I found especially amusing the statement that one of these fellows refused to disclose exactly what medical condition he was diagnosed as having (in order to receive government medical and unemployment benefits). I wouldn't be suprised if it were a psychological condition.
Seriously, I've gained a lot of insight into human nature by reading about primates. Kinda makes you wonder how a non-human anthropologist would describe us.:)
When are ISPs going to start filtering for source addresses at their border routers?
I am under the impression that this is currently impractical for large sites. Otherwise, I agree with you. I tend to set up ingress and egress filtering, with lots of anti-spoofing drops (e.g. traffic to or from 0.0.0.0/8). Of course, this makes a firewall rule base more complicated, so most people don't bother.
For example, I use ipfilter and NetBSD. To get proper ingress and egress filtering, my rules break down something like this:
inbound NATs go first (e.g. 65.29.199.4:80/tcp becomes 10.63.1.2:80/tcp)
rule group 100, all inbound traffic on the external interface (i.e. from the Internet to me)
drop traffic inbound from invalid nets
limit valid destinations to the firewall and the internal network; this is accomplished by splitting the traffic into two rule groups
rest of ingress rules
rule group 200, all inbound traffic on the internal interface (i.e. from me to the Internet)
rule group 201, limit valid sources to the internal network
rule group 202, inbound on the internal interface, from the local network, but stays local (e.g. SSH to the firewall, broadcasts to ignore on the local net)
anti-spoofing rules (has to be after group 201, otherwise the anti-spoofing rules would drop traffic to/from the internal network)
rest of egress rules
Needless to say, this, along with a lot of dynamic "keep state" rules (NOT THE SAME AS "established", which just trusts the flags on the packet), is more complicated than most example firewall configurations floating around the net. And the sad thing is, it barely protects me from DoS because it only filters out attacks from reserved nets, while most of the crap is DDoS fed by hacked machines on broadband nets.
So proper ingress/egress filtering will only get you so far, at a cost of increased complexity, and hell, most network engineers believe security is a transport layer issue, anyway. (The transport engineers think that security is an application layer issue, and the application programmers don't bother with security, they just trust the network.)
Ok, sorry, rant mode off.:)
Hey, if anyone's interested in my ipfilter configs, I'd be more than happy to post them to the relevant mailing lists, news groups, or web sites. They are super complicated, but there aren't too many examples of a proper, paranoid firewall configuration lying about on the web. It's my home stuff and I don't mind people beating on it too much.
Um, hate to burst your bubble, but the money they stole out of the shadow depository had those metal-eating bugs in it (the spidery-looking alien Scorpy was banging tried to screw him over). The bugs ended up eating all the money and parts of Moya.
No kidding. I loved Invader Zim, and I could never figure out when it was on. I don't mind cable companies playing games with their schedules, hell Sci Fi does that all the time, but at least they tell you about the new time slot and have a decent online schedule linked from the fricking front page. Nick's web site is---at best---an unusable splash of pastel fun. Thank the Maker that Google indexed it, otherwise I'd never find a thing on it.
This whole discussion reminded me of an idea I had the last time compression made Slashdot's front page. If you compressed a file and threw away the dictionary/hash, so all you had was the compressed data stream, couldn't you use that as a source of entropy for PRNGs and OpenSSL and such? I mean, theoretically, it's supposed to be identical to random noise. It should be really high quality entropy.
Is this insightful, or is there some obvious flaw that I'm missing because I don't know how PRNGs work?
_technology_or_methodology_ is not a silver bullet. It will not magically turn bad managers into good managers, or poor programmers into competent programmers. It will not stop balding. It will not improve my sex life. I cannot solve the halting problem in polynomial time using _technology_or_methodology_.
What _technology_or_methodology_ is, is a useful tool for certain problems, and I will use it as appropriate to improve my communications with other human beings, which is what programming is really about. I will not dogmatically use _technology_or_methodology_, and I will keep an open mind to new ways of expressing myself and solving problems.
There are actually several meanings of "64-bit chip". If you mean "64-bit or wider data path through the CPU", then yes, performance is the reason people want that. If you mean "uses 64-bit addresses", then yes, performance isn't really an issue, whereas increased program size is (e.g. large databases).
There's a big difference between biology and <sarcasm>library science</>. All Berners-Lee did was develop a popular naming scheme for content (hypertext systems have been around for a long time). Watson, et al, discovered, fundamentally, how life works. The two accomplishments don't really compare.
It didn't fail in my case, so at least one institution didn't fail miserably. Your statement, however correct in the majority, is overbroad. I agree, the education system needs reform (especially where the teaching of children younger than 8 is concerned), but that doesn't mean it is all worthless and should be thrown away.
Education and experience work together to a suprising degree. I attempt to emphasize this on my resume:
I am a computer professional who has been involved with computers for over 15 years, including running my own business. I am very thorough in researching and assimilating information, and I understand both the theoretical and practical aspects of my work. My broad experience in Information Technology and my educational background in Computer Science provide me with a strong foundation to understand and specialize in computer security issues.
The degree itself, the piece of paper or right of passage or whatever other symbol you want, is representative of something great, an education. Education isn't about pouring facts into neophytes' heads. Education isn't about the programming language du jour. Education, at least the education I received, is about giving human beings the tools to unlock their own intelligence. It is about getting human beings to build up their own mental framework from within which they could explore the universe. It is about teaching students to teach themselves, to think for themselves. Yes, there are facts to learn along the way, wisdoms to impart, but these things are transitory and one must always be ready to re-evaluate one's assumptions and question one's beliefs.
I agree, most institutions are doing a poor job of educating their students, but this isn't always the case. If you look hard enough and associate with the right kinds of people, you can find an institution that will give you the tools you need to become something more than just a monkey. The right education will discipline your mind, not "discipline as in right-versus-wrong", but "discipline as in focusing mental energy".
In my life, I have never regretted the gaining of discipline.
Sure, commercial service is twice as expensive as residential, BUT IT'S ONLY $100 A MONTH!!1 It's not like that's a lot of money, plus you get a static IP and with commercial service, you don't have to worry about stupid TOS agreements that ban servers.
Obfuscation is a two-edged sword. Yes, it makes it slightly more difficult for hackers to figure out what's what, but it also makes it more difficult on your administrators. I would much rather not waste my time trying to figure out what a particular bit of hardware is. Hackers have basically unlimited time and multiple techniques to identify a device, so obfuscated names are of limited value in terms of reducing risk.
My experience was otherwise. I prefer to take notes by hand, if only because I can draw diagrams, relationships, equations, etc. far faster than popping up a vector drawing program or piecing together pseudocode that approximates the equations on the board. Forcing myself to manually search through notes (usually collected by class and inserted in date-order in a binder) helped me review the material. As for storage---to be honest, I think I'm going to throw my college notebooks away. I never look at them, and if I have any questions, I usually find answers on the Net or in the library.
Of course, here in the Real World, my Pilot has been invaluable for playing solit^H^H^H^H^H^H^H^H^H^H^H^H^Htaking notes during meetings.
How amusing. Let me put my music snob hat on and suggest that only when Led Zeppelin has been around for several hundred years and still makes people go YOW! can you say they have "historic value". The Beatles maybe, certain big-band era performers probably, Wagner, Beethoven and Mozart, Bach, Purcell, Palestrina, Hildegard von Bingen --- that is history, that is music that changed everything, that's the stuff that in some cases has been around for nearly a thousand years (and that's just western music).
But let me take my music snob hat off, and just say that I do like Led Zeppelin, and rap, and (God, forgive me) even country music.
Am I the only person on the planet who thinks that it's a bad idea to be sending so much coded E-M and junk hardware outsystem in order to make contact with aliens? Seriously, I think it's a bad idea. First contact could be disastrous not because of any communication failure, but because those we contact are blood-thirsty monsters. We're barely two hundred years into the Industrial Revolution, only 60 years into the space age, and we are all still stuck on this planet. I think we should be hiding from the ETs, not welcoming them with open arms, like a planetful of suckers.
Oh, like Ethernet is any more secure. The only difference between 802.11 and Ethernet is the difficulty in getting to the wiring. Once you're on the LAN, you can use all sorts of nasty tricks to do Bad Things to other hosts. If you are super paranoid, you're going to be doing application- (e.g. SSL) and network-layer (e.g. IPSEC) encryption anyway, so there's not much utility in link-layer security. And anyway, WEP is at best a network access control. It cannot secure host-to-host communications.
It's posts like this one that makes me wish there was a "+1, Troll" option. If you want to *really* reel them in, you should post that one to comp.os.vms or comp.sys.dec.
I think you all forgot that Netscape started this "let's take HTML and add our own crap to it" business. Now that's Microsoft's doing it, there's a big hue and cry over it all. Can you say "double standard"?
I think the Common Lisp community could learn a lot by examining the Scheme Request for Implementation and the IETF RFC processes. Both groups seem to be able to set standards on a semi-ad-hoc basis. With the current hibernation of the ANSI standardization committee, there should be some kind of semi-formal forum to discuss extensions to the language and the standard libraries (e.g. the MOP, Gray streams, SERIES).
Slashdot Mirror
I found especially amusing the statement that one of these fellows refused to disclose exactly what medical condition he was diagnosed as having (in order to receive government medical and unemployment benefits). I wouldn't be suprised if it were a psychological condition.
Seriously, I've gained a lot of insight into human nature by reading about primates. Kinda makes you wonder how a non-human anthropologist would describe us. :)
I am under the impression that this is currently impractical for large sites. Otherwise, I agree with you. I tend to set up ingress and egress filtering, with lots of anti-spoofing drops (e.g. traffic to or from 0.0.0.0/8). Of course, this makes a firewall rule base more complicated, so most people don't bother.
For example, I use ipfilter and NetBSD. To get proper ingress and egress filtering, my rules break down something like this:
rule group 200, all inbound traffic on the internal interface (i.e. from me to the Internet)
- rule group 201, limit valid sources to the internal network
- rule group 202, inbound on the internal interface, from the local network, but stays local (e.g. SSH to the firewall, broadcasts to ignore on the local net)
- anti-spoofing rules (has to be after group 201, otherwise the anti-spoofing rules would drop traffic to/from the internal network)
- rest of egress rules
Needless to say, this, along with a lot of dynamic "keep state" rules (NOT THE SAME AS "established", which just trusts the flags on the packet), is more complicated than most example firewall configurations floating around the net. And the sad thing is, it barely protects me from DoS because it only filters out attacks from reserved nets, while most of the crap is DDoS fed by hacked machines on broadband nets.So proper ingress/egress filtering will only get you so far, at a cost of increased complexity, and hell, most network engineers believe security is a transport layer issue, anyway. (The transport engineers think that security is an application layer issue, and the application programmers don't bother with security, they just trust the network.)
Ok, sorry, rant mode off. :)
Hey, if anyone's interested in my ipfilter configs, I'd be more than happy to post them to the relevant mailing lists, news groups, or web sites. They are super complicated, but there aren't too many examples of a proper, paranoid firewall configuration lying about on the web. It's my home stuff and I don't mind people beating on it too much.
Um, hate to burst your bubble, but the money they stole out of the shadow depository had those metal-eating bugs in it (the spidery-looking alien Scorpy was banging tried to screw him over). The bugs ended up eating all the money and parts of Moya.
No kidding. I loved Invader Zim, and I could never figure out when it was on. I don't mind cable companies playing games with their schedules, hell Sci Fi does that all the time, but at least they tell you about the new time slot and have a decent online schedule linked from the fricking front page. Nick's web site is---at best---an unusable splash of pastel fun. Thank the Maker that Google indexed it, otherwise I'd never find a thing on it.
Gah.
Rant mode off.
Am I the only person who thinks Carly Fiorina is a babe? Yow!
This whole discussion reminded me of an idea I had the last time compression made Slashdot's front page. If you compressed a file and threw away the dictionary/hash, so all you had was the compressed data stream, couldn't you use that as a source of entropy for PRNGs and OpenSSL and such? I mean, theoretically, it's supposed to be identical to random noise. It should be really high quality entropy.
Is this insightful, or is there some obvious flaw that I'm missing because I don't know how PRNGs work?
When I traceroute from my Road Runner Pro connection (which uses statically-assigned routable IP addresses), I see at least one 10/8 network:
Technically, this is the Wrong Thing. Likewise, your routers should never respond to or generate traffic using RFC 1918 addresses.
_technology_or_methodology_ is not a silver bullet. It will not magically turn bad managers into good managers, or poor programmers into competent programmers. It will not stop balding. It will not improve my sex life. I cannot solve the halting problem in polynomial time using _technology_or_methodology_.
What _technology_or_methodology_ is, is a useful tool for certain problems, and I will use it as appropriate to improve my communications with other human beings, which is what programming is really about. I will not dogmatically use _technology_or_methodology_, and I will keep an open mind to new ways of expressing myself and solving problems.
There are actually several meanings of "64-bit chip". If you mean "64-bit or wider data path through the CPU", then yes, performance is the reason people want that. If you mean "uses 64-bit addresses", then yes, performance isn't really an issue, whereas increased program size is (e.g. large databases).
There's a big difference between biology and <sarcasm>library science</>. All Berners-Lee did was develop a popular naming scheme for content (hypertext systems have been around for a long time). Watson, et al, discovered, fundamentally, how life works. The two accomplishments don't really compare.
It didn't fail in my case, so at least one institution didn't fail miserably. Your statement, however correct in the majority, is overbroad. I agree, the education system needs reform (especially where the teaching of children younger than 8 is concerned), but that doesn't mean it is all worthless and should be thrown away.
Education and experience work together to a suprising degree. I attempt to emphasize this on my resume:
The degree itself, the piece of paper or right of passage or whatever other symbol you want, is representative of something great, an education. Education isn't about pouring facts into neophytes' heads. Education isn't about the programming language du jour. Education, at least the education I received, is about giving human beings the tools to unlock their own intelligence. It is about getting human beings to build up their own mental framework from within which they could explore the universe. It is about teaching students to teach themselves, to think for themselves. Yes, there are facts to learn along the way, wisdoms to impart, but these things are transitory and one must always be ready to re-evaluate one's assumptions and question one's beliefs.
I agree, most institutions are doing a poor job of educating their students, but this isn't always the case. If you look hard enough and associate with the right kinds of people, you can find an institution that will give you the tools you need to become something more than just a monkey. The right education will discipline your mind, not "discipline as in right-versus-wrong", but "discipline as in focusing mental energy".
In my life, I have never regretted the gaining of discipline.
Sure, commercial service is twice as expensive as residential, BUT IT'S ONLY $100 A MONTH!!1 It's not like that's a lot of money, plus you get a static IP and with commercial service, you don't have to worry about stupid TOS agreements that ban servers.
Obfuscation is a two-edged sword. Yes, it makes it slightly more difficult for hackers to figure out what's what, but it also makes it more difficult on your administrators. I would much rather not waste my time trying to figure out what a particular bit of hardware is. Hackers have basically unlimited time and multiple techniques to identify a device, so obfuscated names are of limited value in terms of reducing risk.
Heh, that's nothing. For a while I was running Windows 2000 on a P-100 laptop with 40 MB RAM.
It was usable, but barely.
My experience was otherwise. I prefer to take notes by hand, if only because I can draw diagrams, relationships, equations, etc. far faster than popping up a vector drawing program or piecing together pseudocode that approximates the equations on the board. Forcing myself to manually search through notes (usually collected by class and inserted in date-order in a binder) helped me review the material. As for storage---to be honest, I think I'm going to throw my college notebooks away. I never look at them, and if I have any questions, I usually find answers on the Net or in the library.
Of course, here in the Real World, my Pilot has been invaluable for playing solit^H^H^H^H^H^H^H^H^H^H^H^H^Htaking notes during meetings.
Frank T. Lofaro Jr. writes:
We must forgive at some point, else we run the risk of becoming exactly like our Enemy.
Heh, if that's true, I must be even cooler than you! ;')
How amusing. Let me put my music snob hat on and suggest that only when Led Zeppelin has been around for several hundred years and still makes people go YOW! can you say they have "historic value". The Beatles maybe, certain big-band era performers probably, Wagner, Beethoven and Mozart, Bach, Purcell, Palestrina, Hildegard von Bingen --- that is history, that is music that changed everything, that's the stuff that in some cases has been around for nearly a thousand years (and that's just western music).
But let me take my music snob hat off, and just say that I do like Led Zeppelin, and rap, and (God, forgive me) even country music.
Am I the only person on the planet who thinks that it's a bad idea to be sending so much coded E-M and junk hardware outsystem in order to make contact with aliens? Seriously, I think it's a bad idea. First contact could be disastrous not because of any communication failure, but because those we contact are blood-thirsty monsters. We're barely two hundred years into the Industrial Revolution, only 60 years into the space age, and we are all still stuck on this planet. I think we should be hiding from the ETs, not welcoming them with open arms, like a planetful of suckers.
Oh, like Ethernet is any more secure. The only difference between 802.11 and Ethernet is the difficulty in getting to the wiring. Once you're on the LAN, you can use all sorts of nasty tricks to do Bad Things to other hosts. If you are super paranoid, you're going to be doing application- (e.g. SSL) and network-layer (e.g. IPSEC) encryption anyway, so there's not much utility in link-layer security. And anyway, WEP is at best a network access control. It cannot secure host-to-host communications.
It's posts like this one that makes me wish there was a "+1, Troll" option. If you want to *really* reel them in, you should post that one to comp.os.vms or comp.sys.dec.
I think you all forgot that Netscape started this "let's take HTML and add our own crap to it" business. Now that's Microsoft's doing it, there's a big hue and cry over it all. Can you say "double standard"?
I think the Common Lisp community could learn a lot by examining the Scheme Request for Implementation and the IETF RFC processes. Both groups seem to be able to set standards on a semi-ad-hoc basis. With the current hibernation of the ANSI standardization committee, there should be some kind of semi-formal forum to discuss extensions to the language and the standard libraries (e.g. the MOP, Gray streams, SERIES).