Trust is gone
If you've got Comodo's browser installed on your machine or using certificates issued by them on your server, get rid of it.
107 posts • joined 13 Aug 2008
If you've got Comodo's browser installed on your machine or using certificates issued by them on your server, get rid of it.
Just grab the specific version you want directly from the "FTP" site.
"in a space that is highly competitive and getting more so as cable companies and other new entrants aggressively compete."
Seriously, on what planet does AT&T live? Or maybe it's the drugs...
Does anyone with one of these devices know what the strip size was (erroneously) set to at the factory?
In all of the RAID controllers I've worked with over the past decade (granted most were Dell/LSI branded), the default strip size has been 128KB, and tweaking the value has never resulted in a 6x to 7x performance difference for my benchmarks. But considering I don't even know the typical use case of these Cisco devices, it could be an apples to oranges comparison.
@toughluck: Everything sounded great until you said "If you're using a HDMI 1.4 compliant cable". There's no such thing as an "HDMI 1.4 compliant cable". That's a marketing thing (just like contrast ratio). There are only four types of HDMI cables.
Standard with Ethernet
High Speed with Ethernet
HDMI 1.4 is a software specification, not a hardware specification. A cable knows nothing about software, because, well, it's hardware. It's like saying an ethernet cable is "IPv6 compliant"
If that's what the domain owner has declared, then yes. It is. That's what ownership means.
So when user B doesn't get user A's email because user B has configured a forwarder and the email is rejected due to a violation of user A's SPF record, it's user B's fault?
Well, you have some strange ideas about SPF and make that claim. I use it, and would not. Perhaps you might like to wonder if there is more than just mere correlation to that...
I HAVE been using SPF for a long time now, mainly because of "hey, it's one more thing you can try to make email deliverability work better". The fact that I say it's a joke doesn't mean I say no one should use it. It means don't put much faith behind it.
And the fact that you use it and would not make the claim that it is an ineffective anti-forgery system does not make the opposite true. Please do share anything that was not true about my anti-forgery statement.
If a domain owner lists the servers that may send email for his domain, and declares all other servers to be fraudulent if they try, then that is the decision of the domain owner.
So you're saying that some regular old joe that knows nothing about SPF or even DNS who sets up his email address to forward to another email account is equivalent to him trying to forge the original sender?
And it's effectiveness as an anti-forgery system is a joke. The envelope sender can be something that passes an SPF check with flying colors (or even has no SPF record), yet the From header in the email is what the end user actually sees. How many people do you know that are smart enough when they receive a "suspicious" email to view the headers to see if the From header matches the Return-Path or trace the Received headers to find the originating server?
By all means, have an SPF record on your domain. It (sometimes) helps deliverability. But don't think that it stops me from being able to send out email that convincingly looks like it's from you.
If you are simply forwarding mail, that has a tendency to break someone else's SPF rules
This is my point exactly. SPF falls down when someone has their email address set to forward elsewhere, because the original sender didn't "authorize" their email to be sent by another other server. You can't rely on every mail server out there that allows email forwarding to another server to have implemented SRS.
It also doesn't "stop SPAM" in and of itself. It simply makes it where someone can't impersonate your email address in the envelope sender. Spammers could just as easily create SPF records for their own throwaway domains authorizing the world (but luckily they rarely do).
SPF is a pretty big joke. If you are (incorrectly) using it to outright block mail versus using it as a scoring system, you're going to get false positives. Using it as a scoring system, it holds so little weight, it barely factors in to the overall spam score. That combined with the fact that spammers can just as easily set up an SPF record to authorize mail from anywhere (but luckily they are generally not that smart), it's never really lived up to its original hype.
Hmm... This has got to be some elaborate scam or something to try to get rich selling junk.
Like others have said, no mention of hash rate, which is key for bitcoin mining. Also, just read the "testimonials", which all appear to be made up
"If I were 21 today, I'd learn Bitcoin" - Marc Andreesen, Inventor of the web browser
"Bitcoin could be the internet's next big protocol" - Padmasree Warrior, Former CTO of Cisco
"Are you a developer? Then you need to get a 21 Bitcoin computer" - Ben Horowitz
Ahhh, the beauty of using MySQL. Silently truncating your data for decades.
Can I get an explanation for why these two things are actually separate to the point where one demands metering and the other not? Except for, you know, "marketing segmentation we want to impose" kind of reasons?
Seems pretty obvious to me. It's a lot easier to suck up a huge amount of bandwidth by tethering a laptop to a cell phone's data connection than being restricted to the capabilities of the phone/installed apps. Then there's also the fact that you could use tethering to set up a mobile hot spot for others that do not have unlimited data, thus "reselling" your unlimited data plan to others for free. Now you have people that are not paying T-Mobile a dime but potentially using a lot of their bandwidth.
If the problem was REALLY wide spread (which it's not), you have the situation where T-Mobile thinks "we have X million customers, so we need Y infrastructure", when in reality they would have X million customers + however many mobile hot spot users are tethering for free.
Although I largely don't agree with the nonchalant way carriers throw around the word "unlimited" nowadays, T-Mobile clearly defines it.
If you look at their FAQ:
Doesn’t Unlimited mean Unlimited? How can T-Mobile advertise Unlimited 4G LTE when T-Mobile doesn't offer it on all T-Mobile devices?
Yes, at T-Mobile, unlimited mean unlimited. Every T-Mobile Simple Choice™ Plan includes Smartphone Mobile HotSpot at no extra charge, and when customers reach their paid high-speed data allotment, speeds are reduced so they never worry about overages. Our standard Unlimited 4G LTE smartphone plan includes unlimited high-speed data on your smartphone and also comes with 7 GB high-speed Smartphone Mobile HotSpot data, followed by unlimited reduced-speed Smartphone Mobile HotSpot data.
Regular, non-tethered 4G LTE is unlimited. The ability to use your phone as a hotspot is an add-on they give you for free. They're also talking about people who are deliberately circumventing the check put in place to avoid people abusing the free tethering.
For comparison, I am on a grandfathered AT&T unlimited data plan, but I don't have any (legal) tethering allotment, because that's a paid add-on.
I guess this really shows the direction of the world today when a phone has an explicit scene mode called "food".
"AT&T also claims that it did let its customers know about the constraints it was imposing by posting a disclosure online and texting customers – once – about the fact they would have slower speeds past a certain monthly data usage."
I've had an unlimited data plan through AT&T since the last year they were offering it (2010 I think). I never received a text message from them about throttling speeds after a certain usage. Granted my usage is well below anything that would set off alarms (generally less than 1 GB because I'm on WiFi so much), but unless they (erroneously) only notified actually abusers, I never received their alleged "head up" message.
You do realize that something called libel still exists, even in the days of the internet, and it's illegal, right? Whether this will constitute that is up to the courts.
"You could route VOIP through your VPN/Firewall so that your calls from home are coming from work."
And if your work uses a traditional PBX without VoIP support? Maybe the UK is different, but VoIP is far from universal in the US for businesses.
Although I wouldn't necessarily say that "not a lot of people permit root login any more" (at least intentionally), in Debian Jessie they finally made the default config option "PermitRootLogin without-password" to help with people that just run out-of-the-box setups.
You realize that the two reports are measuring two different things, right?
Sea ice extent vs Sea ice thickness
Which one is more important? I would imagine volume is a bigger deal than surface area, considering you can have a little visible surface area with a lot volume (and vice versa), but I'm not a climatologist (for lack of a better term).
"They certainly do with Silverlight. Still do with Silverlight."
Technically it is not being overridden. It is released under a new KB number, so it's treated like a different update.
And just like that, the flag which has been around for over a century has suddenly become "offensive imagery" overnight and requires immediate eradication. This is the state our world now lives in.
Why mess with Ghost when CloneZilla does it for free (and with a Live CD/USB)?
"In particular, Verizon said that while it can lay fiber under the streets, actually getting it into buildings is another matter."
Hmmm... Maybe they shouldn't have come up with that agreement if it's something they couldn't do, eh? The article doesn't make it clear if this was some sort of signed contract or just mutual agreement.
Backblaze also created a home grown solution to large quantities of data storage, also using Reed-Solomon versus traditional hardware RAID. It has some pretty impressive scalability (in theory). Some of the concepts seem similar to Facebook's solution, although they didn't put much focus on reducing power consumption and the like.
It's a very interesting read
The situation we are in now is a little like trying to put the toothpaste back in the tube.
You can run an implicit SSL SMTP server on port 465 (port 993 is IMAPS, btw) and other could connect, but a much larger percentage of the SMTP servers out there don't do this versus those that do. The only way you would know is if you attempt a connection first (which will most likely fail), and then you have to fall back to regular port 25 anyway, thus increasing the overhead for sending emails.
Fundamentally, an implicit SSL connection and a clear text connection where you issue STARTTLS are the same, but the advantage of STARTTLS is that you only have to connect to one port (which should always be open for any public SMTP server), and you can then secure up the session. Granted, you might have the fallback to an unecrypted session depending on the client/server config. It is possible to set up some SMTPd servers to require TLS when connecting to remote servers, even by using STARTTLS, but you still end up in the same situation (many servers do not support it).
Now, if the government enable STARTTLS functionality for inbound and outbound, it still relies on the other client and server to support it. They can't force that to be the case, and if it's not supported on the other end, it defeats the implementation anyway. Thus, implementing the change might give some a false sense of security just to tick another box on the security checklist. I'm not saying they shouldn't implement this at all, however.
"There was a concern that the appeals court's judgment could set a precedent, encouraging organizations or anyone with a chip on their shoulder to trample on free speech by demanding the identities of anonymous reviewers posting online. The threat of legal action against those who write negative reviews will have a chilling effect on free expression."
The flip side is also true. Let's assume for the moment that the anonymous person posting the review WAS fake or not a customer. Depending on what they said, it could be considered libel, which has legal recourse. Should a person be protected under "free speech" for libel just because they made themselves anonymous? Think about how fast false information can travel these days. It used to be much harder back in the days before widespread internet to anonymously spread misinformation. Nowadays, it's incredibly easy.
As far as the solution (at least in this case)? Maybe set up some third party to authenticate whether the person was actually a client without the carpet company being told who it is. That might be hard to do while maintaining privacy for the actual customer list.
"These would be kids who are too young to enter into a legal contract. Sorry, the responsibility for the laptops remains with the last legally responsible entity who had them"
So given that rationale and returning to my previous scenario of a neighbor borrowing something, you'd be perfectly content if the neighbor never returned said item or conveniently lost it since you never had a legal contract between the two of you explaining the terms of the loan?
I'm not arguing from a LEGAL standpoint. I'm arguing from a responsibility stand point. There are plenty of situations where someone cannot be LEGALLY held responsible for something, but that doesn't make it right or something that should be swept under the rug.
"But how would you feel if your boss made you take home an expensive piece of equipment everyday and told you that you were responsible for any loss or damage - you would tell him to stick it."
It's called being responsible. If you have the attitude of "I'm not going to take care of something because it doesn't actually belong to me", then maybe people should stop giving you stuff on their dime. Would you rather the boss say "Go buy your own laptop so you are solely responsible for it"? What if you loaned something to a neighbor, and it was lost or stolen. Would you not think the neighbor is accountable for it?
And in this case, according to the article, the kids were not forced to take them home, they were ALLOWED to take them home (at least until they were "hacked").
By disabling SSLv3, you really don't cut off that many people (communication via older scripts could be a different story). PFS is recommended, but that's not what this is talking about.
Android 2.3.7 - Uses TLS 1.0
IE7 on Vista - Uses TLS 1.0
IE8 on WinXP - Uses TLS 1.0
Safari 5 on OS X 10.6.8 0 - Uses TLS 1.0
Safari 6 on iOS 6 - Uses TLS 1.2
Does not work:
IE6 on WinXP - Uses SSLv3
I'm sorry, but if you are really that concerned about cutting off IE6 users on Windows XP, then you need to contact those people and tell them to get their act together. Either upgrade off an unsupported OS or switch to an alternate browser that was written in the past decade.
(note: I don't use Comcast, so I don't know their physical infrastructure)
Why the bump to 2Gbps, aside from a one-upsmanship towards Google? To fully benefit, I assume this means you'll have to use the ISP supplied router, since running such a device in bridge mode will basically lock you down to 1Gbps (how many people have 10Gbps interfaces at home?). Additionally, so many people do things over wireless nowadays (laptops, cell phones, tablets), you'll still have a bigger bottleneck there.
Do they just want to say "Hey, our number is twice as big, so we are twice as fast!" (although past comments from Comcast users seem to indicate the ISP throttling will bring it down much lower)?
The big question that I still have that I haven't really seen answered anywhere (primarily since the rules just came out) is whether this affects QoS-type transmissions.
The biggest thing I see toted is "you can't sell 'fast lanes' to a company to give their traffic higher priority" (which seems good on the surface), but I've also seen people say "you can't discriminate traffic". For services that require low latency (say VoIP or anything real-time between two or more people), how do the new rules apply? You could easily say that giving VoIP traffic a higher priority is discriminating against Joe Schmoe's torrent download, but if everything is a free-for-all FIFO/round robin approach, things will collapse.
I obviously haven't read through it (that's a long set of rules), but I'm hoping someone as a take on this based upon the new rules.
"I'm curious, what do people need SD cards for?"
Personally, I don't use it for the extra capacity that much. I use it because it is REMOVABLE storage. It's an easy way to get large amounts of data on or off the phone. I can also perform periodic backups with Titanium Backup, which means if the phone conks out, I can still have a copy of my data that doesn't require some on-line cloud-esque sync solution. Granted, ad SD card can die too, but a phone dying takes a lot more down with it.
"There's nothing "only" about a flaw that exposes usernames and password in plaintext."
Although the POTENTIAL was there to expose usernames and passwords, it was still wildly a crap shoot as to what information you could actually obtain from the random memory locations. The fact that you couldn't easily detect an attack is what made it so hard to accurately determine the level of the data leak.
So what's to stopping them from just using the "high speed internet access" instead? Unless that term is explicitly defined somewhere, I don't see it having the effect that they hope it will have.
RUD - Rapid Unscheduled Disassembly
I love it! I'm going to start using that instead of things "break", "crash", or "destroy"
There are a surprising number of "odd" characters that are considered valid in an email address per RFC specs (the plus sign being a definitive yes).
And RFC 821 has been obsoleted by RFC 2821, which has been obsoleted by RFC 5321.
Exactly. The math is off somewhere (or the description of the numbers)
4,000 CPUs each doing 6 billions hands a second = 24,000 billion hands a second
They say more a billion billion hands (1,000,000,000 billion)
1,000,000,000 / 24,000 = 41,666 seconds (less than half a day)
They ran the simulation for 2 months = about 5,184,000 seconds
At that rate, it would calculate about 124 billion billion hands.
As suggested, clock cycles makes much more sense.
"The standard itself was developed at record speed as cable companies started to worry about the arrival of competitors, such as Google Fiber."
And this is exactly why competition in the technology space is so important. If this wasn't there, how long do you think it would be before they decided to even look into this kind of upgrade?
"If they are trying to figure out how to get astronauts through the VARB then it is because they have never done it before."
And I guess you're also one of the people that complains about the lack of stars in the pictures? And the "inconsistent" shadows? And the "too perfectly framed" pictures on the moon? And the "too perfect video" of Apollo 17's lunar lift off? And the "earth transparency overlays" used in the video shot through the Apollo 11 window?
A little research goes a long way. Much more so than the trite theories being recycled.
In additional to the "convenient" dynamic DNS supported by Foscam devices, some devices will attempt to use UPnP to dynamically forward ports to the camera/NVR device. If your router supports this by default (for example, the ActionTec provided for Verizon FiOS), the device can (unbeknownst to the end user) make itself accessible to the outside world.
I've had this experience with a Q-SEE NVR (although I had read the included "quick setup" guide that mentioned how to access it remotely, so I knew it was doing that). Although changing the default password will "lock it down", it is still a bad idea for the default setting to be "punch holes in my firewall". Come to think of it, I don't even know if the NVR HAD the ability to disable UPnP
That's not how a typical SSL MITM attack works.
Normally, a nefarious system will try to intercept the end user's traffic secretly. It would do this by jumping in between the two end points of the connection. To make it seamless, the bad guy would need to decrypt an already encrypted session, which is theoretically difficult (although the practicality of it changes over time). If the bad guy doesn't have the server's private key, it has to rely on exploits or weaknesses in the encryption.
Now pretend the private keys of the CA were compromised. This allows someone to sign their own certificates that browsers will automatically trust. It doesn't involve breaking or compromising the encryption of the two end points. In essence, the MITM attack becomes more of a reverse proxy.
Ultimately, that's no different than any other CA getting their private keys compromised. It still has nothing to do with the private keys of the original server providing the SSL connection.
What does this have to do with keys? They wouldn't have the private keys to decrypt the data. Only you would have those (installed on the server). All they are doing is signing a certificate to let others know it can be trusted (assuming the CA is included in the browser). They only get a CSR signed by your private key, not your actual private key. It's the whole point of asymmetrical encryption (e.g. public-key cryptography).
FYI, for those that are familiar with MAME, you can configure controls the same way.
Press 'P' to pause the emulation, then press the Tab key to bring up the config menu.
"We really should see somehow where the huge profits generated online go, and whether there is a way to keep some of it in Hungary"
How would putting a tax on data usage "keep it in Hungary"? That would imply that the tax money the people are forced to pay would normally be going to pay for something elsewhere. It's not a sudden shift in the money's destination. If anything, you take money away from what a person can spend on other things, which a majority of the time is already spent in the country (rent, utilities, gas, car payments, insurance, etc).
"Justice Department officials are 'reluctant to bring criminal charges involving unauthorized disclosures to the news media' – because of criticisms of the tactics used in recent leak investigations"
We don't like it when the media hears about the bad things that we do and then say we are doing bad things and make us look bad.
"It's feared the web toll will be passed onto subscribers by the ISPs"
"... won't cough admin privileges to the hacker – at least not by itself. Attacks are likely to generate pop-up warnings and under default settings a User Access Control popup would get displayed."
Ohhh, you mean that "this program is requesting admin rights" pop up where everyone just clicks Yes when they see it?
"The point is ... no one from apple cares. They keep being silent. They used to care about their customers but now..."
How long have you known Apple? Sounds about par for the course... Everyone knows that there are never any problems with their hardware, only the end user.