Because the servers have not committed any network address assignments on
the basis of a DHCPOFFER, servers are free to reuse offered
network addresses in response to subsequent requests. As an
implementation detail, servers SHOULD NOT reuse offered addresses
and may use an implementation-specific timeout mechanism to decide
when to reuse an offered address.
I'm curious if common DHCP servers like dnsmasq actually do reuse IPs from pending OFFERs, and what timeout they have, if any, before reuse. I poked around dnsmasq config but I did see any specific tuning for that.
Way back in the 90's my CRT monitor went out. Money was tight so I had to wait a couple of weeks before I could replace it. I went to a local computer repair shop (as in, actual repair, like replacing blown capacitors on mainboards and such) to see what I could get for cheap, as a stopgap. The guy had an old monochrome CRT he had repaired--the kind with green pixels--probably 6-7 years old at the time. He sold it to me for like 8 bucks. I figured I could at least use bitchx and links on it until I could get a new monitor. After a few hours in front of it, I started feeling really itchy, and the screen had enough static charge to raise the hairs on my forearm if I moved near it. Pretty sure it was shooting cancer directly into my face. Good times!
I get the impression that most violent terrorist groups are rather low-tech and are not using _any_ server hardware. If you're aware of terrorists routinely operating DCs or co-locating servers, feel free to correct my understanding.
I've been a Perl programmer and regular expression user for over a decade. It didn't take long and if you use them regularly, it's second nature. I agree, I could have used a JSON parser, but the source was well-structured and sed seemed easier. PostgreSQL can import JSON, but I haven't had a good experience with it so far.
You put together a really awesome project! Kudos on that and for sharing it first and foremost!! I speak regex pretty fluently, and I may very well have reached for sed/perl -ne there as well, depending on mood. I guess it just struck me as odd to use a parser for XML but not JSON. Anyhow, off on a tangent, I recently learned about a program called xgrep that lets you pull elements out of XML using xpath or pcre (althought pcre support was kind of spotty for me)--it's neat for one-offs like this and pipeline building while playing with rest apis and such!
It's actually pretty easy and quick to write when the data is highly regular (no pun intended!). You can write this kind of expression by taking one of the lines of input:
Maybe, if you're doing it all at once. I often use my text editor as a regex platform, using the Find/Replace menu to dice off chunks of text in a series of quick and easy operations, using UNDO if I get one wrong. It's really very quick if you don't force yourself to do it in one step.
INAL (but I play on one daytime TV): Their whole claim aginst TOR amounts to:
pp. 2-3
"According to its website, TOR "was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications." The TOR website further states that their products and services are used by individuals "to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers." TOR also provides services that permit users, such as Pinkmeth, to "publish web sites and other services without needing to reveal the location of the site." [...] It is clear from the TOR website that TOR is knowingly assisting websites such as Pinhneth in committing torts against Texas resident..."
p. 5
"However, unscrupulous Internet service companies such as TOR offer "private" or "anonymous" domain name hosting services that allow criminals such as Pinkmeth and its users to escape accountability for their actions. TOR even advertises that with their service "nobody would be able to determine who was offering the site, and nobody who offered the site would know who was posting to it." [...] many unscrupulous companies offer services that allow illegal websites such as Pinkmeth to remain anonymous and difficult for authorities to shut down. Indeed Pinkmeth's Twitter feed advertises its website as being a website "where your state laws don't apply.""
pp. 8-9
"The specific object to be accomplished by the conspiracy was the publication pornographic images of Plaintiff (and other women) on the Pinkmeth website in such a mannner so as to prevent its operators and users from being held civilly and criminally accountable for this unlawful behavior."
This seems to be conflating a few things. The fact that "revenge porn" sites exist outside of anonymous content distribution networks like TOR shows that anonymity wasn't a required component in the tort allegedely commited by Pinkmeth. There are many cases involving sites like that being taken down from public hosting providers. The fact that TOR could allegedly allow defendant to escape prosecution does not equate to a real conspiracy to assist defendant in escaping prosecution. A person hosting a costume party isn't automatically responsible for a murderer taking advantage of the anonymity to commit a crime, without some evidence of collusion.
Brute force is infeasible if you get random heap data along with key fragments. Based on the way the exploit works[0], my amateur guess would be they sent small payloads and actually did get SSLv3 records, because they found the right heap allocation strategy for a specific build on a specific platform.
https://tools.ietf.org/html/rfc2131#page-31
I'm curious if common DHCP servers like dnsmasq actually do reuse IPs from pending OFFERs, and what timeout they have, if any, before reuse. I poked around dnsmasq config but I did see any specific tuning for that.