Comment Re:DNSSEC HOWTO? (Score 1) 77
Since no one mentioned yet, http://www.dnssec.net/ is also a good information site.
Since no one mentioned yet, http://www.dnssec.net/ is also a good information site.
Yes, without doing local resolution, there is a possible vulnerability between the DNS resolver and the host.
Without checking the openssh website, though, I think you can assume that if they don't have local dnssec resolution yet, they will have it, at least as an option, in the future. I.e., there are a number of dnssec resolving libraries available for them to use, so it be a matter of choosing one and patching their code to support it. It's just a question of when.
DNSSEC secures it against hackers, but makes it more
vulnerable to political attacks. Because DNS was designed to be
centralized.
I don't understand. DNS is centralized and is somewhat vulnerable
to political attacks. But how does DNSSEC make it more vulnerable?
(It seems no different to me).
This was a known problem, but they way(sic) until it really is exploited to then fix it with something untested and thrown together.
It's actually something that people have been working on for quite a long time, many years. It's not a last minute attempt to solve the issue.
Just out of curiosity, does that mean you wouldn't mind the same treatment when you go over state borders in your car/bus/train? You'd have the same simple choice of being seen digitally naked or getting patted down and searched by hand. They could set it up at truck scale locations and require all vehicles to stop.
Your same logic would apply. The government would not actually be denying interstate travel. You would be free to walk, ride a bike, or ride a horse without being seen naked or body checked. It would be your choice to get in vehicle, but it wouldn't be required. Is your privacy worth the extra 10-30 days walking? Would that make state border searches okay for you?
Yeah. It would be just like life before 1995.
No it wouldn't. You didn't have to try and opt out pre-95. You could participate in life without having to worry about it following you forever (well, not worry as much anyway).
Pre-95... go to a party, get drunk, act like a complete imbecile. Most of your friends know and give you a hard time about it for awhile and it goes away.
Post-95, five years after that party, the company you're apply to work at finds pictures of you being said imbecile, no job for you.
Pre-95, don't have to worry about your friend taking a picture. The number of people ever seeing it is small.
Post-95, Anyone anywhere could see that picture for the rest your grandchildren's lives.
Social sharing on the Internet is much more invasive than implied by previous statements. It will likely provide more culture changes than any of us can possibly imagine (for good and bad, I'd lean toward mostly good). It would be really interesting to see what will happen in a couple generations.
You're comment has a couple mistakes, it should be 'never ever write in your report...'.
But most importantly, in English you must always start these stories with, "I never though this would happen to me,". Your English teachers were sorely lacking...
Honestly? I'm just tired of the anti-FOX bashing. All of the other TV channels are pro-"we need more government", and it's nice to have at least one channel that is pro-"smaller government is better". As government grows individual freedom shrinks... or worse: becomes chained.
If you think Fox is pro smaller government, I don't think you and I have watched the same channel. If you said they were pro-ratings regardless of the truthiness, I'd agree. If you said they were pro-small government when then they didn't like the current government, I'd go along with it (given the ratings thing has a generally higher priority). But there has been plenty of times they've been pro bigger government as long as they agreed with they government.
Just to cover my bases, yes the other (I guess I'll call them 'news'... no scratch that) tabloid channels are also ratings whores. My qualitative (and definitely biased) personal opinion is that Fox tends to be one of the least truthful and least accurate of TV tabloid channels. My guess is that they are also quantitatively so. But then, I feel like I'm arguing over which performer gave the best show on the Titanic.
Ex-presso is what espresso used to be....
"I have two children, one of whom is a boy. What's the probability that my other child is a boy?"
I must admit that English is not my native tongue but I fail to see how this gives that the FIRST child is a boy. Doesn't "one of whom" implies that it can be either the first or the second?
I am a native English speaker. "One of whom... my other... ", does not indicate a birth order. [unless there is an English dialect I'm unaware of that requires that any time you speak of more than one child in a sentence, you must talk about them in birth order.
In fact, for word problems, the reader can not count on anything that is not explicitly stated. For such questions, this phrasing implies a purposeful lack of information regarding birth order.
...but I remember enough to say that holding a city's computer systems random [sic] (which is essentially what he was doing) certainly deserves a guilty verdict on a count of "computer tampering." You really think it's acceptable under any circumstances for someone to hijack a network like that? Yes, he works there and technically "administrates" those machines, but he has a duty to his employers (ultimately, the citizens), and he was not upholding that duty.
I remember it differently. Either that or this is for some other definition of "hijack", "ransom", and "duty" than the definitions commonly used and found in the dictionary.
"hijack" : He didn't take it over, he was the network admin.
"ransom" : He didn't ask for any ransom, he stated he would only give the password to the Mayor.
"duty" : According to how he interpreted the written job requirements, giving the password to anyone else much less a roomful of known, semi-known, unknown and a phone full of unknown people did not match the written security requirements.
Frankly, from what I've read, I agree. Although, I would hope and expect that the jury has a good deal more information than I have. It does scare me that an ignorant jury could have just been afraid of a "Oh my god!, computer hacker" and convicted him on their emotional response rather than intelligent deliberation. I hope I'm just missing some of the info they had.
Childs not mentioning it in a meeting or conference call, where it might be overheard, is appropriate under the latter policy, but inappropriate given a failure to have initially shared it with the designated central security authority.
I'm not sure what you're trying to say here. "If he failed to have it stored in a central security authority, he should completely ignore all the other policy requirements?". That doesn't make a whole lot of sense to me.
As a completely subjective point of view, judging from the general incompetence, I wouldn't be at all surprised if a 'security administered global password management database' did not exist. In which case, he wouldn't have been able to place his password there.
DNSSEC increases your maintenance costs (constant resigning even if no changes), makes DYNDNS servers harder to run, exposes your zone data, and helps DDOS attacks.
Did I miss anything?
The internet is currently not controlled by anyone but DNSSEC changes this by requiring every domain to have a traceable certificate. Look for greater centralized control by people saying "think of the children" and "this will only be used to combat terrorism". It also pretty much guarantees that new clients will be written to allow DNS lookups in both the "official" root zone and under alternative roots.
I thought I should clear up some worry:
1. DNS does not require DNSSEC. You can still have domains that work just like they do today that do not use the security extensions of DNSSEC. I.e., no more centralized control than you already have today with DNS.
2. On the other hand, I'm not sure what control 'the man' (heh) would have that they don't currently have with DNS. For
3. You can use DNSSEC without providing your public key to the upstream domain (like
Sure. So you get all the hashes in 2 minutes and then you have a month to crack them before the responses change.
The resources needed to crack one-way hashes of a domain: vey high (probably on exhaustive search of the name space, have fun).
The gain of cracking the hashes: the zone file info for that zone.
My guess is the result, assuming it's even realistic to get in a decent time frame (year?, 10years?, how much resources do you have to throw at it?), would not be worth the effort.
To put your anecdotes in perspective: The last time I went to an emergency room in the U.S., it was literally empty, no patients, no nurses, no doctors. I could have been dead on the floor in a large pool of blood for at least 20-30 minutes (I think it was even longer than that but it was at least that long) before anyone noticed. [I didn't have a life threatening injury luckily, but lets just say I was unimpressed with the service]. I have no idea what English ERs are like.
When my brother had his wisdom teeth out, he was laid out for a week. He couldn't eat solid food for most of that time and was completely miserable. He was in the U.S. When I had my wisdom teeth out, I didn't take any pain killers afterwords. I was out the same night and eating just fine the next day. I was in the U.S. I went to the exact same doctor he did. I have a feeling the results you saw may have more to do with the patients, their sensitivity, and their teeth than with the quality of the dental care itself.
In other words, we probably need to look at larger number (i.e. statistics) to get a better idea of which system better serves its society.
New York... when civilization falls apart, remember, we were way ahead of you. - David Letterman
