You're confusing BT Openreach - who own the 21cn infrastructure, and have plenty of bandwidth, with BT Broadband, a 2 bit ISP who can't be arsed to pay for any of that bandwidth to actually serve customers.
It's BT Broadband who are trying to get cash out of the BBC.
If bad guys control the server end of the VPN the entire network is likely compromised and needs to be shut down for de-lousing. DNS injection attacks (hell, why bother, ARP spoof) are just the icing on the cake.
And of course the server end of a VPN can redirect any URL to any IP. It's called a proxy. Lots of companies use them.
Yes.. the writer of the article doesn't know squat about IP and/or is pushing an agenda (like suggesting ipv6 as an alternative).
As another poster mentioned, the number of things that have to happen for this to be a practical exploit makes it laughable. If your VPN is compromised to that extent a few cookies is the *last* of your problems.
btw. there are non-routable IP addresses.. the whole 127/8 block, broadcast addresses, etc. but the original article just got it completely wrong.
You don't even need to cut the cables. They have to come out somewhere.. switch the routers off.
If you can't do that, advertise high priority routes so that all traffic to china gets null routed (they can do the same to you, theoretically, if they get in first).
In most countries if you bring your own phone there's no commitment other than the month by month payment (far less than the subsidised contracts of course).
OTOH in the US they get it good - they let you terminate legally binding contracts early by paying $200. And you still complain. Everyone else has to pay all the remaining months of their contract to buy out of it.
They removed it from *all* app stores - even in countries where tethering is perfectly OK. Basically on the word of AT&T.. Luckily I think this is changing - apple announcing things with the caveat 'but not on AT&T' means they're learning that bending over and taking it isn't a good long term strategy.
The american system of the TV companies announcing the winner has always bothered me - we stay up until 4-5am watching the results.. and nothing is decided until it's decided (ie. there's no result until there's no way one of the parties can lose, even if every remaining vote goes against them). The TV companies compete for viewers by offering better analysis and (sadly) snazzier graphics (some of the ones we get now are vomit inducing).
The very next day, the incumbent is out on his ear and the new one is installed. No messing around with giving the last one 3 months to fuck everything up.
Anyway who takes weeks? Even the entire EU only takes 4 days for paper voting across 27 countries covering 500 million people.. and it only takes that long because some countries have different traditions wrt. their polling day.
Eventually, perhaps.. but an employer of low paid workers has a lot of power over them - he holds their ability to feed their children in his hand.
Mostly you'd get a couple of allegations and everyone would deny them, fearing for their jobs. By the time it all came out the whole thing would be over and those in power (who benefited from it) would have zero incentive to do anything about it.
The other problem is it's recordable. The same mechanism was tried here. Two problems:
1. Fraud - vote buying (several people were jailed), coercion (coercion by spouses is a *huge* problem.. you know why they do surveys during the day rather than the evening? Because you get a significantly different result when the husband is out at work than when he's home). 2. Your vote is now linked to your name/address. The two pieces of paper have common data (postal votes have serial numbers, which appear on both pieces of paper), and anyone who knows enough to do a database join can find out how you voted.
It was abandoned after a year. You can still request a postal vote if you want but as a general voting replacement it failed utterly.
This is how it's done in a lot of countries. Here, as a voter I have a right to request to be present in the counting room when the votes are counted (by other randomly selected voters). Few people do it.. but the right is there.
Because all parties are represented, even if someone tried to get away with something in front of a 'friendly' observer, there's more than likely an 'unfriendly' one standing a couple of feet from him. Any allegation of impropriety and they'll start the whole count from scratch again (this has happened).
No they don't. They reuse it - not create it. If banks could create money they'd be infinitely wealthy, which as we all know is not the case. *No* money is created... You can do fractional reserve with cows, cigarrettes, anything.. you'll get the same numbers. btw. Farmers can't create cows either.
That article looks like someone typed in the script to 'money as dept'. The problem with that video is it's laughably wrong on important elements of the banking system, leading to people making statements like the above.
*whoa* there. What happened to privacy? Pay a fee? *pay* to vote? Are you on drugs?
CDs with a unique ID? Linked to you? I'd rather not vote than a participate in a system like that.
One of the fundamental parts of voting is it's anonymous. You turn up, they cross your name off the register and you're given a voting slip that's *exactly the same as every other voting slip*. There's no practical way of saying how you voted (and where I live, using a camera in a voting booth would likely get you arrested, so no circumventing it like that).
Without anonymity you can't stop coercion.. and voting with the possibility of coercion is not a free vote.
Postal voting was tried as an experiment around here.. it was abandoned after one attempt because people were going around buying votes off poorer members of society and using them to postal vote for their favourite candidate. Plus although they tried for anonymity, there were common elements between the declaration and the actual voting paper, leaving it open to abuse.
Voting *cannot* be done in the home. It must be done in a controlled environment, to deter fraud.
You forget that in Software Engineering it's a loop created by Management:
Design Phase Build Phase Testing Phase (I presume bridges are tested too) Management wants to add some popups in a disgusting shade of pink, and thinks the design is pants even though it's technically correct --> Back to design phase.
This would be the equivalent of:
Design Phase Build Phase Testing Phase Management thinks the bridge should be 10 feet wider. And can we paint it a disgusting shade of pink? Oh and *flat* bridges are *so* 1990s. Can't we put a spike in the middle? -> Back to design phase.
I suspect the region Civil Engineering doesn't suffer the above is that a manager who said that would be thrown head first of the bridge.
True enough... I sometimes call myself a programer, sometimes an engineer, and sometimes my job title 'software development manager'. Depends on who I'm talking to and what I'm trying to achieve.
It's not what you're called that makes you what you are - it's what you do. I've met graduates that I wouldn't hire to serve in a supermarket, let alone let near critical code.
Indeed there are lots of people working on systems used in such a way that loss of life is a possibility, that don't call themselves engineers, just programmers, electricians, etc. - I know a few of them. It just doesn't work as a criteria.
In the UK Engineer is not a protected term - for example the ladder monkeys that fit satellite dishes are called 'engineers' and get very tetchy when you try to deny them that title - even though their only qualification is about 15 minutes of ladder training.
If the bin man wants to call himself a 'Refuse Engineer' that's perfectly fine and nobody would care. The term has no functional meaning in this country.
Science and Religion really don't interact at all. Science makes an attempt to explain the world as observed through our own eyes (or instruments). Religion offers an explanation and where that differs from observed reality, assumes reality is wrong!
You can take the view that as we'll never know the truth about the universe that both are valid perspectives - but you can't say they're complementary in any way. Scientists don't need to 'work with religion' - they work with reality - and if reality coincides with religion they have no argument.. where it conflicts, there's no point in discussion, because neither side is going to change their opinion.
Now it's true that lots of scientists are elitist jerks - mostly they're elitist jerks towards other scientists.. it's not an issue with religion, it's a problem with what happens when people spend a lot of their time in one discipline and have too much ego invested in it. Lots of programmers are elitist jerks too. I bet somewhere there's a group of elitist jerk balloonists too.
Interesting perspective.. If I'm reading that right you're saying that as software engineering gets 'older' the creative/trial and error will get less prominent as everything will be discovered and documented (and available in easily available libraries).
To an extent I can see that happening already - nobody writes sort algorithms any more for example, or floating point multiplication routines.. it's all in the libraries (in the case of FP, it's migrated to the chips). There are even a class of programmers that just bolt predefined bits together and are more designers than programmers (much web programming is like this).
I'm not sure I'd find a 'mature' software engineering particularly interesting. Working out how to do something from first principles (especially when your result ends up faster/better than the 'traditional' solution) is half of the fun. I hate not understanding how a block of code works.. generaly because that's the time it fails and you end up having to rewrite the damned thing anyway.
When I went to college the terms Software Engineering and Computer Science were interchangeable, to the extent my course had both titles depending on who you asked.. it wasn't until years later I discovered there was a real theoretical science (math, if you like) behind it. Although it sounds interesting, I'm really not into pages of greek math symbols so every attempt to look at it has lasted about 15 minutes - I can still see the value of knowing a bunch of predefined algorithms rather than reinventing them as needed though.. maybe one day when I'm bored..:p
FTTC is being tested by BT Wholesale, and later in the year there will be lots of ISPs providing it - many of them *much* better than TalkTalk.
What they forget to mention is that 40mb download (definately achievable if you're near enough your cabinet, as it's VDSL), but only a 2mb upload. With that level of disparity I wonder if the ACK packets will saturate the upstream before you hit 40mb anyway.
Also, they won't be increasing the monthly caps, so if you do stream that fast you're going to get burned anyway.
Spotify is free.. in a way, better than napster was, except you don't keep the music. In an age of ubuquitous internet access keeping and storing music doesn't make a whole lot of sense anyway.
Slashdot Mirror
You're confusing BT Openreach - who own the 21cn infrastructure, and have plenty of bandwidth, with BT Broadband, a 2 bit ISP who can't be arsed to pay for any of that bandwidth to actually serve customers.
It's BT Broadband who are trying to get cash out of the BBC.
You're guarding against nothing.. just pushing extra traffic through the VPN and slowing down their internet connection.
I bet 90% of them have just changed the default route back anyway.
If bad guys control the server end of the VPN the entire network is likely compromised and needs to be shut down for de-lousing. DNS injection attacks (hell, why bother, ARP spoof) are just the icing on the cake.
And of course the server end of a VPN can redirect any URL to any IP. It's called a proxy. Lots of companies use them.
Yes.. the writer of the article doesn't know squat about IP and/or is pushing an agenda (like suggesting ipv6 as an alternative).
As another poster mentioned, the number of things that have to happen for this to be a practical exploit makes it laughable. If your VPN is compromised to that extent a few cookies is the *last* of your problems.
btw. there are non-routable IP addresses.. the whole 127/8 block, broadcast addresses, etc. but the original article just got it completely wrong.
You don't even need to cut the cables. They have to come out somewhere.. switch the routers off.
If you can't do that, advertise high priority routes so that all traffic to china gets null routed (they can do the same to you, theoretically, if they get in first).
How hard is it to block all traffic based on the country of origin
A quick look at the spam trap shows more being relayed by bots in the US than China. Shall we start there?
In most countries if you bring your own phone there's no commitment other than the month by month payment (far less than the subsidised contracts of course).
OTOH in the US they get it good - they let you terminate legally binding contracts early by paying $200. And you still complain. Everyone else has to pay all the remaining months of their contract to buy out of it.
The iphone is not $99. You have a contract with that. $99 is basically the deposit on the loan you pay back over 2 years.
They removed it from *all* app stores - even in countries where tethering is perfectly OK. Basically on the word of AT&T.. Luckily I think this is changing - apple announcing things with the caveat 'but not on AT&T' means they're learning that bending over and taking it isn't a good long term strategy.
no phone in the history of the universe has had a front facing video camera
Except almost every other freaking 3G phone ever made.
The american system of the TV companies announcing the winner has always bothered me - we stay up until 4-5am watching the results.. and nothing is decided until it's decided (ie. there's no result until there's no way one of the parties can lose, even if every remaining vote goes against them). The TV companies compete for viewers by offering better analysis and (sadly) snazzier graphics (some of the ones we get now are vomit inducing).
The very next day, the incumbent is out on his ear and the new one is installed. No messing around with giving the last one 3 months to fuck everything up.
Anyway who takes weeks? Even the entire EU only takes 4 days for paper voting across 27 countries covering 500 million people.. and it only takes that long because some countries have different traditions wrt. their polling day.
Eventually, perhaps.. but an employer of low paid workers has a lot of power over them - he holds their ability to feed their children in his hand.
Mostly you'd get a couple of allegations and everyone would deny them, fearing for their jobs. By the time it all came out the whole thing would be over and those in power (who benefited from it) would have zero incentive to do anything about it.
The other problem is it's recordable. The same mechanism was tried here. Two problems:
1. Fraud - vote buying (several people were jailed), coercion (coercion by spouses is a *huge* problem.. you know why they do surveys during the day rather than the evening? Because you get a significantly different result when the husband is out at work than when he's home).
2. Your vote is now linked to your name/address. The two pieces of paper have common data (postal votes have serial numbers, which appear on both pieces of paper), and anyone who knows enough to do a database join can find out how you voted.
It was abandoned after a year. You can still request a postal vote if you want but as a general voting replacement it failed utterly.
This is how it's done in a lot of countries. Here, as a voter I have a right to request to be present in the counting room when the votes are counted (by other randomly selected voters). Few people do it.. but the right is there.
Because all parties are represented, even if someone tried to get away with something in front of a 'friendly' observer, there's more than likely an 'unfriendly' one standing a couple of feet from him. Any allegation of impropriety and they'll start the whole count from scratch again (this has happened).
No they don't. They reuse it - not create it. If banks could create money they'd be infinitely wealthy, which as we all know is not the case. *No* money is created... You can do fractional reserve with cows, cigarrettes, anything.. you'll get the same numbers. btw. Farmers can't create cows either.
That article looks like someone typed in the script to 'money as dept'. The problem with that video is it's laughably wrong on important elements of the banking system, leading to people making statements like the above.
*whoa* there. What happened to privacy? Pay a fee? *pay* to vote? Are you on drugs?
CDs with a unique ID? Linked to you? I'd rather not vote than a participate in a system like that.
One of the fundamental parts of voting is it's anonymous. You turn up, they cross your name off the register and you're given a voting slip that's *exactly the same as every other voting slip*. There's no practical way of saying how you voted (and where I live, using a camera in a voting booth would likely get you arrested, so no circumventing it like that).
Without anonymity you can't stop coercion.. and voting with the possibility of coercion is not a free vote.
Postal voting was tried as an experiment around here.. it was abandoned after one attempt because people were going around buying votes off poorer members of society and using them to postal vote for their favourite candidate. Plus although they tried for anonymity, there were common elements between the declaration and the actual voting paper, leaving it open to abuse.
Voting *cannot* be done in the home. It must be done in a controlled environment, to deter fraud.
You forget that in Software Engineering it's a loop created by Management:
Design Phase
Build Phase
Testing Phase (I presume bridges are tested too)
Management wants to add some popups in a disgusting shade of pink, and thinks the design is pants even though it's technically correct --> Back to design phase.
This would be the equivalent of:
Design Phase
Build Phase
Testing Phase
Management thinks the bridge should be 10 feet wider. And can we paint it a disgusting shade of pink? Oh and *flat* bridges are *so* 1990s. Can't we put a spike in the middle? -> Back to design phase.
I suspect the region Civil Engineering doesn't suffer the above is that a manager who said that would be thrown head first of the bridge.
True enough... I sometimes call myself a programer, sometimes an engineer, and sometimes my job title 'software development manager'. Depends on who I'm talking to and what I'm trying to achieve.
It's not what you're called that makes you what you are - it's what you do. I've met graduates that I wouldn't hire to serve in a supermarket, let alone let near critical code.
You think if your software screws up and someone dies, you won't get prosecuted? Dream on.
Few people are in that position, luckily, but those that are are fully aware that their ass is on the line.
Indeed there are lots of people working on systems used in such a way that loss of life is a possibility, that don't call themselves engineers, just programmers, electricians, etc. - I know a few of them. It just doesn't work as a criteria.
In the UK Engineer is not a protected term - for example the ladder monkeys that fit satellite dishes are called 'engineers' and get very tetchy when you try to deny them that title - even though their only qualification is about 15 minutes of ladder training.
If the bin man wants to call himself a 'Refuse Engineer' that's perfectly fine and nobody would care. The term has no functional meaning in this country.
Science and Religion really don't interact at all. Science makes an attempt to explain the world as observed through our own eyes (or instruments). Religion offers an explanation and where that differs from observed reality, assumes reality is wrong!
You can take the view that as we'll never know the truth about the universe that both are valid perspectives - but you can't say they're complementary in any way. Scientists don't need to 'work with religion' - they work with reality - and if reality coincides with religion they have no argument.. where it conflicts, there's no point in discussion, because neither side is going to change their opinion.
Now it's true that lots of scientists are elitist jerks - mostly they're elitist jerks towards other scientists.. it's not an issue with religion, it's a problem with what happens when people spend a lot of their time in one discipline and have too much ego invested in it. Lots of programmers are elitist jerks too. I bet somewhere there's a group of elitist jerk balloonists too.
Interesting perspective.. If I'm reading that right you're saying that as software engineering gets 'older' the creative/trial and error will get less prominent as everything will be discovered and documented (and available in easily available libraries).
To an extent I can see that happening already - nobody writes sort algorithms any more for example, or floating point multiplication routines.. it's all in the libraries (in the case of FP, it's migrated to the chips). There are even a class of programmers that just bolt predefined bits together and are more designers than programmers (much web programming is like this).
I'm not sure I'd find a 'mature' software engineering particularly interesting. Working out how to do something from first principles (especially when your result ends up faster/better than the 'traditional' solution) is half of the fun. I hate not understanding how a block of code works.. generaly because that's the time it fails and you end up having to rewrite the damned thing anyway.
When I went to college the terms Software Engineering and Computer Science were interchangeable, to the extent my course had both titles depending on who you asked.. it wasn't until years later I discovered there was a real theoretical science (math, if you like) behind it. Although it sounds interesting, I'm really not into pages of greek math symbols so every attempt to look at it has lasted about 15 minutes - I can still see the value of knowing a bunch of predefined algorithms rather than reinventing them as needed though.. maybe one day when I'm bored.. :p
FTTC is being tested by BT Wholesale, and later in the year there will be lots of ISPs providing it - many of them *much* better than TalkTalk.
What they forget to mention is that 40mb download (definately achievable if you're near enough your cabinet, as it's VDSL), but only a 2mb upload. With that level of disparity I wonder if the ACK packets will saturate the upstream before you hit 40mb anyway.
Also, they won't be increasing the monthly caps, so if you do stream that fast you're going to get burned anyway.
Spotify is free.. in a way, better than napster was, except you don't keep the music. In an age of ubuquitous internet access keeping and storing music doesn't make a whole lot of sense anyway.