Actually, it's more complicated than that. It's buried in the summary, but this is *also* a legal dispute, currently working its way through the federal court system. Since the ITC has the ability to ban products from sale in a shorter timescale that the court system Qualcomm is attempting to speed up the process since they're almost certainly trying to get a similar injunction through the courts as well. From Qualcomm's perspective, it's all about applying pressure on Apple so they are more likely to seek a resolution to the dispute sooner rather than later so, tactically, it's a pretty clever move on Qualcomm's part.
As for Apple buying Qualcomm. Yes, they could undeniably do that, but there are numerous problems with that tack. It would be a major corporate merger, which brings all sorts of shareholder and regulatory approvals first, and then there's the small matter of the money. It's currently mostly tied up in off-shore accounts for tax avoidance/evasion (delete as you see fit) purposes, so Apple could also be forced to repatriate some of that money into one place in order to complete the purchase, and potentially become liable for the tax they've been studiously avoiding paying. They could easily pay that too, of course, but it makes the whole idea less likely, especially since they then need to figure out what to do with Qualcomm and all of its existing contracts - many of whom are with competitors like Samsung.
No, the math's not hard, but achieving it is getting tougher all the time. Save 30%? Starting when exactly, given that the generation in question is almost certainly going to be stuck with either low paying jobs or having to pay off student loan debts before they can even think about sorting out a place of their own? Maybe one of the fortunate few that gets a big break with a successful startup or has the connections/skills/talent to reach the upper levels of their chosen career can still pull it off, but the rest are basically screwed and will absolutely have to work longer to reach a point they can retire in comfort.
Also, don't forget that pensions also take into account things like expected lifespans published in arcturial tables. Even if the retirement age and inflation adjusted pension pot remained constant, if your post-retirement life expectancy is eleven years instead of ten, you've got (more or less) 10% less to live on each month - adjust accordingly if medical science advances that to twelve or more years. Factor in the ever decreasing social security budgets, the rising age at whch you can qualify for it, and how poorly many pension funds are currently performing, and the prospects of early retirement seem much slimmer than for the previous few generations.
Any remote management protocol can be exploited if the implementation is bad - regardless of whether it's console style via SSH, web via HTTPS, or a dedicated device management protocol like SNMP or TR-069. Firmware bugs in authentication and exploits aside, it shouldn't matter what protocol you use provided that it is properly authenticated with a non-default password, uses an encrypted protocol, and (most critically of all) access is limited to a specific management network. The trick is to assume things will get broken, then put multiple layers of defence in place so that even when something inevitably does break the rest will keep things secure while you implement a fix - ignoring it is not an option either.
People have been chanting the "defence in depth" mantra for decades, some people have been *doing* it for decades and publishing HOWTO guides to help others do the same, and yet other people are also still getting burned by failing to do it. Ultimately, it's just the consequence of another three way choice where you only get to pick two options; the choices are "cheap", "easy" and "secure", and this is what happens when you don't include "secure" in your selection - cheap and easy both end up going down the toilet as well.
My view too. Janit0r is absolutely a vigilante, but currently BrickerBot (and the less destructive Hajime) are only active "solutions" to the various IoT botnets such as Mirai and, from their posts, I believe (s)he would stand down as soon as more active steps were taken by the vendors, ISPs, and owners. Far from ideal but, until those in a position to do something about it in a less disruptive manner step up to the plate, if that's the only option for the rest of us caught in the firing line, then I'll live with it. Keep calm, and carry on bricking!
As for this specific incident, although Zyxel has to take some blame for shipping broken routers in the first place, I'd say the main culprit here is actually SierraTel, both for their failure to implement secure central management of their modems in the first place, but mostly for failing to learn from Deutsche Telekom's experience and remediating that error, despite having *six months* to do so. Clearly that has now cost them financially and in customer satisfacation, which should hopefully server as a wake up call to anyone else in a similar situation and dragging their feet over deploying a solution. Somehow, I don't think SierraTel is going to be the only ISP to have this kind of problem though.
It really depends on whether Jimmy Wales genuinely wants this to be a neutral news outlet, or just a backdoor way to further his own agendas/beliefs, but time will tell - and pretty quickly I suspect. We currently have a very divisive Republican politician in the White House, so if there's any left wing spin being put on things it's going to become very apparent, very fast, when both Trump's supporters and people who genuinely don't care about the politics try and pull things back towards the middle and (most probably) further right. If/when that happens, and if the site fails to handle it fairly, then it's going to get accused of failing in its core aims and be effectively dead in the water as anything other than another left-wing echo chamber right there and then.
Stunned me too when I got speaking to locals on the earlier aurora orientated photography trips I've done. The very first trip I did, we'd just done a successful all-nighter, which for most of us was the first time we'd ever seen the lights, and were in an Icelandic garage/café getting some breakfast and looking over our images when we got talking with a long distance lorry driver - his response to a question about getting to see the aurora a lot was basically a shrug and "thousands of times, I guess, don't really notice them anymore...". Yep, that'll do it: *minds* *blown*.:)
That said, the AC's analogy below about a really good sunset is probably better than my more direct night sky objects one; they *do* still look, but only when it's a really good display, and after doing many more trips to the Arctic (it can really get under your skin!) I can kind of see why. I've now got a lot of photographs of simple bands of aurora, so unless it's a really nice composition with the background, an unusual colour, or has something else to set it apart, I often don't bother unless I haven't got my camera set up yet and need a few test shots to check I've nailed my focus and the exposure settings are in the ballpark.
A bad solution is still a bad solution. And vigilanteism is still vigilanteism. And DDOS attacks using infected devices are nothing new, it is just that IoT have opened up a new attack vector. Look at how many Windows based computers have been involved in DDOS in the past.
Yes, it's a bad solution, and it's undeniably vigilantism as well. But, like democracy, it's still the best (and at present, only) solution we currently have that is working at scale. The Zero Day Initiative typically gives vendors 90 days (3 months) to fix a problem before they go public except in exceptional circumstances, and most credible vendors are OK with that framework. By comparison Mirai hit almost six months before BrickerBot, Hajime, and other such tools were unleashed, and in all that time noone - whether vendors, ISPs, or owners - did much more than shrug, shuffle their feet, and wring their hands.
They collectively took a huge dump in everyone else's bed and then did nothing about it, so that just left people stepping up with their bad solutions and vigilantism to try and clean up the mess. Want to "fix" BrickerBot and Hajime, etc.? Fix your devices, secure your networks, and isolate your devices, as applicable. Just like Mirai and the rest, if they can't root the device, then they can't propogate either, and everyone benefits - in fact, unlike the blackhat authors of malicious botnets, the vigilantes are more likely to shut up shop as soon as there are credible signs of progress being made. Acknowledging the message they are sending is all that is required.
Looking at my firewall logs I think BrickerBot v3.0 may have actually been unleashed on the 18th, not the 20th. There was a huge decline in scanning for port 5358 that started on the 18th, which is now less than half the activity level it was at on the 17th, and less than 15% of the levels it was peaking at prior to BrickerBot v1.0. There are further, but smaller, falls in some of the other typical IoT ports like 2323 that started around the same time as well.
If you're reading, Janit0r (or whatever your current pseudonym is), keep up the good work! Might be worth taking a look at what's going on with Port 81 as well... Just sayin':)
Aurora are highly variable objects; they come in many shapes, shades, intensities, speeds they move back and forth across the sky, the speed at which they can appear/disappear, and so on. It's not that they haven't been noticed before, in fact that's how they were identified as being so common - by finding examples captured in previous images of the night sky taken by aurora watchers and similar - it's just that no one has realised they were a distinct form of interaction between particles in the upper atmosphere until now. You've also got to keep in mind that for many people that live in latitudes where aurora are common they're just a fact of life and not all that much more notable than the moon in the night sky, so the chances are pretty high that these jets have been seen on countless occasions, maybe even photographed as well, dismissed as a band/ribbon aurora (not the most photogenic type, and of little interest unless you're new to aurora watching), and that was that.
Try explaining that to the legacy mainstream media dinosaurs that are still busy taking Google to court for spidering, indexing, and linking to their content, despite the debacle of Spain a few years back, and see how far it gets you. Common sense is in short supply in some corners of the Internet, and fairly large corners at that.
I think the law of averages would take care of that. Bandwidth is pretty cheap and the chances are that even if you are constrained by bandwidth, as might be the case with a smaller site on an "xGB/day" hosting plan, then it's more likely to be the case there won't be too many GB of content to spider in the first place. There are always exceptions though, and where there is a real problem there are still going to be workarounds, e.g. explicit opt out clauses for spiders like IA's or, if all else fails, denying access based on User-Agent strings.
It does clearly depend on what effect this might have on the value of "everyone" though. Spidering (for legit purposes and otherwise) is mostly just background noise at present; the real bad actors - cyber criminals - already ignore robots.txt, and not every good actor would significantly benefit from ignoring robots.txt. The only real reasons a good actor might have for ignoring it are for better archiving (as with IA's proposals) or more complete search engine indicies, but if the reason for the content being excluded via robots.txt is that it is highly dynamic, transient, or just fodder for bad robots, then it's of minimal value to search engines anyway. Even if some (or all) of the search engines were to follow IA's lead on this, I think they'd still be looking at balancing that with more intelligence in their spidering just to avoid the risk of cluttering up their databases with broken links and expired data, and that's likely to limit the bandwidth requirements considerably.
IA does still spider, but they seem to use a more nuanced system than the rudimentary "start at/, then recursively follow every link" approach used by more trivial site spider algorithms. Firstly, they don't download an entire site in one go - they spread things out over time to avoid putting large spikes into the traffic pattern which is more friendly for sites that are bandwidth limited and on things like "xGB/month" plans. Secondly, they have a "popularity weighting" system that governs the order they spider and refresh sections of a given site, which is the main reason for the difference between the level of content for popular and less popular sites - although I have no idea whether that's based entirely off something like the site's Alexa ranking or is also weighted against how dynamic the content is (e.g a highly dynamic site like Slashdot would get a bump up the priority, whereas a mostly static reference site might get downgraded). Combine the two approaches and you get the results you are seeing: major web homepages get spidered more or less every day with several levels of links retrieved, while some random personal blog only get spidered every few weeks or more, and only with the homepage and first level or two of links ever getting looked at.
Even more specific robots.txt directive for this instance:
User Agent: ia_archiver
Disallow:/
As is often the case, Lauren is going off half-cocked with only part of the story. The IA already has a policy for removal requests (email info@) and is only considering expanding their current position of ignoring robots.txt on sites outside their current "test zone" of the.gov and.mil gTLD domains and have not had any problems. They probably will do that (and for their archival purposes it's a good idea in principle), but I think it's only fair to see whether or not they listen to the feedback and provide some specific opt-out policy and technical mechanisms like at least honoring either of the above prior to going live on the rest of the Internet before starting to scream and shout. It's going to be a two-way street anyway because they're going to find a lot more sites that feed multiple-MB of pseudo-random crap to spiders that ignore robots.txt to try and do things like poison spammer's address lists, so it's actually in their best interests to provide an opt-out they honor.
Besides, it's going to be interesting to see what kind of idiotic crap web admins who should know better think is safely hidden and/or secured because of robots.txt - it's useful to know who is particularly clueless so you can avoid them at all costs.:)
Actually, this is entirely on ARIN rather than ICANN these days, and they absolutely allow transfer of IPv4 space for money (subject to a few criteria) and have done so for some time as part of their approach to dealing with IPv4 exhaustion. There's also nothing to say that these IPs have never been used by MIT - for all we know they were previously in use but have been freed up as part of MIT's IPv6 rollout - and since Amazon needs IPv4 space for their growing cloud platforms and can clearly afford this many IPs in one go it makes sense for MIT and Amazon to do a deal rather than parcel them out piecemeal to multiple users.
IPv4 space has been a resource with a sell by date for some time; at some point (probably still some way off) IPv6 will gain critical mass and the value of IPv4 space will plummet, but until then its basically a game of chicken against that unpredicatable deadline. You can sell now, and maybe get $10/IP (for suitably large allocations), or you can wait a bit longer and gamble on either making more money for your IP space as people get more desperate, or wiping out because IPv6 has finally taken off and demand for IPv4 space has dropped. MIT could easily have held on to the IPs for a few more years, and would likely have make a lot more as a result, but by doing a deal now they've actually helped Amazon grow their cloud and put the IPs into productive use again. Sure, MIT likely made a lot of money on the deal, but that's still better than having the IP space sitting around doing nothing at all.
Needs an "M" in there for "misleading". MIT hasn't released the entire/8 back to ARIN; AFAICT from whois queries they've transfered a whole bunch of/16s (20+) directly over to Amazon, all of which are above the 18.145.0.0 line. Given the highly non-contiguous allocations across the upper half of the/8 range the most likely cause is that they've received chunk of cash for giving Amazon all the/16s that they were not currently actively using.
They could, and they'll probably get back at BK somehow, but I think the more immediate step for Google (and Amazon, Apple, Microsoft, et al) is going to be to update the code to require it be trained to only work for a limited number of "authorised" voices before it becomes a game of whack-a-mole as every other advertising scumbag inevitably tries to jump on the bandwagon BK has spotted. They wouldn't would their precious customers (AKA "sources of data, and thus revenue") to get the silly idea these device might not be such a good idea afterall, would they?
These idiots all deserve each other, and I hope it turns into the total trainwreck it is shaping up to be.
Oh, yeah. Just in case the author(s) are reading this, for v2.0, you might want to consider looking into the following popular IoT ports as well (there are others, but these are the ones with the most activity):
22 - SSH
2222 - alt. SSH
2323 - alt. Telnet
5358 - Web Services API
6789 - Dahui admin port?
7547 - TR-069 management port
23231 - alt. Telnet
37777 - CCTV port forwarding
Ordinarily, I'd condemn this kind of vigilante action, but in this instance I'm hardly struggling with it at all. Mirai kicked off in early September 2016. It's now April 2017. That's six full months, almost to the day, that device owners, ISPs, and vendors have had to secure their devices, filter inbound scanning/outbound end-user traffic, and produce update firmware, yet there's very little evidence any of that is happening at scale (shocking, I know), so it's clearly not going to. The rest of us, meanwhile, have been subjected to continual port scanning and DDoS attacks. Taking vulnerable devices out of commission, placing the cost of that on owners and vendors, plus pressure from both on ISPs to start to filter the malicious traffic, is clearly the only approach that is going to work at this point, and might even encourage vendors to put a little more thought into security in future.
Carry on indeed. Hell, post the code like the original Mirai author did - we might as well wrap this up as fast as Mirai and its clones were able ramped up. Open Source, ftw!
Looks like they hit quite a lot too, according to a couple of texts allegedly from within Syria posted on the BBC:
My cousin just texted me from the airfield. He went to check on his mates. It's total devastation.
Cousin says "all jets gone. Airfield taken out of service. Can't find any of his mates yet."
Seems fairly likely to be legit, but I dare say we'll get some updated satellite pics shortly. Given only seven fatalities are being claimed by the regime, I'm guessing craters on all the hard stands, hangars, runways, taxiways, fuel silos and other storage facilities, but barracks etc. left standing. Seems pretty targetted and reasonable to me if so.
You keep it in a glorified pressure cooker; the higher thermal difference just means more energy can be reclaimed. I couldn't find a link to the research faculty I read about that was taking it to that extreme some years back (maybe it went nowhere), but this company is doing something similar at a much more routine atmospheric pressure approach at 566C, and this one was working towards a solution closer to boiling point with a storage temp of 1200C.
Salt can work fairly well as an energy storage device in green energy systems that are prone to fluctations in flow like solar and wind. Basically, you use some excess energy to heat up a volume of salt (to around 3000C is typical) then, when the wind drops or night falls, harvest that thermal energy back to provide power as the salt cools. Reheat the salt when your power source returns, and repeat.
True, it is is usually the opposition that uses it at any given time, but why would supporters in power do so? The situation was pretty much reversed from Blair/Brown when it was Thatcher/Major or Cameron/May for instance. Agreed on Labour's chances in a GE though; if nothing else Corbyn has shown some serious issues with the way Labour elects its leaders; when the party members, MPs and unions are not in agreement, the only winners are going to be the other parties, with the LibDems, SNP, and Plaid Cymru most likely to be the main benefactors.
That also probably explains a lot of Theresa May's haste with Brexit and her "good deal or out by default" stance though, despite even Leave saying that defaulting to WTO would be an unmitigated disaster until such time as trade deals could be sorted out - and who knows how long that might take in practice? With Labour on the ropes and the LibDems supposedly planning on running on a Remain manifesto should they get a chance in a GE, she has to close the deal before the next GE or there's a potential that enough people who might want to Remain (either because they have done all along, or because they have reconsidered their choice) deciding that's worth a four year punt on what would most likely end up being a LibDem led coalition to achieve. Not very likely at present, I'll grant you, but who knows what state the UK and EU economies might be in by the time the next GE rolls around?
I think it's a bit of a stretch to expect people in the UK to understand how the EU places people into positions of power, let alone take the time to find out before voting on it, when so many of them clearly don't understand how their own government works. Far too many people don't have a clue even at the most fundamental of levels; every time a PM gets ousted and someone else steps in you get the usual "they were not elected" crap - newsflash - the UK elects a *party* that then gets to put whomever it chooses into 10 Downing Street for the duration of that party's term. Most of them would probably have a heart attack if someone sat them down and explained the real division of power and responsibilities between elected MPs and the unelected career bureaucrats in the Civil Service...
Not necessarily. Scotland has a huge exclusive economic zone by virtue of the Shetlands and Orkneys, so plenty of fishing rights on the back of that (plus all sorts of issues for NE English fishermen if they don't get access rights, since the next place they could drop their nets is well into the North Atlantic), a steadily growing tourist trade, and also the discovery of a new North Sea oil field estimated to contain maybe a billion barrels was announced just a few days ago. Not sure if it'll all add up to a net gain for the EU or not, but they don't have a massive population to subsidize if not, and at the very least it would provide some positive news to help bring the other members of the EU that might be considering their own exits back into the fold.
Slashdot Mirror
Actually, it's more complicated than that. It's buried in the summary, but this is *also* a legal dispute, currently working its way through the federal court system. Since the ITC has the ability to ban products from sale in a shorter timescale that the court system Qualcomm is attempting to speed up the process since they're almost certainly trying to get a similar injunction through the courts as well. From Qualcomm's perspective, it's all about applying pressure on Apple so they are more likely to seek a resolution to the dispute sooner rather than later so, tactically, it's a pretty clever move on Qualcomm's part.
As for Apple buying Qualcomm. Yes, they could undeniably do that, but there are numerous problems with that tack. It would be a major corporate merger, which brings all sorts of shareholder and regulatory approvals first, and then there's the small matter of the money. It's currently mostly tied up in off-shore accounts for tax avoidance/evasion (delete as you see fit) purposes, so Apple could also be forced to repatriate some of that money into one place in order to complete the purchase, and potentially become liable for the tax they've been studiously avoiding paying. They could easily pay that too, of course, but it makes the whole idea less likely, especially since they then need to figure out what to do with Qualcomm and all of its existing contracts - many of whom are with competitors like Samsung.
Perhaps not a demographic Gillette ought to be targetting then?
No, the math's not hard, but achieving it is getting tougher all the time. Save 30%? Starting when exactly, given that the generation in question is almost certainly going to be stuck with either low paying jobs or having to pay off student loan debts before they can even think about sorting out a place of their own? Maybe one of the fortunate few that gets a big break with a successful startup or has the connections/skills/talent to reach the upper levels of their chosen career can still pull it off, but the rest are basically screwed and will absolutely have to work longer to reach a point they can retire in comfort.
Also, don't forget that pensions also take into account things like expected lifespans published in arcturial tables. Even if the retirement age and inflation adjusted pension pot remained constant, if your post-retirement life expectancy is eleven years instead of ten, you've got (more or less) 10% less to live on each month - adjust accordingly if medical science advances that to twelve or more years. Factor in the ever decreasing social security budgets, the rising age at whch you can qualify for it, and how poorly many pension funds are currently performing, and the prospects of early retirement seem much slimmer than for the previous few generations.
Any remote management protocol can be exploited if the implementation is bad - regardless of whether it's console style via SSH, web via HTTPS, or a dedicated device management protocol like SNMP or TR-069. Firmware bugs in authentication and exploits aside, it shouldn't matter what protocol you use provided that it is properly authenticated with a non-default password, uses an encrypted protocol, and (most critically of all) access is limited to a specific management network. The trick is to assume things will get broken, then put multiple layers of defence in place so that even when something inevitably does break the rest will keep things secure while you implement a fix - ignoring it is not an option either.
People have been chanting the "defence in depth" mantra for decades, some people have been *doing* it for decades and publishing HOWTO guides to help others do the same, and yet other people are also still getting burned by failing to do it. Ultimately, it's just the consequence of another three way choice where you only get to pick two options; the choices are "cheap", "easy" and "secure", and this is what happens when you don't include "secure" in your selection - cheap and easy both end up going down the toilet as well.
My view too. Janit0r is absolutely a vigilante, but currently BrickerBot (and the less destructive Hajime) are only active "solutions" to the various IoT botnets such as Mirai and, from their posts, I believe (s)he would stand down as soon as more active steps were taken by the vendors, ISPs, and owners. Far from ideal but, until those in a position to do something about it in a less disruptive manner step up to the plate, if that's the only option for the rest of us caught in the firing line, then I'll live with it. Keep calm, and carry on bricking!
As for this specific incident, although Zyxel has to take some blame for shipping broken routers in the first place, I'd say the main culprit here is actually SierraTel, both for their failure to implement secure central management of their modems in the first place, but mostly for failing to learn from Deutsche Telekom's experience and remediating that error, despite having *six months* to do so. Clearly that has now cost them financially and in customer satisfacation, which should hopefully server as a wake up call to anyone else in a similar situation and dragging their feet over deploying a solution. Somehow, I don't think SierraTel is going to be the only ISP to have this kind of problem though.
It really depends on whether Jimmy Wales genuinely wants this to be a neutral news outlet, or just a backdoor way to further his own agendas/beliefs, but time will tell - and pretty quickly I suspect. We currently have a very divisive Republican politician in the White House, so if there's any left wing spin being put on things it's going to become very apparent, very fast, when both Trump's supporters and people who genuinely don't care about the politics try and pull things back towards the middle and (most probably) further right. If/when that happens, and if the site fails to handle it fairly, then it's going to get accused of failing in its core aims and be effectively dead in the water as anything other than another left-wing echo chamber right there and then.
Stunned me too when I got speaking to locals on the earlier aurora orientated photography trips I've done. The very first trip I did, we'd just done a successful all-nighter, which for most of us was the first time we'd ever seen the lights, and were in an Icelandic garage/café getting some breakfast and looking over our images when we got talking with a long distance lorry driver - his response to a question about getting to see the aurora a lot was basically a shrug and "thousands of times, I guess, don't really notice them anymore...". Yep, that'll do it: *minds* *blown*. :)
That said, the AC's analogy below about a really good sunset is probably better than my more direct night sky objects one; they *do* still look, but only when it's a really good display, and after doing many more trips to the Arctic (it can really get under your skin!) I can kind of see why. I've now got a lot of photographs of simple bands of aurora, so unless it's a really nice composition with the background, an unusual colour, or has something else to set it apart, I often don't bother unless I haven't got my camera set up yet and need a few test shots to check I've nailed my focus and the exposure settings are in the ballpark.
Yes, it's a bad solution, and it's undeniably vigilantism as well. But, like democracy, it's still the best (and at present, only) solution we currently have that is working at scale. The Zero Day Initiative typically gives vendors 90 days (3 months) to fix a problem before they go public except in exceptional circumstances, and most credible vendors are OK with that framework. By comparison Mirai hit almost six months before BrickerBot, Hajime, and other such tools were unleashed, and in all that time noone - whether vendors, ISPs, or owners - did much more than shrug, shuffle their feet, and wring their hands.
They collectively took a huge dump in everyone else's bed and then did nothing about it, so that just left people stepping up with their bad solutions and vigilantism to try and clean up the mess. Want to "fix" BrickerBot and Hajime, etc.? Fix your devices, secure your networks, and isolate your devices, as applicable. Just like Mirai and the rest, if they can't root the device, then they can't propogate either, and everyone benefits - in fact, unlike the blackhat authors of malicious botnets, the vigilantes are more likely to shut up shop as soon as there are credible signs of progress being made. Acknowledging the message they are sending is all that is required.
Looking at my firewall logs I think BrickerBot v3.0 may have actually been unleashed on the 18th, not the 20th. There was a huge decline in scanning for port 5358 that started on the 18th, which is now less than half the activity level it was at on the 17th, and less than 15% of the levels it was peaking at prior to BrickerBot v1.0. There are further, but smaller, falls in some of the other typical IoT ports like 2323 that started around the same time as well.
:)
If you're reading, Janit0r (or whatever your current pseudonym is), keep up the good work! Might be worth taking a look at what's going on with Port 81 as well... Just sayin'
Aurora are highly variable objects; they come in many shapes, shades, intensities, speeds they move back and forth across the sky, the speed at which they can appear/disappear, and so on. It's not that they haven't been noticed before, in fact that's how they were identified as being so common - by finding examples captured in previous images of the night sky taken by aurora watchers and similar - it's just that no one has realised they were a distinct form of interaction between particles in the upper atmosphere until now. You've also got to keep in mind that for many people that live in latitudes where aurora are common they're just a fact of life and not all that much more notable than the moon in the night sky, so the chances are pretty high that these jets have been seen on countless occasions, maybe even photographed as well, dismissed as a band/ribbon aurora (not the most photogenic type, and of little interest unless you're new to aurora watching), and that was that.
Try explaining that to the legacy mainstream media dinosaurs that are still busy taking Google to court for spidering, indexing, and linking to their content, despite the debacle of Spain a few years back, and see how far it gets you. Common sense is in short supply in some corners of the Internet, and fairly large corners at that.
I think the law of averages would take care of that. Bandwidth is pretty cheap and the chances are that even if you are constrained by bandwidth, as might be the case with a smaller site on an "xGB/day" hosting plan, then it's more likely to be the case there won't be too many GB of content to spider in the first place. There are always exceptions though, and where there is a real problem there are still going to be workarounds, e.g. explicit opt out clauses for spiders like IA's or, if all else fails, denying access based on User-Agent strings.
It does clearly depend on what effect this might have on the value of "everyone" though. Spidering (for legit purposes and otherwise) is mostly just background noise at present; the real bad actors - cyber criminals - already ignore robots.txt, and not every good actor would significantly benefit from ignoring robots.txt. The only real reasons a good actor might have for ignoring it are for better archiving (as with IA's proposals) or more complete search engine indicies, but if the reason for the content being excluded via robots.txt is that it is highly dynamic, transient, or just fodder for bad robots, then it's of minimal value to search engines anyway. Even if some (or all) of the search engines were to follow IA's lead on this, I think they'd still be looking at balancing that with more intelligence in their spidering just to avoid the risk of cluttering up their databases with broken links and expired data, and that's likely to limit the bandwidth requirements considerably.
IA does still spider, but they seem to use a more nuanced system than the rudimentary "start at /, then recursively follow every link" approach used by more trivial site spider algorithms. Firstly, they don't download an entire site in one go - they spread things out over time to avoid putting large spikes into the traffic pattern which is more friendly for sites that are bandwidth limited and on things like "xGB/month" plans. Secondly, they have a "popularity weighting" system that governs the order they spider and refresh sections of a given site, which is the main reason for the difference between the level of content for popular and less popular sites - although I have no idea whether that's based entirely off something like the site's Alexa ranking or is also weighted against how dynamic the content is (e.g a highly dynamic site like Slashdot would get a bump up the priority, whereas a mostly static reference site might get downgraded). Combine the two approaches and you get the results you are seeing: major web homepages get spidered more or less every day with several levels of links retrieved, while some random personal blog only get spidered every few weeks or more, and only with the homepage and first level or two of links ever getting looked at.
Even more specific robots.txt directive for this instance:
/
.gov and .mil gTLD domains and have not had any problems. They probably will do that (and for their archival purposes it's a good idea in principle), but I think it's only fair to see whether or not they listen to the feedback and provide some specific opt-out policy and technical mechanisms like at least honoring either of the above prior to going live on the rest of the Internet before starting to scream and shout. It's going to be a two-way street anyway because they're going to find a lot more sites that feed multiple-MB of pseudo-random crap to spiders that ignore robots.txt to try and do things like poison spammer's address lists, so it's actually in their best interests to provide an opt-out they honor.
:)
User Agent: ia_archiver
Disallow:
As is often the case, Lauren is going off half-cocked with only part of the story. The IA already has a policy for removal requests (email info@) and is only considering expanding their current position of ignoring robots.txt on sites outside their current "test zone" of the
Besides, it's going to be interesting to see what kind of idiotic crap web admins who should know better think is safely hidden and/or secured because of robots.txt - it's useful to know who is particularly clueless so you can avoid them at all costs.
Actually, this is entirely on ARIN rather than ICANN these days, and they absolutely allow transfer of IPv4 space for money (subject to a few criteria) and have done so for some time as part of their approach to dealing with IPv4 exhaustion. There's also nothing to say that these IPs have never been used by MIT - for all we know they were previously in use but have been freed up as part of MIT's IPv6 rollout - and since Amazon needs IPv4 space for their growing cloud platforms and can clearly afford this many IPs in one go it makes sense for MIT and Amazon to do a deal rather than parcel them out piecemeal to multiple users.
IPv4 space has been a resource with a sell by date for some time; at some point (probably still some way off) IPv6 will gain critical mass and the value of IPv4 space will plummet, but until then its basically a game of chicken against that unpredicatable deadline. You can sell now, and maybe get $10/IP (for suitably large allocations), or you can wait a bit longer and gamble on either making more money for your IP space as people get more desperate, or wiping out because IPv6 has finally taken off and demand for IPv4 space has dropped. MIT could easily have held on to the IPs for a few more years, and would likely have make a lot more as a result, but by doing a deal now they've actually helped Amazon grow their cloud and put the IPs into productive use again. Sure, MIT likely made a lot of money on the deal, but that's still better than having the IP space sitting around doing nothing at all.
Needs an "M" in there for "misleading". MIT hasn't released the entire /8 back to ARIN; AFAICT from whois queries they've transfered a whole bunch of /16s (20+) directly over to Amazon, all of which are above the 18.145.0.0 line. Given the highly non-contiguous allocations across the upper half of the /8 range the most likely cause is that they've received chunk of cash for giving Amazon all the /16s that they were not currently actively using.
They could, and they'll probably get back at BK somehow, but I think the more immediate step for Google (and Amazon, Apple, Microsoft, et al) is going to be to update the code to require it be trained to only work for a limited number of "authorised" voices before it becomes a game of whack-a-mole as every other advertising scumbag inevitably tries to jump on the bandwagon BK has spotted. They wouldn't would their precious customers (AKA "sources of data, and thus revenue") to get the silly idea these device might not be such a good idea afterall, would they?
These idiots all deserve each other, and I hope it turns into the total trainwreck it is shaping up to be.
Oh, yeah. Just in case the author(s) are reading this, for v2.0, you might want to consider looking into the following popular IoT ports as well (there are others, but these are the ones with the most activity):
22 - SSH
2222 - alt. SSH
2323 - alt. Telnet
5358 - Web Services API
6789 - Dahui admin port?
7547 - TR-069 management port
23231 - alt. Telnet
37777 - CCTV port forwarding
You're welcome.
Ordinarily, I'd condemn this kind of vigilante action, but in this instance I'm hardly struggling with it at all. Mirai kicked off in early September 2016. It's now April 2017. That's six full months, almost to the day, that device owners, ISPs, and vendors have had to secure their devices, filter inbound scanning/outbound end-user traffic, and produce update firmware, yet there's very little evidence any of that is happening at scale (shocking, I know), so it's clearly not going to. The rest of us, meanwhile, have been subjected to continual port scanning and DDoS attacks. Taking vulnerable devices out of commission, placing the cost of that on owners and vendors, plus pressure from both on ISPs to start to filter the malicious traffic, is clearly the only approach that is going to work at this point, and might even encourage vendors to put a little more thought into security in future.
Carry on indeed. Hell, post the code like the original Mirai author did - we might as well wrap this up as fast as Mirai and its clones were able ramped up. Open Source, ftw!
Seems fairly likely to be legit, but I dare say we'll get some updated satellite pics shortly. Given only seven fatalities are being claimed by the regime, I'm guessing craters on all the hard stands, hangars, runways, taxiways, fuel silos and other storage facilities, but barracks etc. left standing. Seems pretty targetted and reasonable to me if so.
You keep it in a glorified pressure cooker; the higher thermal difference just means more energy can be reclaimed. I couldn't find a link to the research faculty I read about that was taking it to that extreme some years back (maybe it went nowhere), but this company is doing something similar at a much more routine atmospheric pressure approach at 566C, and this one was working towards a solution closer to boiling point with a storage temp of 1200C.
Salt can work fairly well as an energy storage device in green energy systems that are prone to fluctations in flow like solar and wind. Basically, you use some excess energy to heat up a volume of salt (to around 3000C is typical) then, when the wind drops or night falls, harvest that thermal energy back to provide power as the salt cools. Reheat the salt when your power source returns, and repeat.
True, it is is usually the opposition that uses it at any given time, but why would supporters in power do so? The situation was pretty much reversed from Blair/Brown when it was Thatcher/Major or Cameron/May for instance. Agreed on Labour's chances in a GE though; if nothing else Corbyn has shown some serious issues with the way Labour elects its leaders; when the party members, MPs and unions are not in agreement, the only winners are going to be the other parties, with the LibDems, SNP, and Plaid Cymru most likely to be the main benefactors.
That also probably explains a lot of Theresa May's haste with Brexit and her "good deal or out by default" stance though, despite even Leave saying that defaulting to WTO would be an unmitigated disaster until such time as trade deals could be sorted out - and who knows how long that might take in practice? With Labour on the ropes and the LibDems supposedly planning on running on a Remain manifesto should they get a chance in a GE, she has to close the deal before the next GE or there's a potential that enough people who might want to Remain (either because they have done all along, or because they have reconsidered their choice) deciding that's worth a four year punt on what would most likely end up being a LibDem led coalition to achieve. Not very likely at present, I'll grant you, but who knows what state the UK and EU economies might be in by the time the next GE rolls around?
I think it's a bit of a stretch to expect people in the UK to understand how the EU places people into positions of power, let alone take the time to find out before voting on it, when so many of them clearly don't understand how their own government works. Far too many people don't have a clue even at the most fundamental of levels; every time a PM gets ousted and someone else steps in you get the usual "they were not elected" crap - newsflash - the UK elects a *party* that then gets to put whomever it chooses into 10 Downing Street for the duration of that party's term. Most of them would probably have a heart attack if someone sat them down and explained the real division of power and responsibilities between elected MPs and the unelected career bureaucrats in the Civil Service...
Not necessarily. Scotland has a huge exclusive economic zone by virtue of the Shetlands and Orkneys, so plenty of fishing rights on the back of that (plus all sorts of issues for NE English fishermen if they don't get access rights, since the next place they could drop their nets is well into the North Atlantic), a steadily growing tourist trade, and also the discovery of a new North Sea oil field estimated to contain maybe a billion barrels was announced just a few days ago. Not sure if it'll all add up to a net gain for the EU or not, but they don't have a massive population to subsidize if not, and at the very least it would provide some positive news to help bring the other members of the EU that might be considering their own exits back into the fold.