DSL is provisioned differently than cable systems, they tend to have somewhat slower maximum speeds than cable, but their speed limit is a physical limitation. The result is that DSL providers don't typically have to setup (or track) any other rate limit for DSL circuits.
I run a mid-sized ISP in Seattle, and we don't do any bandwidth throttling on DSL customers. ISOMEDIA.COM
I have, but usually AT&T is not going ot have the "best path" to customers of UUNet, for example, except to an AT&T transit customer. Which qualifies as traffic that AT&T could be asked to intercept.
BTW, I agree that this whole AT&T/Narus/NSA situation is a terrible assualt on liberty, I just want to be sure that people put the blame where it belongs. The congressmen and senators that write these bad laws, the presidents for signing them, and the voters who keep electing them all.
Having just read through the documents, and being a network operator for a small network, this looks exactly like the installation thay ANY large network provider would implement to comply with the Lawful Intercept program mandated in CALEA.
While I agree that CALEA is an overly broad statute, it does require network operators to be able to provide the capability for court-ordered lawful intercepts. The whistle-blower, Klein, so far doesn't seem to have produced any evidence that AT&T and the NSA are actively spying without court orders, just that they could. But from that viewpoint, so could any phone company that controls the local loop for Internet or telephone calls.
Klein makes an incorrect intuitive leap when he says that since AT&T Narus system is spliced into their links to Verio, Genuity, UUNet, etc. that means they can read the entire internet. This is wrong, they can only read traffic that has been routed over their network, generally that means only traffic to, or from, one of their customers, as required by CALEA. The major Internet backbone links are OC-192 and higher, the Narus system described in the document could only handle up to OC-48 (1/4 the speed of OC-192 circuits).
On the issue of NSA being involved in this, it is possible that this system wasn't implemented for CALEA, but instead to allow NSA to wiretap conversations that had been discovered to be heading out of the country, and then requested to be intercepted. For instance, if they had an IP address of some mail server in Iraq, they could tell (legally without a warrant) AT&T to give them logs and conversations from any AT&T customer, over any AT&T network link, specifically to that foreign IP address. Or at least that is the way NSA and the administration perceive the rules for foreign intercept.
Another potential reason for NSA cleared individuals having access to the rooms is that NSA performs security clearance screening for telecommunications related lawful intercept employees. Which would be a logical part of the protection of a CALEA lawful intercept operation from being tampered with by foreign agents, or non-authorized parties.
RT is great. I run a mid-sized ISP in the Northwest, and we use it for just about every trackable business process. It's only real issue is complexity of installation. It has a truly massive Perl package dependency list.
After reading the thread on NANOG you should have read the scanned case papers. Reads like a divorce proceeding. Lots of screaming and pointing out the other's failings.
From reading those, it is clear that the judge was making his decision not upon the technical merits/problems of portable IP space, but upon the claim by the customer that the ISP was trying to steal/wreck their business.
Are you running Routing and Remote Access Services on that machine? I don't see 1723 as a default open port on my servers that don't have RRAS enabled.
The VideoLan Server can stream video-on-demand from DVD image files. No loss of quality, no re-compression. You just need a nice 5 Terabyte RAID array to store the 1000 DVDs. With a fast enough drive array and GigE you could simultaneously stream 70+ live streams at 9 Mb/s each.
We use NAGIOS to monitor our ISP network of 125+ machines and nearly 600 independent services. Completely customizable with plug-in modules to monitor anything you like.
I remember an older one called Big Brother that was a little lighter weight.
Untrue. I have been on the phone for hours this evening with Cisco SEs and they said they were waiting for the images to be completed and ready for distribution.
Apparently some "trains" (cisco IOS releases) were completed earlier for the major backbone providers, but the rest appear to have been feverishly being built this afternoon and evening.
The advisory says that the packets have to be directed at the router's IP. Not just passed thru it. So the attackers could scan for cisco's and target them individually.
This is a Russian Warning Shot waiting to happen. When the router in front of you gets hit, and you are off the net, what do you do with that router that wasn't hit yet?
It is nearly midnite on the left coast and the updates for this bug are still not available for download.
Also interesting to note is that the top of the Cisco Advisory had a release date of 7/17 00:00 GMT. But the bottom said that it would not be published to the public until 7/17 21:00 GMT.
Why the release 21 hours ahead of schedule? Especially since you can't d/l the patches!!
If you were looking for a solution to the problem of how to gain the benefits of IM technologies without the time wasting aspects of external IM buddies (friends, spouses), you should set up a local Jabber server and port block the other services. (Great free server and clients, and a commercial support arm as well.)
I own a medium sized ISP near Microsoft in Redmond and we use Jabber intra-company all day long. Our technical support center is 50 miles North of our main office, so the techs, admins, accounting, and sales staff have found that it is much easier than trying to call each other, since they are always on the phone with customers.
No source on the ISO image. You can investigate it without burning a CD by:
mount -o loop -t iso9660/tmp/latest.iso/mnt/cdrom
You can also mount the compressed root filesystem that is in the image, although it may be easier to uncompress it first using the utility they give you in the root of the ISO.
It is easy to see why software has evolved the way it has. Originally bridges were just logs over the river, they have gotten better because people fell off the logs and died. Life or death situations tend to sharpen the skills of prosepctive designers quickly.
Military software doesn't have the same problems as M$ software. Because most military software has been designed with the "life or death" benchmark firmly in mind. Commercial software will never approach the design standards of bridges and buildings, simply beacuse no one will ever look at a subroutine and wonder, "will someone die if I don't re-code that goto?"
Flamebait is right. Brin, and the rest of his liberal cronies, always forget to mention that the wealthiest 1% of the country pay over 30% of ALL TAXES. Bush's tax cut is an equal percentage of what people pay, from top to bottom. Sounds pretty fair to me.
But then I guess that means that I want to "re-establish the social pyramid" or some such hogwash. The government's job is not to redistribute wealth in this country. Anybody who says that the government should make rich people poorer is just waiting for a chance to stick his hand in your pocket to fix what HE thinks is wrong with the world.
Eliminate all government programs whose only constitutional justification is the Commerce clause.
Slashdot Mirror
DSL is provisioned differently than cable systems, they tend to have somewhat slower maximum speeds than cable, but their speed limit is a physical limitation. The result is that DSL providers don't typically have to setup (or track) any other rate limit for DSL circuits.
I run a mid-sized ISP in Seattle, and we don't do any bandwidth throttling on DSL customers. ISOMEDIA.COM
I take it you've never heard of transit traffic?
I have, but usually AT&T is not going ot have the "best path" to customers of UUNet, for example, except to an AT&T transit customer. Which qualifies as traffic that AT&T could be asked to intercept.
BTW, I agree that this whole AT&T/Narus/NSA situation is a terrible assualt on liberty, I just want to be sure that people put the blame where it belongs. The congressmen and senators that write these bad laws, the presidents for signing them, and the voters who keep electing them all.
Run a traceroute if you think this. It is incorrect. AT&T has nothing like a majority of Internet traffic on its backbone links.
Having just read through the documents, and being a network operator for a small network, this looks exactly like the installation thay ANY large network provider would implement to comply with the Lawful Intercept program mandated in CALEA.
While I agree that CALEA is an overly broad statute, it does require network operators to be able to provide the capability for court-ordered lawful intercepts. The whistle-blower, Klein, so far doesn't seem to have produced any evidence that AT&T and the NSA are actively spying without court orders, just that they could. But from that viewpoint, so could any phone company that controls the local loop for Internet or telephone calls.
Klein makes an incorrect intuitive leap when he says that since AT&T Narus system is spliced into their links to Verio, Genuity, UUNet, etc. that means they can read the entire internet. This is wrong, they can only read traffic that has been routed over their network, generally that means only traffic to, or from, one of their customers, as required by CALEA. The major Internet backbone links are OC-192 and higher, the Narus system described in the document could only handle up to OC-48 (1/4 the speed of OC-192 circuits).
On the issue of NSA being involved in this, it is possible that this system wasn't implemented for CALEA, but instead to allow NSA to wiretap conversations that had been discovered to be heading out of the country, and then requested to be intercepted. For instance, if they had an IP address of some mail server in Iraq, they could tell (legally without a warrant) AT&T to give them logs and conversations from any AT&T customer, over any AT&T network link, specifically to that foreign IP address. Or at least that is the way NSA and the administration perceive the rules for foreign intercept.
Another potential reason for NSA cleared individuals having access to the rooms is that NSA performs security clearance screening for telecommunications related lawful intercept employees. Which would be a logical part of the protection of a CALEA lawful intercept operation from being tampered with by foreign agents, or non-authorized parties.
Very impressive effort. Looks nice for delegated responsibility. Clean interface.
Even if you don't want to use DJBDNS for all of your services, you can slave BIND 9 servers to the DJBDNS root. But DJBDNS works well too. YMMV.
RT is great. I run a mid-sized ISP in the Northwest, and we use it for just about every trackable business process. It's only real issue is complexity of installation. It has a truly massive Perl package dependency list.
After reading the thread on NANOG you should have read the scanned case papers. Reads like a divorce proceeding. Lots of screaming and pointing out the other's failings.
From reading those, it is clear that the judge was making his decision not upon the technical merits/problems of portable IP space, but upon the claim by the customer that the ISP was trying to steal/wreck their business.
The aggregate bandwidth of the RAID would probably be sufficient to keep up, especially with a nice caching controller to keep the reads large.
Are you running Routing and Remote Access Services on that machine? I don't see 1723 as a default open port on my servers that don't have RRAS enabled.
The VideoLan Server can stream video-on-demand from DVD image files. No loss of quality, no re-compression. You just need a nice 5 Terabyte RAID array to store the 1000 DVDs. With a fast enough drive array and GigE you could simultaneously stream 70+ live streams at 9 Mb/s each.
We use NAGIOS to monitor our ISP network of 125+ machines and nearly 600 independent services. Completely customizable with plug-in modules to monitor anything you like.
I remember an older one called Big Brother that was a little lighter weight.
Untrue. I have been on the phone for hours this evening with Cisco SEs and they said they were waiting for the images to be completed and ready for distribution.
Apparently some "trains" (cisco IOS releases) were completed earlier for the major backbone providers, but the rest appear to have been feverishly being built this afternoon and evening.
No, the advisory states that non-contract customers can send an email to tac@cisco.com and get access to a "free upgrade".
Why do you think it can't worm?
The advisory says that the packets have to be directed at the router's IP. Not just passed thru it. So the attackers could scan for cisco's and target them individually.
This is a Russian Warning Shot waiting to happen. When the router in front of you gets hit, and you are off the net, what do you do with that router that wasn't hit yet?
Update early and often.
It is nearly midnite on the left coast and the updates for this bug are still not available for download.
Also interesting to note is that the top of the Cisco Advisory had a release date of 7/17 00:00 GMT. But the bottom said that it would not be published to the public until 7/17 21:00 GMT.
Why the release 21 hours ahead of schedule? Especially since you can't d/l the patches!!
If you were looking for a solution to the problem of how to gain the benefits of IM technologies without the time wasting aspects of external IM buddies (friends, spouses), you should set up a local Jabber server and port block the other services. (Great free server and clients, and a commercial support arm as well.)
I own a medium sized ISP near Microsoft in Redmond and we use Jabber intra-company all day long. Our technical support center is 50 miles North of our main office, so the techs, admins, accounting, and sales staff have found that it is much easier than trying to call each other, since they are always on the phone with customers.
No source on the ISO image. You can investigate it without burning a CD by:
/tmp/latest.iso /mnt/cdrom
mount -o loop -t iso9660
You can also mount the compressed root filesystem that is in the image, although it may be easier to uncompress it first using the utility they give you in the root of the ISO.
It is easy to see why software has evolved the way it has. Originally bridges were just logs over the river, they have gotten better because people fell off the logs and died. Life or death situations tend to sharpen the skills of prosepctive designers quickly.
Military software doesn't have the same problems as M$ software. Because most military software has been designed with the "life or death" benchmark firmly in mind. Commercial software will never approach the design standards of bridges and buildings, simply beacuse no one will ever look at a subroutine and wonder, "will someone die if I don't re-code that goto?"
Flamebait is right. Brin, and the rest of his liberal cronies, always forget to mention that the wealthiest 1% of the country pay over 30% of ALL TAXES. Bush's tax cut is an equal percentage of what people pay, from top to bottom. Sounds pretty fair to me.
But then I guess that means that I want to "re-establish the social pyramid" or some such hogwash. The government's job is not to redistribute wealth in this country. Anybody who says that the government should make rich people poorer is just waiting for a chance to stick his hand in your pocket to fix what HE thinks is wrong with the world.
Eliminate all government programs whose only constitutional justification is the Commerce clause.