I agree, to an extent. But, then, all i've ever looked at is used cisco stuff, and I still can't afford $7k for a used cisco router and 5 T-1 cards, good deal that it may be, when I can spend $500 on a celeron 766 w/ 512MB ram, 20GB hard drive (our router) and $2000 on Cyclades PC300 cards, and $600 on 5 Motorola FS100 CSU/DSU's. I mean, that's a huge savings - $4000 saved is worth celebrating.
If you know the passwords, you telnet/ssh to the router (most low-end routers only support telnet, so an eavesdropping attack to obtain the passwords is possable), make whatever configuration changes you want, and voila, it's hijacked.
*Sigh*
Granted, cisco routers are great, but they're also hella expensive. We use a Linux based router, with 3 Dual T-1 cards (cyclades PC300's). We run Zebra (emulate cisco, more or less) and bgpd (bgp service). Because we're using our own software, we can do several really cool things. One: Disable access to the router outside of the internal network. Two: Disable telnet access.
And, a really cool third: Multi-homed BGP, for those of you who don't know, is used for best route selection when your router is connected to two or more links. Roughly. Sort of. Search google for "Avi freedman doc BGP". It's really for announcing your network (autonomous system) to other routers, but it does the deciding on what to announce... anyway... Unfortunately, one thing it doesn't take into account is bandwidth saturation on the network. We have one provider (sprint) who provides the bandwidth to another of our providers (ntelos). So, the route for Ntelos is at least two hops longer. As a result, our one T-1 through sprint may end up being completely slammed, and both of the nTelos ones may have only 10-20k going out them because BGP has decided that the best way to get everywhere is to go out sprint. We could just prepend our sprint routes a couple of hops, but that requires all kinds of multihop wizardry.
Enter our autoscaling package. It's a set of modifications to the BGP source (eat it cisco). What it does is calculate the bandwidth available on any one link, and shift routes around to links with more available bandwidth, so that all our traffic is balanced. Granted, it may take a slightly longer time over a link that BGP didn't select for that route, BUT we feel that having traffic going out a link that may have a slightly longer pathlength is preferable to having all bandwidth fight for the one "preferable" link.
Ahh, the joys of open source.
Or, you can try and knock it offline somehow, then try and impersonate it to cause mischief. That's a lot more difficult though.
Yep. For us, if we're getting an attack from someone, usually all we have to do is start dropping their packets. Keep in mind, most home connections are short on outgoing bandwidth, and we have gobs of incomming bandwidth to spare, so this is usually enough. Alternatively, if it's a huge attack, we just figure out where it's comming from, and call our upstream ISP, and they block packets for us. It's kind of hard to ping flood the Quest backbone =). R1d3 tha L1gh7, script kiddies.
Also, another precaution we take is that we don't (can't) get into the BGP interface on the router unless we're already on the router, so unless someone on the internal network can sniff out a telnet connection to localhost, we're probably OK.
But, the point is well taken. If you have the password, you can cause havoc. Being able to secure your router because you have the source, and you can block accesses, does help, but it's not the end all be all.
approximately 130,000 networks are currently using BGP.
Hrm, imagine that... When I check my BGP tables, there are about... yeah, 116,000 routes.
Of course, that is every network on the internet. Anywhere you need to go, you can go from your ISP router to the other person's ISP router via one of 116,000 routes.
Hell, Ford would *kill* for that kind of record, and they have a *much* easier task to do.
Difference with ford is frequency, bub. If ford made vehicles that had a 1 in 50 failure rate (like the space shuttle), how many of you would sell your taurus?
Ahh, makes sense now. I thought that they were going to start charging for something available now for free. I didn't think they'd be too successful with that.
If they're charging for something that will be available, but isn't now, that's different!
Re:Compassion for the RIAA? Never had it, never Wi
on
The Future of the CD
·
· Score: 1
...regret for the "loses" the RIAA thinks they have sustained, most of these "loses" are purely projections of what they feel they should have earned. I dont blame CD writers for the decline of music sales, I blame horrible artists and poor music...
I understand why they'd do that, it makes great economic sense.
However: The 3ed rules seem like they "just" came out, and there's lots of applications that will still use them. Neverwinter Nights, for example, prided it's self on using 3ed. Will we now also have to download or buy the next pack for NWN so that we feel up to snuff?
But, whatever, people that deal with WOTC are used to it. Think Magic Cards - every 4 months, release a whole new set, and then after two new set releases, you can't use any older cards in Type II tournaments.
Same Deal... you can still use the older stuff, just not in the "cool, new" tournament situations.
You're appearances on Tech TV have most often been gut bustingly funny, especially the ones where you have to be the guy who's asking "how do I do this" when it's quite obvious you could do it better and with more finesse than whoever is showing you.
I read fark every day in anticipation of seeing articles about you.
Dave.
(heh, just kidding, I'm not dave berry, but otherwise, rock on wil).
The vast majority of albums do not sell eight million copies! In fact, in the last ten years only 2356 albums have gone "Multi-Platinum" - the designation for albums with more than two million sales.
@$16 ea. -
I'm sorry, but any industry that can't survive on $75,392,000,000 over ten years needs to buy new accountants. That's $7.5 billion per year on album sales not to mention merchandising and ticket sales. Also, not taking into account artists that "only" sold 500,000 copies of an album.
GWAR (who?) on the smaller-known Metal Blade Records released an album late 2001. It's sold ~80,000 copies. Now, there are 5 people directly in the band, and a huge support team of artists and craftsman, which is evidant for anyone who has been to a GWAR show (they dress up in rubber suits like monsters and spew fake blood-colored-water on the audience). Tickets to GWAR shows are $17-$22. I've talked to people in the band, and they're definately not p.diddy rich, but they make enough that they don't have other jobs, and they tour 4 or so months a year. Mabey 5. They make money.
So it's not that people that "only" sell 100,000 copies don't make money, they just don't make enough money for the record industry to be happy.
OK, you can't compare dollar for dollar in different markets. What is the average rent in a mall, in USD, in Malaysia compared to Manhattan? What are the average wages in those two locations? Electricity, taxes, price of a cup of coffee, it all factors in. Because you aren't paying US$9 for a CD, you're paying whatever your local currency is.
Not as much as you'd think. When I worked at best buy, we used to sell a CRAPLOAD of CD's. The thing is, we made about $1 per CD. That's right, our markup was $1, pretty much no matter what the price was. Moreover, if someone stole a CD, to break even, it now means we had to sell 15 CD's.
So, while I do agree that locale can factor into it, it's not as much as you think. The distributors were selling us the CD's for $15.73 and we were selling them for $16.99. Obviously in asia, the distributors weren't selling the CD's to the stores for $15.73 and the stores turning around and selling them for $9.
I think it may be a result of piracy in asia. I was under the impression that there is such nonchalance with regards to illegally copied music sales in S.E. Asia that mabey the RIAA lowered prices to be competative.... what an idea!
You know, I really couldn't care who's at the head of the RIAA train. Good. She's leaving. Whatever. She's leaving to change the image - not the politics. But even the politics don't bother me so much.
Here's a clue: You will alienate less people if you put out better music. Woot Woot, the clue train is arriving, and this incarnation of the Pop train is finally leaving.
Here's another clue: We all have CD burners. Besides the obvious ability to copy music CD's, what you don't realize it has taught us is how cheap CD's truely are. I know there's the cost of the production of the album, the marketing, etc., but over 8 million copies, those costs are negligable. People hate you because the last CD they bought cost them $18.99 and the last CD they burned cost $1.76, including the label, the insert, and the case.
Agreed. Here at netmar, we can't justify moving to Apache 2 until mod_perl is released in a configuration that works with apache2. Preferably without hours of trying to compile with various options against various gcc's. It would be nice if tomcat didn't require a priest, a monk, and a shaman to install, too.
Executive #1: Sir, Congress and the President just passed a law stripping every right corporations had. We no longer own any properties, patents, and copyrights that we used to own. Executive #2: Well, so how do we make a profit now?
So what you're saying is: Step 1.) Take away all corporation's rights Step 2.) ????? Step 3.) Profit!
I'm one of the Sys Admins from the company that hosts this site. Referencing this comment, our Qwest links are back up. We're running full tilt now. I'm not sure if anyone is still reading comments, I may be too late, but here it is.
It's a good idea, but as long as there's a href link off the front page of/., your site will get hammered. Lots of people don't bother to read comments, and lots more don't read comments before clicking on link.
A lot of people have gotten into the habit of "click the link, read the comments while it loads".
Also, with mirroring,/. does have a bandwidth bill to pay.
But, boy do I wish this one had been mirrored. We're still getting slammed 6 hours later.
Sorry about the being slashdotted. We're working on getting that fixed.
I'm a server administrator at the webhosting company that hosts that page. Today (at 1AM) two of our five T-1's went down (Qwest appearantly had a cable cut - bah, force majure). Of all days for our network capacity to be decreased by 40%...
At any rate, we just turned up MaxClients, MinSpareServers, and MaxSpareServers in the apache config. We're going to start really hounding Qwest. We'll get it back up as soon as possible. It is accessable right now, but slow.
Sorry about the being slashdotted. We're working on getting that fixed.
I'm a server administrator at the webhosting company that hosts that page. Today (at 1AM) two of our five T-1's went down (Qwest appearantly had a cable cut - bah, force majure). Of all days for our network capacity to be decreased by 40%...
At any rate, we just turned up MaxClients, MinSpareServers, and MaxSpareServers in the apache config. We're going to start really hounding Qwest. We'll get it back up as soon as possible. It is accessable right now, but slow.
Disney has tried this with ABC and fallen to the bottom of the ratings heap.
Bullshit. ABC = sports. ESPN = also owned by ABC/Disney. If you don't think that makes them all the money they want, you're sorely mistaken. I get 4 (FOUR) espn channels 24/7 (ESPN, ESPN2, ESPN classic, ESPNews). Not counting the Pay Per View stuff (NCAA football, basketball, NFL sunday ticket, NHL center ice, MLB extra innings, etc).
Add to that all of the sports events that are on ABC (lots of college and NFL football games, national championships, etc) and ABC makes plenty of money. All the extra crap (what is it now, 12 secrets to dating my daughter, who also happens to be the celebrity mole) is crap, but I imagine they made an equal amount of money on the Miami-OSU game as they did on all their programming for the rest of the week combined.
Slashdot Mirror
I agree, to an extent. But, then, all i've ever looked at is used cisco stuff, and I still can't afford $7k for a used cisco router and 5 T-1 cards, good deal that it may be, when I can spend $500 on a celeron 766 w/ 512MB ram, 20GB hard drive (our router) and $2000 on Cyclades PC300 cards, and $600 on 5 Motorola FS100 CSU/DSU's. I mean, that's a huge savings - $4000 saved is worth celebrating.
I checked it after I posted that, and i was actually seeing ~119,000 at the moment.
If you know the passwords, you telnet/ssh to the router (most low-end routers only support telnet, so an eavesdropping attack to obtain the passwords is possable), make whatever configuration changes you want, and voila, it's hijacked.
*Sigh*
Granted, cisco routers are great, but they're also hella expensive.
We use a Linux based router, with 3 Dual T-1 cards (cyclades PC300's).
We run Zebra (emulate cisco, more or less) and bgpd (bgp service).
Because we're using our own software, we can do several really cool things.
One: Disable access to the router outside of the internal network.
Two: Disable telnet access.
And, a really cool third:
Multi-homed BGP, for those of you who don't know, is used for best route selection when your router is connected to two or more links. Roughly. Sort of. Search google for "Avi freedman doc BGP". It's really for announcing your network (autonomous system) to other routers, but it does the deciding on what to announce... anyway...
Unfortunately, one thing it doesn't take into account is bandwidth saturation on the network. We have one provider (sprint) who provides the bandwidth to another of our providers (ntelos). So, the route for Ntelos is at least two hops longer. As a result, our one T-1 through sprint may end up being completely slammed, and both of the nTelos ones may have only 10-20k going out them because BGP has decided that the best way to get everywhere is to go out sprint.
We could just prepend our sprint routes a couple of hops, but that requires all kinds of multihop wizardry.
Enter our autoscaling package. It's a set of modifications to the BGP source (eat it cisco). What it does is calculate the bandwidth available on any one link, and shift routes around to links with more available bandwidth, so that all our traffic is balanced.
Granted, it may take a slightly longer time over a link that BGP didn't select for that route, BUT we feel that having traffic going out a link that may have a slightly longer pathlength is preferable to having all bandwidth fight for the one "preferable" link.
Ahh, the joys of open source.
Or, you can try and knock it offline somehow, then try and impersonate it to cause mischief. That's a lot more difficult though.
Yep.
For us, if we're getting an attack from someone, usually all we have to do is start dropping their packets. Keep in mind, most home connections are short on outgoing bandwidth, and we have gobs of incomming bandwidth to spare, so this is usually enough. Alternatively, if it's a huge attack, we just figure out where it's comming from, and call our upstream ISP, and they block packets for us. It's kind of hard to ping flood the Quest backbone =). R1d3 tha L1gh7, script kiddies.
Also, another precaution we take is that we don't (can't) get into the BGP interface on the router unless we're already on the router, so unless someone on the internal network can sniff out a telnet connection to localhost, we're probably OK.
But, the point is well taken. If you have the password, you can cause havoc. Being able to secure your router because you have the source, and you can block accesses, does help, but it's not the end all be all.
approximately 130,000 networks are currently using BGP.
Hrm, imagine that... When I check my BGP tables, there are about... yeah, 116,000 routes.
Of course, that is every network on the internet. Anywhere you need to go, you can go from your ISP router to the other person's ISP router via one of 116,000 routes.
Heh - anyone remember what the lookups to those used to be?
ns:root> host 4.2.2.1
1.2.2.4.in-addr.arpa domain name pointer vnsc-pri.sys.gtei.net.
ns:root> host 4.2.2.2
2.2.2.4.in-addr.arpa domain name pointer vnsc-bak.sys.gtei.net.
ns:root> host 4.2.2.3
3.2.2.4.in-addr.arpa domain name pointer vnsc-lc.sys.gtei.net.
ns:root> host 4.2.2.4
4.2.2.4.in-addr.arpa domain name pointer vnsc-pri-dsl.genuity.net.
4.2.2.4 used to be i.will.not.steal.dns.sys.gtei.net.
Now, that was an internet-wide easter egg!
Hell, Ford would *kill* for that kind of record, and they have a *much* easier task to do.
Difference with ford is frequency, bub. If ford made vehicles that had a 1 in 50 failure rate (like the space shuttle), how many of you would sell your taurus?
Ahh, makes sense now. I thought that they were going to start charging for something available now for free. I didn't think they'd be too successful with that.
If they're charging for something that will be available, but isn't now, that's different!
...regret for the "loses" the RIAA thinks they have sustained, most of these "loses" are purely projections of what they feel they should have earned. I dont blame CD writers for the decline of music sales, I blame horrible artists and poor music...
F -8&q=Courtney+Love
If you haven't already read it, Courtney Love does the math is about the most reasoned and articulate piece of journalism I have ever read. Check it out:
http://www.google.com/search?hl=en&ie=UTF-8&oe=UT
I understand why they'd do that, it makes great economic sense.
However: The 3ed rules seem like they "just" came out, and there's lots of applications that will still use them. Neverwinter Nights, for example, prided it's self on using 3ed. Will we now also have to download or buy the next pack for NWN so that we feel up to snuff?
But, whatever, people that deal with WOTC are used to it. Think Magic Cards - every 4 months, release a whole new set, and then after two new set releases, you can't use any older cards in Type II tournaments.
Same Deal... you can still use the older stuff, just not in the "cool, new" tournament situations.
I just downloaded the releases straight from the page linked to from slashdot.
Ya know, to check it out.
So, where's the charging??
Eh, I don't read dave barry (berry). Not for any vendetta, just never got into it.
I do, however, follow Wil Wheaton's happenings.
Dear Wil,
You're appearances on Tech TV have most often been gut bustingly funny, especially the ones where you have to be the guy who's asking "how do I do this" when it's quite obvious you could do it better and with more finesse than whoever is showing you.
I read fark every day in anticipation of seeing articles about you.
Dave.
(heh, just kidding, I'm not dave berry, but otherwise, rock on wil).
I can't wait until
Tom's hardware comes out with
A review so that I can swing
By that website and check out all
the new ads they have and see
How many pages they've broken the
review up into. I bet it's like
12.
The vast majority of albums do not sell eight million copies! In fact, in the last ten years only 2356 albums have gone "Multi-Platinum" - the designation for albums with more than two million sales.
@$16 ea. -
I'm sorry, but any industry that can't survive on $75,392,000,000 over ten years needs to buy new accountants.
That's $7.5 billion per year on album sales not to mention merchandising and ticket sales. Also, not taking into account artists that "only" sold 500,000 copies of an album.
GWAR (who?) on the smaller-known Metal Blade Records released an album late 2001. It's sold ~80,000 copies. Now, there are 5 people directly in the band, and a huge support team of artists and craftsman, which is evidant for anyone who has been to a GWAR show (they dress up in rubber suits like monsters and spew fake blood-colored-water on the audience). Tickets to GWAR shows are $17-$22. I've talked to people in the band, and they're definately not p.diddy rich, but they make enough that they don't have other jobs, and they tour 4 or so months a year. Mabey 5. They make money.
So it's not that people that "only" sell 100,000 copies don't make money, they just don't make enough money for the record industry to be happy.
~Will
OK, you can't compare dollar for dollar in different markets. What is the average rent in a mall, in USD, in Malaysia compared to Manhattan? What are the average wages in those two locations? Electricity, taxes, price of a cup of coffee, it all factors in. Because you aren't paying US$9 for a CD, you're paying whatever your local currency is.
Not as much as you'd think.
When I worked at best buy, we used to sell a CRAPLOAD of CD's. The thing is, we made about $1 per CD.
That's right, our markup was $1, pretty much no matter what the price was. Moreover, if someone stole a CD, to break even, it now means we had to sell 15 CD's.
So, while I do agree that locale can factor into it, it's not as much as you think. The distributors were selling us the CD's for $15.73 and we were selling them for $16.99. Obviously in asia, the distributors weren't selling the CD's to the stores for $15.73 and the stores turning around and selling them for $9.
I think it may be a result of piracy in asia. I was under the impression that there is such nonchalance with regards to illegally copied music sales in S.E. Asia that mabey the RIAA lowered prices to be competative.... what an idea!
~Will
You know, I really couldn't care who's at the head of the RIAA train.
Good. She's leaving. Whatever. She's leaving to change the image - not the politics. But even the politics don't bother me so much.
Here's a clue: You will alienate less people if you put out better music. Woot Woot, the clue train is arriving, and this incarnation of the Pop train is finally leaving.
Here's another clue: We all have CD burners. Besides the obvious ability to copy music CD's, what you don't realize it has taught us is how cheap CD's truely are. I know there's the cost of the production of the album, the marketing, etc., but over 8 million copies, those costs are negligable. People hate you because the last CD they bought cost them $18.99 and the last CD they burned cost $1.76, including the label, the insert, and the case.
~Will
Agreed. Here at netmar, we can't justify moving to Apache 2 until mod_perl is released in a configuration that works with apache2. Preferably without hours of trying to compile with various options against various gcc's.
It would be nice if tomcat didn't require a priest, a monk, and a shaman to install, too.
Executive #1: Sir, Congress and the President just passed a law stripping every right corporations had. We no longer own any properties, patents, and copyrights that we used to own.
Executive #2: Well, so how do we make a profit now?
So what you're saying is:
Step 1.) Take away all corporation's rights
Step 2.) ?????
Step 3.) Profit!
sorry, couldn't resist.
Hello again, everyone:
I'm one of the Sys Admins from the company that hosts this site.
Referencing this comment, our Qwest links are back up. We're running full tilt now. I'm not sure if anyone is still reading comments, I may be too late, but here it is.
~Will
Systems Administrator
Netmar, inc
It's a good idea, but as long as there's a href link off the front page of /., your site will get hammered. Lots of people don't bother to read comments, and lots more don't read comments before clicking on link.
/. does have a bandwidth bill to pay.
A lot of people have gotten into the habit of "click the link, read the comments while it loads".
Also, with mirroring,
But, boy do I wish this one had been mirrored. We're still getting slammed 6 hours later.
~Will
Systems Administrator
Netmar, inc
Gotcha.
Furthermore, it is always a good idea to use 'apachectl configtest' before restarting.
I always use configtest after editing the file, and I use 'apachectl graceful' for restarting, not restart.
Server Version: Apache/1.3.27 Ben-SSL/1.48 (Unix) mod_perl/1.27 PHP/4.2.3 ApacheJServ/1.1.2
Server Built: Nov 1 2002 02:25:45
Current Time: Wednesday, 08-Jan-2003 10:47:54 EST
Restart Time: Wednesday, 08-Jan-2003 10:44:25 EST
Parent Server Generation: 0
Server uptime: 3 minutes 29 seconds
Total accesses: 3729 - Total Traffic: 26.0 MB
CPU Usage: u14.56 s2.98 cu.27 cs.31 - 8.67% CPU load
17.8 requests/sec - 127.2 kB/second - 7.1 kB/request
153 requests currently being processed, 33 idle servers
Sorry about the being slashdotted. We're working on getting that fixed.
I'm a server administrator at the webhosting company that hosts that page. Today (at 1AM) two of our five T-1's went down (Qwest appearantly had a cable cut - bah, force majure). Of all days for our network capacity to be decreased by 40%...
At any rate, we just turned up MaxClients, MinSpareServers, and MaxSpareServers in the apache config. We're going to start really hounding Qwest. We'll get it back up as soon as possible. It is accessable right now, but slow.
Again, apologies.
~Will
Server Administrator,
Netmar inc
Sorry about the being slashdotted. We're working on getting that fixed.
I'm a server administrator at the webhosting company that hosts that page. Today (at 1AM) two of our five T-1's went down (Qwest appearantly had a cable cut - bah, force majure). Of all days for our network capacity to be decreased by 40%...
At any rate, we just turned up MaxClients, MinSpareServers, and MaxSpareServers in the apache config. We're going to start really hounding Qwest. We'll get it back up as soon as possible. It is accessable right now, but slow.
Again, apologies.
~Will
Server Administrator,
Netmar inc
Disney has tried this with ABC and fallen to the bottom of the ratings heap.
Bullshit. ABC = sports. ESPN = also owned by ABC/Disney. If you don't think that makes them all the money they want, you're sorely mistaken. I get 4 (FOUR) espn channels 24/7 (ESPN, ESPN2, ESPN classic, ESPNews). Not counting the Pay Per View stuff (NCAA football, basketball, NFL sunday ticket, NHL center ice, MLB extra innings, etc).
Add to that all of the sports events that are on ABC (lots of college and NFL football games, national championships, etc) and ABC makes plenty of money. All the extra crap (what is it now, 12 secrets to dating my daughter, who also happens to be the celebrity mole) is crap, but I imagine they made an equal amount of money on the Miami-OSU game as they did on all their programming for the rest of the week combined.
Don't cry for ABC. Their ratings are fine.
~Wx