Because the standard Ethernet frame size is about 1500 bytes, a limit of 10,000 packets per second equals a maximum throughput of roughly 15MB/s.
And this seems like a strange conclusion to jump to...especially coming from Mark.
maybe I am just confused, but the NDIS driver handles sending and receiving of pkts, so is the pkt rate limited to 10,000 pps coming and going? (he mentions packets received by network adapter drivers, but I am still curious). if it is limited to 10,000 pps in either direction...then you the theoretical limit comes down by quite a bit.
Even at that, he is assuming full sized packets, which is a bit of stretch, there is a good chance that not all of them will be the full 1500 bytes, factor in broadcast traffic, and other crud which may be running...and you start seeing a noticable drop even on a 100mbit connection.
Compared to S. Korea, the continental USA is a big motherfucker.
hrm, I wonder how much dark fibre there is in the US? from what I understand, there is tonnes of it. to/from large cities at least, the US most likely has the potential to up speeds quite a bit. They just need the incentive to do it.
With the IRS, they can, in theory, have a gate in place that makes the E-file transactions one-way. Some TLA agencies use XML bridges for this kind of setup. At least it's possible, and I hope they do it.
yep, that would be a great way to help protect the database, but everything in front of that is still a single point of attack.
I'd imagine that the monitoring around those systems is massive, and the security/setup is top-notch...but as always, it just takes one mistake:(
Now, factor in the fact that there is a smart blackhat community and this database is about the most delicious thing an high-tech organized-crime-sponsored identity thief can imagine
yep, that's a pretty juicy target...a more juicy target would be the IRS's DB, which must be at least somewhat available online (think e-filing). Even if you don't e-file, your data is going to end up in a DB at some point, so don't feel too safe.
kdawson does seem pretty lazy, leaving out the "dept" section a lot, posting *obviously* wrong and misleading summaries of stories, and not bothering to update the story..just seems lazy.
hrm, no offence, but I think you are doing it wrong...
there are really only a couple of tools you need on your *desktop* to make you a fully functional Solaris sysadmin..a ssh client, a scp client and a X server. it may be handy to install something like 'plink' to automatically run commands on remote hosts if you want.
Beyond that leave everything on the servers (dev, test or prod which ever). There is no reason to have that on your desktop...
which problems are you having that can't be solved with that?
It seems like there is a *lot* more revenue possible from ads than from subscriptions alone.
now, as Jimbo said, he wants the community to decide....so let the community decide: have a little radio button at the top which turns off (the *clearly* marked, text only) ads. this selection will be remembered.
I think most people would leave the ads on. if not, then it would not be much of a loss.
IF, and this is a big if in my opinion, there was a bandwidth problem from this, the solution is very simple: stop fricken overselling bandwidth so much.
how is that a "very simple" solution? the bandwidth has already been sold. the ISP's upstream connection already purchased.
they could stop selling *new* accounts..but that doesn't help much. what is an ISP supposed to do? drop the newest X customers until bandwidth sold = bandwidth available?
buy extra upstream bandwidth? from who? and in what time frame? this would be a very rapid and short term problem.
(I too think it is a huge "if" there would be a real bandwidth)
This is why you always always always have to pay attention. Assume the car approaching from behind will not stop. You probably could have avoided that accident.
I can't wait until VR system become good/cheap enough to be used for driving simulations, *and* become mandatory for getting a drivers license. You can put learners into hundreds, or thousands of very dangerous situations that they may never actually see in their real life...but they can be at least somewhat prepared for it. teach them winter driving, wet weather, fog, city driving, etc etc etc. Tie that with graduated licensing and there will never be an accident again!! (k, yea, I've gone too far)
it could be a huge business if you could get gov't to make it mandatory...one of you guys should do it.
note: if you do pull it off, don't make it mandatory for people when they renew their licenses. I would be mad at you.
For example, a motorcycle following a tractor trailer needs little following distance, because it can stop much quicker than the tractor trailer can. But a tractor trailer following a motor cycle needs a LOT of following distance, because the motor cycle can decelerate much quicker than the tractor trailer.
Don't forget line of sight. Yes a bike can stop *much* quicker than the tractor trailer...but there is going to be a lot of times where that biker can only see the back of trailer...and thats it. something Very Bad could happen 2 or three vehicles up, which the tractor trailer would slam into..greatly shortening it's stopping distance. sure the truck driver would hit his breaks..the biker would see it..and start slowing down as well, but chances are the biker would not be applying the breaking-force needed at that moment because they can't see shit.
obviously the above is an extreme example (tractor trailer vs motorcycle), but the same thing holds true for small sedan vs medium/large truck. Visibility is hugely important. it helps get you that extra little bit of time to react.
the key thing is to not just look at the car directly in front you, you need to be situationally aware. Know what is going on 3 cars in front of you, if there is someone to either side of you (in case you *need* to swerve) etc etc. There is much more to driving then what is going on in the 20 feet in front of you.
thats funny, the US is clearly on the list. they are number 14. I wonder if the page gets filtered if you view it from the States. I was wondering why the headline read "the 13 enemies of the internet" instead of 14!!
The problem with using software updated to change the IP comes if your IP has to change unexpectedly for one reason or another
it is unlikely that an IP address would have to change for a corporation, but in the event that it does have to change, that is fine, because as I was alluding to at least, the software *must* have multiple IP addresses to connect to. Each one *must* go to different ISP's, and ideally, geograpically disperse locations. so if one, or even a few IP addresses have to change, that is fine..you still have some locations that will be reachable.
or if a user is offline between the update being released and the IP changing. In those cases, the IP in the user's installed copy will be wrong.
as mentioned above, there *must* be several IP addresses available for automated updates. if a user is offline for an extented period of time (months/years), then that particular user will need to manually go to the vendors website and download an update/patch. but, again, given the type of software we are discussing..if you are months/years out of date....then you are FUBAR for various reasons.
at some layer, you always have to trust. To me, DNS does not go low enough. It is waaaaay to easy to spoof.
You need to make it as hard as possible to spoof/break the connection back home for updates. Plus authenticate both sides of the connection. some would say the authentication is good enough..but you need to think defense in depth. Make every step a challenge to break.
the type of software that is of concern right now will be definition require frequent updates to be effective, so, to me, it is a non-issue to require software udpates to change IP addresses.
If they throttle your bandwidth to anything less then what's the point of paying them?
you will still get the 1.5Mbit/sec, it is just the bulk/non-realtime traffic gets a lower priority. which, to me..makes sense. I can't think of any P2P or BitTorrent downloads that can be considered real-time, or interactive. So whether that download takes 30 minutes, or 90 minutes to download..big deal. The priority should go to interactive applications/protocols like HTTP/SSH/IM(s).
as patch deployment via BitTorrent becomes more popular, then yea, you might be waiting for that download, but those downloads represent a very minor amount of bytes on the wire.
If you don't trust the patch that software developer provides for its product, then why trust to use the product at all?
good admins..heck, even half decent admins don't trust any new software, including patches. Not neccessarily because they will introduce holes, but because they might break something. Even if it is not security patches, they still need to be tested to make sure they don't break anything in their particular environment.
I'd wager that at least 90% of admins do not test patches for new security problems. Effectively testing patches for new security problems is very hard.
I am not an MS fanboy. This goes for every single piece of software written.
can the above post be a mod'ed a higher please... maybe up to 20 or something? finally someone who has a clue! I also do not think the best way to liberate China from their oppressive regime is to isolate them even further.
From what I can see, I am sure that gov't of the PRC would have loved google to refuse to censor searches...the less access to information their citizen's have the better.
(Yes, I realise people here are stuck to browse with what's at work, but it's still a extra blip of information)
Given that, it would be interesting to see browser stats based on time, and possibly Time Zone. This of course won't be the most accurate thing in the world (people work different hours, proxy servers in various locations etc etc)..but it would be nifty to see for lets say the Eastern Standard time zone between 7AM and 6PM 95% of the browsers are brand X...During the rest of the day for that source timezone it is Brand Y.
(yea, it is only trivally interesting, but still!)
Slashdot Mirror
Because the standard Ethernet frame size is about 1500 bytes, a limit of 10,000 packets per second equals a maximum throughput of roughly 15MB/s.
And this seems like a strange conclusion to jump to...especially coming from Mark.
maybe I am just confused, but the NDIS driver handles sending and receiving of pkts, so is the pkt rate limited to 10,000 pps coming and going? (he mentions packets received by network adapter drivers, but I am still curious). if it is limited to 10,000 pps in either direction...then you the theoretical limit comes down by quite a bit.
Even at that, he is assuming full sized packets, which is a bit of stretch, there is a good chance that not all of them will be the full 1500 bytes, factor in broadcast traffic, and other crud which may be running...and you start seeing a noticable drop even on a 100mbit connection.
Compared to S. Korea, the continental USA is a big motherfucker.
hrm, I wonder how much dark fibre there is in the US? from what I understand, there is tonnes of it. to/from large cities at least, the US most likely has the potential to up speeds quite a bit. They just need the incentive to do it.
A reading by Stallman himself (followed by a license signing)?
did you mean to say 'singing'?
that would be cool!
malware tends to only be available for popular OS's! I am sure that Vista will remain safe from such attacks.
With the IRS, they can, in theory, have a gate in place that makes the E-file transactions one-way. Some TLA agencies use XML bridges for this kind of setup. At least it's possible, and I hope they do it.
:(
yep, that would be a great way to help protect the database, but everything in front of that is still a single point of attack.
I'd imagine that the monitoring around those systems is massive, and the security/setup is top-notch...but as always, it just takes one mistake
Now, factor in the fact that there is a smart blackhat community and this database is about the most delicious thing an high-tech organized-crime-sponsored identity thief can imagine
yep, that's a pretty juicy target...a more juicy target would be the IRS's DB, which must be at least somewhat available online (think e-filing). Even if you don't e-file, your data is going to end up in a DB at some point, so don't feel too safe.
kdawson does seem pretty lazy, leaving out the "dept" section a lot, posting *obviously* wrong and misleading summaries of stories, and not bothering to update the story..just seems lazy.
hrm, no offence, but I think you are doing it wrong...
there are really only a couple of tools you need on your *desktop* to make you a fully functional Solaris sysadmin..a ssh client, a scp client and a X server. it may be handy to install something like 'plink' to automatically run commands on remote hosts if you want.
Beyond that leave everything on the servers (dev, test or prod which ever). There is no reason to have that on your desktop...
which problems are you having that can't be solved with that?
...on writing the worlds most unsuccessful worm.
isn't even coming close to their trend on activity-by-ports page
come on! this guy has been a loud mouth for long enough that he has earned his right to be called by his initials. it's ESR people. /bye bye Karma
I'd rather see paid memberships before ads.
I'd rather see ads before paid memberships.
It seems like there is a *lot* more revenue possible from ads than from subscriptions alone.
now, as Jimbo said, he wants the community to decide....so let the community decide: have a little radio button at the top which turns off (the *clearly* marked, text only) ads. this selection will be remembered.
I think most people would leave the ads on. if not, then it would not be much of a loss.
IF, and this is a big if in my opinion, there was a bandwidth problem from this, the solution is very simple: stop fricken overselling bandwidth so much.
how is that a "very simple" solution? the bandwidth has already been sold. the ISP's upstream connection already purchased.
they could stop selling *new* accounts..but that doesn't help much. what is an ISP supposed to do? drop the newest X customers until bandwidth sold = bandwidth available?
buy extra upstream bandwidth? from who? and in what time frame? this would be a very rapid and short term problem.
(I too think it is a huge "if" there would be a real bandwidth)
gotta be careful.
it shall be dubbed Web for Workgroups.
This is why you always always always have to pay attention. Assume the car approaching from behind will not stop. You probably could have avoided that accident.
I can't wait until VR system become good/cheap enough to be used for driving simulations, *and* become mandatory for getting a drivers license. You can put learners into hundreds, or thousands of very dangerous situations that they may never actually see in their real life...but they can be at least somewhat prepared for it. teach them winter driving, wet weather, fog, city driving, etc etc etc. Tie that with graduated licensing and there will never be an accident again!! (k, yea, I've gone too far)
it could be a huge business if you could get gov't to make it mandatory...one of you guys should do it.
note: if you do pull it off, don't make it mandatory for people when they renew their licenses. I would be mad at you.
For example, a motorcycle following a tractor trailer needs little following distance, because it can stop much quicker than the tractor trailer can. But a tractor trailer following a motor cycle needs a LOT of following distance, because the motor cycle can decelerate much quicker than the tractor trailer.
Don't forget line of sight. Yes a bike can stop *much* quicker than the tractor trailer...but there is going to be a lot of times where that biker can only see the back of trailer...and thats it. something Very Bad could happen 2 or three vehicles up, which the tractor trailer would slam into..greatly shortening it's stopping distance. sure the truck driver would hit his breaks..the biker would see it..and start slowing down as well, but chances are the biker would not be applying the breaking-force needed at that moment because they can't see shit.
obviously the above is an extreme example (tractor trailer vs motorcycle), but the same thing holds true for small sedan vs medium/large truck. Visibility is hugely important. it helps get you that extra little bit of time to react.
the key thing is to not just look at the car directly in front you, you need to be situationally aware. Know what is going on 3 cars in front of you, if there is someone to either side of you (in case you *need* to swerve) etc etc. There is much more to driving then what is going on in the 20 feet in front of you.
thats funny, the US is clearly on the list. they are number 14. I wonder if the page gets filtered if you view it from the States. I was wondering why the headline read "the 13 enemies of the internet" instead of 14!!
The problem with using software updated to change the IP comes if your IP has to change unexpectedly for one reason or another
it is unlikely that an IP address would have to change for a corporation, but in the event that it does have to change, that is fine, because as I was alluding to at least, the software *must* have multiple IP addresses to connect to. Each one *must* go to different ISP's, and ideally, geograpically disperse locations. so if one, or even a few IP addresses have to change, that is fine..you still have some locations that will be reachable.
or if a user is offline between the update being released and the IP changing. In those cases, the IP in the user's installed copy will be wrong.
as mentioned above, there *must* be several IP addresses available for automated updates. if a user is offline for an extented period of time (months/years), then that particular user will need to manually go to the vendors website and download an update/patch. but, again, given the type of software we are discussing..if you are months/years out of date....then you are FUBAR for various reasons.
at some layer, you always have to trust. To me, DNS does not go low enough. It is waaaaay to easy to spoof.
You need to make it as hard as possible to spoof/break the connection back home for updates. Plus authenticate both sides of the connection. some would say the authentication is good enough..but you need to think defense in depth. Make every step a challenge to break.
the type of software that is of concern right now will be definition require frequent updates to be effective, so, to me, it is a non-issue to require software udpates to change IP addresses.
so...how is this a competitive advantage? why can't the competitors just use IP addresses instead of DNS?
If they throttle your bandwidth to anything less then what's the point of paying them?
you will still get the 1.5Mbit/sec, it is just the bulk/non-realtime traffic gets a lower priority. which, to me..makes sense. I can't think of any P2P or BitTorrent downloads that can be considered real-time, or interactive. So whether that download takes 30 minutes, or 90 minutes to download..big deal. The priority should go to interactive applications/protocols like HTTP/SSH/IM(s).
as patch deployment via BitTorrent becomes more popular, then yea, you might be waiting for that download, but those downloads represent a very minor amount of bytes on the wire.
If you don't trust the patch that software developer provides for its product, then why trust to use the product at all?
good admins..heck, even half decent admins don't trust any new software, including patches. Not neccessarily because they will introduce holes, but because they might break something. Even if it is not security patches, they still need to be tested to make sure they don't break anything in their particular environment.
I'd wager that at least 90% of admins do not test patches for new security problems. Effectively testing patches for new security problems is very hard.
I am not an MS fanboy. This goes for every single piece of software written.
1) His (windows) desktop uses the default XP background. Odd that the world's richest man doesn't change his background picture.
he probably had a girly picture as his background, but changed it for picture being taken.
can the above post be a mod'ed a higher please ... maybe up to 20 or something? finally someone who has a clue!
I also do not think the best way to liberate China from their oppressive regime is to isolate them even further.
From what I can see, I am sure that gov't of the PRC would have loved google to refuse to censor searches...the less access to information their citizen's have the better.
(Yes, I realise people here are stuck to browse with what's at work, but it's still a extra blip of information)
Given that, it would be interesting to see browser stats based on time, and possibly Time Zone. This of course won't be the most accurate thing in the world (people work different hours, proxy servers in various locations etc etc)..but it would be nifty to see for lets say the Eastern Standard time zone between 7AM and 6PM 95% of the browsers are brand X...During the rest of the day for that source timezone it is Brand Y.
(yea, it is only trivally interesting, but still!)