Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Court Victory Gives Blogger Same Speech Protections As Traditional Press

mysticalreaper Re:Easy Distinction to Make (137 comments)

I think the court's opinon was this:
- the blogger made statements which were factually incorrect
- the blogger, in his blog postings, while making his point, frequently employed hyperbole
- a reasonable reader would conclude that this author is exaggerating for rhetorical effect, not claiming actual facts
- therefore, the defamation suit is without merit, and the rantings of this blogger are protected free speech
- You also, can say that the members of Duck Dynasty are liars committing fraud, even on a blog that many read, and have confidence the US courts will protect your right to say it. Provided you don't sound like anyone who's making factual statements.

about 7 months ago
top

Researchers Release Tool That Can Scan the Entire Internet In Under an Hour

mysticalreaper They must mean the IPv4 internet (97 comments)

Sure, scanning 4 billion addresses in a hour sounds like a lot of data, but conceivable with today's high-speed computers and tech.

But 3.4 x 10^29 billion addresses, as contained in IPv6? Not the same feasibility at all.

1 year,10 days
top

The H Shuts Down

mysticalreaper Re:The H was awesome (94 comments)

We need to get more creative about funding methods. What ever happened to micropayments? If you pitched in 5 cents for every article with merit that you read, would that make a difference? We must have a better idea than advertising.

about a year ago
top

DNS Hijack Leads To Bitcoin Heist

mysticalreaper Re:Non story (126 comments)

BitInstant just selected dumb security questions/answers when they registered the domain name.

Wait, were the questions dumb, or the answers?

Allowing your clients to select dumb, insecure questions means that you have an optionally secure registration platform, which requires your customers to be competent about security.

To me, this kind of incedent points out the need for a more expensive, higher security registrar, who designs systems which are very hard to subvert. Till now, DNS regstrars have competed on price. This story says that security is important too, especially when control of the domain leads directly to cash money.

about a year and a half ago
top

French Telecom Claims To Have Forced Google To Pay For Traffic

mysticalreaper Re:It's a peering dispute. (207 comments)

Mod up please. This is much more reliable that the shrill /. summary, and the poorly informed article.

A peering dispute is totally conceivable, it's happened many times in the past between ISPs. Google paying a consumer network fees to carry traffic has *never* happenend. The former is much more likely.

about a year and a half ago
top

The Countries Most Vulnerable To an Internet Shutdown

mysticalreaper Original Renesys post (94 comments)

Why does Slashdot keep linking to secondary sources, like Forbes.com, when the primary source is so easily available? Laziness would be my first guess.

Here is the much-better Renesys blog post: http://www.renesys.com/blog/2012/11/could-it-happen-in-your-countr.shtml

Questions about their methods of reasoning are the most interesting.

There may be 5 ISPs, each operating their own logical notwork, with their own IP space, servers, and everything--but they may all share the same physical fibre optic cable out of the country--especially if the country is an Island. New Zealand would be a good example of this: it is about 1500 km from Australia, and 1000 km from Fiji. There are only a few submarine fibre optic cables connecting to the rest of the world. Perhaps Southern Cross Cable and SPIN only?

The authors acknowledge they were mostly unable to analyse this, and had to guess about the number of physical conduits. They say they will have more to say about the limited physical connections in the future.

about a year and a half ago
top

Rapid Arctic Melt Called 'Planetary Emergency'

mysticalreaper Re:Press coverage (757 comments)

I heard the other day that our oil exports now exceed our oil imports. My question: why aren't we just using the oil we have, instead of shipping it across the ocean? Economics aside for a minute... this is having a huge impact to global warming, yet I'm the one being blamed?

No you didn't hear the word "oil". You heard that the US is a net exporter of Gasoline, Diesel, and other fuels. These are refined products, not crude oil. Since 2008, the cunsumption rates (demand) for gasoline, diesel, and other fuels has fallen, as part of enonomic contraction. Thus, large refineries, especially on the Gulf coast near Houston, TX (Galveston, Texas City) have spare refining capacity. So, they buy crude, and refine it to produce gasoline and other products. Just as crude oil is traded globally, so is gasoline. The purchasers are nations with no refineries, like the Bahamas, or areas will less refining capacity than needed, like Equador or Argentina.

US consuption of oil has fallen from about 21 Mbbl/day to 18 Mbbl/day (rough). US production of oil is about 5 Mbbl/day. The US is nowhere near being an oil exporter. But, the US is importing some oil, refining it, and then exporting the refined products, like this:

1. Import oil
2. Refine into gasoline, diesel, jet fuel, etc
3. Export for profit!

So, this is a good business for the oil refiners, and puts money into the US economy. It does not mean that the US is oil independent, not even close.

Also, the cost of shipping oil across the ocean is insignificant compared to the value of the product to the end user. Ocean transportation is a tiny component of carbon emissions. I'd guess less than 1% off the top of my head.

about 2 years ago
top

Chip and Pin "Weakness" Exposed By Cambridge Researchers

mysticalreaper Re:Why the quotes? (133 comments)

The quotes indicate that a third party is making the assertation. So the BBC's staff has not looked at the evidence and concluded there is a weakness, the BBC is merely repeating a conclusion reached by others. The BBC has not verified the validy of this conclusion. Therefore the BBC is not reporting this as an established fact, they are reporting that reachers from the University of Cambridge are saying this, and the BBC isn't certain it's a demonstrable fact.

If you read the full article of any headline that contains quotes, you will find that the origin of the statement in quotes is not the BBC's writers, but another organization or person: a third party.

The BBC is trying to help you understand the source of the informaiton, an important part of journalism. They are trying to help you understand what they are reporting, not belittling your intelligence with 'emphasis' quotes.

about 2 years ago
top

Apple vs. Microsoft: a Tale of Two Mobile Updates

mysticalreaper Re:or there's the Android way... (257 comments)

Skype doesn't work on 1.6.

There are security flaws in 1.6 that could cause problems for Aunt Nettie.

1.6 doesn't support tethering or wi-fi hotspot.

Are these trivial non-issues to average people wanting to use a state-of-the-art smartphone? I think these are more than trivial.

Software is the real power of a smartphone.Not giving users update while the competition from Apple does is really working against the big advantage smartphones offer.

more than 3 years ago
top

Chinese DNS Tampering a Real Threat To Outsiders

mysticalreaper Re:Root servers? (181 comments)

DNSSEC *does* prevent against this man-in-the-middle attack, that's in fact its main feature.

You say that a cache receiving the root glue (data about the root servers) has 'no way' to validate that the glue is legitimate. That's totally not true. There are many ways to validate the data, including verifying against an SSL website, well known public servers, etc.

more than 3 years ago
top

Chinese Root Server Shut Down After DNS Problem

mysticalreaper Re:I blame American ISP's (91 comments)

Basically, your ideas are right. The idea is to query the closest server, for best performance. DNS data is very small, so there's not much financial concern about transmitting data across the world (which happens all the time on the internet)

Anyway, the logical routing of the internet doesn't always match the physical world. This is routine, and not a problem until DNS traffic crosses the great firewall of China, and is modified, which is what happened here.

Since this, route announcements have changed, and the Beijing server is not being queried.

But you are also correct about ISPs. ISPs can control (if they are good) which root servers are going to be queried from their network.

My overall point is that everything was operating routinely and correctly, until a new kind of DNS problem, not observed in the wild ever before, started happening. It's hard to expect the ISPs to prevent a problem they never knew would occur.

more than 4 years ago
top

Chinese Root Server Shut Down After DNS Problem

mysticalreaper Re:What happened? (91 comments)

Your suggestion makes sense, but that's not what happened.

Something like this

I.root-servers.net (beijing) -> chinese networks -> Chile networks

So, the real I root server sent correct answers to the querying computer in Chile. But, as the DNS packet travelled across the Chinese network, it was modified, and so the packet received by the Chilean network was false, returning a fake IP address for some domains, like 'facebook.com'.

This is called a 'man-in-the-middle attack'. The Chinese network, in the middle, is modifying packets.

Once the I root server operators realized this was happening, they stopped the BGP route announcement from the I root server node in Beijing, so that queries to i.root-servers.net would not be answered in Beijing, but instead by the other i-root nodes. There are 34 currently, so no problems with load would occur shutting off one node.

Hopefully that makes sense.

P.S. www.root-servers.org

more than 4 years ago
top

Chinese Root Server Shut Down After DNS Problem

mysticalreaper Re:Heads should roll (91 comments)

This should never have been allowed to happen in the first place, and when it had, it shouldn't have been allowed to persist for a few days before being made public and taking action.

Well i think this unreasonably harsh. No one had ever seen the great firewall of china affect DNS traffic like this in the past. So no one (not even you) was suggesting that when they set up a root DNS server in Beijing, that it would effectively send out false answers.

Now, anyone who controls a part of the network you rely on can launch a man-in-the-middle attack, which is what happened here. So to suggest that this should never have been allowed to happen, you would have to be using strong cryptography in some way. DNS has never had that mechanism--but it will soon, cause DNSSEC is coming along.The root servers are deploying it right now, and so are the other Top-level-domains.

Also, as soon as the I-root server operators realized this problem was occurring, and was outside of their control, they disabled the server. Why do you think that they sat on this problem for a few days, doing nothing about it?

more than 4 years ago
top

Chinese Root Server Shut Down After DNS Problem

mysticalreaper Re:Heads should roll (91 comments)

Lookups for things like 'www.facebook.com' were returning false answers. Youtube.com and others were affected too.

So if you got the bad answer from DNS (because you happend to query the Beijing root server), some of your favourite websites would be unreachable.

more than 4 years ago
top

ISC Releases the First Look At BIND 10

mysticalreaper Re:Future direction? (172 comments)

DNS for IPv6 will have to know a whole lot more about which address to dish out 1st than current versions of BIND and I'm not sure how long it will take to get a good handle on that problem.

This doesn't compute for me. DNShas different record types to deal with the issue you are suggesting.

Animportant resource record type is the INA. (IN is the 'internet' class). This is probably the most heavily used record type.

So here's an example:
www.kame.net. 86365 IN A 203.178.141.194

If you have a web browser, it will often query the system resolver for a an A record. This is an IPv4 address. But if the browser wants, it will query for an AAAA record, like this:
www.kame.net. 86400 IN AAAA 2001:200:0:8002:203:47ff:fea5:3085

So, my point is, the version of BIND has no relevance on IPv4 addresses, and IPv6 addresses. It's the query type that determines that. That is part of DNS, and universal to all DNSsoftware.

P.S. a web-browser could query for both A and AAAA records, and have a preference of one or the other set

more than 4 years ago
top

ISC Releases the First Look At BIND 10

mysticalreaper Re:Years? (172 comments)

FlyingGuy's post is such a rambling, nonsensical rant i fear i may be being trolled.

To the grandparent: Yes, writing a DNSserver is that hard. The subtle complexities of the internet's directory service actual operations in the Real World is not trivial. The DNS system actually does more than you might think, and contains more record types than commonly understood.

Just upgrading DNS to support IPv6 was no trivial matter, and they actually got it wrong, first, with A6 records--it was decided that AAAA records were better.

I want to also point out that DNSSEC--cryptographic assurances applied to DNS--is a major step forward on fundamental DNS infrastructure, and implementing that is far from trivial. DNS is being tested at the root and major top-levels-domains even as i write this, and testing is planned to continue throughout 2010.

Finally, the data in the DNS is not at all consistent. The DNShas--realistically--over a million administrators. This is made possible by the delegation-hierarchy model of DNS, which works very well for a globally-scaled system. But it also means that strange-rule bending setups are out there... and dealing with all of them in some kind of consistent, reliable way is a major difficulty.

So again, writing a robust DNSserver is hard.

Oh, but FlyingGuy, back to your senseless musings: if DNSis such a bad system, can you name a superior alternative?

To all: DNSis a fine system, in constant, massive use on the internet with remarkable reliability, despite well-know targets of attack. It is incrementally being updated and advanced, with thoughtful and non-disruptive upgrades happening especially in the last 10 years. You can rely on DNS being around for another 30 years.

more than 4 years ago
top

220-mph Solar-Powered Train Proposed In Arizona

mysticalreaper Re:Big White Elephant - MODÂUP (416 comments)

Excellent post. I agree, and worry about these problems too much, probably as you do too. I worry about our future, us short-sighted, greedy humans.

more than 5 years ago
top

220-mph Solar-Powered Train Proposed In Arizona

mysticalreaper Re:It will never happen... (416 comments)

When you say that Japanese cities have massive sprawl, i think what you are trying to say is that their cities are very large, which is true. But that's not the same thing as sprawl. Sprawl is single-story retail business, detached, single-family residences, and more roads, parking lots and unused land than buildings. I have seen Japan, and they DOÂNOTÂWASTEÂSPACE. In North america, only the dense cores of the biggest cities compare to Japan, and even then, we use double the space for the same store, or gas station, or whatever.

So Tokyo is a massive city, but it has 30 million people. That's why it's big, it's not cause of sprawl.

Other than that though, i heartily agree with your post.

more than 5 years ago
top

Working Around Slow US Gov. On DNS Security

mysticalreaper Why does this depend on the Secretary of Commerce? (91 comments)

The main thing that I'm not understanding is why the US Secretary of Commerce is responsible for specific technology decisions on the DNS.

Surely the political appointee to that post will not be qualified in any capacity to dictate the specifics about DNSSEC deployment.

Additionally, does the US Government still exert so much direct control over the DNS? I thought they divested their control to ICANN, so they could at least appear to not be thugs running the internet for their own benefit. However the ICANN employee specifically states:

'"The ideal scenario is that the root zone is signed," said Kim Davies, manager of root zone services for ICANN."Currently, we have a situation where the root isn't signed, which is largely a political discussion. And in the immediate future, it is not likely that we'll have a signed zone. So we're looking at what's the next best thing."'

Signing the root is a political discussion, needing the secretary of commerce' approval?

Can anyone enlighten me?

more than 5 years ago
top

LimeWire's Mark Gorton Brings Open-Source To Urban Planning

mysticalreaper Re:One question (91 comments)

You're right, it's impossible. Let's look at some examples.

Could a 15 year old geeks make a good operating system? They did, and it's one of the best in the world? Huh.

What about an encyclopedia, that's way too complex for a bunch of teenage volunteers to handle. What's that? It's better than anything else, and free as well?

But--but--my knee-jerk, dismissive attitude towards new ideas has always served me well, and I'm only 20!

more than 5 years ago

Submissions

mysticalreaper hasn't submitted any stories.

Journals

mysticalreaper has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>