupt. Given that their goal right now is obviously to harm they way we look for information, is there any other system they propose in place of the current one?
How about we start a Kickstarter campaign to bribe them into actually working? :3
you *will* find out some interesting things, some of the time
This sounds like MUCH better a deal than clearnet to me.
Holy fuck! These pirated K-Cups are going to hurt the whole industry!
I am using OpenSUSE 13.1 right now with ext4 partitions and I am pondering migrating to OpenSUSE 13.2 with btrfs or simply updating the distro with ''zypper dup'' and keeping my ext4 fs.
If you are using btrfs, what has been your experience? Better performance? As stable as ext4?
You can't really say how much disk space you have (especially if you use compression and snapshots), overfilling the hard drive might leave you in a situation when you can't basically do anything other than reformatting the filesystem, and from my personal experience support for directories with loads of files is much worse than in ext4. My advice - don't bother.
"Apparently the researchers didn't analyze OS fingerprints at all."
Did you look into their paper? This is apparently not true. They focused on the ICMP data set but also looked into others, in particular the service probes that you mentioned. One of their validation sets is using that data set.
Okay, point taken about the service fingerprints, but I still see no mention for the OS fingerprints. If they looked at the data format that is there, they could get much more out of the set. (they'd also find more mess by the way as there was some weird bug that destroyed quite a few samples there)
Apparently the researchers didn't analyze OS fingerprints at all. There is some metadata that the original researcher(s) forgot to remove (as well as a lot more mess). Service fingerprints are interesting as well. I did a lot of research on this data set and I have to say that while messy, this is also a really amazing data set. This article is IMHO biased.
I don't get the problem. Do these guys really believe that whatever water you put into creating food is completely gone and will never appear again on this planet?
What do you think about Slashdot's Beta?
Hashing is just not going to help there. The DNS domain space is basically so little that it could probably even be bruteforced offline, not to mention web crawlers. You can easily download the rDNS for the whole internet as of 2012 from Internet Census 2012 database for free (http://internetcensus2012.bitbucket.org/paper.html). While it's not forward DNS, I would expect to get a very high match rate just by hashing it all. Definitely feasible.
And there's already a comment there: http://blog.erratasec.com/2014...
...or just stop treating the obese. It might turn out to be a cheaper option.
Agreed. For one, I hoped that Microsoft was took over by a woman, which could mean that finally someone who cares about the look-and-feel is in control of the company. By the way, he's Indian, so it looks like it's a normal name there: https://en.wikipedia.org/wiki/...
I'm surprised to actually find that they chose Apache License for the project instead of their GPL-incompatible MS-PL. I have no idea what Chassis Manager is actually useful for (and a skeptic inside of me tells me that probably nothing unless you pay for their other products), but it's interesting to see that they actually released 36k lines of code as free software.
Personally I think that the biggest problem with Slashdot is the abundance of comments like this. Seriously, it might not meet your standards. I understand. Now get over it and stop wasting my time writing it for the thousandth time or actually submit an article that raises the bar. Whining is not really going to change anything. Sorry, but I really had to.
They already kind of did that on 30C3 when Assange spoke: https://www.youtube.com/watch?v=hzhtGvSflEk
There's no such thing as proper architecture at the first try. By programming, you explore the problems you have to face. In "The Mythical Man-Month", Fred Brooks says that it's not first or second system that is correctly design, but usually the third. Rewriting is a part of a process.
You forgot that refactoring might decrease the maintenance costs. It's possible that the developer just found it too hard to add any new functionality to the existing codebase and figured that refactoring is the only way to go. Seriously, it's not always enough for a project to work. Actually, it usually isn't.
I can't find a link to that in TFA nor in this thread. If you have one to hand, would be much appreciated.
There you go: https://www.youtube.com/results?search_query=moxie+marlinspike+ssl
I agree. But that's what makes this model useless. We shouldn't outsource trust to CA's, but push it to the users. Let them decide who do they trust. If, after the VeriSign fiasco they don't trust VeriSign anymore, they should be able to revoke the trust without losing the ability to view 1/4 of the internet. Seriously, guys, go watch any Moxie's talk and you'll understand the issue much better.
Does this mean that we'll finally give up on this sick certificate-based trust scheme? It's not like Moxie hadn't proposed his own solutions, even with implementations... why don't we make THESE internet standards? Making encryption stronger is just pointless if you can fake a ceritificate.
Provided it's not Watson: http://www.news.slashdot.org/story/13/01/10/2315252/ibms-watson-gets-a-swear-filter-after-learning-the-urban-dictionary
I'm under the impression that you're confusing things. Noone said that you'd be forced to run an exit node, or even a relay. I believe it's just about making the protocol a standard.