I find this to be somewhat of a depressing attitude. While it's not mandatory that everyone fight every fight worth fighting, I wouldn't actively discourage those willing to take a stand for the things they find worthwhile. Especially since this move is trying to resist corporate-backed bureaucracy that's arguably not helping anyone.
A rant about software that he won't use. Clearly he has done some testing to see how things are, but why would he use something he's convinced is crap?
The bitsquatted domain sends two records, one for the squatted domain and one for the original name, pointing to the squatter's server. The parent article isn't as detailed as the paper/talk was, but this is a point that the DEFCON presentation included (and I reckon the BH one as well)
ECC memory solves the problem, however there are many components that don't have it, even in servers: NICs, HDDs/SSDs, or routers on the path.
The most hits reported by the researcher were related to FarmVille, and what appeared to be caching of DNS entries by a Facebook CDN. But there were instances of Windows software updates and iPhone activations as well.
The hacking scenes in 'Hackers' are completely off, but it's still one of my favourite movies. Maybe because of the age it's set in, or the 'feel' of the movie.
Numbers are only important if you're not looking to stand out. There are plenty of doctors, lawyers, writers and economists coming out of Universities at any given time. You don't hear about most, because they don't do anything worth hearing about. Many went down a path dictated by economic incentives or family obligations.
If you are doing this because you want it, you're sure to succeed.
Without knowing the internals of how Dropbox operates, my empirical observations are that they employ block-level deduplication, i.e. when you change bits in the middle of the file, the whole thing doesn't get re-uploaded. Which means they keep pointers and have an algorithm that's similar to LBFS (and Rabin fingerprints)
This means it's theoretically possible for parts of the file to come from different sources, which means contraband files are 'built' from parts of otherwise legal files.
Why? I would consider this to be too much stuff if you had a lot of applications duplicating functionality. As it is, though, this seems like a pretty basic working set, very much what I'd call 'practical minimalism'
That's kind of nifty, but I still prefer reading the hostname on the connection. I use a variation of Steve Losh's awesome zsh prompt and that helps make things petty obvious (if anything, because some of the remote shells won't have the beefed up prompt)
Great I think that got most of it (validation!) but revocation checking worries me and a skim of the OpenSSL (0.9.8o) sources doesn't leave me with the warm'n'fuzzies.
s_client.c calls SSL_CTX_set_verify() (the default verifier). Results from that can be obtained from SSL_get_verify_result() and are documented in verify(1).
All of the CRL/revocation-related return codes there are marked "unused". There is no mention of OCSP.
I found found a "crl_check/crl_check_all" option for verify(1). Command line help mentions an "ocsphelper". OpenSSL does have a separate OCSP client. But I don't think any of this machinery is activated by default.
