Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:I don't come to slashdot for these stories (Score 5, Insightful) 433

Spoken like someone who wasn't around when Jon Katz was writing his "Voices From The Hellmouth" columns, after the LIttleton massacre when nerdy teens were suddenly public enemy #1. As an old-timer, this looks exactly like the sort of story I'd expect /. to link to and discuss.

Comment FAIL. (Score 4, Interesting) 101

Google has not correctly implemented DNSSEC. If you send them a normal DNS query and the response is not validly signed, they just pass the answer back to you without any indication that it's invalid. They only tell you that the answer failed to validate if you set the DO ("dnssec okay") or AD ("authentic data") bits in your query, which almost no DNS clients currently do.

If the answer is invalid, a validating name server is supposed to respond with SERVFAIL, so that even if the client doesn't know anything about DNS security, it will still be protected against spoofing. Google is claiming to provide protection against spoofing, and then they aren't providing *any protection at all*.

If you want DNSSEC protection, you're still going to have to run a validating name server yourself: either BIND 9 or Unbound. (Disclosure: I'm a BIND 9 author.) It is, nowadays, extremely easy to configure a validating name server using BIND 9; in any version since 9.8.0, a one-line named.conf will do it:

options { dnssec-validation auto; };

Run named with that configuration and "nameserver" in resolv.conf and you're good to go. Google public DNS is not ready to trust yet.

Comment Re:There are other options for DynDNS only routers (Score 1) 223

In fact, you don't need a dynamic DNS provider at all. My home router (a Netgear WNDR3700, costs about $85) is running CeroWRT, which includes BIND 9, which takes care of dynamic DNS by itself. It also does DNSSEC validation, and serves a dozen or so DNSSEC-signed domains. It's also my web server, IPv6 tunnel endpoint, shell server, and a passel of other things. Current uptime 224 days. Consumer router hardware can do a lot these days.

(Full disclosure: I'm a BIND 9 author and helped with the CeroWRT port.)

Comment I just want a bundle discount (Score 1) 722

I totally recognize that this is a stupid reaction, but if service #1 costs X dollars and service #2 costs Y dollars, I want a little lagniappe if I purchase both--the bundle of services #1 and #2 should cost an amount less than X+Y.

If they'd announced that streaming was $9 and DVD's were $9 and the combination would be discounted to only $16, I would have been sad about the price increase but a lot less irked, even though it still would've been $16. At least it isn't $18, I'd think, and I'd pay up. But they made each service $8, and didn't discount the bundle at all, and so it grates on me.

Marketing fail on their part. Rationality fail on mine.

Comment Re:latest BIND not affected (Score 4, Informative) 144

That's because the latest BIND was released specifically to patch this vulnerability. They just didn't really tell anybody about the vulnerability until after 9.7.3 was released.

That's not correct. The locking bug had already been fixed in 9.7.3b1, a month before it was found to be exploitable as a DoS. When we did find that out, we consulted with vendors and decided to continue with the releases in progress.

Comment And of course... (Score 3, Interesting) 113

Those of us who are a certain age and were geeky enough to read Danny Dunn books know exactly where the CIA got this idea.

(Luckily Danny was able to destroy Professor Bullfinch's notes so the CIA wouldn't be able to replicate the much better dragonfly he'd invented, so they had to fall back on tiny, impractical gasoline engines instead.)

Comment Re:Ares = manrated, Falcon = cargo. (Score 5, Informative) 352

Actually, the Falcon 9, unlike most reusable boosters, was designed in advance to carry humans. It meets all of NASA's requirements for a human-rated vehicle except for an escape system. SpaceX has stated their intention to dot that final i within a couple of years. The Dragon spacecraft they're designing for the Falcon 9 will support a crew of 7.