Welcome to reality. HN likes to pretend politics is something you can just look away from and ignore. That’s a mighty big privilege, which makes sense since HN skews cis-white-het-male. That’s not a lie. It is easy to ignore this when it doesn’t touch them. But now it DOES touch them, and you’ve just discovered what every oppressed group in history has to live with: politics doesn’t just go away if you ignore it.
It used segmented 32-bit mode. Flat mode doesn’t support virtual addressing which was accomplished with the descriptor tables (and the ES register) if I recall correctly. lol it’s been 33 years since I wrote windows drivers. Had to use masm to compile the 16-bit segments to thunk to the kernel
The south sent him new canes to replace the one he nearly murdered a guy with. The problem we are experiencing with Trump has been here for a very very long time.
there's more money and "don't rock the boat" mentality on here as a consequence of that and they try to keep the moderation light. So its just not discussed enough to give people still tragically mired in that tribalism, the appropriate levels of shame.
Even if they can rewrite the MAC and force a new one via ping, which are usually already disabled, they still can’t eavesdrop on the TLS key exchange. I fail to see how this is a risk to HTTPS traffic? It’s a mitm sure but it is watching encrypted traffic.
The Ars article mentions: “Even when HTTPS is in place, an attacker can still intercept domain look-up traffic and use DNS cache poisoning to corrupt tables stored by the target’s operating system.” Not sure, but I think this could then be further used for phishing.
This is an on-path attacker. In end-user DNS configurations, attackers can simply disable DNSSEC; it's 1 bit in the DNS response header ("yeah, sure, I verified this for you, trust me").
To check the DNSSEC signatures on the client, you have to do a full recursive lookup. You've always been able to run your own DNS cache, if you want your host to operate independently of any upstream DNS server. But at that point, you're simply running your own DNS server.
It's not necessarily equivalent to a recursive lookup, you can ask a cache for all the answers because you already know the root keys a priori. But yes, it does follow the entire chain of trust, that's the entire point of dnssec: if you don't do that the whole exercise is utterly pointless.
It's explicitly not the point of DNSSEC, which has for most of its entire existence been designed to be run as a server-to-server protocol, with stub resolvers trusting their upstream DNS servers.
Not true, RFC4035 says all security aware resolvers SHOULD verify the signatures. It's far from pointless when actually implemented. Don't dismiss a whole protocol just because some historical implementations have been half assed.
I'm guessing I do. Anyways: no question that there are a variety of experimental setups in which you can address the problem of on-path attackers trivially disabling DNSSEC, freeing you up to work on the next, harder set of DNSSEC security and operational problems.
Ah yes. Whattaboutism. Awesome. Tell me again the political leanings of the billionaire class? Tell me again who is fighting them? Facts speak for themselves but go ahead and make shit up to defend the right wing.
Speaking of facts, when you deliberately choose not to have any, is ridiculous.
You are, evidently, not a good person. You are driven by ideology and the delusion that "my side is the good one". You provide evidence that this cannot be true, though, because if it was, you would not be behaving in such hatefull manner.
You are not a social person, you are a political person.
In the last week or so my company has enabled some kind of Microsoft spam bot in Teams that posts several useless messages nobody wants in meeting chat-channels, burying messages from humans and generally making everything worse. It's astonishingly useless.
Don’t ban it. Regulate the shit out of it and keep it in academia and prevent it from toppling our economy by sucking up all investment. It’s worse than private equity right now.
You are 100% correct. I find the attitude that everything should be free a bit tedious. But then again, why does the truth have to be paywalled while lies are free. I believe it is a detriment to society that we cannot publicly find reporting. Yes I know now come the cynics who will argue bias. But that’s just a failure of reading comprehension, not fair reporting doctrine.
reply