Actually, that's what BGP does quite well. Just because local-pref says go here, if "here" is down, reroute. In practice, a change in internet routing (from experience) is reflected across all 85K+ routes within 2 minutes of a change. In the event of a "network-down" failure, the router that is seeing the network-down error will reroute back to the next hop. Also, just for scale, watching route-flaps in a cisco, we see ~20 route changes/second.
What's the weather been like? Every spring and fall we have a few weeks where we get cold and wet weather that doesn't dry out all day. (30-45 degrees, rain/fog/frost thaw) The wet weather gets into the lines for both DSL and dial-up, and causes noise. We had 3-4 customers who saw DSL problems this year with wet weather. Each spring we have calls from modem users who either get slower connections or no connection at the same time.
One thing to consider is that most of these antennas have "diversity" inputs. You can put a high-gain omni-directional on one input, and put a high-gain uni-directional on the other. With that, you could link to another wireless site and not have to pay for leased lines into the elevator. Uni-Uni links can reach ~25 miles. I doubt that they can get the 6-8 mile range using the small antennas that they are talking about. I've managed that range, but I had to use a 24dBi antenna to do it.
One interesting thing about wireless is that when an area gets congested, you can split it like cell phones do. Just remove your Omni and put in three 120 degree Uni-Directionals and you have longer range and more bandwidth...
Why, thank you for volunteering to spend a few hours a week helping a visually impaired individual to surf the web. Never mind having to stomp on their dignity by forcing them to ask for help.
If you could think a bit out of the box for more than 6 seconds, you might realize that there are more ways to interface with a computer than just a monitor. Pray to whatever deity you worship (God, Allah, Technology....) that you never have to know what it's like to not be able to see.
Does anyone have any idea how many adaptive technologies have been produced/perfected to help disabled users, and then applied back to the general public? Think the last time you called telephone information? Voice Recognition. Last time you called for your bank balance? Voice synthesis. Most open-cavity surgeries? Telescopic lenses for visually impaired. 5 years ago OCR systems for the Visually Impaired were more accurate and performed better than OCR for PCs. The list goes on and on. The fact remains that accommodations for disabled individuals help those individuals become contributing members of society (and no longer a tax-drain) and they improve our lives in ways that we never would have thought of.
Be thankful for what you have today. Always remember tomorrow you could be on the other side.
The thing about a web site is a user can upgrade/change to a different browser. A visually impaired person can not upgrade/change their eyes. Yes, it is reasonable for IBM to have visually impaired people on their list.
Sure, and while we're at it, let's just lock them up in institutions so we don't have to look at them. After all they are just dumb blind people, and a drain on society anyway.
My wife is visually impaired. Attitudes like this are what she ran into in School. Because she couldn't see well, people were more interested in taking pity than taking action. She is consistently one of the most intelligent people I have met, but because she uses a guide dog, when we meet people, they talk to her like a child. They start speaking slowly, etc. She's not asking for special treatment, she's asking for the ability to interact with the web as anyone. The up side is that the time taken to make a web site accessible for visually impaired users also makes a site more usable by search-engines/intelligent agents, WAP phones, and people who don't like the high-graphics pages...
PPPoE is basically a communication encapsulation protocol. Just as a normal dial-up uses PPP, the same goes for PPPoE. Normally a PPP connection enters an authentication stage at the start of a connection. Once authenticated, the data-layer is brought up. (Sorry, brain-fart, can't think of the PPP term) A PPP connection does have the option of reauthenticating a user in the middle of the session, but no terminal servers that I know of do.
Basically, no. PPPoE is not just for authentication. Once the user is authenticated, the Data-Layer will provide the transport of the user traffic, just like a modem uses PPP to transfer data.
The Telco "proper" isn't really in a position to force direct routing. They have to use separate companies to provide the service. (Ameritech.net, etc.) Also, so much of the Telco inertia is in the direction of "switched" services rather than packet services. I've been told by one Telco exec. that they would NEVER put a PACKET router on their network. Basically anything without QoS he didn't think was worth looking at.
The problem with a pure service-provider on the net is the big backbone providers can outfit a data-center with more bandwidth than I could ever afford to buy. They need aggregation points anyway. They offer web hosting at an unbeatable price, and the "local" ISP be killed.
There's also a big issue with access. Long-Haul bandwidth is still expensive. The AT&T's of the world can run their Internet backbone traffic as a UBR service over their internal ATM network. It basically is free for them. They charge a mint if you're not in the same area as a NAP.
I think we're already seeing the Net separating into high-speed and low-speed users. From what I've seen on growth, there are still 3-4 dial-up users coming online for each xDSL user. Many web sites are already assuming that users are on a "higher" speed connection. Yes, Broadband is growing at a significantly faster %increase than dial-up, but I don't expect broadband to exceed dialup usage ANYTIME in the near future. The Internet provides an intrinsic value to a user, just as cable, or phone does. For many slash-dot users, that value is in the range of $30-$120/month. For the majority of Internet users, that value is $20.00. One of two things needs to happen before broadband use exceeds dial-up. Either the cost of broadband has to be equal to dial-up or the intrinsic value of the Internet needs to be raised. A good example of an increase in intrinsic value would be cable-over-xDSL. People already spend ~$35/month on their cable service, and a large percentage of customers in a service area use cable. If you can find a way to bundle cable over DSL, you have raised the value of your service... You can see examples of this with the Cable providers. They are trying to provide cable, phone, and Internet over 1 coax. If you bundle $35 Cable, $25 Phone, and $20 Internet, the value of converged services is $90/month. Provide a discount and you can draw customers.
PPPoE is only used because the Radius Authentication system was already in wide use. The DSL connections are already PVC's, so you could implement a direct connection system if you wanted. You could even use a/30 subnet mask on the connection to mandate ONLY 1 IP would be available.
With the advent of IPMASQ, trying to limit to a single IP address is a loosing proposition.
One not on the Verizon equipment (GTE) for the CO. They do not properly set the FECN/BECN bits on the frame/atm network. As such, we have had to do bandwidth shapping of our transmit side of the network in order to make sure we don't over-run the speed that a has ordered. Unfortunately, that means that if a customer upgrades his service and forgets to tell us, he doesn't see any improvement....
It's a myth. You HAVE to have an ISP to connect to the Internet. With out an ISP, it's like a wire hanging into nothingness. CIDR is just a way to agregrate/deagregate the old class-a,b,c structure of the Internet and allow more efficient allocation of scarce resources.
The Internet uses BGP (Border Gateway Protocol) version 4 for routing. BGP is not a routing protocol in the classic sense as much as it is a database protocol indicating what "route-announcements" the upstream routers from you can hear. You don't need to run BGP unless you have more than 1 connection to the Internet backbones. The smallest released BGP announcement is for a/24 or a full class-c. Anything smaller than that will be filtered. Filtering on the class-C boundary results in (at this time in our routers) a BGP database with 86500+-300 routes. Each BGP route-map takes ~15 Megs of memory, plus the main ip route table takes ~15 Megs as well. For example, a connection with 2 backbones would require 45 Megs of router memory. Allowing longer prefixes would significantly increase the memory requirements and reduce the speed for packets to pass through the router.
The path of a packet in your DSL network would go something like this:
You send a packet out of your NIC. The cisco-675 acts as a bridge (common configuration) and sees that the packet is destined for an Ethernet host not on your network. It then forwards it out the DSL line. The DSL line either:
Passes through a splitter outside your house and is combined on the single copper pair going to the Telco.
or
Passes directly through the phone line. Your house phones may have filters on them to block out the DSL frequencies. (G.Lite)
Once in the Telco central office, you line comes into the MDF (Main Distribution Frame) and is cross-connected to a DSL MDF with two pairs. The DSL MDF splits off your DSL and routes the phone frequencies back to the MDF for processing as a voice call. (The reason for 2 pairs for each DSL MDF position.) The DSL MDF forwards your DSL frequencies to the DSLAM for processing.
This accounts for Layer 1 and 2 of the networking protocols. There are a few different ways to terminate the DSL into an ISP. The most common is to bundle the Ethernet bridged data from the 675 onto an ATM PVC (Asynchronous transfer Mode Private Virtual Circuit) of a high-bit-rate ATM circuit. (DS1/DS3/OC3 depending on the size of the DSLAM) PVC's are mapped from DSLAM positions to (from the Telco perspective) subscriber PVCs and aggregated out to an ISP. The ISP will usually use equipment to terminate each PVC as a separate virtual ATM LANE (LAN Emulation) circuit. The termination equipment looks like just another Ethernet device to your 675. Usually your 675 will run PPPoE across this virtual circuit to provide authentication and accounting. I know that GTE limits the number of hours you can be connected to the PPPoE server. The PPPoE server acts just like a modem in a modem rack. Once the session is established, the packet is passed through the normal Internet infrastructure like any other packet. Once a packet reaches the distant host, a reply packet is passed back. If will usually pass router-to-router via default-gateway connections unless it reaches a BGP speaking router, in which case, an actual routing decision will be made. Once the packet reaches the PPPoE server, it will reverse the above list.
In short, if you don't have an ISP, you won't have a termination for the LANE session. Your packet will stop there.
There are many good reasons to still use a text-based browser. Many times I want to grab something from freshmeat or search on Deja when I'm at a Linux box without X. It is also great for the visually impared. (My wife is VI, so I know from experience) If your site can't be viewed from within Lynx, you're cutting of a not insignificant portion of your market. Plus, I don't have to look at all the damn banner ads.
Sorry, nomenclature for our network. We filter based on the inbound traffic from our customers out to the Internet. My fumble fingered attempt at explaining it.
This attitude is exactly why we're having problems with DDOS.
"They don't seem to feel like it's their job to prevent DDoS attacks... they only worry about them when they're being attacked."
In other words, they don't mind selling nuclear bombs as long as they aren't the target. If they are small, they would have been better off saying OK, we'll open up your IP for inbound.
Just wait until they become the source of a DDOS. Failing to take any actions when you know your network could be used for DDOS could be considered negligence...
From experience, on the edge of the network, there is NO reason for a packet to come into the network that is not part of your address space. Edge is defined as a single-homed connection with no transit capability. We have a packet filter on our edge routers as well as our core multi-homed router to deny traffic with a source address that doesn't match one of our class-C's.
The problem with doing this on a Cisco is that it requires the CPU to observe the header of each packet going out, rather than have the interface DMA the packet to the destination interface. During the last big round of DDOS attacks, (January-February) we say many ISPs try to put filters in their core routers. The result was a 4x+ increase in CPU usage in the routers, and a router crash in a lot of cases.
We saw BGP traffic increase by over 10x as these routers came up and down all across the Internet. We have our core router set up to log faked ingress packets, and you wouldn't believe how many packets we see. Also be aware, it's not always a DDOS attack that causes spoofed packets. We see misconfigured windows boxes leak the Microsoft Ethernet addresses out PPP, misconfigured firewalls leaking internal addresses, etc. We see no issues with filtering these packets since there isn't a way for those packets to get back to us anyway, and it takes up more of our outgoing bandwidth...
Best bet is to filter as close to the edge as you can. For companies that sell bulk-dialup, their access servers can be configured to filter packets not on their address pools. The routers serving those modem pools could filter on the addreses for that data-center. Cable providers could filter based on the IP addresses assigned to that cable head-end. If we can filter right up to the edge of the transit-network, DDOS should be a thing of the past....
Actually at this point, you are mistaken. I was just reading an article on optical amplifiers. Basically you dope a length of fiber with rare-earth elements, use a laser to pump the elements in an excited state. Then when the signal comes in on one end, it causes a percentage of the excited atoms to lase, resulting in an increase of signal. It's not a whole lot different from how a HeNe laser tube works. Since it's all optical, you don't have a speed bottleneck. The big issue now is how to pump more power into that fiber. (More power = longer distances) They are approaching the ability to push 1 watt of power into the fiber. That may not sound like much, but when you push it through single-mode fiber, the resulting energy density is ~10 times that of the surface of the sun. If the glass isn't "perfect" it can start to melt. If you don't have the fiber attenuated by the time it gets to the far end, you can actually damage your detector in these new systems.
I think the main reason is that in order to do packet filtering, the router has to unpack the packets, examine the origin and destination addresses, and then pass/drop the packet. Without having to examine the packets, the interface processor can examine the route table, decide which path to send out on, and forward the packet out the correct interface. The main CPU doesn't have to get involved.
That being said, the solution is to put filters at the edge. We have packet filters that drop any packets that don't have our IP addresses as the origin. It's not that big of a problem when we deal with it at the Mbps level. When we have to deal with it at the Gbps, it puts too much load on the processor.
We saw what happens when you try to do packet-filtering in already loaded routers with the first round of DDoS attacks. All week after that, we were seeing significantly more BGP router flaps than normal. (>50/s where normal is ~10/s) The ultimate answer is IPv6, until all the tools are there, we're stuck.
My Espresso came in on Friday. I've spent the last 5 days getting Redhat 6.2 installed on it. Then upgraded the kernel to 2.3.99pre6. I managed to get a Linksys USB network adapter working, and downloaded the ALSA drivers. I finally got the sound to work this morning, but when I tried to transfer my MP3 collection, the adapter "went away." I reloaded the network and it started working again.
I think that there is a problem with EMI inside the case that is causing problems with both USB and Sound. That would explain the problem when using the docked configuration. I'll have to check and see if it actually shows a second hub, or it is just extending the existing ports out the doc. I have to wonder if adding an external USB sound card would work or not. I'm still working on it. Look for a review in about a week.
I just had a thought. What's going to happen when so many kids are turned in. Will this program be seen as just kids getting back at one-another or will it be trumpeted in the media as just how screwed up our kids are, and the need for more controls since xx% of kids are being turned in.
Be aware that for $106 you are probably getting an open-frame rack that MUST be screwed to the floor. The center of gravity with rack mount computers is about 2 inches in from the back leg. It's way way way to easy to tip over. I purchased my last rack from Mendelson's Electronics (www.meci.com) but they didn't appear to have any enclosed racks at the moment.
I had RK (Where they actually cut with a knife) almost 10 years ago. My vision was -2.5 and -2. The cost at that time was $2500 for both eyes including enhancements. At the time, they never went "all the way" when they cut. They took 10% off just in case. Then you could go back and they would cut 90% of the remaining 10% and so on. I had 5 operations on one eye, 4 on the other. I was 20/30 and 20/40 after the first surgery, but I wanted more, and at the time, they were willing to do it.
I wore contacts since 7th grade, and was always light-sensitive. I had halo/starbursts before I had RK. Part of the problem is the vast number of different ways to do the procedure. A simple think like making the cuts toward the center of the pupil rather than away caused a 70% increase in the success rate. At the time I had mine done, they made 8 cuts. All of the other clinics that I went to (practicing the "american cut" from center out, rather than the "russian cut" from out to center) wanted to do between 16 and 24. The increased number of cuts allowed better depth control, but gave more starburst patterns.
Side effects: I've noticed a few, but I don't know if I'd attribute it to RK or just getting old. One thing I notice is my eyes will occasionally "fog" up. Usually a bit of rubbing will clear them. It's not bad, more like a bad case of tears.
Statistically, your in good shape, but anything could happen.
Good luck. E-Mail me if you want for more experiences.
Two things to be aware of with stunnel. (Beyond the legal requirements)
1: The private key has to be kept in plaintext for it to work. Make sure you use a key that you don't mind changing...
2: You can't really get a signed key from anyone for stunnel.
That being said, I haven't yet found an E-Mail client that won't accept a self-signed key. If the PHB's want a chained certificate, I think you're out of luck.
BTW, any thoughts on how to tunnel IMP via stunnel to access IMAP, or would I be better off to do a SSH tunnel between machines?
Laserdisc has had Dolby-Digital capability for several years. My Hybrid DVD/LD player has support for it. Agreed that you don't get the special features and commentary, but I've also NEVER seen a picture encoding breakdown while watching a laserdisc.
Also, for the record, my DVD player (Pioneer DVL-700) was one of the very early DVD players, and has had no problems with either Lost in Space, or The Matrix.
As someone who's gotten other IPO's, I have to say that I've never had this happen before. On all of my other offers, if I made a market offer it indicated that I'd pay whatever it came out at as long as I had funds to cover it. That was the purpose of the limit option. Personally it looks to me like E-Trade has so many offers that they wanted a way to reduce it. This is how IPO's used to be done. Priceline.com was in the IPO center for a total of 6 minutes before they reached their quota and closed the offers.
I guess they got enough heat for the 6 minute open offers that they decided they would do a 2 hour, but now they've been so flooded by RedHat offers that they figure this will cause the least amount of bad press.
I'd like to know exactly how many qualified offers they received in relation to the number of shares of stock they had to sell. (Qualified as in enough cash in the E-Trade account to actually cover the issue...)
Slashdot Mirror
Actually, that's what BGP does quite well. Just because local-pref says go here, if "here" is down, reroute. In practice, a change in internet routing (from experience) is reflected across all 85K+ routes within 2 minutes of a change. In the event of a "network-down" failure, the router that is seeing the network-down error will reroute back to the next hop. Also, just for scale, watching route-flaps in a cisco, we see ~20 route changes/second.
What's the weather been like? Every spring and fall we have a few weeks where we get cold and wet weather that doesn't dry out all day. (30-45 degrees, rain/fog/frost thaw) The wet weather gets into the lines for both DSL and dial-up, and causes noise. We had 3-4 customers who saw DSL problems this year with wet weather. Each spring we have calls from modem users who either get slower connections or no connection at the same time.
Good luck
Dan
One thing to consider is that most of these antennas have "diversity" inputs. You can put a high-gain omni-directional on one input, and put a high-gain uni-directional on the other. With that, you could link to another wireless site and not have to pay for leased lines into the elevator. Uni-Uni links can reach ~25 miles. I doubt that they can get the 6-8 mile range using the small antennas that they are talking about. I've managed that range, but I had to use a 24dBi antenna to do it.
One interesting thing about wireless is that when an area gets congested, you can split it like cell phones do. Just remove your Omni and put in three 120 degree Uni-Directionals and you have longer range and more bandwidth...
It's going to be an interesting future...
Why, thank you for volunteering to spend a few hours a week helping a visually impaired individual to surf the web. Never mind having to stomp on their dignity by forcing them to ask for help.
If you could think a bit out of the box for more than 6 seconds, you might realize that there are more ways to interface with a computer than just a monitor. Pray to whatever deity you worship (God, Allah, Technology....) that you never have to know what it's like to not be able to see.
Does anyone have any idea how many adaptive technologies have been produced/perfected to help disabled users, and then applied back to the general public? Think the last time you called telephone information? Voice Recognition. Last time you called for your bank balance? Voice synthesis. Most open-cavity surgeries? Telescopic lenses for visually impaired. 5 years ago OCR systems for the Visually Impaired were more accurate and performed better than OCR for PCs. The list goes on and on. The fact remains that accommodations for disabled individuals help those individuals become contributing members of society (and no longer a tax-drain) and they improve our lives in ways that we never would have thought of.
Be thankful for what you have today. Always remember tomorrow you could be on the other side.
The thing about a web site is a user can upgrade/change to a different browser. A visually impaired person can not upgrade/change their eyes. Yes, it is reasonable for IBM to have visually impaired people on their list.
Sure, and while we're at it, let's just lock them up in institutions so we don't have to look at them. After all they are just dumb blind people, and a drain on society anyway.
My wife is visually impaired. Attitudes like this are what she ran into in School. Because she couldn't see well, people were more interested in taking pity than taking action. She is consistently one of the most intelligent people I have met, but because she uses a guide dog, when we meet people, they talk to her like a child. They start speaking slowly, etc. She's not asking for special treatment, she's asking for the ability to interact with the web as anyone. The up side is that the time taken to make a web site accessible for visually impaired users also makes a site more usable by search-engines/intelligent agents, WAP phones, and people who don't like the high-graphics pages...
- Dan
PPPoE is basically a communication encapsulation protocol. Just as a normal dial-up uses PPP, the same goes for PPPoE. Normally a PPP connection enters an authentication stage at the start of a connection. Once authenticated, the data-layer is brought up. (Sorry, brain-fart, can't think of the PPP term) A PPP connection does have the option of reauthenticating a user in the middle of the session, but no terminal servers that I know of do.
Basically, no. PPPoE is not just for authentication. Once the user is authenticated, the Data-Layer will provide the transport of the user traffic, just like a modem uses PPP to transfer data.
The Telco "proper" isn't really in a position to force direct routing. They have to use separate companies to provide the service. (Ameritech.net, etc.) Also, so much of the Telco inertia is in the direction of "switched" services rather than packet services. I've been told by one Telco exec. that they would NEVER put a PACKET router on their network. Basically anything without QoS he didn't think was worth looking at.
The problem with a pure service-provider on the net is the big backbone providers can outfit a data-center with more bandwidth than I could ever afford to buy. They need aggregation points anyway. They offer web hosting at an unbeatable price, and the "local" ISP be killed.
There's also a big issue with access. Long-Haul bandwidth is still expensive. The AT&T's of the world can run their Internet backbone traffic as a UBR service over their internal ATM network. It basically is free for them. They charge a mint if you're not in the same area as a NAP.
I think we're already seeing the Net separating into high-speed and low-speed users. From what I've seen on growth, there are still 3-4 dial-up users coming online for each xDSL user. Many web sites are already assuming that users are on a "higher" speed connection. Yes, Broadband is growing at a significantly faster %increase than dial-up, but I don't expect broadband to exceed dialup usage ANYTIME in the near future. The Internet provides an intrinsic value to a user, just as cable, or phone does. For many slash-dot users, that value is in the range of $30-$120/month. For the majority of Internet users, that value is $20.00. One of two things needs to happen before broadband use exceeds dial-up. Either the cost of broadband has to be equal to dial-up or the intrinsic value of the Internet needs to be raised. A good example of an increase in intrinsic value would be cable-over-xDSL. People already spend ~$35/month on their cable service, and a large percentage of customers in a service area use cable. If you can find a way to bundle cable over DSL, you have raised the value of your service... You can see examples of this with the Cable providers. They are trying to provide cable, phone, and Internet over 1 coax. If you bundle $35 Cable, $25 Phone, and $20 Internet, the value of converged services is $90/month. Provide a discount and you can draw customers.
My thoughts...
PPPoE is only used because the Radius Authentication system was already in wide use. The DSL connections are already PVC's, so you could implement a direct connection system if you wanted. You could even use a /30 subnet mask on the connection to mandate ONLY 1 IP would be available.
With the advent of IPMASQ, trying to limit to a single IP address is a loosing proposition.
One not on the Verizon equipment (GTE) for the CO. They do not properly set the FECN/BECN bits on the frame/atm network. As such, we have had to do bandwidth shapping of our transmit side of the network in order to make sure we don't over-run the speed that a has ordered. Unfortunately, that means that if a customer upgrades his service and forgets to tell us, he doesn't see any improvement....
It's a myth. You HAVE to have an ISP to connect to the Internet. With out an ISP, it's like a wire hanging into nothingness. CIDR is just a way to agregrate/deagregate the old class-a,b,c structure of the Internet and allow more efficient allocation of scarce resources.
/24 or a full class-c. Anything smaller than that will be filtered. Filtering on the class-C boundary results in (at this time in our routers) a BGP database with 86500+-300 routes. Each BGP route-map takes ~15 Megs of memory, plus the main ip route table takes ~15 Megs as well. For example, a connection with 2 backbones would require 45 Megs of router memory. Allowing longer prefixes would significantly increase the memory requirements and reduce the speed for packets to pass through the router.
The Internet uses BGP (Border Gateway Protocol) version 4 for routing. BGP is not a routing protocol in the classic sense as much as it is a database protocol indicating what "route-announcements" the upstream routers from you can hear. You don't need to run BGP unless you have more than 1 connection to the Internet backbones. The smallest released BGP announcement is for a
The path of a packet in your DSL network would go something like this:
You send a packet out of your NIC. The cisco-675 acts as a bridge (common configuration) and sees that the packet is destined for an Ethernet host not on your network. It then forwards it out the DSL line. The DSL line either:
Passes through a splitter outside your house and is combined on the single copper pair going to the Telco.
or
Passes directly through the phone line. Your house phones may have filters on them to block out the DSL frequencies. (G.Lite)
Once in the Telco central office, you line comes into the MDF (Main Distribution Frame) and is cross-connected to a DSL MDF with two pairs. The DSL MDF splits off your DSL and routes the phone frequencies back to the MDF for processing as a voice call. (The reason for 2 pairs for each DSL MDF position.) The DSL MDF forwards your DSL frequencies to the DSLAM for processing.
This accounts for Layer 1 and 2 of the networking protocols. There are a few different ways to terminate the DSL into an ISP. The most common is to bundle the Ethernet bridged data from the 675 onto an ATM PVC (Asynchronous transfer Mode Private Virtual Circuit) of a high-bit-rate ATM circuit. (DS1/DS3/OC3 depending on the size of the DSLAM) PVC's are mapped from DSLAM positions to (from the Telco perspective) subscriber PVCs and aggregated out to an ISP. The ISP will usually use equipment to terminate each PVC as a separate virtual ATM LANE (LAN Emulation) circuit. The termination equipment looks like just another Ethernet device to your 675. Usually your 675 will run PPPoE across this virtual circuit to provide authentication and accounting. I know that GTE limits the number of hours you can be connected to the PPPoE server. The PPPoE server acts just like a modem in a modem rack. Once the session is established, the packet is passed through the normal Internet infrastructure like any other packet. Once a packet reaches the distant host, a reply packet is passed back. If will usually pass router-to-router via default-gateway connections unless it reaches a BGP speaking router, in which case, an actual routing decision will be made. Once the packet reaches the PPPoE server, it will reverse the above list.
In short, if you don't have an ISP, you won't have a termination for the LANE session. Your packet will stop there.
Take a look at the Quantum Snap Servers.
There are many good reasons to still use a text-based browser. Many times I want to grab something from freshmeat or search on Deja when I'm at a Linux box without X. It is also great for the visually impared. (My wife is VI, so I know from experience) If your site can't be viewed from within Lynx, you're cutting of a not insignificant portion of your market. Plus, I don't have to look at all the damn banner ads.
Sorry, nomenclature for our network. We filter based on the inbound traffic from our customers out to the Internet. My fumble fingered attempt at explaining it.
This attitude is exactly why we're having problems with DDOS.
"They don't seem to feel like it's their job to prevent DDoS attacks... they only worry about them when they're being attacked."
In other words, they don't mind selling nuclear bombs as long as they aren't the target. If they are small, they would have been better off saying OK, we'll open up your IP for inbound.
Just wait until they become the source of a DDOS. Failing to take any actions when you know your network could be used for DDOS could be considered negligence...
From experience, on the edge of the network, there is NO reason for a packet to come into the network that is not part of your address space. Edge is defined as a single-homed connection with no transit capability. We have a packet filter on our edge routers as well as our core multi-homed router to deny traffic with a source address that doesn't match one of our class-C's.
The problem with doing this on a Cisco is that it requires the CPU to observe the header of each packet going out, rather than have the interface DMA the packet to the destination interface. During the last big round of DDOS attacks, (January-February) we say many ISPs try to put filters in their core routers. The result was a 4x+ increase in CPU usage in the routers, and a router crash in a lot of cases.
We saw BGP traffic increase by over 10x as these routers came up and down all across the Internet. We have our core router set up to log faked ingress packets, and you wouldn't believe how many packets we see. Also be aware, it's not always a DDOS attack that causes spoofed packets. We see misconfigured windows boxes leak the Microsoft Ethernet addresses out PPP, misconfigured firewalls leaking internal addresses, etc. We see no issues with filtering these packets since there isn't a way for those packets to get back to us anyway, and it takes up more of our outgoing bandwidth...
Best bet is to filter as close to the edge as you can. For companies that sell bulk-dialup, their access servers can be configured to filter packets not on their address pools. The routers serving those modem pools could filter on the addreses for that data-center. Cable providers could filter based on the IP addresses assigned to that cable head-end. If we can filter right up to the edge of the transit-network, DDOS should be a thing of the past....
Actually at this point, you are mistaken. I was just reading an article on optical amplifiers. Basically you dope a length of fiber with rare-earth elements, use a laser to pump the elements in an excited state. Then when the signal comes in on one end, it causes a percentage of the excited atoms to lase, resulting in an increase of signal. It's not a whole lot different from how a HeNe laser tube works. Since it's all optical, you don't have a speed bottleneck. The big issue now is how to pump more power into that fiber. (More power = longer distances) They are approaching the ability to push 1 watt of power into the fiber. That may not sound like much, but when you push it through single-mode fiber, the resulting energy density is ~10 times that of the surface of the sun. If the glass isn't "perfect" it can start to melt. If you don't have the fiber attenuated by the time it gets to the far end, you can actually damage your detector in these new systems.
Ain't quantum mechanics fun?
I think the main reason is that in order to do packet filtering, the router has to unpack the packets, examine the origin and destination addresses, and then pass/drop the packet. Without having to examine the packets, the interface processor can examine the route table, decide which path to send out on, and forward the packet out the correct interface. The main CPU doesn't have to get involved.
That being said, the solution is to put filters at the edge. We have packet filters that drop any packets that don't have our IP addresses as the origin. It's not that big of a problem when we deal with it at the Mbps level. When we have to deal with it at the Gbps, it puts too much load on the processor.
We saw what happens when you try to do packet-filtering in already loaded routers with the first round of DDoS attacks. All week after that, we were seeing significantly more BGP router flaps than normal. (>50/s where normal is ~10/s) The ultimate answer is IPv6, until all the tools are there, we're stuck.
My Espresso came in on Friday. I've spent the last 5 days getting Redhat 6.2 installed on it. Then upgraded the kernel to 2.3.99pre6. I managed to get a Linksys USB network adapter working, and downloaded the ALSA drivers. I finally got the sound to work this morning, but when I tried to transfer my MP3 collection, the adapter "went away." I reloaded the network and it started working again.
I think that there is a problem with EMI inside the case that is causing problems with both USB and Sound. That would explain the problem when using the docked configuration. I'll have to check and see if it actually shows a second hub, or it is just extending the existing ports out the doc. I have to wonder if adding an external USB sound card would work or not. I'm still working on it. Look for a review in about a week.
I just had a thought. What's going to happen when so many kids are turned in. Will this program be seen as just kids getting back at one-another or will it be trumpeted in the media as just how screwed up our kids are, and the need for more controls since xx% of kids are being turned in.
Be aware that for $106 you are probably getting an open-frame rack that MUST be screwed to the floor. The center of gravity with rack mount computers is about 2 inches in from the back leg. It's way way way to easy to tip over. I purchased my last rack from Mendelson's Electronics (www.meci.com) but they didn't appear to have any enclosed racks at the moment.
I had RK (Where they actually cut with a knife) almost 10 years ago. My vision was -2.5 and -2. The cost at that time was $2500 for both eyes including enhancements. At the time, they never went "all the way" when they cut. They took 10% off just in case. Then you could go back and they would cut 90% of the remaining 10% and so on. I had 5 operations on one eye, 4 on the other. I was 20/30 and 20/40 after the first surgery, but I wanted more, and at the time, they were willing to do it.
I wore contacts since 7th grade, and was always light-sensitive. I had halo/starbursts before I had RK. Part of the problem is the vast number of different ways to do the procedure. A simple think like making the cuts toward the center of the pupil rather than away caused a 70% increase in the success rate. At the time I had mine done, they made 8 cuts. All of the other clinics that I went to (practicing the "american cut" from center out, rather than the "russian cut" from out to center) wanted to do between 16 and 24. The increased number of cuts allowed better depth control, but gave more starburst patterns.
Side effects: I've noticed a few, but I don't know if I'd attribute it to RK or just getting old. One thing I notice is my eyes will occasionally "fog" up. Usually a bit of rubbing will clear them. It's not bad, more like a bad case of tears.
Statistically, your in good shape, but anything could happen.
Good luck. E-Mail me if you want for more experiences.
Dan
Two things to be aware of with stunnel. (Beyond the legal requirements)
1: The private key has to be kept in plaintext for it to work. Make sure you use a key that you don't mind changing...
2: You can't really get a signed key from anyone for stunnel.
That being said, I haven't yet found an E-Mail client that won't accept a self-signed key. If the PHB's want a chained certificate, I think you're out of luck.
BTW, any thoughts on how to tunnel IMP via stunnel to access IMAP, or would I be better off to do a SSH tunnel between machines?
Good Luck
Dan
I always thought it was "Women! Can't live with 'em, can't shoot 'em..."
(Ducking before my fiance hits me...)
Laserdisc has had Dolby-Digital capability for several years. My Hybrid DVD/LD player has support for it. Agreed that you don't get the special features and commentary, but I've also NEVER seen a picture encoding breakdown while watching a laserdisc.
Also, for the record, my DVD player (Pioneer DVL-700) was one of the very early DVD players, and has had no problems with either Lost in Space, or The Matrix.
As someone who's gotten other IPO's, I have to say that I've never had this happen before. On all of my other offers, if I made a market offer it indicated that I'd pay whatever it came out at as long as I had funds to cover it. That was the purpose of the limit option. Personally it looks to me like E-Trade has so many offers that they wanted a way to reduce it. This is how IPO's used to be done. Priceline.com was in the IPO center for a total of 6 minutes before they reached their quota and closed the offers.
I guess they got enough heat for the 6 minute open offers that they decided they would do a 2 hour, but now they've been so flooded by RedHat offers that they figure this will cause the least amount of bad press.
I'd like to know exactly how many qualified offers they received in relation to the number of shares of stock they had to sell. (Qualified as in enough cash in the E-Trade account to actually cover the issue...)
Oh well, let's see what happens when it opens...