top Ask Slashdot: Can You Say Something Nice About Systemd?
Wait, so now we aren't setting read/write status in fstab anymore?
How do you set filesystem read/write status
for just the ntpdate process in fstab?
top Object Oriented Linux Kernel With C++ Driver Support
The bloody MUSB driver/OMAP hardware combination caused me to have to write this horrible thing:
local kmsg = io.open('/proc/kmsg', 'r')
for line in kmsg:lines() do
--elseif line:match('USB IS HORKED %- HELP PLEASE!') then
----local reset_usb =
...because some (rare) USB devices would occasionally cause the harware to basically completely lock up when plugged in. I could identify this and cry for help from within the driver, but the only way I found to successfully unkludge it was to completely remove and reinstall the kernel device, thereby completely reinitializing the device and driver.
Fortunately(?) it looks like this product is unlikely to actually ship...
about a month and a half ago
top How Firefox Will Handle DRM In HTML
Yeah, Youtube now only encodes 360p and 720p single-file versions of videos at this point; if you don't support DASH, that's all you get. Notably 480p doesn't seem to be on this list generally. Firefox itself won't support enough MSE to run Youtube until (I think) v31,
top How Firefox Will Handle DRM In HTML
Youtube uses EME for 1080p streams, no EME and you only get 720p or lower
top Heartbleed OpenSSL Vulnerability: A Technical Remediation
Theo claims Open
SSH is unaffected, because it isn't. OpenSSL, even on OpenBSD, is quite affected.
top Dropbox's New Policy of Scanning Files For DMCA Issues
They're working on it.
top Theo De Raadt Says FreeBSD Is Just Catching Up On Security
And Git's hashes are not for the sake of security. Linus made that abundantly clear when he refused to allow SHA-2 to be used,
even after people were able to manufacture a Git collision using SHA-1.
Citation needed. I can't find a published example of any actual SHA-1 collision, much less one from a Git repo.
top Boy Scouts Bully Hacker Scouts Into Submission
They could embrace gender equality and rename themselves the Hacker
top Oracle Quietly Switches BerkeleyDB To AGPL
The MongoDB core is AGPL. Its drivers are all Apache license, as explained
here, therefore not polluting your web application code and forcing it under the AGPL.
BerkeleyDB, on the other hand, is linked in directly, and would force anything using it to be under the AGPL.
top Ubuntu Lays Plans For Getting Past UEFI SecureBoot
Something like a config option - 'Enable OS installation for one boot cycle.'
If the purpose of secureboot were just to secure the boot process, that's all it'd take.
That limitation isn't possible, because the UEFI/BIOS is not a hypervisor. Once something else is running in ring 0 there is no way to prevent it from doing whatever it wants. Implementing those kind of hardware locks would entail a much more serious change to many parts of the PC architecture.
The whole system of key signing is a rather obvious attempt to squeeze all the little players out of the game so the big boys can seize more power and profits.
Despite the above, this statement is probably quite accurate, though. It's certainly a convenient side-effect.
The Hobbit's Higher Frame Rate To Cost Theater Operators
What are you talking about?
Home video was traditionally 24 or fewer frames per second. (Unless by "traditionally" you mean the past few years when you could record digital video at more than 30 frames per second.)
The GP poster is correct. Super 8mm film is not "video" and hence is not "home video". NTSC VHS is absolutely 60 fields per second. The only way to get 24 FPS on VHS is with 3:2 pulldown, which no consumer cameras I know of ever did. Even getting close to a "real" simultaneously-sampled 30 frames per second instead of 60 interlaced fields would require a sample-and-hold, which again consumer VHS camcorders didn't have AFAIK.
top Google's SPDY Could Be Incorporated Into Next-Gen HTTP
You should have updated to IPv6, where is no such checksum in TCP.
I think you're misinformed. IPv6 has no IP header checksum, unlike IPv4. However, the higher-level protocol checksums are still there; in fact, UDP over IPv6 is
required to include a valid checksum, unlike in IPv4 where it can optionally be 0x0000.
top Google Starts to Detail Dart
top Linux 3.0 Release Delayed
Even with a Facebook page, you still have an asininely-short arbitrary limit to the size of status updates that, given the length of Linus's update, doesn't appear to apply to Google+.
top Ask Slashdot: Which Registrars Support DNSSEC?
As an additional factor, who other than GoDaddy supports both DNSSEC and easy-and-prompt-to-configure IPv6 glue records? I specifically moved from Network Solutions to GoDaddy because it took NetSol weeks to set up my IPv6 glue. (Their interface at the time was "Email us at firstname.lastname@example.org and we'll get around to it eventually. Maybe." Maybe they've added it to their admin interface at this point...)
top Asia Runs Out of IPv4 Addresses
At the IPv4 burn rate of the last month, Ford's space would last only another 10 days. IPv4's done; stick a fork in it and start moving on.
top A Closer Look At Immersion Cooling For the Data Center
I wonder how they have managed to solved the condensation problem.
They run their oil at 40C. If the dew point in your server room is that high you have other problems...
top Cisco Linksys Routers Still Don't Support IPv6
Couldn't the ISP's DNS return a bogus IPv4 address for somecorp.com and then rewrite packets sent to that address as IPv6 packets to somecorp.com's IPv6 address?
This is called
NAT46 and is one of the myriad transition strategies available in both directions. It is much more complicated than NAT64, though, since you need a giant state table synchronized between a router and DNS server, and you need to "waste" some IPv4 space for the mapping, which is in short supply. (NAT64 only needs to keep state in the router, since you can embed the literal v4 address inside a v6 address.)
top If You Think You Can Ignore IPv6, Think Again
Or I can forward whatever protocol number to my VPN server. The fact that NAT is possible does not mean that I have to limit yourself to one external IP. If I have two VPN servers I can use two external IPs for them.
IPsec AH headers protect the integrity of the source and destination IP addresses (by design), so if those are modified in any way by NAT things will break.
Anyway, you are clearly okay with NAT's limitations. I am not; I only use it out of necessity. Different strokes...
top If You Think You Can Ignore IPv6, Think Again
Breaking trough NAT without port forwarding - sure. The only reason why the protocol might not work with NAT with port forwarding is if it for some reason does not trust the header of the packet and adds a copy of the IP address in the data section (like ftp does).
That's not the only reason. IPsec, for instance, has to be wrapped inside UDP (called IPsec NAT-T) to break through NATs since IPsec was designed to be run directly on top of IP, where there is no concept of ports to forward! Any attempt to go beyond TCP and UDP runs horribly afoul of NATs.
So, I can make a packet destined to 1::2 port 80 (hmm, with IPv4 I can write 126.96.36.199:80, is some other symbol used for marking the port number? 1::2:3:4:80 could be confusing?) actually go to 1::3 port 80?
(To put a literal IPv6 address in a URL you write http://[2001:db8::1]:80/. I suspect other places expecting a colon-separated port number will use a similar scheme.)
Great - it means I can still publish only one IP and do the port mappings, which makes this "almost" NAT.
So, the only thing that cannot be done is rewriting the source IP field on outgoing connections (not packets, since for port forwarding to work it has to work both ways)?
Yes, not unless you use a proxy. Simple inbound port forwarding doesn't need to be implemented as some fancy stack-level kernel feature like NAT; you just need a process listening on a port that, upon accepting, makes a connection to another IP and port and copies the data in both directions. The classic cheesy way to implement this is to throw a line in inetd.conf that calls "nc ip port", though for things like HTTP an application-specific reverse proxy will work a lot better and possibly take some of the load off of your web server(s) if it caches.
It's likely a fair amount of NAT-like behavior will be written for IPv6 to support implementing transparent proxies, which do have to happen at the stack level. I just want the amount of NATted traffic on the Internet at large to be on the opposite end of the bell curve than it is now, since with IPv6 it will be unnecessary to "share an Internet connection" in the same way as IPv4.
Phs2501 hasn't submitted any stories.
Phs2501 has no journal entries.