- Re-establish onshore manufacturing. As in stop penalizing offshoring with tax, immigration, and other policies.
The taxes are high because they are needed to finance bureaucracy, wars and social programs. What government will cut those? [There ought to be one, but I don't see it anywhere.]
Buying goods made in foreign countries can't be as productive or profitable to our economy as buying them made here.
Nobody knows what is good for economy, but everyone knows what is good for his wallet.
Ok, at least lets focus on the right products. Perhaps flat-panel displays, consumer electronics, and clothing?
No, the price will be still 10x to 100x higher, because the workers are just as productive (at best - often less productive,) but their salaries are higher, to match the cost of living. You need to find a product that only US residents can do cheap. There are a few industries of that type - see Boeing, war toys, computer IP, and some agriculture. Former are defined by patents and educated workers; latter is defined by plenty of good land. But low-skilled sweatshop jobs aren't it.
So perhaps we need to work with manufacturers to create products and processes that are economically viable in the U.S.
Largely impossible. If it costs $x in the USA it will cost 0.1*$x in Vietnam, for any given $x. What you need to do is to drop environmental and labor laws, to bring us down to the level of Vietnam - then we will be competitive. Not a good choice. Alternatively, block foreign products and get the same story - a spoon will cost $10, and a car will cost $100K (but that's not important because the gasoline for that car will be $50/gal.)
Essentially, the USA maintains its high quality of life by printing and selling dollars. There is no material, physical or any other reason for the USA to be that well off at this time. [there was a time, after WWII, when the USA was really in a great shape, compared to everyone else.] And if there is no reason for the USA to be where it is, the laws of nature tell us that the USA will eventually go down to where it belongs. It won't land alongside Vietnam, of course, but it will be among other, older societies - overburdened by taxes and bureaucracy, with old population, with educated workforce, and with low desire to do anything. See Europe for details.
It reduces the shock factor when you introduce a new worker to his new computer. He may ask a few questions later about OpenOffice and the mail client though.
(though the stuff to ignite thermite may) [have nitrates in it]
Thermite is often ignited with a strip of burning Magnesium, and that is easy to light with a match. Matches and lighters may be banned, but if you need only one match who is going to find it? There are, of course, 99 other methods of making fire... like your laptop battery, for one, or with a piece of flint.
What you talked about was your *buy* IPs/subnets from your ISP and they know you have a few IPs and can easily map EVERY IP in your subnet (probably automated)
Your DNS service often has nothing to do with your ISP. Typically your domain registrar offers DNS, and you buy ISP services from anyone. You cannot create DNS records "automatically" because the content of each record (such as host name, for example) comes from you. My ISP does not run my DNS; I never even asked them about that service.
Lets say you get 1234:5678:9ABC:DEF1/64 assigned to you. Someone sends a packets to 1234:5678:9ABC:DEF1::1. Your ISP only see "1234:5678:9ABC:DEF1" and routes that packet to you.
In an ideal world only, where IP works as it should. However if a for-profit, residential service ISP allocates/64 just because the IPv6 standard says so, nothing stops it from activating a firewall in their DSL/Cable modem that only allows one IP out of that subnet to go in and out. There is no law against that, as long as they sold you one IP address. ISPs do that already, and charge extra for more IP addresses. This is not related to short supply of IP addresses, it's just a profit center.
Paying Cisco/Linksys/Netgear/DLink/Belkin/etc to remove "artificial restrictions" they place on the firewall your bought from Newegg/BestBuy/etc?
Firstly, your ISP may be owning and administering the DSL/Cable box. My router is managed by the ISP (but there is no firewall in it, I have my own.) Secondly, nothing stops the ISP from allowing only "purchased" IP addresses on their end. Solutions are always found when money is involved.
If it's worth enough to them, they'll find a work around and they can stop bitching that they shot themselves in the foot or bought a bad product. Just because it's worth $50k, doesn't mean it's good.
Perhaps so, but spectrum analyzers and oscilloscopes are not bought for their future network capabilities, they are bought for their performance as test equipment. They also have very long amortization period - ten years is common, due to their astronomical cost. Once you put them into an automated system you are pretty much locked into this solution because replacement is not financially possible, unless you find a $1 million on a sidewalk one day. If you look at production lines (which I did,) they are stuffed to the ceiling with legacy equipment.
Also, you say "If it's worth enough to them" - it won't be, because IPv6 is not wanted in so many businesses... because their networks are already built out of IPv4-only equipment, running IPv4-only software, and everything works fine. I think a huge number of existing networks will be simply using a 6to4 gateway or something similar.
But you can expect IPv6 to be growing fast on home networks, where ISPs simply ship the provisioned router to the LAN owner. The ability to sell several *usable* IP addresses is also a hot deal for an ISP; besides, without NAT you *need* one IP per host. On a home LAN you can expect all hosts to be IPv6-capable (Vista and Win7, not even mentioning *BSD and Linux.)
Could you DoS your ISP's DNS by allocating all 18.4 quintillion IPs in your/64?
You could, but if the ISP charges you for each DNS entry then the ISP can afford a Google-sized farm to host your DNS:-) Most likely the ISP will simply give a few entries for free, and you pay if you exceed that quota.
Your ISP won't be assigning your IPs anymore with IPv6, just your subnet.
That's already the case with my IPv4 ISP. I have my own, small subnet, and it's up to me to pick addresses that I want to use today.
when they start assigning subnets to dsl/cable modem, how do they plan to track which IPs you use?
In my case, the ISP doesn't care - they sold me the service for a small business, and they only worry that all packets are routed correctly.
In case of a residential user, the subnet allocated to each DSL modem will be very small (like one IP address) and they will be expanding it for a small fee of $10 per IP per month. It costs them real money, you know, to maintain your additional IPs:-)
but you can also manually assign the IP if you so choose.
That would require new management at Comcast and its sister monopolies. Most likely you indeed can assign any IP address to your box, but packets with that IP address will get nowhere.
They'll probably mimic NATs with a default block for incoming traffic and require exceptions to come in.
Indeed; I only think they will configure this firewall to block both directions of traffic, and most ports, and most protocols too if they can get away with it. Then you will be paying for removal of those artificial restrictions. That's why I use a business ISP - they don't nickel-and-dime you, and you always get what you paid for.
Since NATs will be virtually useless once IPv6 becomes mainstream, I'm sure network companies will start selling actual firewalls instead.
Yes, NAT would be of not much value on IPv6; I guess you still could use it if you really want, but when you have a huge subnet, one of major reasons to have a NAT just disappears.
However it will be a painful process to upgrade to IPv6. There are many devices that simply can't do IPv6 - all the "small boxes", for example, industrial controllers, test equipment, automation, and everything else that is not a PC. But even not all PCs (Win98/2k/XP) can be easily switched to IPv6. And it will require new, IPv6-enabled applications... lots of trouble. Many people will just choose to use a bridge (doing simple IP address rewrite using a static map,) this will allow them to keep their LAN on IPv4, using whatever subnet they got. In many cases conversion to IPv6 is just impossible - consider a lab full of test equipment, each unit costs $50K and above, and each runs Win98 (they do, really) and the amortization period ends in 2020.
NAT's only protect from unexpected incoming connections.
And I accept this small help with gratitude.
If you computer is already infected, it can still connect out.
The firewall is a marginal help here if the virus connects out using HTTP. It will even breeze through your proxy, unless you happen to have a rule for that specific server (good luck with whack-a-mole.) And if the virus starts sending spam through your own SMTP server, it is just as legitimate as the user. The firewall will block the internal SMTP server of the virus itself, though, but that is a very common thing to do anyway - we aren't discussing here the strawman case of running a NAT without a firewall. NAT on Linux is part of the firewall package, not the other way around.
how many people are going to be port scanning 128bit IP addresses?
Plenty, since you can always use DNS to find an address of your target host. Why even would anyone want to scan *all* devices that may be out there, be it IPv4 or IPv6? Attackers typically have some purpose in mind, not [just] the childish desire to hack *some* host. So if anyone wants to attack *.example.com he just issues 'host -l -t any example.com' and proceeds from there.
So the point here is just that once you get a virus on your computer, the virus can do anything that you can do. The firewall is not a factor here. If you can send mail then the virus can; if you can browse the Web then the virus can; and so on.
The worst case for businesses is a bot that sits on a PC and slowly, using very little bandwidth, by small HTTP POST requests, reports files that the PC has access to. The herder of the bot can then place instructions on a certain Web site, and then the bot notices that and uploads the interesting files onto some other site, like GMail. None of that activity can be prevented by any firewall, unless the user is also forbidden to do it. And good luck blocking GMail in any business *and* retaining employees.
So firewalls and NATs are orthogonal to this problem. All they do is reduce the chance of getting the virus (or being rooted) in the first place, and that's the most important part of the battle. Once you get the virus the game is lost. Imagine a virus that, if it can't get out of the LAN, will "get angry" and start corrupting random files on network drives! The attack may be noticed only many backup cycles later, when the original tapes are overwritten.
It doesn't matter if the NAT product comes with a firewall or not. [...] In order to prohibit routing, you need to use a firewall.
So it does really matter if the NAT comes with a firewall. And most (if not all) NATs do. No reason to argue a case that doesn't exist - firewalls are there.
I assume that by "poorly done VoIP" you mean "VoIP that allows incoming calls as well as outgoing calls"?
You need a SIP server anyway, unless you want all your phones to register at some myfreesipregistrar.com. I'm not aware of many businesses that dare to do that. And once you get that server (such as *) you can have your routing also, at the same place, be it SIP, IAX, H.323, T1/E1, POTS and anything else that you, hopefully, have. It will do all the permissions, accounting and more. So again this is a hypothetical situation that doesn't (or shouldn't) exist.
And being a business environment, I assume "his needs" do not include any file sharing applications, remote assistance, online games, or ftp?
Correct, naturally. Those are security and legal liabilities, if the mere fact of them being not related to the company's business is not enough.
there is always a reason to drop the NAT: it is a single point of failure
Failure of a NAT box is a rare, if not unheard of cause of a major downtime - at least because the box is easy to swap out, like any router or a switch. But if you have an Oracle or MySQL issue - that's when your site goes down and stays down. Fighting a nonexistent problem is rarely productive.
You seem to be arguing "we still have airbags while we already have ABS", but I fail to see how that relates to firewalls and NAT
The LAN behind the NAT box can't be [easily] accessed unless there is some NAT mapping. So when you combine a real firewall and a NAT "firewall" you get two chances, not one, to stop the bad packet. Since those are two different technologies, they complement each other, and a stupid error in the configuration of the external firewall will only allow the attacker to pound on a closed, non-routing port of the NAT box. People who argue that "a NAT doesn't offer any advantages over a proper firewall" just assume that the "proper firewall" is always perfectly configured and has no bugs.
Experienced sysadmins prefer multiple layers of isolation because they are not paid to promote connectivity - they are specifically paid to promote lack of connectivity, with rare exceptions made when a business case for them exists. Some businesses that I know of completely forbid workstations from talking to the internet gateway, regardless of what it is. You have your Squid running and you run filtering, access controls and logging there, if that needs to be for legal purposes. You have your SIP or H.323 server. You have your mail server, and DHCP/DNS for your local needs. All these servers have interfaces on the LAN - say, 10.0.0.0/8. The Internet gateway may not even be on the physical cable that goes into the cubicle farm. The reason for that? The workstations have no business reason to access Internet hosts directly. If you need HTTP, there is a proxy for that, and mind that everything is logged.
You have a far greater degree of control with a real firewall---regardless of whether it uses NAT
He does have a real firewall, regardless of whether it feeds a NAT. I don't even know if there is a NAT product on the market that doesn't come with a firewall.
He has no reason to drop the NAT, unless some of his needs (like a poorly done VoIP or videoconferencing) require that.
It is true that a NAT is not a security device. But we still have safeties on our guns, even though they are "mechanical devices that may fail at any time" and we are not expected to depend on gun safeties. But they are just another level of protection, however small, which one day you may find very useful. When handling a gun you point it into a safe direction, set safety, unload it, open the lock, visually check the chamber, shove your finger into the port, and still you don't point the muzzle at anyone. Would you like to treat any of these steps as optional?
I don't know about the "small influx of energy," that's basically one of objects of research here. The Sun is definitely far away, but Saturn is close, and its gravitational interference should be considerable, so far that Titan is locked in position just as our local Moon is. There are also clouds forming and dissolving, which must influence the weather.
perhaps the lander will use strong signals transmitted to it from Earth as a beacon?
Let's say the distance from Earth to Saturn is 10 A.U. (it varies, obviously). That would be 149.60×10^10 meters. The path loss (using the Friis transmission equation) is 300 dB at 30 GHz. Antennas of Deep Space Network give you gain of 80 dB. The antenna on the lander, as a guess, will give you 40 dB at best if it is a fixed parabolic dish. 300 - 80 - 40 = 180 dB (in either direction.) If we transmit from Earth at 1 MW, that would be 90 dBm. Then the signal at the front end of the receiver on Titan will be -90 dBm. This is not a problem in itself, modern receivers can work with even smaller signals. A ham receiver (like K3) will detect a signal at -136 dBm within 500 Hz.
But there is still a problem. High gain antennas have, by definition, a narrow beam. It's like a telescope. But you can't look through a telescope to find a star! Your field of vision is too small. But if you make the beam wider the signal disappears! So here is the catch 22 - you can receive the signal from Earth only if you already know where it is coming from:-) Phased antenna arrays are kind of convenient for beam-forming on the fly, but they are typically not as good as a simple dish (or else we'd all use only them.)
There may be a way to do it still. First of all, you may make your receiver so good that it will detect the signal even with antenna configured for a wide beam. You only need a few bits per second at that stage. It helps a lot that you are swimming in the sea of cryogenic liquid, you can cool your front stage somewhat - not as He would allow, but still -160C is better than nothing.
Alternatively, look for a signal with a wide beam, but that signal won't be coming from Earth. Find a stronger signal - from the Sun, or from some pulsars, or from anywhere else that can be used as a good astronomical marker. That assumes that your communication system covers the right frequency band.
But all in all, it's too much risk for such a trivial [today] problem. Your mission may easily fail just because the lander can't find Earth - and that happened more than once with other probes, it's not unusual. Especially when you don't have a clue what you are landing into. If I were to plan the mission, I'd splurge on a proper set of one orbiter and one or two landers. It's a good distance to Saturn, many years in transit, so you want to make one mission count. Cost should not be such a concern when you are doing the most complex rocket science that there is.
You need to know your orientation and position to control the antenna. On Earth that would be done with GPS augmented with an inertial system when GPS signal is not available. Additionally you need to know the orientation, that can be done (again on Earth) by magnetic compass and by Sun/stars. On Titan there is no GPS, not much is known about its magnetic field (and interference from Saturn is huge,) and astronomy may or may not work depending on how fast the vessel moves and what is visible in the sky. Liquid methane probably also has low viscosity, which makes things worse.
There's also Stephen Baxter's Titan. The ending is uplifting
Unfortunately I have read the book. The ending is absurd, so it's pointless to debate whether it is uplifting or not. Besides, before you get to the ending you must make your way through the preceding chapters without tearing the book into shreds. It's indeed not for everyone to read about several suiciders who fall prey to one horrible accident or another, without any hope of surviving and seeing Earth die. And all that is for nothing, of course. What an invigorating story it is not!
that's 20 hours per person per annum [...]
So, not such a mad figure to bandy around.
It is two and a half work days per year to just read ads. With an average $80/hr rate of a consultant, this will cost you $1,600/yr. That's some real money here.
All banks I've been with charge money to "cash" a foreign cheque
Then you should visit RBC, they charge $15 only if the check's currency doesn't match the currency of the account - and that is easy to fix. So if you regularly transfer money between US and Canada you simply open an USD account at RBC.
Call your bank and tell them you want to transfer the money, so what are my options. There will be a way
The wire transfer exists, true, but it is not free. It may cost you $20 to send a couple thousand dollars to another country. A check will cost you just a stamp.
Even transfers and payments within the USA are not always free. There are a couple of services that charge money for convenience of paying with your credit card. I think CA DMV was/is like that, and definitely it applies to CA property taxes:
Please note: there is a fee of 2.5% ($1.00 minimum) for paying with a credit card.
The fee for paying with an electronic check is $15.00 ($27.00 for large amounts).
Good luck paying extra 2.5% of your property taxes. Even the "electronic check" will cost you money that you could use; and that eCheck is just a middleman's product, adding no value and actually taking some money away. Meanwhile, paper checks are free and postage is still affordable. Most importantly, paper checks are physical instruments that you draw, handle and send in a very well understood way, whereas various electronic payment services seldom inform you what's happening, and you must deal with a robot whenever you use them.
excusing someone who kills a guy in a bar fight because he's not a serial killer who keeps his victim's head in the fridge. The difference is only a matter of degrees.
That would be about 50 degrees F, assuming a common kitchen fridge.
There's just one problem with this example, which makes it totally irrelevant to this case: The boy will have to use a lot of time and effort to unload the truck.
This is not a problem - the boy would be hanging around and helping other people for the rest of the day. His time and effort is a sunk cost. The only important difference is his choice of who to help (and whether to help.) His choice is *not* based on economic factors.
So what is the boy's motivation to decline? There is only one major reason to do so - abuse of his generosity. People do things for free, for other people, when they feel that other people need their help. Boy scouts help elderly people; adults help everyone who is in distress; programmers give their code away to anyone, and so on. However many people are unwilling to render free assistance when they know that the recipient of that assistance is just getting a free ride, though he is already given money for a taxi. Essentially the abuser of generosity is pocketing the money that he has been already paid (the truck driver) or will be paid (the commercial programmer.) Are you likely to give money to a young, healthy panhandler who, by all indications, is just too lazy to hold a real job?
It does not matter if the abuse happens out of your sight, it is still an abuse. People instinctively feel wrong when someone is rewarded for a job that they didn't do, and it's doubly wrong when it's you who did the job for them. So the damage is not to the programmer, but to the fabric of the society, by letting people receive rewards that they haven't earned. So unearned rewards is the key here. GPL specifically forbids such rewards, excepting only additional labor that you may do on your own (such as compiling, support, making physical copies, etc. - I'm not going to be detailed here.)
These rules aren't absolute, of course. If you have a car accident and I need to remove some sacks of salt to get to you, I won't wait for paid firefighters to do that job. If you, looking wealthy and driving an expensive car, ask for directions I won't send you to the gas station to buy your own map. People are usually good at making those decisions; if, for example, you ask for a complete route description that involves 50 turns and you want all landmarks described and drawn, I'll just send you to the book store; but if you have a sick person with you who needs to be driven to the hospital that is 50 turns away, I'll ride with you to guide you there.
I have been toying with the idea of creating a "compression detector" (in hardware because I am a hardware geek) that can detect the sustained amplitude of a signal (indicating compression.. aka commercials) and then automatically pad it down by 20 dB. When the compression goes away, so does the padding. This would have a really cool effect of nearly muting commercials and could be a retrofit device between your receiver and an external amp.
You probably want a power meter. Imagine an orchestra with two instruments - A and B. A is playing loud, and B is quiet. The oscilloscope shows the waveform of A, with a little of B overlaid on top of it. B does not affect anything. In frequency domain you see the tone(s) of A going to the top of the screen, and tone(s) of B being tens of dB below.
Now use a compressor. It amplifies all signals, and then trims the tops (which happen to be instrument A.) Now you have tones of A and B at the same level. It causes some distortion due to nonlinearity of the process, but that can be dealt with, most compressors are far more complex than two diodes in parallel.
So if you want to detect loudness of commercials, record some, and the shows, and then run the FFT on them in something like Audacity. If you see the difference, that's what you base your detector on. You just need to calculate some statistics on the FFT bins. For example, sum of heights of all bins (the integral, scaled) tells you the power in the channel. You can also calculate the power out of the voltage on a resistive load, but you still need to sample the waveform very fast, use the formula p=u^2/r and then integrate it over some time. The volume meters don't do that, they only latch onto peak voltage because their purpose is to detect peaks. They do report peak power, in a way, but they don't tell you if that peak power was happening for 100 microseconds or for 100 milliseconds.
If there was a small circuit (like an op-amp) that could be hacked together with Radio Shack parts by any 14 year old (and the schematic freely available for download off of the internet) you can bet that some enterprising folks would mass-market a box
I can certainly build such a box, but I don't need it for myself because I don't care about TV at all, and most people on/. who still watch TV have MythTV that seems to have that detector done in software, and the rest of the society are not mobile enough to leave the couch and do something. Besides, how will they connect that box? They'd need cables and an external amplifier. Majority of TV owners just have the TV unit; it has an output, sure, but there is no way to route the processed audio back into the internal audio amplifier.
Normalization implies you have other sources to compare sound levels against to maintain a constant volume. Guess what isn't a regular thing in the TV industry, since they focus mainly on video and not audio? Bingo! Normalization.
That is not so. The audio path is calibrated for 0 dBm and that's all you need to normalize your live audio. But if you insist on a comparison I will sell you an audio signal generator.
I'll bet the engineers already figured it out.
Long time ago, when telephone was invented. A dBm is defined as 1 mW into 600 Ohm, and that's a telephony configuration. You can't build a telephone system if all your signal levels are left to chance. When radio broadcasts started, the modulation level had to be also precisely controlled because overmodulation causes distortion and low modulation results in weak audio.
you could see the leader ship in Cuba might be a little paranoid
They have no need to be paranoid after the Bay of Pigs invasion in 1961. It was a war. From this link:
Cuba's losses during the conflict are variously reported as 4,000 killed,wounded or missing [6], or about 5,000.[7] Cuban sources report over 2,200 casualties[50].
So after that little incident Cuba subscribes to the principle "Beware of Greeks bearing gifts". And this guy just showed up bearing gifts.
So how can it be fair to demand something back? No, it's just greedy.
Here is a little sketch then:
A boy scout near Safeway finishes helping an old man to unload the shopping cart into the car.
A 18-wheeler with Safeway insignia stops nearby. The driver climbs down, opens the trailer. Approaches the boy.
Driver: "Hey, boy, I saw you helping that old man, that was very kind of you."
Boy: "Thank you, Sir!"
Driver: "How about helping me a bit?"
Boy: "What can I do for you?"
Driver: "Well, I'm hungry a little, so I want to go to this here Burger King for an hour or two, and while I'm busy there could you please unload this trailer for me? It's just sacks of salt, nothing dangerous, and it's only 15 tons of it. There should be a dolly somewhere, I guess. Just like that old man did, I will thank you for your help. I'm of course already paid to to this, but I thought it could be more convenient if I find someone else to do my work for me, for free."
Boy: "Sir, I must respectfully decline. I have no desire to earn your money for you."
And in a lot of cases the business plan consists of "I'll implement this idea and see if anyone buys it for $9.95."
Every/. thread must have a car analogy somewhere, so here is one. "I'm buying this Ferrari to open a one-man taxi company, to see if I like the taxi business. I will be charging 1 cent per mile."
Is there anything wrong with such a business plan? Yes, plenty - you just don't buy one of more expensive and highly advanced libraries on the market to produce a cheap, low end product. If your app is yet another notepad or sticky notes then you will do just fine with MFC or now.NET, and those are free to you to use.
One of major selling points of Qt is portability. I was building Linux and Windows binaries out of a single source tree, and hardly anything was conditionally compiled (except hardware dependent classes, of course - the serial ports are handled very differently in Win32 and Linux.) And my software - for a very narrow market, to run rare and highly specialized hardware - was priced so that I could afford a Qt license.
Slashdot Mirror
- Re-establish onshore manufacturing. As in stop penalizing offshoring with tax, immigration, and other policies.
The taxes are high because they are needed to finance bureaucracy, wars and social programs. What government will cut those? [There ought to be one, but I don't see it anywhere.]
Buying goods made in foreign countries can't be as productive or profitable to our economy as buying them made here.
Nobody knows what is good for economy, but everyone knows what is good for his wallet.
Ok, at least lets focus on the right products. Perhaps flat-panel displays, consumer electronics, and clothing?
No, the price will be still 10x to 100x higher, because the workers are just as productive (at best - often less productive,) but their salaries are higher, to match the cost of living. You need to find a product that only US residents can do cheap. There are a few industries of that type - see Boeing, war toys, computer IP, and some agriculture. Former are defined by patents and educated workers; latter is defined by plenty of good land. But low-skilled sweatshop jobs aren't it.
So perhaps we need to work with manufacturers to create products and processes that are economically viable in the U.S.
Largely impossible. If it costs $x in the USA it will cost 0.1*$x in Vietnam, for any given $x. What you need to do is to drop environmental and labor laws, to bring us down to the level of Vietnam - then we will be competitive. Not a good choice. Alternatively, block foreign products and get the same story - a spoon will cost $10, and a car will cost $100K (but that's not important because the gasoline for that car will be $50/gal.)
Essentially, the USA maintains its high quality of life by printing and selling dollars. There is no material, physical or any other reason for the USA to be that well off at this time. [there was a time, after WWII, when the USA was really in a great shape, compared to everyone else.] And if there is no reason for the USA to be where it is, the laws of nature tell us that the USA will eventually go down to where it belongs. It won't land alongside Vietnam, of course, but it will be among other, older societies - overburdened by taxes and bureaucracy, with old population, with educated workforce, and with low desire to do anything. See Europe for details.
It reduces the shock factor when you introduce a new worker to his new computer. He may ask a few questions later about OpenOffice and the mail client though.
Neither you nor the models will be able to reach your you-know-what. Still sure you're happy?
Men love with their eyes, Women love with their ears. As long as you can see, hear and talk you will be OK.
(though the stuff to ignite thermite may) [have nitrates in it]
Thermite is often ignited with a strip of burning Magnesium, and that is easy to light with a match. Matches and lighters may be banned, but if you need only one match who is going to find it? There are, of course, 99 other methods of making fire... like your laptop battery, for one, or with a piece of flint.
What you talked about was your *buy* IPs/subnets from your ISP and they know you have a few IPs and can easily map EVERY IP in your subnet (probably automated)
Your DNS service often has nothing to do with your ISP. Typically your domain registrar offers DNS, and you buy ISP services from anyone. You cannot create DNS records "automatically" because the content of each record (such as host name, for example) comes from you. My ISP does not run my DNS; I never even asked them about that service.
Lets say you get 1234:5678:9ABC:DEF1/64 assigned to you. Someone sends a packets to 1234:5678:9ABC:DEF1::1. Your ISP only see "1234:5678:9ABC:DEF1" and routes that packet to you.
In an ideal world only, where IP works as it should. However if a for-profit, residential service ISP allocates /64 just because the IPv6 standard says so, nothing stops it from activating a firewall in their DSL/Cable modem that only allows one IP out of that subnet to go in and out. There is no law against that, as long as they sold you one IP address. ISPs do that already, and charge extra for more IP addresses. This is not related to short supply of IP addresses, it's just a profit center.
Paying Cisco/Linksys/Netgear/DLink/Belkin/etc to remove "artificial restrictions" they place on the firewall your bought from Newegg/BestBuy/etc?
Firstly, your ISP may be owning and administering the DSL/Cable box. My router is managed by the ISP (but there is no firewall in it, I have my own.) Secondly, nothing stops the ISP from allowing only "purchased" IP addresses on their end. Solutions are always found when money is involved.
If it's worth enough to them, they'll find a work around and they can stop bitching that they shot themselves in the foot or bought a bad product. Just because it's worth $50k, doesn't mean it's good.
Perhaps so, but spectrum analyzers and oscilloscopes are not bought for their future network capabilities, they are bought for their performance as test equipment. They also have very long amortization period - ten years is common, due to their astronomical cost. Once you put them into an automated system you are pretty much locked into this solution because replacement is not financially possible, unless you find a $1 million on a sidewalk one day. If you look at production lines (which I did,) they are stuffed to the ceiling with legacy equipment.
Also, you say "If it's worth enough to them" - it won't be, because IPv6 is not wanted in so many businesses... because their networks are already built out of IPv4-only equipment, running IPv4-only software, and everything works fine. I think a huge number of existing networks will be simply using a 6to4 gateway or something similar.
But you can expect IPv6 to be growing fast on home networks, where ISPs simply ship the provisioned router to the LAN owner. The ability to sell several *usable* IP addresses is also a hot deal for an ISP; besides, without NAT you *need* one IP per host. On a home LAN you can expect all hosts to be IPv6-capable (Vista and Win7, not even mentioning *BSD and Linux.)
Could you DoS your ISP's DNS by allocating all 18.4 quintillion IPs in your /64?
You could, but if the ISP charges you for each DNS entry then the ISP can afford a Google-sized farm to host your DNS :-) Most likely the ISP will simply give a few entries for free, and you pay if you exceed that quota.
Your ISP won't be assigning your IPs anymore with IPv6, just your subnet.
That's already the case with my IPv4 ISP. I have my own, small subnet, and it's up to me to pick addresses that I want to use today.
when they start assigning subnets to dsl/cable modem, how do they plan to track which IPs you use?
In my case, the ISP doesn't care - they sold me the service for a small business, and they only worry that all packets are routed correctly.
In case of a residential user, the subnet allocated to each DSL modem will be very small (like one IP address) and they will be expanding it for a small fee of $10 per IP per month. It costs them real money, you know, to maintain your additional IPs :-)
but you can also manually assign the IP if you so choose.
That would require new management at Comcast and its sister monopolies. Most likely you indeed can assign any IP address to your box, but packets with that IP address will get nowhere.
They'll probably mimic NATs with a default block for incoming traffic and require exceptions to come in.
Indeed; I only think they will configure this firewall to block both directions of traffic, and most ports, and most protocols too if they can get away with it. Then you will be paying for removal of those artificial restrictions. That's why I use a business ISP - they don't nickel-and-dime you, and you always get what you paid for.
Since NATs will be virtually useless once IPv6 becomes mainstream, I'm sure network companies will start selling actual firewalls instead.
Yes, NAT would be of not much value on IPv6; I guess you still could use it if you really want, but when you have a huge subnet, one of major reasons to have a NAT just disappears.
However it will be a painful process to upgrade to IPv6. There are many devices that simply can't do IPv6 - all the "small boxes", for example, industrial controllers, test equipment, automation, and everything else that is not a PC. But even not all PCs (Win98/2k/XP) can be easily switched to IPv6. And it will require new, IPv6-enabled applications... lots of trouble. Many people will just choose to use a bridge (doing simple IP address rewrite using a static map,) this will allow them to keep their LAN on IPv4, using whatever subnet they got. In many cases conversion to IPv6 is just impossible - consider a lab full of test equipment, each unit costs $50K and above, and each runs Win98 (they do, really) and the amortization period ends in 2020.
NAT's only protect from unexpected incoming connections.
And I accept this small help with gratitude.
If you computer is already infected, it can still connect out.
The firewall is a marginal help here if the virus connects out using HTTP. It will even breeze through your proxy, unless you happen to have a rule for that specific server (good luck with whack-a-mole.) And if the virus starts sending spam through your own SMTP server, it is just as legitimate as the user. The firewall will block the internal SMTP server of the virus itself, though, but that is a very common thing to do anyway - we aren't discussing here the strawman case of running a NAT without a firewall. NAT on Linux is part of the firewall package, not the other way around.
how many people are going to be port scanning 128bit IP addresses?
Plenty, since you can always use DNS to find an address of your target host. Why even would anyone want to scan *all* devices that may be out there, be it IPv4 or IPv6? Attackers typically have some purpose in mind, not [just] the childish desire to hack *some* host. So if anyone wants to attack *.example.com he just issues 'host -l -t any example.com' and proceeds from there.
So the point here is just that once you get a virus on your computer, the virus can do anything that you can do. The firewall is not a factor here. If you can send mail then the virus can; if you can browse the Web then the virus can; and so on.
The worst case for businesses is a bot that sits on a PC and slowly, using very little bandwidth, by small HTTP POST requests, reports files that the PC has access to. The herder of the bot can then place instructions on a certain Web site, and then the bot notices that and uploads the interesting files onto some other site, like GMail. None of that activity can be prevented by any firewall, unless the user is also forbidden to do it. And good luck blocking GMail in any business *and* retaining employees.
So firewalls and NATs are orthogonal to this problem. All they do is reduce the chance of getting the virus (or being rooted) in the first place, and that's the most important part of the battle. Once you get the virus the game is lost. Imagine a virus that, if it can't get out of the LAN, will "get angry" and start corrupting random files on network drives! The attack may be noticed only many backup cycles later, when the original tapes are overwritten.
Biggest lie in ages
No, the biggest lie in ages is 16 to 18, depending on your location :-)
It doesn't matter if the NAT product comes with a firewall or not. [...] In order to prohibit routing, you need to use a firewall.
So it does really matter if the NAT comes with a firewall. And most (if not all) NATs do. No reason to argue a case that doesn't exist - firewalls are there.
I assume that by "poorly done VoIP" you mean "VoIP that allows incoming calls as well as outgoing calls"?
You need a SIP server anyway, unless you want all your phones to register at some myfreesipregistrar.com. I'm not aware of many businesses that dare to do that. And once you get that server (such as *) you can have your routing also, at the same place, be it SIP, IAX, H.323, T1/E1, POTS and anything else that you, hopefully, have. It will do all the permissions, accounting and more. So again this is a hypothetical situation that doesn't (or shouldn't) exist.
And being a business environment, I assume "his needs" do not include any file sharing applications, remote assistance, online games, or ftp?
Correct, naturally. Those are security and legal liabilities, if the mere fact of them being not related to the company's business is not enough.
there is always a reason to drop the NAT: it is a single point of failure
Failure of a NAT box is a rare, if not unheard of cause of a major downtime - at least because the box is easy to swap out, like any router or a switch. But if you have an Oracle or MySQL issue - that's when your site goes down and stays down. Fighting a nonexistent problem is rarely productive.
You seem to be arguing "we still have airbags while we already have ABS", but I fail to see how that relates to firewalls and NAT
The LAN behind the NAT box can't be [easily] accessed unless there is some NAT mapping. So when you combine a real firewall and a NAT "firewall" you get two chances, not one, to stop the bad packet. Since those are two different technologies, they complement each other, and a stupid error in the configuration of the external firewall will only allow the attacker to pound on a closed, non-routing port of the NAT box. People who argue that "a NAT doesn't offer any advantages over a proper firewall" just assume that the "proper firewall" is always perfectly configured and has no bugs.
Experienced sysadmins prefer multiple layers of isolation because they are not paid to promote connectivity - they are specifically paid to promote lack of connectivity, with rare exceptions made when a business case for them exists. Some businesses that I know of completely forbid workstations from talking to the internet gateway, regardless of what it is. You have your Squid running and you run filtering, access controls and logging there, if that needs to be for legal purposes. You have your SIP or H.323 server. You have your mail server, and DHCP/DNS for your local needs. All these servers have interfaces on the LAN - say, 10.0.0.0/8. The Internet gateway may not even be on the physical cable that goes into the cubicle farm. The reason for that? The workstations have no business reason to access Internet hosts directly. If you need HTTP, there is a proxy for that, and mind that everything is logged.
You have a far greater degree of control with a real firewall---regardless of whether it uses NAT
He does have a real firewall, regardless of whether it feeds a NAT. I don't even know if there is a NAT product on the market that doesn't come with a firewall.
He has no reason to drop the NAT, unless some of his needs (like a poorly done VoIP or videoconferencing) require that.
It is true that a NAT is not a security device. But we still have safeties on our guns, even though they are "mechanical devices that may fail at any time" and we are not expected to depend on gun safeties. But they are just another level of protection, however small, which one day you may find very useful. When handling a gun you point it into a safe direction, set safety, unload it, open the lock, visually check the chamber, shove your finger into the port, and still you don't point the muzzle at anyone. Would you like to treat any of these steps as optional?
the Vatican has declared that the name, image, and any symbols of the Pope are for exclusive use of the Holy See.
I searched /. usernames, and there are quite a few that claim to be Pope this or that :-)
I don't know about the "small influx of energy," that's basically one of objects of research here. The Sun is definitely far away, but Saturn is close, and its gravitational interference should be considerable, so far that Titan is locked in position just as our local Moon is. There are also clouds forming and dissolving, which must influence the weather.
perhaps the lander will use strong signals transmitted to it from Earth as a beacon?
Let's say the distance from Earth to Saturn is 10 A.U. (it varies, obviously). That would be 149.60×10^10 meters. The path loss (using the Friis transmission equation) is 300 dB at 30 GHz. Antennas of Deep Space Network give you gain of 80 dB. The antenna on the lander, as a guess, will give you 40 dB at best if it is a fixed parabolic dish. 300 - 80 - 40 = 180 dB (in either direction.) If we transmit from Earth at 1 MW, that would be 90 dBm. Then the signal at the front end of the receiver on Titan will be -90 dBm. This is not a problem in itself, modern receivers can work with even smaller signals. A ham receiver (like K3) will detect a signal at -136 dBm within 500 Hz.
But there is still a problem. High gain antennas have, by definition, a narrow beam. It's like a telescope. But you can't look through a telescope to find a star! Your field of vision is too small. But if you make the beam wider the signal disappears! So here is the catch 22 - you can receive the signal from Earth only if you already know where it is coming from :-) Phased antenna arrays are kind of convenient for beam-forming on the fly, but they are typically not as good as a simple dish (or else we'd all use only them.)
There may be a way to do it still. First of all, you may make your receiver so good that it will detect the signal even with antenna configured for a wide beam. You only need a few bits per second at that stage. It helps a lot that you are swimming in the sea of cryogenic liquid, you can cool your front stage somewhat - not as He would allow, but still -160C is better than nothing.
Alternatively, look for a signal with a wide beam, but that signal won't be coming from Earth. Find a stronger signal - from the Sun, or from some pulsars, or from anywhere else that can be used as a good astronomical marker. That assumes that your communication system covers the right frequency band.
But all in all, it's too much risk for such a trivial [today] problem. Your mission may easily fail just because the lander can't find Earth - and that happened more than once with other probes, it's not unusual. Especially when you don't have a clue what you are landing into. If I were to plan the mission, I'd splurge on a proper set of one orbiter and one or two landers. It's a good distance to Saturn, many years in transit, so you want to make one mission count. Cost should not be such a concern when you are doing the most complex rocket science that there is.
that discussion talks about phased arrays
You need to know your orientation and position to control the antenna. On Earth that would be done with GPS augmented with an inertial system when GPS signal is not available. Additionally you need to know the orientation, that can be done (again on Earth) by magnetic compass and by Sun/stars. On Titan there is no GPS, not much is known about its magnetic field (and interference from Saturn is huge,) and astronomy may or may not work depending on how fast the vessel moves and what is visible in the sky. Liquid methane probably also has low viscosity, which makes things worse.
There's also Stephen Baxter's Titan. The ending is uplifting
Unfortunately I have read the book. The ending is absurd, so it's pointless to debate whether it is uplifting or not. Besides, before you get to the ending you must make your way through the preceding chapters without tearing the book into shreds. It's indeed not for everyone to read about several suiciders who fall prey to one horrible accident or another, without any hope of surviving and seeing Earth die. And all that is for nothing, of course. What an invigorating story it is not!
that's 20 hours per person per annum [...] So, not such a mad figure to bandy around.
It is two and a half work days per year to just read ads. With an average $80/hr rate of a consultant, this will cost you $1,600/yr. That's some real money here.
All banks I've been with charge money to "cash" a foreign cheque
Then you should visit RBC, they charge $15 only if the check's currency doesn't match the currency of the account - and that is easy to fix. So if you regularly transfer money between US and Canada you simply open an USD account at RBC.
Call your bank and tell them you want to transfer the money, so what are my options. There will be a way
The wire transfer exists, true, but it is not free. It may cost you $20 to send a couple thousand dollars to another country. A check will cost you just a stamp.
Even transfers and payments within the USA are not always free. There are a couple of services that charge money for convenience of paying with your credit card. I think CA DMV was/is like that, and definitely it applies to CA property taxes:
Please note: there is a fee of 2.5% ($1.00 minimum) for paying with a credit card. The fee for paying with an electronic check is $15.00 ($27.00 for large amounts).
Good luck paying extra 2.5% of your property taxes. Even the "electronic check" will cost you money that you could use; and that eCheck is just a middleman's product, adding no value and actually taking some money away. Meanwhile, paper checks are free and postage is still affordable. Most importantly, paper checks are physical instruments that you draw, handle and send in a very well understood way, whereas various electronic payment services seldom inform you what's happening, and you must deal with a robot whenever you use them.
excusing someone who kills a guy in a bar fight because he's not a serial killer who keeps his victim's head in the fridge. The difference is only a matter of degrees.
That would be about 50 degrees F, assuming a common kitchen fridge.
Those bullets are single use only...
Not always.
There's just one problem with this example, which makes it totally irrelevant to this case: The boy will have to use a lot of time and effort to unload the truck.
This is not a problem - the boy would be hanging around and helping other people for the rest of the day. His time and effort is a sunk cost. The only important difference is his choice of who to help (and whether to help.) His choice is *not* based on economic factors.
So what is the boy's motivation to decline? There is only one major reason to do so - abuse of his generosity. People do things for free, for other people, when they feel that other people need their help. Boy scouts help elderly people; adults help everyone who is in distress; programmers give their code away to anyone, and so on. However many people are unwilling to render free assistance when they know that the recipient of that assistance is just getting a free ride, though he is already given money for a taxi. Essentially the abuser of generosity is pocketing the money that he has been already paid (the truck driver) or will be paid (the commercial programmer.) Are you likely to give money to a young, healthy panhandler who, by all indications, is just too lazy to hold a real job?
It does not matter if the abuse happens out of your sight, it is still an abuse. People instinctively feel wrong when someone is rewarded for a job that they didn't do, and it's doubly wrong when it's you who did the job for them. So the damage is not to the programmer, but to the fabric of the society, by letting people receive rewards that they haven't earned. So unearned rewards is the key here. GPL specifically forbids such rewards, excepting only additional labor that you may do on your own (such as compiling, support, making physical copies, etc. - I'm not going to be detailed here.)
These rules aren't absolute, of course. If you have a car accident and I need to remove some sacks of salt to get to you, I won't wait for paid firefighters to do that job. If you, looking wealthy and driving an expensive car, ask for directions I won't send you to the gas station to buy your own map. People are usually good at making those decisions; if, for example, you ask for a complete route description that involves 50 turns and you want all landmarks described and drawn, I'll just send you to the book store; but if you have a sick person with you who needs to be driven to the hospital that is 50 turns away, I'll ride with you to guide you there.
I have been toying with the idea of creating a "compression detector" (in hardware because I am a hardware geek) that can detect the sustained amplitude of a signal (indicating compression.. aka commercials) and then automatically pad it down by 20 dB. When the compression goes away, so does the padding. This would have a really cool effect of nearly muting commercials and could be a retrofit device between your receiver and an external amp.
You probably want a power meter. Imagine an orchestra with two instruments - A and B. A is playing loud, and B is quiet. The oscilloscope shows the waveform of A, with a little of B overlaid on top of it. B does not affect anything. In frequency domain you see the tone(s) of A going to the top of the screen, and tone(s) of B being tens of dB below.
Now use a compressor. It amplifies all signals, and then trims the tops (which happen to be instrument A.) Now you have tones of A and B at the same level. It causes some distortion due to nonlinearity of the process, but that can be dealt with, most compressors are far more complex than two diodes in parallel.
So if you want to detect loudness of commercials, record some, and the shows, and then run the FFT on them in something like Audacity. If you see the difference, that's what you base your detector on. You just need to calculate some statistics on the FFT bins. For example, sum of heights of all bins (the integral, scaled) tells you the power in the channel. You can also calculate the power out of the voltage on a resistive load, but you still need to sample the waveform very fast, use the formula p=u^2/r and then integrate it over some time. The volume meters don't do that, they only latch onto peak voltage because their purpose is to detect peaks. They do report peak power, in a way, but they don't tell you if that peak power was happening for 100 microseconds or for 100 milliseconds.
If there was a small circuit (like an op-amp) that could be hacked together with Radio Shack parts by any 14 year old (and the schematic freely available for download off of the internet) you can bet that some enterprising folks would mass-market a box
I can certainly build such a box, but I don't need it for myself because I don't care about TV at all, and most people on /. who still watch TV have MythTV that seems to have that detector done in software, and the rest of the society are not mobile enough to leave the couch and do something. Besides, how will they connect that box? They'd need cables and an external amplifier. Majority of TV owners just have the TV unit; it has an output, sure, but there is no way to route the processed audio back into the internal audio amplifier.
Normalization implies you have other sources to compare sound levels against to maintain a constant volume. Guess what isn't a regular thing in the TV industry, since they focus mainly on video and not audio? Bingo! Normalization.
That is not so. The audio path is calibrated for 0 dBm and that's all you need to normalize your live audio. But if you insist on a comparison I will sell you an audio signal generator.
I'll bet the engineers already figured it out.
Long time ago, when telephone was invented. A dBm is defined as 1 mW into 600 Ohm, and that's a telephony configuration. You can't build a telephone system if all your signal levels are left to chance. When radio broadcasts started, the modulation level had to be also precisely controlled because overmodulation causes distortion and low modulation results in weak audio.
you could see the leader ship in Cuba might be a little paranoid
They have no need to be paranoid after the Bay of Pigs invasion in 1961. It was a war. From this link:
Cuba's losses during the conflict are variously reported as 4,000 killed,wounded or missing [6], or about 5,000.[7] Cuban sources report over 2,200 casualties[50].
So after that little incident Cuba subscribes to the principle "Beware of Greeks bearing gifts". And this guy just showed up bearing gifts.
So how can it be fair to demand something back? No, it's just greedy.
Here is a little sketch then:
A boy scout near Safeway finishes helping an old man to unload the shopping cart into the car.
A 18-wheeler with Safeway insignia stops nearby. The driver climbs down, opens the trailer. Approaches the boy.
Driver: "Hey, boy, I saw you helping that old man, that was very kind of you."
Boy: "Thank you, Sir!"
Driver: "How about helping me a bit?"
Boy: "What can I do for you?"
Driver: "Well, I'm hungry a little, so I want to go to this here Burger King for an hour or two, and while I'm busy there could you please unload this trailer for me? It's just sacks of salt, nothing dangerous, and it's only 15 tons of it. There should be a dolly somewhere, I guess. Just like that old man did, I will thank you for your help. I'm of course already paid to to this, but I thought it could be more convenient if I find someone else to do my work for me, for free."
Boy: "Sir, I must respectfully decline. I have no desire to earn your money for you."
Driver: "Boy, you are so greedy!"
And in a lot of cases the business plan consists of "I'll implement this idea and see if anyone buys it for $9.95."
Every /. thread must have a car analogy somewhere, so here is one. "I'm buying this Ferrari to open a one-man taxi company, to see if I like the taxi business. I will be charging 1 cent per mile."
Is there anything wrong with such a business plan? Yes, plenty - you just don't buy one of more expensive and highly advanced libraries on the market to produce a cheap, low end product. If your app is yet another notepad or sticky notes then you will do just fine with MFC or now .NET, and those are free to you to use.
One of major selling points of Qt is portability. I was building Linux and Windows binaries out of a single source tree, and hardly anything was conditionally compiled (except hardware dependent classes, of course - the serial ports are handled very differently in Win32 and Linux.) And my software - for a very narrow market, to run rare and highly specialized hardware - was priced so that I could afford a Qt license.