Generally when I try to set up HTTP/SSL in Apache, I get warnings that I can't do virtual hosts for SSL. In fact, I was able to force this through in the past. But I think there's supposed to be some issue with it. I think it's something along the lines that if a connection is encrypted, the server doesn't know what the URL is until it's decrypted, and it can't really decrypt until it knows what the virtual host is. Something like that....

So does it mean that adoptions of HTTP/SSL everywhere will be the end of virtual hosting, and then force each web domain to have a different IP address?

This image is utterly astonishing. When I was young, it was assumed that we would never see any other solar system as more than a point of light, or one point of light for each star in the system. Now this stunning resolution. Therefore I need to do a reality check on the resolution.

From the wikipedia page about the Chile telescope, resolution is about 10^-7 radians. From the article, distance is about 450 light-years. From the wikipedia article about light-years, one light-year is about 10^-13 kilometres. In "bc" I get this.

10^-7 * 450 * 10^13
450000000

In other words, about 450 million kilometres resolution. That's about the diameter of the orbit of Mars, I think. (I'm too lazy to look it up.) So we should be able to resolve distances equal to about the diameter of the Mars orbit. So that image must be showing orbits that go out to about Neptune, which goes at a radius of about 4500 million kilometres. Well, that kind of makes sense. But it's still utterly astonishing resolution at that distance. I wonder what they get in the 4 to 10 light-year range. And when the next telescope comes long, it will be even more breathtaking. The following is in the wikipedia article on the Chile telescope.

"Although it is designed to have a resolution 10 times greater than that of Hubble, it will be superseded in 2024 by the Square Kilometre Array in South Africa and Australia, that will have 50 times the resolution of ALMA."

One way to get around the difficulties with zero gravity for eating would be to install a "hamster wheel" inside the space station which would give at least the Moon's level of gravity, i.e. about a sixth of Earth's gravity, or the surface gravity of Mars, which is about 38% of Earth's. Of course, this would disturb zero-gravity experiments due to the inevitable "gravity noise" from the hamster wheel, but some sort of isolation mechanism could be introduced. After all, whenever astronauts move around, they are introducing "gravity noise" into zero-gravity experiments. So it can't be that bad. And the hamster wheel could be helpful with gyroscopic stabilization. Within the hamster wheel, astronauts could eat normal Earth food, and do other things for which gravity would assist.

In 1972 at Adelaide University, we got 4-hour turn-around on our card decks. Half the time (at least), we got a print-out from the line printer which had two pages of octal dump centred on the location where the program bombed. So we could edit the cards and re-submit them a few times a day. We got 2-hour turn-around if we were on good terms with the girl who loaded the card batches into the reader. One good thing about the old 80-column IBM hollerith cards is that they were the best book-marks in the world. I wish I hadn't thrown away my last box of 2000 cards. They would have come in handy for my current book collection.

Using the card-decks had one great advantage. It discouraged software bloat. If you wrote a 10,000 line program, that was 5 big boxes of cards. You'd need a cart to move them around. Young people these days have no self-discipline when it comes to bloat.

Sometimes between the age of 15 and 16 years, one's point of view may change. Maybe like King Asoka, who killed 100,000 people and then became a peaceful Buddhist because he realised the futility of destruction.

First, it's not that odd that teenagers are doing a bit of recreational hacking over the holidays. For some people it is a hobby, and what better time to indulge in one's hobby than over the holidays. Take into account also that during the holidays, one does want to check out holiday specials on the Met Link web site, especially if one is a poor teenager. And if that teenager just happens to know the basics of HTML, PHP, MySQL, etc., one does tend to notice that a site has a vulnerability. I often see these sorts of blunders by web developers, but when I report them, nothing happens and they are not fixed a year later. I don't "have a look" to see if the vulnerability is serious because that is not my hobby. But for some people, that's a hobby. When I was young, we used to hack radio and TV sets over the long Xmas holidays in Adelaide because summer holidays are very long if you can't afford an away-from-home holiday.

And on the subject of the ethics of saving 600,000 people's private data from falling into the hands of black-hats, look at this example.
1. You see a house on fire and a kid is trapped inside.
2. You break the window, grab the kid and bring it out to safety.
3. You get arrested for breaking and entering, and abducting a minor.

Of course, all burglary is criminal and all abduction of minors is criminal.
Solution: Let the kid die in the fire.
Nope. Luckily the police and judges are not idiots.

It looks like positive coverage to me.

http://www.neowin.net/news/teenager-reported-to-police-after-reporting-vulnerability-in-government-website

There are just a couple of comments speculating about where the boundary between "having a look" and hacking lies. Ultimately, I think it's PHP that must be blamed for 90% of all of the hackable sites, and the programmers who use PHP in a weakly structured way. And maybe the maximum blame goes on the software outsourcing managers who think only of budgets and deadlines, while forgetting about security. So-called "risk management" by insuring against intrusions and making the contractors take out liability and indemnity insurance is a very ignorant way to protect a web site. The best form of protection is well-structured code which passes all HTTP and SQL interface events through well engineered security modules.

Nope. Probably not a troll.
But I thought I'd throw in my 2 bits anyway.
I haven't posted on slashdot for years.
So I guess this is a great opportunity to test if I can use the new GUI.
The new GUI is nice.....

Anyway....
The best policy is out-in-the-open.
Bruce Schneier doesn't use pseudonyms.
My only pseudonym on the internet is this slashdot account.
My other slashdot account has my real name...
AUK.

Yes and no.
Chimps have been well documented to have tribes no larger than a hundred or so. Aiello and Dunbar published studies showing a strong positive correlation between the range of vocalizations and the size of social groups in a wide range of species of monkeys.

The point here is that it is difficult to know who is "us" and who is "them" if you don't have language. It is difficult to identify so many individuals. (By comparison, humans need team uniforms to distinguish teams when there are more than 2 or so on each team.) But language permits you to very quickly identify an outsider from your group. Therefore language capability enables super-tribes or clans of thousands to be formed. That was really my point, that _big_ tribes can be formed when you've got language, and the incoming homo sapiens had that sort of language, and almost certainly that kind of large-tribe bonding.

Actually just about nothing in palaeoanthropology has a "real foundation in facts". I qualified my number by the words "about" and "probably". I think that is a sufficient indication of the lack of confidence and precision. Don't you think so? Otherwise you have to just give and say we know nothing.

The number 250,000 is not far from the median of what people think of as the beginning of language, I think. And remember that we could also argue that chimps and lemurs have language. By this definitions, humans got language 6 million or more years ago (probably). If you ask for something a bit more like modern language, you might have to say about 100,000 or less years ago (probably). I don't think a slashdot item is the best place to expound all the theories of palaeolinguistics.

(This is the original item I posted, accidentally as AC, which makes the item almost totally disappear.)

In my (humble) opinion, it is no coincidence that the explosion of cave art about 40,000 years ago in Europe shortly preceded the extinction of the Neanderthals 35,000 years ago. The subject of cave art was mostly hunting scenes, where the modern humans could teach each other what to do during the hunt and learn vocabulary etc. The Neanderthals apparently did not have cave art. So they would not have been anywhere near as skilled at hunting in groups.

So into Europe come these humans, which were very highly trained group-hunters, against Neanderthals who could not hunt anywhere near as effectively, partly because of very poor language ability. So first, the modern humans would out-compete the Neanderthals for resources. But secondly, the Neanderthals would not be recognized as fully human because they could not speak in such a sophisticated way. So the Neanderthals would seem like animals.

The reason cave art is mostly about hunting scenes is that teaching vocabulary for static objects can be done with the objects themselves. For fast moving objects like prey, you need to have drawings, and caves are the only places where the drawings survived for us to find.

Some people are perplexed that modern humans make war (not love). The reason is clear. The modern human species gained its ascendancy through genocide and cannibalism tens of thousands of years ago. It's programmed into the genes.

Now correct me if I'm wrong, but if the mafiaa's legal theory on "making available" is right, doesn't that mean that any company which makes available software which is easy to turn into a DoS zombie should be held liable. And the people who let their computers become zombies should be held liable for making their machines available to become zombies.

Not only that, those made-available computers actually _are_ exploited for evil acts.

So aren't the purveyors of dodgy software liable for damage caused by DDoS attacks?

Blaming the DDoS controlling people for the attacks is a bit like blaming the downloaders of music/videos for downloading copyright stuff instead of blaming the makers-available.

Just a thought....

That would help to explain the surge in this kind of thing in the last few days.

15:07:13.666770 IP 63.217.28.226.17498 > 158.64.65.65.53: 36407+ NS? . (17)
15:07:13.750783 IP 63.217.28.226.61231 > 158.64.65.65.53: 46118+ NS? . (17)
15:07:13.831834 IP 63.217.28.226.44626 > 158.64.65.66.53: 51544+ NS? . (17)

Except that that source IP address doesn't look like a Network Solutions address to me.

Is it possible that there is a DDoS technique where the source IP addresses on DNS packets to 3rd party DNS servers are spoofed so as to generate the appearance of an attack from a different source? I guess that's what they're saying. But it doesn't seem to multiply the power of an attack much. They just get 17 bytes of DNS response from each 17 byte request.

It's all a bit confusing really....