Possibly. Possibly not. Without detailed knowledge of the precise SCO setup, it's difficult to say for sure, all you can do is take observed data and claims and speculate. Also, keep in mind that there could be multiple load balancers in the mix, the DDoS could have been targetted at an IP address rather than a hostname and so on. It's also possible that they just changed their DNS and stuffed it up.;)
But to give you a more specific reply, rather than the general one. Assume that SCO has two load balancers, one on 216.250.128.12 and the other on 216.250.128.12. Behind one IP is a cluster of web servers on 10.1.0.x and behind the other a second cluster on 10.1.1.x. Each cluster is in a different data center for resiliance. This is a fairly typical setup (my employer uses this on its Intranet, only we have three sites). Now someone launches a DDoS SYN attack against 216.250.128.12, but while the total traffic does not flood the network connection, the amount of SYNs arriving is either enough to down the load balancer, or takes out the webservers behind. You will see precisely the effects we got with SCO; adjacent IPs up, the web server down and SCO screaming blue murder.
Of course, as I said before, that's just supposition based on what's being said and how things can work. It's still entirely possible a significant part of SCOs claims are not exactly what happened of course.
Because only in el cheapo hosting can you make the assumption that two adjacent IPs are on the same switch. It's quite common for high capacity corporate sites to have a load balancer of some kind in front of them that redirects to other IPs that you never see. Some of the more sophisticated devices even fiddle the TTL and other settings so they are totally invisible and what appears to be a single IP could easily be a distributed cluster of servers in every continent of the globe.
Provided that the bandwidth to the load balancer did not get saturated in the DDoS, and the attack was targetted at a specific IP then it is perfectly possible for adjacent IPs to be fine. I and several others pointed this out as a possibility out in the original story and either got modded to oblivion or called idiots for it. C'est la vie.
Yes! I've been trying to find this quote for a while, but it wasn't in the book I thought it was. The following quote is by Leo Laporte in the forward of "Shooting Digital" by Mikkel Aaland:
Mikkel Aaland has worked as an itinerant photographer, making pictures much as his 19th century counterparts must have, in a makeshift studio-on-wheels, capturing images of anyone with a few dollars to spare. After nine years on the road, the result was his 1981 book, "Country Fair Portraits".
Shortly thereafter, another legend, Ansel Adams, told Mikkel that if he were beginning all over again he'd be shooting digital. Mikkel took the great man at his word and became one of the first to use, and write about digital photography.
It's an anecdotal quote, but 1981 is a big year for digital photography as it's when Sony released its first "Mavica", probably the first mass-market digital camera. I'd say that Ansel saw the potential in the technology even then, assuming of course he hadn't already encountered digital imagery from early recon satellites, the SR71 and so on.
Given the amount of work Ansel Adams spent composing his shots, combined with the fact that a large number were of landscapes, especially Yosemite I don't think the resolution of digital would have been a problem. Far from it in fact. I think he'd have simply taken to heart the technique of compositing multiple digital images like this (which, co-incidentally is 1 gigapixel). He'd have then gone on to turn the technique into an artform and written another volume of his seminal book series on the matter.
Or if you include Hybrids 828.3TB owned by the Stanford Linear Accelerator Center. Frankly, I was expecting to see much larger figures than these from academia and large scale research projects, Laurence Livermore for example.
Obviously data collected from places like Arecibo wouldn't lend themselves to this kind of survey, even though it must be vastly larger, but what about storage of particle vectors from nuclear event simulations? I'm guessing that they were either not nominated or declined to be listed on security grounds rather than don't rate high enough. Does anyone have any figures?
the max punishment stated in the law doesnt change to fit the type of court its sitting in, thats not how our system works
To quote The Register (admittedly not the most authoritive source, but it's probably preferable to a PDF link to the actual law): "The Office of the Information Commissioner will enforce the new regulations. Any breaches of enforcement orders issued by the Information Commissioner will be an offence liable to a fine of up to [UKP]5,000 in a magistrate's court, or an unlimited fine if the trial is before a jury." This is not the only instance of this type of thing in UK law either.
The "UKP 5000" quote is a bit misleading since there are basically two types of prosecution under the law; before a magistrate and no jury (I'm not sure what the US equivalent is called, but I know there is one) then the maximum fine is indeed UKP 5000 *per prosecution*. If you go to court proper with a judge and jury then there is no limit on the potential fine. There is also the issue of court costs, but I would expect that if found guilty the spammer would be required to pay in both cases.
Re:Unfortunately much spam originates from the US.
on
UK Spam Law Goes Live
·
· Score: 3, Interesting
While on the one hand this is bad since an "innocent" gets taken to court, but since the "a trojan did it your honour!" plea seems to be the in thing in the UK at the moment that's not too much of a problem. However, raising public awareness of the issue of not patching your system may lead to you been held liable for spam or worse is a good thing.
I'd actually like to see a few people found guilty of this and fined a negligable amount on the grounds they were "less than technically competent" or whatever legal euphemism for "dumb" the court comes up with. Making companies, and even end users, liable for not patching their system could be a good thing all round. The big problem with this though is patch availability; if the patch has been out for months, as in the case of Nimda IIRC, then fair enough. But what happens if the first thing the world knows about a problem is when the worm hits the Internet? Can you guarantee that your judge and jury can tell the difference and pass an appropriate sentence? I suspect the answer is, and will remain for some time, "no".
Agreed, a SYN flood can, and usually would saturate the bandwidth, but it doesn't have to in order to cripple a vulnerable target, and the FTP server being would indicate this to be the situation. Or at least it would if we accept SCO's claims of being under a DDoS based SYN attack as true, which was the premise of my first point.
The problem is (I meant to add this to my original point one but forgot), SYN attack protection is a well known technique. That SCO claims their server was brought down by a SYN attack, when the server has built in protection against it, is evidence that SCO's network admins are idiots.
I think that if your friend's university situation is typical with three computers and only one Internet connected (bet it's analogue dial-up) then your chances of having a DSL infrastructure in place are slim. However, the sheer novelty of actually *having* Internet access, let alone the utility, allows you to consider approaches that would be dismissed out of hand elsewhere. With that in mind, getting computers and local network infrastructure is not going to be your main hurdle. A decent size switch, or even a hub cast off from someone else moving to switches, and some donated PCs (use one as a gateway firewall!) and you are good to go.
If you are happy with sharing the existing Internet access method, then great, connect the modem or whatever to your server, give it a *tight* access policy to keep costs down and off you go. If you need more bandwidth for the extra computers then you have a problem. Since you don't say *where* your friend's University is, it's hard to be specific, I'd assume it's in a major town though. If that's the case, then might need to connect directly to Kampala, or even to one of the adjacent countries, of which Kenya and Tanzania are more likely to have connectivity. For the distances likely to be involved you are most likely going to need to go wireless, and I don't mean 802.11x; take a look at packet radio for a start, it's far cheaper than satellite!
A couple of other ideas: take a look at the various projects around the developed world to bring broadband to isolated communities, try and get in touch with people involved and see if they can help. If telephony is lacking, then would sending the IP over any existing powerlines by viable for example? Document everything on the web; successes, failures, pitfalls, problems that are overcome and how it was done. Sooner or later someone else will try something similar, and even if you fail they can benefit from your experiences.
Finally, (lot's of) good luck! You are going to need it!
The FTP server being up proves nothing. SCO is claiming that they are under a SYN attack, which has a relatively low bandwidth costs, and if targetted purely at their webserver and not exceeding the total bandwidth will leave the FTP site up. Basically, for those that don't know, a SYN attack works by flooding a server with requests for a new session, usually with a spoofed source IP. The server *has* to allocate some resources to this request, respond with a SYN-ACK and wait for the ACK (which never arrives). Enough SYNs (the packets are only a few dozen bytes) and the server will fall over.
So, on those grounds, I'd be prepared to accept that SCO is telling the truth and they are indeed under a DDoS SYN attack against their webserver. However, as normal for SCO, they then go and overcook the situation and claim that their internal network and Intranet has been hit as well. The only possible way this could be the case is if they are using the same server(s) for their public web as their Intranet which is one of the dumbest possible things you could do.
That leaves us with three possibilities:
SCO is simply lying and there is no DDoS at all.
They are telling the truth about the DDoS, but have exaggerated the effects in a sympathy ploy, making themselves *look* clueless.
They are telling the truth about the DDoS and the Intranet, meaning they *are* clueless.
Actually, it makes a lot of sense in the context of Microsoft's closed source, security through obscurity approach. By having patches (if any) come out on a known date each month it allows efficient network admins to plan ahead and have time available to test it and patch their systems. Well, that seems to be the theory anyway.
The obvious downside is what happens when a major new remote root exploit comes out like Blaster. However, in that case the news is all over the tech media at worst, and often the mainstream media as well, so there is nothing to stop Microsoft issuing an "emergency" patch or advisory in that case and have the word get out. Unfortunately, that apparently hasn't stopped them from failing to release a patch for the remote IE exploit announced a fortnight ago.
Seconded on the list seperators; I want this in my email client *yesterday*! Just *why* this idea this has escaped everyone's attention is unbelievable given that it is, in effect, simply an extension of the "thread" view of Usenet clients into the other headings. I'm not too sure about the visualisations though, although I dare say that people who like mind mapping software will orgasm over this.
I've always seen Forking as something of a blessing... it's the abandoned projects are the ones that are in danger.
Two statements, both of which I would agree with, but one thought that occurred to be is how often does one lead to the other? When a project gets forked, you usually get rapid development on two seperate areas, as rivalry (friendly or otherwise) tends to add impetus to both teams, which is great for developers and users alike.
But how often do projects get forked, with both forks initially attracting a reasonable number of users only to have one fork left to languish? There are various possible reasons for this; less users than developer egos need to sustain interest, technical implementation issues, and so on. I can't think of any significant instances where this has happened yet, only smaller ones, but that isn't to say it couldn't happen and a few high profile projects have recently forked that this could happen to.
It's slow and painful enough if you do them from behind with a drill like you are supposed to, but if that's not good enough, then there is always the power sander for the truly discerning and sadistic knee capper. Of course, if anyone can provide some spammers, I'm sure there will be no shortage of volunteers to perform the necessary testing to provide some empirical evidence...
Actually they have multiple means of carrying out the death penalty in Nigeria; firing squad, stoning and hanging I'm fairly sure of, and there maybe others. There was a case recently where a Nigerian who became pregnant after being raped was to be stoned in accordance with the fundamentalist religious law in that part of Nigeria. What was probably a local tribal matter initially somehow managed to acquire the attention of just about the entire world. Even so, it took considerable pressure before the poor woman was released.
Actually, given the probable means of applying the death penalty in Nigeria (stoning), combined with the Nigerian government's efforts to crack down on 419 scams, I rather hope Nigeria *does* have a big say at the conference... I'll be right at the front of the queue for a bag of gravel, and some nice pointy rocks when the first spammers get marched out.
In an ideal world, yes, they should have fought for "linuxgazette.com". Unfortunately this is not and ideal world but the real one, where "linuxgazette.com" is owned by SSC and not the LG volunteers, so they have no rights to it and SSC certainly isn't going to let them use it. So, instead of jerking their readers around the volunteers have registered "linuxgazette.net" and got new content out on schedule, where as SSC still have no new content.
For me, this is the correct course of action; I associate Linux Gazette with a monthly production offering tips, tricks, a news recap and a sprinkling of humour for good measure. It is most definately not some dynamic CMS free-for-all system like SSC want it to be. SSC is hardly demonstrating the community spirit that FOSS is famous for here; they are radically changing the slant of the product, as is their right, but it's not going to be the traditional Linux Gazette that results. It seems to be that the community solution would be for SSC to use linuxgazette.com to provide a pointer to both publications (and Linux Journal too), and allow the old Linux Gazette team to continue their publication on the.net domain.
Hmm. Not a megacorp and catering for a small market... Surely you don't mean SCO? I rather thought they were trying to take our digital future away from us so that we call all join them back in the digital past.
Doesn't surprise me in the slightest. CAIDA has been producing maps like this (essentially maps of the BGP peering route) for a while, and it pretty much breaks down into the same type of diagram every time. Basically, you have the core backbone providers, pretty much all of which peer with each other in numerous places and with multiple links and don't deal with medium ISPs and down at all. Then you have the other "serious" players that peer with large numbers of the big providers and some of the smaller ISPs and major hosting companies like RackSpace. The continues in a series of overlapping "tiers" until you get down to the small fry ISPs, that peer with one or two upstreams providers, and most companies, right out on the periphery.
One thing that might surprise though, is that the likes of Amazon, Google and so on, are usually right out on the edge. These companies don't need hundreds of links, they need reliable links, and that can be obtained by using quality providers and a small number of links.
And there's the thing for me. Between the soaps and quiz shows and now reality shows and Trek going down the pan, I've completely stopped watching TV apart from the odd foray onto one of the 24 hour news channels. I hardly even look at the TV pages anymore; so in effect they've lost me as a viewer for the forseable future. Many other geeks I know are at varying stages of the same change; favorite shows off-air, nothing decent to replace them. Many of them are finding interesting *outdoor* hobbies to replace them, often with a technical slant.
Keep it up Fox! At this rate it's going to be the geeks that are the buff and tanned ones with a life, while everyone else sits at home drooling into their six packs.
It's more specific than that. I think this may be a quirk of Norwegian law specifically, and I've certainly not come across it elsewhere in Western Europe. In the UK, IIRC, I'm fairly certain that you cannot be retried for the same crime if found innocent by a jury. There is kind of an exception if a mistrial is declared, but I don't think the jury in a mistrial actually gets to pass a judgement.
I couldn't agree more. Unfortunately in a move that I can only class as idiocy he's just released details on breaking Apple's iTunes admittedly rather weak DRM system. It's almost a given that the defense lawyers that were doing the high-fives as they realised they could use this a proof of Johansen's blatant disregard for copyright. I mean, seriously, would it *really* have hurt to have waited another couple of weeks to see how things went in the retrial?
I wish him luck in the trial, and boy do I think he's going to need it now.
Yeah, and when the BBC performs its next periodic update of the timeline they will update this to read either "2004" or "2008" depending on which side of the upcoming US Presidential elections they update.
Assuming they didn't get it right the first time and that there actually is a 2004 Presidential election of course.
Slashdot Mirror
But to give you a more specific reply, rather than the general one. Assume that SCO has two load balancers, one on 216.250.128.12 and the other on 216.250.128.12. Behind one IP is a cluster of web servers on 10.1.0.x and behind the other a second cluster on 10.1.1.x. Each cluster is in a different data center for resiliance. This is a fairly typical setup (my employer uses this on its Intranet, only we have three sites). Now someone launches a DDoS SYN attack against 216.250.128.12, but while the total traffic does not flood the network connection, the amount of SYNs arriving is either enough to down the load balancer, or takes out the webservers behind. You will see precisely the effects we got with SCO; adjacent IPs up, the web server down and SCO screaming blue murder.
Of course, as I said before, that's just supposition based on what's being said and how things can work. It's still entirely possible a significant part of SCOs claims are not exactly what happened of course.
Provided that the bandwidth to the load balancer did not get saturated in the DDoS, and the attack was targetted at a specific IP then it is perfectly possible for adjacent IPs to be fine. I and several others pointed this out as a possibility out in the original story and either got modded to oblivion or called idiots for it. C'est la vie.
Given the amount of work Ansel Adams spent composing his shots, combined with the fact that a large number were of landscapes, especially Yosemite I don't think the resolution of digital would have been a problem. Far from it in fact. I think he'd have simply taken to heart the technique of compositing multiple digital images like this (which, co-incidentally is 1 gigapixel). He'd have then gone on to turn the technique into an artform and written another volume of his seminal book series on the matter.
Obviously data collected from places like Arecibo wouldn't lend themselves to this kind of survey, even though it must be vastly larger, but what about storage of particle vectors from nuclear event simulations? I'm guessing that they were either not nominated or declined to be listed on security grounds rather than don't rate high enough. Does anyone have any figures?
To quote The Register (admittedly not the most authoritive source, but it's probably preferable to a PDF link to the actual law): "The Office of the Information Commissioner will enforce the new regulations. Any breaches of enforcement orders issued by the Information Commissioner will be an offence liable to a fine of up to [UKP]5,000 in a magistrate's court, or an unlimited fine if the trial is before a jury." This is not the only instance of this type of thing in UK law either.
The "UKP 5000" quote is a bit misleading since there are basically two types of prosecution under the law; before a magistrate and no jury (I'm not sure what the US equivalent is called, but I know there is one) then the maximum fine is indeed UKP 5000 *per prosecution*. If you go to court proper with a judge and jury then there is no limit on the potential fine. There is also the issue of court costs, but I would expect that if found guilty the spammer would be required to pay in both cases.
I'd actually like to see a few people found guilty of this and fined a negligable amount on the grounds they were "less than technically competent" or whatever legal euphemism for "dumb" the court comes up with. Making companies, and even end users, liable for not patching their system could be a good thing all round. The big problem with this though is patch availability; if the patch has been out for months, as in the case of Nimda IIRC, then fair enough. But what happens if the first thing the world knows about a problem is when the worm hits the Internet? Can you guarantee that your judge and jury can tell the difference and pass an appropriate sentence? I suspect the answer is, and will remain for some time, "no".
The problem is (I meant to add this to my original point one but forgot), SYN attack protection is a well known technique. That SCO claims their server was brought down by a SYN attack, when the server has built in protection against it, is evidence that SCO's network admins are idiots.
If you are happy with sharing the existing Internet access method, then great, connect the modem or whatever to your server, give it a *tight* access policy to keep costs down and off you go. If you need more bandwidth for the extra computers then you have a problem. Since you don't say *where* your friend's University is, it's hard to be specific, I'd assume it's in a major town though. If that's the case, then might need to connect directly to Kampala, or even to one of the adjacent countries, of which Kenya and Tanzania are more likely to have connectivity. For the distances likely to be involved you are most likely going to need to go wireless, and I don't mean 802.11x; take a look at packet radio for a start, it's far cheaper than satellite!
A couple of other ideas: take a look at the various projects around the developed world to bring broadband to isolated communities, try and get in touch with people involved and see if they can help. If telephony is lacking, then would sending the IP over any existing powerlines by viable for example? Document everything on the web; successes, failures, pitfalls, problems that are overcome and how it was done. Sooner or later someone else will try something similar, and even if you fail they can benefit from your experiences.
Finally, (lot's of) good luck! You are going to need it!
So, on those grounds, I'd be prepared to accept that SCO is telling the truth and they are indeed under a DDoS SYN attack against their webserver. However, as normal for SCO, they then go and overcook the situation and claim that their internal network and Intranet has been hit as well. The only possible way this could be the case is if they are using the same server(s) for their public web as their Intranet which is one of the dumbest possible things you could do.
That leaves us with three possibilities:
- SCO is simply lying and there is no DDoS at all.
- They are telling the truth about the DDoS, but have exaggerated the effects in a sympathy ploy, making themselves *look* clueless.
- They are telling the truth about the DDoS and the Intranet, meaning they *are* clueless.
Take your pick!The obvious downside is what happens when a major new remote root exploit comes out like Blaster. However, in that case the news is all over the tech media at worst, and often the mainstream media as well, so there is nothing to stop Microsoft issuing an "emergency" patch or advisory in that case and have the word get out. Unfortunately, that apparently hasn't stopped them from failing to release a patch for the remote IE exploit announced a fortnight ago.
I'd guess we'd have to call it "Linux for Workbenches".
Seconded on the list seperators; I want this in my email client *yesterday*! Just *why* this idea this has escaped everyone's attention is unbelievable given that it is, in effect, simply an extension of the "thread" view of Usenet clients into the other headings. I'm not too sure about the visualisations though, although I dare say that people who like mind mapping software will orgasm over this.
Two statements, both of which I would agree with, but one thought that occurred to be is how often does one lead to the other? When a project gets forked, you usually get rapid development on two seperate areas, as rivalry (friendly or otherwise) tends to add impetus to both teams, which is great for developers and users alike.
But how often do projects get forked, with both forks initially attracting a reasonable number of users only to have one fork left to languish? There are various possible reasons for this; less users than developer egos need to sustain interest, technical implementation issues, and so on. I can't think of any significant instances where this has happened yet, only smaller ones, but that isn't to say it couldn't happen and a few high profile projects have recently forked that this could happen to.
It's slow and painful enough if you do them from behind with a drill like you are supposed to, but if that's not good enough, then there is always the power sander for the truly discerning and sadistic knee capper. Of course, if anyone can provide some spammers, I'm sure there will be no shortage of volunteers to perform the necessary testing to provide some empirical evidence...
Actually they have multiple means of carrying out the death penalty in Nigeria; firing squad, stoning and hanging I'm fairly sure of, and there maybe others. There was a case recently where a Nigerian who became pregnant after being raped was to be stoned in accordance with the fundamentalist religious law in that part of Nigeria. What was probably a local tribal matter initially somehow managed to acquire the attention of just about the entire world. Even so, it took considerable pressure before the poor woman was released.
Actually, given the probable means of applying the death penalty in Nigeria (stoning), combined with the Nigerian government's efforts to crack down on 419 scams, I rather hope Nigeria *does* have a big say at the conference... I'll be right at the front of the queue for a bag of gravel, and some nice pointy rocks when the first spammers get marched out.
For me, this is the correct course of action; I associate Linux Gazette with a monthly production offering tips, tricks, a news recap and a sprinkling of humour for good measure. It is most definately not some dynamic CMS free-for-all system like SSC want it to be. SSC is hardly demonstrating the community spirit that FOSS is famous for here; they are radically changing the slant of the product, as is their right, but it's not going to be the traditional Linux Gazette that results. It seems to be that the community solution would be for SSC to use linuxgazette.com to provide a pointer to both publications (and Linux Journal too), and allow the old Linux Gazette team to continue their publication on the .net domain.
Hmm. Not a megacorp and catering for a small market... Surely you don't mean SCO? I rather thought they were trying to take our digital future away from us so that we call all join them back in the digital past.
One thing that might surprise though, is that the likes of Amazon, Google and so on, are usually right out on the edge. These companies don't need hundreds of links, they need reliable links, and that can be obtained by using quality providers and a small number of links.
Keep it up Fox! At this rate it's going to be the geeks that are the buff and tanned ones with a life, while everyone else sits at home drooling into their six packs.
It's more specific than that. I think this may be a quirk of Norwegian law specifically, and I've certainly not come across it elsewhere in Western Europe. In the UK, IIRC, I'm fairly certain that you cannot be retried for the same crime if found innocent by a jury. There is kind of an exception if a mistrial is declared, but I don't think the jury in a mistrial actually gets to pass a judgement.
I wish him luck in the trial, and boy do I think he's going to need it now.
Assuming they didn't get it right the first time and that there actually is a 2004 Presidential election of course.