Speculation: Automatic lookups of domains in order to find out if they're free? Feeded by word databases which itself were built by semi-automatic "buzzword generators"?
Really, when the imac came out I would guess that 1 million domain-traders tried to catch everything from www.i-apple.com to www.i-zoo.com.
I can't speak for anybody else, but when I post here I do so with the assumption that I will not receive monetary compensation (or even personal recognition) for doing so. While I doubt that anything of mine is quoted in this book, I would consider it an honor, not a ripoff, if my comments were deemed worthy of publication.
Not to forget the fact that you (and everyone else, even the grits and portmans and 1st posters) posted because a wanted people read your thoughts. Being quoted in book just broadens the auditorium.
Absolutely, you're absolutely right. While reading this I thought about companies which give away software for free and get yelled at by slashdot readers for not GPLing.
People, read that book, see if you like it, see if you are cited and for heavens sake sue hemos/jonkatz/slashdot/andover or whoever you like.
I never did write a book, but if i had done it I would be proud of my work. Then reading slashdot and see people nitpicking instead of expressing curiousness (sp?) or interest should be damn frustrating.
I have no problem with that, I didn't intend to bash Be - I like them. I just wanted to point out why I think it was ok from Bruce to make it public. He didn't bash Be either and even on/. there seem's to be nearly no bashing. In the end it's just publicity for Be;-).
But it was clearly a failure on Be's site and I don't see why this failure should not made public. If a company wants to work with GPL'ed code they take a certain responsibility. It's the same with every other license.
Yeah, and I'm really not an gpl-zealot. But the consequences of that oversight are not that bad as they could have been. If I ship a software and somehow something proprietary gets on the cd, I'm in really big trouble. One of the big software shots (adobe, ms etc.) would give a damn if it is an oversight or not. Take for instance some of adobes non-free (as in beer) TrueType or Postscript fonts for the design of a corporate logo. If their lawers come to you and you say "Oh, it was an oversight, sorry, will never happen again" they'll laugh at you.
This has nothing to do with the gpl, I just have the feeling that companies are much more carefull in dealing with the properties of other companies than that of private individuals. There are numerous other examples, like photographers being ripped off by companies using their work without paying royalties. Sometimes it's also just an oversight. They just seem to happen more often without a big legal gun aimed at your head. Treatment of the gpl-licensed software which belongs to one person (not to a company) is just one example.
...wouldn't community relations have been better served by a private email to the Be engineers?
Why? I really like beos, and it's a great OS. But I think it would have been even greater if they bothered to read the fucking license of software they incorporate
Really, is it that complicated? Just because you can get your fingers at some code, why on earth do you think you can use it at your will. If I find an envelope of money on the street with a name on it, is it really complicated to figure out what to do next? They deserve a public slap in their face, and then let's go on with the usual business.
ALso, wouldn't that be creating a backdoor? Yeah I create similar backdoors quite often, they're even more powerfull (sometimes) and you can do a variety of things with them. I call them "shell account";-). The trick here is the simplicity of that "server", it's very likely that it will work even if everything else is f*cked.
To your other question, reboot was just an example. Depending on your skills this small server naturally could do anything, including launching ICBMs or beating Kasparov in chess. Or just restart the crashed webserver etc.
Write a small client, sitting on port 53423, doing nothing else than waiting for someone to send the string "ur0w9eufsdiv94721298rhwADJAPJDNmvnyxc,.vm" to tell it to reboot the server.
No, it's just the other way around, a provider is a service provider. Therefore he falls under the TDG (Teledienstegesetz) (see above). If he used the RPS, he would get a content provider. Therefore he would suddenly be liabel for _every_ illegal content to be found on the internet and were pressed to "block on demand" if someone informs him about nazi documents/kiddy porn whatever.
A funny thing to kill the RPS would be to get a domain, find someone to hack in and distribute mp3z (without the owners knowledge) and then - suddenly - exchange the mp3z with a new high profile e-commerce site. Wait a couple of weeks with a site blocked in whole germany and then sue the RPS providers for $$$$ damages.
But back to the TDG, you can read it up at http://www.fitug.de/ulf/politik/iukdg.html#art1, read 5 and see that you are wrong.
But when he KNOWS about the illegal stuff, he MUST block the access, when IT'S TECHNICAL & FINANCIAL affordable !
I don't think so. Make that: But when he KNOWS about illegal stuff on his own servers he MUST block the access, when IT'S TECHNICAL & FINANCIAL affordable !
The last part "when.... affordable" serves to exclude things like usenet and proxies.
I will not write a long rant about clueless press copying each others (wrong) articles and repeating the music industrie's pointless propaganda and about slashdotter thinking they get the real facts of a jurisdiction out of 3 lines in an article. Instead I will point out just three small factlets:
- The company sued because of three midi songs which were created by them and were downloadable in that forum. - AOL didn't do anything although they knew of the problem - AOL forum != internet.
Oh, and AOL isn't fighting for free speech here, they're fighting for low costs. It's the for same reason for which they give a f*ck about usenet spam and UCE complaints.
uhm, when the crash always (or with a probability of 90%) occurs when you just happen to be saving your 50 pages diploma thesis, I guess you wouldn't mind reboot times.
Instability mostly means lost *work* and that means more lost time then only the reboots.
The by far worst problem with instability is data loss, not reboot time.
...atleast NT admins have enough common sense NOT TO RUN WEB, DNS, FTP, SMTP, IMAP, TELNET, SUN*, ETC ETC ON A BOX THAT IS ONLY FUNCTIONING AS AN INTERNET GATEWAY! This ones easy.
There ain't simply no hardware which could stand such a loaded NT, that's the reason why it doesn't happen.
Yes, NT can be made secure (easy, drop all packets coming from all hosts (or only allow from certain hosts)) - and in fact I know people with machines set up like that. Pardon my ignorance, but can you do that in NT, even portwise - or do you have to use a firewall.
Yeah, OTOH win95/98 being closed source and having a "stable driver interface" really helped in getting a ntfs driver for it. The same goes for drivers for aged hardware or hardware from vendors which went down the drain, when you want to use them in newer windows versions. This will not work with older/bad nt4 drivers. Try the pppoe driver winpoet 1.2 from ivasion in win2000 and see how well it works or tell me why every graphics card manufacturer comes out with drivers for win2000.
I would like something along the lines of what is being discussed on linux-kernel now. It's not targeted at binary only, but obfuscated source would work. The kernel should contain some kind of generic makefiles and driver source skeleton. Then the driver writers could use this as a kind of source level infrastrucure to automatically compile and insert kernel modules. Any problems emerging cause the user doesn't install a compiler should be targeted by the distribution makers.
but this is not a feature, this is a misguided cure against non-opensourceness. And - it works well most of the time, but not always, take a brief look at support.microsoft.com and search around. There are many problems with drivers across service packs and nt/2000
I'm no kernel hacker, but I guess this has a chance of a snowball in hell to get adapted by the kernel folks. First, the idea seems old, look at the UDI project. Looks even cleaner IMO. And now watch the opinion of several high grade kernel hackers about it. Two citations: Dave Miller: "No thanks, IMHO OS neutral driver interfaces are a nice idea but they can only lead to mediocrity. (Yes I have read and understand how your stuff works, the problem will still be there)." Alan Cox "Not sure why anyone thinks this is Linux relevant 8) - other than it will help to make our drivers even faster than the competition if they adopt it. Have a read, but keep a bucket handy". And after smashing the idea of OS independant drivers a bit more, he really gets funny: "So what are you going to do with it. Joysticks?"
On a quick glance, this thing has even more facts going against it's usage: The worst: -It seems to demand applications (not only drivers) to link special headers in order to use their infrastructure. - It's name (WinDriver) - This sentence on their webpage: "Use the powerful graphical Wizard (available in Windows only), to create your driver source code. The Wizard will automatically generate make files for both Linux and Windows."
I completly agree. All these 3d whizzbang gimmicks are doomed to fail. It's all about open standards, or very competetive prizes (i.e. realvideo or MS asf) in the plugin arena.
The problem with 3d is that you may have an advantage today, but if you want to charge bucks for every *view*, nobody with a clue will be interested. Wait for 2 years (or shorter) and your technological advantage is meaningless, that's a common problem for 3d-renderers. I can't believe that in the year of massive outcome of GHz-cpus and T&L graphic cards someone really sees a future in a product like this. For similar reasons real audio (not video) will get into real trouble from mp3 sooner or later. And even if you're somewhat successful, I have heard of some guys in Redmont which.... you get the idea.
As you say, this gimmicks are interesting for a short time, but after that users get tired of waiting to finally see animations like VHS tapes moving in VHS-players. These apps all are bad from an ergonomic point of view. Shaheen seems to be very excited by this technology - I understand that - but I would never advice someone to use that at his e-commerce site. It frequently seems to happen that companies make bad business decisions because they are too excited by their by technology.
Really, metacreation should develop more ideas than that metastream thingy or they will be in much trouble soon.
This then branches out into a point I've always wondered, how important is the ergonimics of a game in the grand scheme of things. Given the game on 2 platforms would you sacrifice ease of playing (i.e decent controllers) for cutting edge graphics?
Decent controllers are important, but there are other things which make playing games on pc's less joyfull for the average joe user.
- Compability hassels (i.e. "you need (directx xx.yyyy|mesa xx|n megabyte of ram/megahertz chip/megabyte on hd)
linked to that point are - instability, forcing you to download update xxx from the game's homepage - frustration when you were fooled by the minimum hardware requirements of the game (try f1gp2000 on a 300Mhz P2 with the default setting -> 2 fps)
And general pc-gaming disadvantages (sp?) - unability to follow an instant gaming urge, i.e. turn on computer, wait 2 min. until you finally are able to start the game (and then another more or less long timespan until it's finally started) - a plethora of possible input devices, making it hard for the designers to optimize the game for ergonomie
The point was not that "artificial" clients cannot be faster. The point is that it far easier to find the bots doing the webrequests and just drop packets from that ip-adress where it fits, for instance at the border routers - if you have the technical possibilites. If the source-ips are spoofed then there is an important datapoint missing.
And you're clearly right that an hour outtage is bad enough. And also if you have very big files it's impossible to distinguish a dos attack from legitimate traffic (free beos was a good example;-)).
This judge is the man. Whoa he really wants to get mircosoft. And not only that, he also shoots against the former ruling about ie-integration (called Microsoft II in the finding). Allow me a cite: The majority opinion in Microsoft II evinces both an extraordinary degree of respect for changes (including "integration") instigated by designers of technological products, such as software, in the name of product "improvement," and a corresponding lack of confidence in the ability of the courts to distinguish between improvements in fact and improvements in name only, made for anticompetitive purposes. Read literally, the D.C. Circuit's opinion appears to immunize any product design (or, at least, software product design) from antitrust scrutiny, irrespective of its effect upon competition, if the software developer can postulate any "plausible claim" of advantage to its arrangement of code. 147 F.3d at 950.
This undemanding test appears to this Court to be inconsistent with the pertinent Supreme Court precedents in at least three respects. First, it views the market from the defendant's perspective, or, more precisely, as the defendant would like to have the market viewed. Second, it ignores reality: The claim of advantage need only be plausible; it need not be proved. Third, it dispenses with any balancing of the hypothetical advantages against any anticompetitive effects.
There is a quite good patch for kernel support at http://www.davin.ottawa.on.ca/pppoe/. the creator Jamal Hadi Salim is actively working on it (last update March 30) He has made a proposal on netdev (archive) about it, and Michal Ostrowski who wrote another implementation in kernel space has shared the discussion. Read the long thread in the archive. Jamal writes somewhere in the readmes they'll plan to merge at pppoed 0.5 and it seems they're actively pushing for getting it into the kernel. Unfortunately I wasn't able to find some information lately, but the fact that the pppoed is being updated gives me hope.
Suse has incorporated Jamals pppoed in their 6.3 kernel and Suse's Andi Kleen had his hands on that code (modularization).
The final goal seems to be to create a generic pppox (x=ethernet/atm/whatnot) device in kernel space and to incorporate pppoed (the userspace part, doing the discovery) in pppd.
I have to say that pppoed on linux is far superior to every implentation on other os's I have seen (winpoet and friends suck ass). There is one driver for win2000 made by a volunteer which seems very good, but only linux already has the pppoe-server. And they have a fix for the mtu-problem on the clients when connecting a network to the internet with pppoed.
That doesn't fly, do the statistics. Either your 1000 boxes create a much higher traffic than the 100000 real people hitting in the same time span or you won't bring my server into trouble. But if your 1000 do make enough "noise", it's not hard to seperate the worst offenders. Statistically on of your boxes generates 100 times the traffic of a human user. So if I just single out the 100 most "active" IP-adresses, chances are high that I'll never hit a real human. And I wouldn't give a fuck if I hit altavista's crawler which just wanted to index my page in the moment of such a DDOS-attack (chances for such coincidence are pretty low).
Ok, I should have the infrastructure to be able to (a)do the statistics and (b)drop packets from certain IP-adresses.
If I don't have that, I'll not be able to stop the attack in 30 minutes. But if I have, I'll stop the attack easily.
As I said above, the spoofed source adresses are the real key to "success" of a DDOS-attack if the victim's infrastructure is mature.
Slashdot Mirror
Speculation:
Automatic lookups of domains in order to find out if they're free? Feeded by word databases which itself were built by semi-automatic "buzzword generators"?
Really, when the imac came out I would guess that 1 million domain-traders tried to catch everything from www.i-apple.com to www.i-zoo.com.
I can't speak for anybody else, but when I post here I do so with the assumption that I will not receive monetary compensation (or even personal recognition) for doing so. While I doubt that anything of mine is quoted in this book, I would consider it an honor, not a ripoff, if my comments were deemed worthy of publication.
Not to forget the fact that you (and everyone else, even the grits and portmans and 1st posters) posted because a wanted people read your thoughts.
Being quoted in book just broadens the auditorium.
Absolutely, you're absolutely right.
While reading this I thought about companies which give away software for free and get yelled at by slashdot readers for not GPLing.
People, read that book, see if you like it, see if you are cited and for heavens sake sue hemos/jonkatz/slashdot/andover or whoever you like.
I never did write a book, but if i had done it I would be proud of my work. Then reading slashdot and see people nitpicking instead of expressing curiousness (sp?) or interest should be damn frustrating.
Really! You really like it that much? Have you every FUCKING used it?
yup, unfortunately it has no pppoe driver last I checked, but I don't see your point here...
And now BeOS has been branded by Bruce as a BAD company
Where did Bruce say anything which makes you believe that?
and months from now people will still swear to NEVER use that GPL violating OS.
Yeah, there are idiots on this planet, we have to live with that. And also Be.
Was there any other way for Bruce to help other companys from avoiding this mistake?
It might help PHBs to understand why programmers have to be careful with other people's rights.
I have no problem with that, I didn't intend to bash Be - I like them. I just wanted to point out why I think it was ok from Bruce to make it public. He didn't bash Be either and even on /. there seem's to be nearly no bashing. ;-).
In the end it's just publicity for Be
But it was clearly a failure on Be's site and I don't see why this failure should not made public. If a company wants to work with GPL'ed code they take a certain responsibility. It's the same with every other license.
Yeah, and I'm really not an gpl-zealot.
But the consequences of that oversight are not that bad as they could have been. If I ship a software and somehow something proprietary gets on the cd, I'm in really big trouble.
One of the big software shots (adobe, ms etc.) would give a damn if it is an oversight or not.
Take for instance some of adobes non-free (as in beer) TrueType or Postscript fonts for the design of a corporate logo. If their lawers come to you and you say "Oh, it was an oversight, sorry, will never happen again" they'll laugh at you.
This has nothing to do with the gpl, I just have the feeling that companies are much more carefull in dealing with the properties of other companies than that of private individuals.
There are numerous other examples, like photographers being ripped off by companies using their work without paying royalties. Sometimes it's also just an oversight. They just seem to happen more often without a big legal gun aimed at your head.
Treatment of the gpl-licensed software which belongs to one person (not to a company) is just one example.
...wouldn't community relations have been better served by a private email to the Be engineers?
Why?
I really like beos, and it's a great OS.
But I think it would have been even greater if they bothered to read the fucking license of software they incorporate
Really, is it that complicated? Just because you can get your fingers at some code, why on earth do you think you can use it at your will.
If I find an envelope of money on the street with a name on it, is it really complicated to figure out what to do next?
They deserve a public slap in their face, and then let's go on with the usual business.
ALso, wouldn't that be creating a backdoor? ;-).
Yeah I create similar backdoors quite often, they're even more powerfull (sometimes) and you can do a variety of things with them.
I call them "shell account"
The trick here is the simplicity of that "server", it's very likely that it will work even if everything else is f*cked.
To your other question, reboot was just an example. Depending on your skills this small server naturally could do anything, including launching ICBMs or beating Kasparov in chess.
Or just restart the crashed webserver etc.
Write a small client, sitting on port 53423, doing nothing else than waiting for someone to send the string "ur0w9eufsdiv94721298rhwADJAPJDNmvnyxc,.vm" to tell it to reboot the server.
No,
it's just the other way around, a provider is a service provider. Therefore he falls under the TDG (Teledienstegesetz) (see above). If he used the RPS, he would get a content provider. Therefore he would suddenly be liabel for _every_ illegal content to be found on the internet and were pressed to "block on demand" if someone informs him about nazi documents/kiddy porn whatever.
A funny thing to kill the RPS would be to get a domain, find someone to hack in and distribute mp3z (without the owners knowledge) and then - suddenly - exchange the mp3z with a new high profile e-commerce site. Wait a couple of weeks with a site blocked in whole germany and then sue the RPS providers for $$$$ damages.
But back to the TDG, you can read it up at http://www.fitug.de/ulf/politik/iukdg.html#art1, read 5 and see that you are wrong.
But when he KNOWS about the illegal stuff, he MUST block the access, when IT'S TECHNICAL & FINANCIAL affordable !
.... affordable" serves to exclude things like usenet and proxies.
I don't think so. Make that:
But when he KNOWS about illegal stuff on his own servers he MUST block the access, when IT'S TECHNICAL & FINANCIAL affordable !
The last part "when
I will not write a long rant about clueless press copying each others (wrong) articles and repeating the music industrie's pointless propaganda and about slashdotter thinking they get the real facts of a jurisdiction out of 3 lines in an article.
Instead I will point out just three small factlets:
- The company sued because of three midi songs which were created by them and were downloadable in that forum.
- AOL didn't do anything although they knew of the problem
- AOL forum != internet.
Oh, and AOL isn't fighting for free speech here, they're fighting for low costs. It's the for same reason for which they give a f*ck about usenet spam and UCE complaints.
uhm, when the crash always (or with a probability of 90%) occurs when you just happen to be saving your 50 pages diploma thesis, I guess you wouldn't mind reboot times.
Instability mostly means lost *work* and that means more lost time then only the reboots.
The by far worst problem with instability is data loss, not reboot time.
...atleast NT admins have enough common sense NOT TO RUN WEB, DNS, FTP, SMTP, IMAP, TELNET, SUN*, ETC ETC ON A BOX THAT IS ONLY FUNCTIONING AS AN INTERNET GATEWAY!
;-)
This ones easy.
There ain't simply no hardware which could stand such a loaded NT, that's the reason why it doesn't happen.
SCNR,
Yes, NT can be made secure (easy, drop all packets coming from all hosts (or only allow from certain hosts)) - and in fact I know people with machines set up like that.
Pardon my ignorance, but can you do that in NT, even portwise - or do you have to use a firewall.
Yeah, OTOH win95/98 being closed source and having a "stable driver interface" really helped in getting a ntfs driver for it.
The same goes for drivers for aged hardware or hardware from vendors which went down the drain, when you want to use them in newer windows versions. This will not work with older/bad nt4 drivers. Try the pppoe driver winpoet 1.2 from ivasion in win2000 and see how well it works or tell me why every graphics card manufacturer comes out with drivers for win2000.
This "stable interface" is mostly a myth.
I would like something along the lines of what is being discussed on linux-kernel now.
It's not targeted at binary only, but obfuscated source would work.
The kernel should contain some kind of generic makefiles and driver source skeleton. Then the driver writers could use this as a kind of source level infrastrucure to automatically compile and insert kernel modules. Any problems emerging cause the user doesn't install a compiler should be targeted by the distribution makers.
but this is not a feature, this is a misguided cure against non-opensourceness. And - it works well most of the time, but not always, take a brief look at support.microsoft.com and search around. There are many problems with drivers across service packs and nt/2000
I'm no kernel hacker, but I guess this has a chance of a snowball in hell to get adapted by the kernel folks.
First, the idea seems old, look at the UDI project.
Looks even cleaner IMO.
And now watch the opinion of several high grade kernel hackers about it.
Two citations:
Dave Miller: "No thanks, IMHO OS neutral driver interfaces are a nice idea but they can only lead to mediocrity. (Yes I have read and understand how your stuff works, the problem will still be there)."
Alan Cox "Not sure why anyone thinks this is Linux relevant 8) - other than it will help to make our drivers even faster than the competition if they adopt it. Have a read, but keep a bucket handy". And after smashing the idea of OS independant drivers a bit more, he really gets funny: "So what are you going to do with it. Joysticks?"
On a quick glance, this thing has even more facts going against it's usage:
The worst:
-It seems to demand applications (not only drivers) to link special headers in order to use their infrastructure.
- It's name (WinDriver)
- This sentence on their webpage:
"Use the powerful graphical Wizard (available in Windows only), to create your driver source code. The Wizard will automatically generate make files for both Linux and Windows."
I completly agree.
.... you get the idea.
All these 3d whizzbang gimmicks are doomed to fail.
It's all about open standards, or very competetive prizes (i.e. realvideo or MS asf) in the plugin arena.
The problem with 3d is that you may have an advantage today, but if you want to charge bucks for every *view*, nobody with a clue will be interested. Wait for 2 years (or shorter) and your technological advantage is meaningless, that's a common problem for 3d-renderers.
I can't believe that in the year of massive outcome of GHz-cpus and T&L graphic cards someone really sees a future in a product like this.
For similar reasons real audio (not video) will get into real trouble from mp3 sooner or later.
And even if you're somewhat successful, I have heard of some guys in Redmont which
As you say, this gimmicks are interesting for a short time, but after that users get tired of waiting to finally see animations like VHS tapes moving in VHS-players. These apps all are bad from an ergonomic point of view.
Shaheen seems to be very excited by this technology - I understand that - but I would never advice someone to use that at his e-commerce site.
It frequently seems to happen that companies make bad business decisions because they are too excited by their by technology.
Really, metacreation should develop more ideas than that metastream thingy or they will be in much trouble soon.
This then branches out into a point I've always wondered, how important is the ergonimics of a game in the grand scheme of things. Given the game on 2 platforms would you sacrifice ease of playing (i.e decent controllers) for cutting edge graphics?
Decent controllers are important, but there are other things which make playing games on pc's less joyfull for the average joe user.
- Compability hassels (i.e. "you need (directx xx.yyyy|mesa xx|n megabyte of ram/megahertz chip/megabyte on hd)
linked to that point are
- instability, forcing you to download update xxx from the game's homepage
- frustration when you were fooled by the minimum hardware requirements of the game (try f1gp2000 on a 300Mhz P2 with the default setting -> 2 fps)
And general pc-gaming disadvantages (sp?)
- unability to follow an instant gaming urge, i.e. turn on computer, wait 2 min. until you finally are able to start the game (and then another more or less long timespan until it's finally started)
- a plethora of possible input devices, making it hard for the designers to optimize the game for ergonomie
The point was not that "artificial" clients cannot be faster. The point is that it far easier to find the bots doing the webrequests and just drop packets from that ip-adress where it fits, for instance at the border routers - if you have the technical possibilites.
;-)).
If the source-ips are spoofed then there is an important datapoint missing.
And you're clearly right that an hour outtage is bad enough. And also if you have very big files it's impossible to distinguish a dos attack from legitimate traffic (free beos was a good example
This judge is the man. Whoa he really wants to get mircosoft. And not only that, he also shoots against the former ruling about ie-integration (called Microsoft II in the finding).
Allow me a cite:
The majority opinion in Microsoft II evinces both an extraordinary degree of respect for changes (including "integration") instigated by designers of technological products, such as software, in the name of product "improvement," and a corresponding lack of confidence in the ability of the courts to distinguish between improvements in fact and improvements in name only, made for anticompetitive purposes. Read literally, the D.C. Circuit's opinion appears to immunize any product design (or, at least, software product design) from antitrust scrutiny, irrespective of its effect upon competition, if the software developer can postulate any "plausible claim" of advantage to its arrangement of code. 147 F.3d at 950.
This undemanding test appears to this Court to be inconsistent with the pertinent Supreme Court precedents in at least three respects. First, it views the market from the defendant's perspective, or, more precisely, as the defendant would like to have the market viewed. Second, it ignores reality: The claim of advantage need only be plausible; it need not be proved. Third, it dispenses with any balancing of the hypothetical advantages against any anticompetitive effects.
Boah
There is a quite good patch for kernel support at
http://www.davin.ottawa.on.ca/pppoe/.
the creator Jamal Hadi Salim is actively working on it (last update March 30)
He has made a proposal on netdev (archive) about it, and Michal Ostrowski who wrote another implementation in kernel space has shared the discussion. Read the long thread in the archive.
Jamal writes somewhere in the readmes they'll plan to merge at pppoed 0.5 and it seems they're actively pushing for getting it into the kernel.
Unfortunately I wasn't able to find some information lately, but the fact that the pppoed is being updated gives me hope.
Suse has incorporated Jamals pppoed in their 6.3 kernel and Suse's Andi Kleen had his hands on that code (modularization).
The final goal seems to be to create a generic pppox (x=ethernet/atm/whatnot) device in kernel space and to incorporate pppoed (the userspace part, doing the discovery) in pppd.
I have to say that pppoed on linux is far superior to every implentation on other os's I have seen (winpoet and friends suck ass). There is one driver for win2000 made by a volunteer which seems very good, but only linux already has the pppoe-server.
And they have a fix for the mtu-problem on the clients when connecting a network to the internet with pppoed.
That doesn't fly, do the statistics. Either your 1000 boxes create a much higher traffic than the 100000 real people hitting in the same time span or you won't bring my server into trouble.
But if your 1000 do make enough "noise", it's not hard to seperate the worst offenders. Statistically on of your boxes generates 100 times the traffic of a human user. So if I just single out the 100 most "active" IP-adresses, chances are high that I'll never hit a real human.
And I wouldn't give a fuck if I hit altavista's crawler which just wanted to index my page in the moment of such a DDOS-attack (chances for such coincidence are pretty low).
Ok, I should have the infrastructure to be able to
(a)do the statistics and
(b)drop packets from certain IP-adresses.
If I don't have that, I'll not be able to stop the attack in 30 minutes. But if I have, I'll stop the attack easily.
As I said above, the spoofed source adresses are the real key to "success" of a DDOS-attack if the victim's infrastructure is mature.