My one objection to this is the obvious: isn't it a little late to start complaining? He doesn't mention when he first got around to asking the developers about this, but OpenSSH has been around for a while.
That said, if the developers are willing I wouldn't have any great problem with a name change. Perhaps "ossh"? *shrug*
>Just an aside: anyone still in high school, NEVER leave anything personal in your locker.
>I ran away once and they raided the thing for clues.
>They even dug up some personal poetry in my notebooks there.
How about if you left a large piece of plasticine attached to a little clock and a sign saying:
"If I was a REAL nutcase, you would be dead. Now get the hell out of my locker!".
> Here is what I am aware of:
>
> http://209.211.253.68/
> http://209.211.253.69/
> http://209.211.253.70/
> http://209.211.253.71/
> http://209.211.253.72/
> http://209.211.253.73/
> http://209.211.253.74/
> http://209.211.253.84/
> http://209.211.253.88/
> http://209.211.253.89/
So really, MAPS should be blocking something like:
209.211.253.68/30,
209.211.253.72/31,
209.211.253.74/32,
209.211.253.84/32, and
209.211.253.88/31.
Blocking the whole/24 is punitive, and if you're going to act like that why not block the whole AS? That said, I'm not exactly bursting with sympathy for Media3, and as for peacefire.org: perhaps they could put their business in the way of a more responsible provider?
My personal view on these lists has long been that ORBS is not worth using but is worth listening to (to aid in hunting down customer relays before they get abused), MAPS is worth taking as a BGP feed (so that all traffic to those hosts is blackholed) and the DUL (dialup-list) is worth setting up on your MTA so that mail directly from those hosts is refused.
Gah, plain old text still removes GT & LT symbols. Serves me right for not previewing. Should have read:
<person1> I'm waving now.
<person2> Do a couple of jumping-jacks.
<person2> Yeah, ok, you're there, third window from the left.
<person1> Good. Can you send me the software, then?
>1. Why do cable and DSL providers limit bandwidth and restrict servers?
Because they pay for bandwidth, in one form or other. They can either charge for it or restrict it, but don't expect them to do both.
As for restricting servers, that doesn't work quite the same way - most providers have spare "outgoing" bandwidth because their users do a lot more downloading than serving. The main reason in this case is commercial - by allowing any old user on a cheap connection to host servers at decent speeds (and most non-multimedia servers don't use much bandwidth at all) they would be devaluing their own web-hosting, managed server and co-location products.
It'll happen eventually, of course, because it only takes a couple of companies doing it to bring the whole thing crashing down...
>2. Might there be some advanatge to not throttling last-mile bandwidth,
>such as a positive effect on peering economics for the ISP?
It would be a negative effect - more peering infrastructure (and quite likely transit costs) without more revenue - see above. Economies of scale only kick in when you're getting/paid/ for being bigger:-)
>3. Could Napster and other P2P applications affect service provider economics
>- for better or worse?
More bandwidth use is always going to cost the provider - although it costs them less per Mbps each year - unless the user is paying for that bandwidth. Bear in mind that providers usually base their own bandwidth requirement estimates on a certain contention ratio (it's different for different services), so greater usage due to Napster and such will either force them to alter the ratio or leave them with an over-subscribed network. Ouch.
(They have other reasons, of course -- service reasons -- but I think it's pretty obvbious that they raised the prices because their initial business plan was a piece of shit, they realized it, and now they want to, uh, 'reposition' [as the suits love to say] themselves in the market.)
"Excuse me sir, but you might want to reposition yourself in the market; you appear to have your head around the U-bend and the toilet brush protruding from your arse at the moment... we would have advised a place on the sofa":-)
Bit of a reach - what if they implant it in your left butt-cheek, and make sure that no barcode is involved, nor anything else liable to pertain to the number "666".
"It's not the apocalypse, it's just a pain in the arse!"
As for privacy issues raised elsewhere in this thread... the suggestion seems to be that the criminal version will not have an off-switch, the civilian version will have. For criminals, this is not much harder to circumvent than the current wristbands and such, but might provide more useful information.
For civilians, there are a few more questions: how can you tell the off-switch *really* works? Is someone keeping track of when and where you turn your implant off? What's being done with the other data gathered?
Never underestimate the value of lots of seemingly unimportant information - pattern analysis can give answers a single item will never tell you. Phone monitoring for instance - what do you think the resulting web would look like if you linked together all the callers who, during phone calls to each others, used phrases such as "not over the phone"?
They've got battery backup (charged off the solar cells) and emergency failover to a "nearby backup facility" (presumably a secondary site hosting the same material) that'll take over within a minute.
Not sure how long the battery life is, but according to the article they're providing an SLA of "less than one hour downtime per year". That ain't half bad.
One catch to this theory: you cannot assume that 30% of Linux boxen are being used as web servers means that 30% are running Apache - some distributions have it running by default (IIRC), and many other non-webservers are likely to be running Apache just for this-or-that.
Don't think for a second that this is merely a pointless gimmick - it's a necessary component for truly Free Time.
No longer will we need to be tied down by vendor-proprietrary time: the ability to hack time to our own open source, GPL'd, and entirely bizarre standards.
"You're five minutes late."
"Not by my watch, you whore of Casio! I'm 37 chimpanzees early, for insert-deity-here's sake!"
"Foiled again! Damn you and your Free Time!"
Foundry certainly claim that their BigIron switches can filter without affecting performance - apparently the latency is fixed at 5ms regardless of routing, filtering and other work that needs doing to the packet before it's shoved back out due to the clocking mechanism.
Cisco, on the other hand, have trouble with running wirespeed on all ports whether or not they've got an extra work to do. A pity, really: like damn near everyone else in the industry, I know Cisco's kit better than any of their competitors.
That won't do a damned thing, except override any routes for 10.0.0.0/8 received through any routing protocols. And even then, if someone announces 10.0.0.0/9 (/9 = netmask 255.128.0.0, or the first half of the 10.* range), the more specific route will take priority.
In any case, if routes were the only problem you could just apply distribute-lists to your routing protocols to ensure you don't accept any - it's a hell of a lot cheaper CPU-wise to filter routing updates rather than every packet coming in. The problem is, that doesn't do anything about DoSs, which may simply source traffic with a false address and don't care that no traffic can be returned to them.
Slashdot Mirror
One infringe on a copywrite if you don't profit from it?
You can make it more difficult to make the trademark/copyright owner to profit from it, as in this case.
(Ignore previous nonsensical message, 'twas a thinko.)
One infringe on a copywrite if you don't profit from it?
You can make it more difficult to make the trademark/copyright owner to infringe on it, as in this case.
My one objection to this is the obvious: isn't it a little late to start complaining? He doesn't mention when he first got around to asking the developers about this, but OpenSSH has been around for a while.
That said, if the developers are willing I wouldn't have any great problem with a name change. Perhaps "ossh"? *shrug*
>Just an aside: anyone still in high school, NEVER leave anything personal in your locker.
>I ran away once and they raided the thing for clues.
>They even dug up some personal poetry in my notebooks there.
How about if you left a large piece of plasticine attached to a little clock and a sign saying:
"If I was a REAL nutcase, you would be dead. Now get the hell out of my locker!".
The really cool looking ones were the phones with the cameras - two-way video conversations? Wild. I want one now.
Phone sex will never be the same again... now why hasn't /that/ rather obvious idea made it into more sci-fi?
(Point of view of me as a Network Admin...)
/24 is punitive, and if you're going to act like that why not block the whole AS? That said, I'm not exactly bursting with sympathy for Media3, and as for peacefire.org: perhaps they could put their business in the way of a more responsible provider?
From the MAPS evidence file:
> Here is what I am aware of:
>
> http://209.211.253.68/
> http://209.211.253.69/
> http://209.211.253.70/
> http://209.211.253.71/
> http://209.211.253.72/
> http://209.211.253.73/
> http://209.211.253.74/
> http://209.211.253.84/
> http://209.211.253.88/
> http://209.211.253.89/
So really, MAPS should be blocking something like:
209.211.253.68/30,
209.211.253.72/31,
209.211.253.74/32,
209.211.253.84/32, and
209.211.253.88/31.
Blocking the whole
My personal view on these lists has long been that ORBS is not worth using but is worth listening to (to aid in hunting down customer relays before they get abused), MAPS is worth taking as a BGP feed (so that all traffic to those hosts is blackholed) and the DUL (dialup-list) is worth setting up on your MTA so that mail directly from those hosts is refused.
Gah, plain old text still removes GT & LT symbols. Serves me right for not previewing. Should have read:
<person1> I'm waving now.
<person2> Do a couple of jumping-jacks.
<person2> Yeah, ok, you're there, third window from the left.
<person1> Good. Can you send me the software, then?
I'm waving now.
Do a couple of jumping-jacks.
Yeah, ok, you're there, third window
from the left.
Good. Can you send me the software,
then?
>The questions are:
/paid/ for being bigger :-)
>1. Why do cable and DSL providers limit bandwidth and restrict servers?
Because they pay for bandwidth, in one form or other. They can either charge for it or restrict it, but don't expect them to do both.
As for restricting servers, that doesn't work quite the same way - most providers have spare "outgoing" bandwidth because their users do a lot more downloading than serving. The main reason in this case is commercial - by allowing any old user on a cheap connection to host servers at decent speeds (and most non-multimedia servers don't use much bandwidth at all) they would be devaluing their own web-hosting, managed server and co-location products.
It'll happen eventually, of course, because it only takes a couple of companies doing it to bring the whole thing crashing down...
>2. Might there be some advanatge to not throttling last-mile bandwidth,
>such as a positive effect on peering economics for the ISP?
It would be a negative effect - more peering infrastructure (and quite likely transit costs) without more revenue - see above. Economies of scale only kick in when you're getting
>3. Could Napster and other P2P applications affect service provider economics
>- for better or worse?
More bandwidth use is always going to cost the provider - although it costs them less per Mbps each year - unless the user is paying for that bandwidth. Bear in mind that providers usually base their own bandwidth requirement estimates on a certain contention ratio (it's different for different services), so greater usage due to Napster and such will either force them to alter the ratio or leave them with an over-subscribed network. Ouch.
If you're not searching for porn, but keep getting that sort of result, start adding "-sex -tits -nude [...etc]" to your search strings.
Suddenly, the 'Net looks much less pink!
(Perhaps google should add a "not pr0n!" button to do this for you? But then you'd only get smarter bridge pages avoiding it...)
If you outlaw cluefulness, only outlaws will have clue... :-o
(They have other reasons, of course -- service reasons -- but I think it's pretty obvbious that they raised the prices because their initial business plan was a piece of shit, they realized it, and now they want to, uh, 'reposition' [as the suits love to say] themselves in the market.) "Excuse me sir, but you might want to reposition yourself in the market; you appear to have your head around the U-bend and the toilet brush protruding from your arse at the moment... we would have advised a place on the sofa" :-)
Bit of a reach - what if they implant it in your left butt-cheek, and make sure that no barcode is involved, nor anything else liable to pertain to the number "666".
"It's not the apocalypse, it's just a pain in the arse!"
As for privacy issues raised elsewhere in this thread... the suggestion seems to be that the criminal version will not have an off-switch, the civilian version will have. For criminals, this is not much harder to circumvent than the current wristbands and such, but might provide more useful information.
For civilians, there are a few more questions: how can you tell the off-switch *really* works? Is someone keeping track of when and where you turn your implant off? What's being done with the other data gathered?
Never underestimate the value of lots of seemingly unimportant information - pattern analysis can give answers a single item will never tell you. Phone monitoring for instance - what do you think the resulting web would look like if you linked together all the callers who, during phone calls to each others, used phrases such as "not over the phone"?
Christ, I can just see it - overclocked DNA-based computers with piped antibiotics instead of liguid nitrogen... :-)
They've got battery backup (charged off the solar cells) and emergency failover to a "nearby backup facility" (presumably a secondary site hosting the same material) that'll take over within a minute.
Not sure how long the battery life is, but according to the article they're providing an SLA of "less than one hour downtime per year". That ain't half bad.
One catch to this theory: you cannot assume that 30% of Linux boxen are being used as web servers means that 30% are running Apache - some distributions have it running by default (IIRC), and many other non-webservers are likely to be running Apache just for this-or-that.
It's all in the definition, folks.
"On one hand, they're bulkier, and the rechargeable lithium-polymer battery lasts only two to four days"
/really/ can't picure myself remembering to plug in my frigging watch every couple of nights.
Whoever said in reply to the last article that you'd be better off with a mobile phone in damn near all situations pretty much had it pegged.
I
>There is already a highly sophisticated device that can do this.
I think you're confusing a "thermal plume" with a "crotch".
("No, I have not been shagging plastic explosives!")
"That's not BO you're smelling, there's half a dead mouse in your coat pocket."
Oh, what a fun concept...
"Crack! I detect Crack cocaine! Nah, just kidding."
"No explosives... no drugs... cheap suit..."
Don't think for a second that this is merely a pointless gimmick - it's a necessary component for truly Free Time.
No longer will we need to be tied down by vendor-proprietrary time: the ability to hack time to our own open source, GPL'd, and entirely bizarre standards.
"You're five minutes late."
"Not by my watch, you whore of Casio! I'm 37 chimpanzees early, for insert-deity-here's sake!"
"Foiled again! Damn you and your Free Time!"
My toaster is far more secure than Linux. In fact, I'd be happy to have this tested.
Go on, hack my toaster. If anyone can get root on my toaster, I'll give it to them, and buy them a few beers into the bargain.
But I warn you: it's pretty darn secure.
He didn't mention the work "geek" once. I think it's an imposter...
>So why is this co regarded so highly (much higher than the rest) on Wallstreet?
Market share, mindshare: everyone knows Cisco, everyone trusts Cisco, everyone buys Cisco.
(He says, while his colleague replaces the faulty power supply in a Foundry switch...)
Either Juniper of Foundry, I should think.
Foundry certainly claim that their BigIron switches can filter without affecting performance - apparently the latency is fixed at 5ms regardless of routing, filtering and other work that needs doing to the packet before it's shoved back out due to the clocking mechanism.
Cisco, on the other hand, have trouble with running wirespeed on all ports whether or not they've got an extra work to do. A pity, really: like damn near everyone else in the industry, I know Cisco's kit better than any of their competitors.
That won't do a damned thing, except override any routes for 10.0.0.0/8 received through any routing protocols. And even then, if someone announces 10.0.0.0/9 (/9 = netmask 255.128.0.0, or the first half of the 10.* range), the more specific route will take priority.
In any case, if routes were the only problem you could just apply distribute-lists to your routing protocols to ensure you don't accept any - it's a hell of a lot cheaper CPU-wise to filter routing updates rather than every packet coming in. The problem is, that doesn't do anything about DoSs, which may simply source traffic with a false address and don't care that no traffic can be returned to them.
Which pretty much leaves you with ACLs. Sorry.