Am I the only one wondering how they get a CA to sign the certificate? Seems like an interesting opportunity for someone within CloudFlare to get their own SSL certs signed, and MITM to their hearts content.
Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
In this context, something like tor or a socks proxy would also qualify as spoofing ones IP address, and could throw an ICBM on the wrong track. Just saying.
Not strictly true. You can do it easily if you are on the path normally taken to get to the spoofed IP. For example, see Linux TProxy.
The main constraint preventing it in the general case is the difficulty of guessing the sequence numbers.
Ah, that would be 0.99p13, I know there was a gap there somewhere.
The achievements in the rest of this paper far outweigh the existence of a tablet built on this foundation.
They've created their own 64-bit processor! They've implemented a compiler for it! They've ported FreeBSD to it! That's some seriously impressive stuff!
But the leader has to be the laser cut tablet assembly.
Noone has to intercept anything, or maintain a session. Just TCPdump the lot, and look at it later.
That is, unless they are trying to intercept SSL, which they COULD do, as a CA cert controlled by a Chinese company has been added to most browsers already.
Alas, this hack won't do it:
In other words, this design is powered with a power source that isn't even available until the iPhone/iPod is booted up.
I guess you could fix that with an appropriate external power supply; a little wall-wart and some appropriate voltage regulation.
A USB-serial adapter like the CA-42 (powered from the PC on the other end) would be perfect for that purpose. Check out all the OpenWRT or similar "serial console" articles.
Amongst other things, I suppose.
It would be interesting to try listen on this serial port to see if the device emits any messages while booting up. Some trial and error on the baud rate may be required, of course.
Dominic chose to start his efforts to remove the evercookie with Safari. Others have tried with Chrome and FF, etc. No browser is immune, although those that do not support HTML5, or flash are a lot better off.
I recently bought an HP 6730b laptop on auction. I took it out of the container, and turned it on (without attaching the power supply). It's pretty snappy, and seems to be in good nick.
Perfect for my mother, I thought.
I plugged the charger in, and started installing Ubuntu. Good God! It's taking an AGE to even go through the POST, never mind running the OS. Shit! And the auction specified no returns if the OS has been changed! Now what?
Xorg is taking 80% of the CPU, just moving the mouse around. WTF!?
Long story short, it turns out it is the aftermarket power brick that is to blame. Unplug it, run it on battery, works like a dream. Plug it in, and it all goes to shit.
Check the voltage on the brick - all according to spec.
Looks like it is time to get a genuine brick for my mom.
My only thought is that the laptop is spending more time cycling between power saving (C3?) states that it actually does executing the instructions it has been given. Can anyone explain this behaviour better?
I have bought a Buffalo WZR-HP-G300NH, and couldn't be happier with it.
4 GbE ports (plus one GbE downstream to an ADSL modem in bridged mode), 32MB flash, 64MB RAM, 1 USB port. Supported by OpenWRT.
While ideally I'd also prefer an integrated ADSL + all of the above, the reality is that they are few and far between (meaning: I couldn't find one!) The advantage of the separated configuration is that should the ADSL modem be fried (e.g. by lightning), with any luck, the more expensive router might survive.
One thing that a lot of people are ignoring is that Thawte FreeMail certs are used by a lot of small developers to publish Java apps, and this would kill off that ability quite quickly.
That said, I have not seen a word of this on the Thawte web site, which makes me wonder if the submitter is trying to perform a DoS on Thawte for some reason, and are tricking the slashdotters into being that DoS. The page linked takes an enormous amount of time to decide that there is nothing to return, meanwhile slashdotters are beating on the server over and over. Sorry for the OP, though. The rest of their site still seems to be just fine.
Care to elaborate a little?
What do you consider a "proper OS"?
I did some work for a local bank, and their ATM's were running Windows XP (not embedded), IIS (can't remember the version), and IE. This was to allow them to serve "rich content" (movies, images, animations, etc), without having to write it all themselves. The ATM just had IE talking to IIS, and displaying the results in "kiosk mode". The buttons on the sides of the screen were mapped to keys on the keyboard (I think), and that's how it ran.
I specified a full set of ports that needed to be accessible to the ATM controllers, and that was all that was supposed to be accessible from the network.
However, if you can get access to the back of the machine, it has a second monitor, keyboard and mouse, and you can access the OS, and do whatever you want to do. I *THINK* that the keyboard and mouse were locked away in the vault (or at least behind a door), but the hardware itself is pretty standard PC, so I don't imagine that it would be particularly difficult to add a USB keyboard or mouse and gain access when rebooting the device. Maybe even boot from a USB disk or similar.
The reality is that if you have physical access to practically anything, it is game over.
Personally, I would have been a lot happier to see a stripped down Linux kernel + minimal OS, BIOS passwords, bootloader passwords, etc than the entire Windows stack. Less to verify == more security.