Comment Re:DDoS solved in IPv6 (Score 1) 137
Even discounting the spoofing possibilities your proposal would mean that anyone who uses baidu from outside china will find themselves cut off from github. I expect that isn't what github wants.
Even discounting the spoofing possibilities your proposal would mean that anyone who uses baidu from outside china will find themselves cut off from github. I expect that isn't what github wants.
The whole internet standards process works based on "asking nicely". You can tell people they shouldn't use an option or even that by using that option they will be non-compliant with the latest version of the standard but you can't really stop them from using it if they decide that compatibility with old clients outweighs security.
dunno whereabout in europe you live but here in the UK it's still fairly common to see traditional doors/frames with only a single point lock and with the door hung so it opens inwards. A well-aimed kick, a handheld battering ram or a correctly placed crowbar will more than likely break the lock from the frame on such a door.
and trying really hard to do it wrong.
Putting everything internal on one network is the lazy option. Seggregating stuff onto VLANS is extra work and cost and is only generally done by places large enough to have an IT department.
And the thorny issue is that this license is not compatible with the GPL. That's why projects have to modify the GPL to make a specific exception for it.
Exactly and in most cases the exception says "openssl". Does a slightly patched version from a distro still count as "openssl"? Does a forked and renamed version with substantial changes still count as "openssl"?
AIUI people (and retailers) take them seriously enough that game developers typically choose an ESRB rating and then tailor the content of their game to hit it (this tailoring can happen in either direction). In particular they try very hard to avoid the AO rating as many retailers refuse to stock games that have it.
Which ESRB rating they try to hit depends on the audiance they have in mind.
There was a big blowup with GTA san andreas about a minigame that was disabled but not removed causing the ESRB to re-rate the game as AO with a subsequent replacement of most stock in the retail channel and a class-action lawsuit (though the number of members of the class who actually claimed anything was pretty small)
Theres also a thorny license issue, some projects released under the GPL make a exception for openssl and it's not always clear whether that would apply to forks of openssl.
Maybe
With ssh the original project had moved to a propietary license so linux distros that only accepted free software had to go with a fork or stick with a very outdated version. With openssl the original project is still alive. So the developers of linux distros will have to have a big argument over whether the reduced security exposure outweighs the reduced feature set.
because the larger an epidemic grows the more expensive it is to deal with and the greater the chance of an infected person escaping and starting an outbreak elsewhere. The ebola epidemic got big enough to suck badly for the three main countries involved and there were a few minor outbreaks in other countries but fortunately the outbreak was contained in time to avoid any signficant outbreaks in the rest of the world.
2K had rail, dunno about the original.
If the shit hits the fan at a domain registrar there is a good chance your domain will remain active but with no way to reconfigure it until things are straightened out. If the shit hits the fan at a hosting provider there is a good chance your server will disappear.
So putting both at the same place seems stupid to me.
My question is how could OpenSSL still have had this potential backdoor? Why was this not removed at first opportunity?
The trouble with removing old/weak modes is that you break interoperability with systems that only support those modes. Implementations that were limited to export modes only didn't disappear the instant the export restrictions were lifted. In some cases old versions of software stick around for many years because there is some problem that blocks upgrading.
So someone has to make the difficult call as to when the risk posed by supporting the old/weak modes outweighs the interoperability issues that will be caused by removing support for them. Inevitablly making changes is harder than doing nothing so said calls tend to err on the side of "too late" rather than "too early".
Furthermore SSL/TLS is supposed to protect against downgrade attacks. So removing support for old modes doesn't seem as urgent as it otherwise would be. Recently however we are finding that the protection against downgrade attacks is not as good as it should be.
The thing is with a petrol/diesel/lpg/etc powered car you can drive until the tank is nearly empty. Then at a conviniant location along the route stop, fill the fuel tank, go to the toilet, stretch grab a snack etc and be back on the road quickly. Especially if you have more than one person in the car and so can share the burden of driving this allows travelling for long periods with minimal stopped time.
With an electric car so far you can't do that. You have to go out of your way to find a charging station (which are far less common than petrol stations) and then wait a considerable time for your vehicle to charge (how long depends on the particular station but even tesla superchargers which are few and far between apparently take 40 minuites to bring the car to 80% charge)
What about vets? do they take any oaths that would prevent them acting as executioners or assisting in the planning?
Like all companies, they are worth what someone is willing to pay.
And like all companies some sucker paying $x for y% of of the company does not imply that there is anyone who will pay $(x*y/100) for the whole company.
The key elements in human thinking are not numbers but labels of fuzzy sets. -- L. Zadeh