It's almost as if: - Users of large distribution lists don't know how to avoid having people reply (even if they use reply-all) to an email sent to many (e.g. > 100) recipients to all recipients, for example by putting the large distribution list in BCC instead of To - Many recipients of emails sent to large distribution lists are very slow learners and also seem to think that receiving one unnecessary email is worth complaining about - Email admins have forgotten about moderated mailing lists, and haven't ensured their users are educated on the points above
Yes, the IT section (500 people) of our large ICT company has also had this happen twice in the past 5 years. You would think people in IT would know better..
"When I give personal info to FB or Google or whoever I make the decision to do so, and I know what I've told them."
Really? Th8s is exactly the double standard. You *think* that because you don't use facebook that they don't know about you. But, every Facebook 'like' button on any website you use is tracking you. Using this information, and correlating visits to various sites by non-Facebook users and Facebook users, Facebook probably already has a profile on you and can determine to some degree your interests, friends, associates.
Why do you think various big players are interested in LetsEncrypt? They can track you with SSL everywhere while others can't. You are giving them more exclusive access to everything you do.
"When the telcos vacuum up my info they grab everything without even asking."
How do you know this? Regardless of what information they collect, the better question is, what protections do they provide? Since this is a European Telco, they would have some decent privacy protections in place (which Facebook and Google have violated).
Of course you Americsn don't seem to think a universal privacy law is required, the FCC is considering imposing restrictions on ISPs, but to anyone else you are fair game.
In many other countries, there are wider laws that cover all industries and regulate the storing and processing of private information. If you had something like this, you wouldn't have any irrational fears that ISPs track you more than Facebook, and everyone would have more privacy from the likes of Facebook and Google.
But can the telco do analytics on call patterns to provide data to companies who would be interested in knowing, say how many telephone subscribers aged 20-30 in a specific area call fast-food numbers more than once a week.
Pay residents (or even better, just ask rabid supporters of one party amd tell them they can help their party win) of different voting districts to register and then do the 'needful' on voting day.
Considering recent fraud operations ny syndicates have managed to withdraw funds from 1400 ATMs in 2 hours (e.g. http://money.cnn.com/2016/05/2...) it really shouldn't be significantly more difficult to swing an election result.
From what I can see, the Logitech G930 headphones seem seem to work out-the-box (but you may not have known where to look) although maybe missing some features:
I have used linux on an IBM Thinkpad, a Dell Inspiron, and 4 HP laptops of various lines, and this is the full list of hardware that didn't work: - One TV tuner - The fingerprint reader on at least 1 laptops (one other laptop with fingerprint reader worked). I haven't checked if there is a solution for the newer fingerprint readers.
All have suspended/resumed adequately compared to their behaviour under Windows. WiFi worked out-the-box except for one that required extraction of the firmware from the Windows driver (didn't require any command line though).
My current laptop has a Windows partition that gets almost no use, my usual linux distro, and an installation of RHEL7.2. The installation of my normal distro suspends fine, but the RHEL7.2 installation won't suspend. So, there may be differences such as this between distros depending on their focus.
"AT&T and Comcast have both had 20 years, *two* decades, an *entire generation* to roll out their own fiber, but they didn't, because they're a monopoly"
The fact that FTTH only became financially viable in the past 10 years has nothing to do with them not rolling out FTTH before that...
I didn't read the details of the attack, but if it was using UDP DNS requests the source IPs could have been spoofed (if they originate from networks that don't have uRPF enabled).
In that case, their transit providers would only be able to identify them by traffic patterns on their circuits, or by more in-depth analysis if the provider can afford to run IPFIX/Netflow analysis on all their traffic.
"But on the IPv6 network, you have the potential to have thousands of DNS servers, or even multicast/anycast addresses for DNS servers."
Most large DNS deployments already use IP Anycast on IPv4.
For example, Google's public recursive DNS (8.8.4.4, 8.8.8.8) uses IP Anycast. Most DNS root servers use IP Anycast.
There are two main benefits to IP Anycast, but the most relevant is allowing the distribution of an IP address over multiple geographic location, which allows lower latency, but also limits the number of attackers who can attack a specific deployment.
"Good, because 802.1x isn't MAC authentication, so MAC spoofing is unrelated to that topic. "
My mention of MAC spoofing was with reference to using port security instead of 802.1x (to avoid outages when your radius server is down).
"And your solution of active/active load balancers still leaves you with a single point of failure. Active/active, by definition, has a single configuration across the devices. So one typo on one device can take down both. Back to a single point of failure."
Active-active load balancers are one means of achieving active-active setups, IP anycast is another (more applicable to stateless services). Which one you use may depend on the application.
But this discussion started out about preventing failures due to equipment failure. If you employ idiots (who can't implement a GLBP change correctly the first time or test it on a non-customer affecting environment) then of course there is no way you can offer SLAs.
"What's your redundancy? HSRP? What happens when someone spoofs your VIP/virtual MAC? Everything is down. I've seen large offices taken down becuase they used 192.168.1.1 as an important device, and someone plugged in a home router under their desk as an AP, causing a conflict that took down a "redundant" network."
Why would you trunk your service VLANs to your user access switches?
You don't need to do 802.1x for distribution or server switches, you can just do port security (slightly higher admin overhead for ports on really important places). It might not prevent MAC spoofing being an issue, but surely you would physically secure switches which carry 'production' VLANs.
Even if you had a failure in one layer 2 domain, you surely have your critical services active-active across geographically redundant sites (using IP anycast if you can, or a geographic load balancer like F5s BigIP GTM) with 5-second or less failover, that share no single points of failure (e.g. multiple route reflectors, multiple peering points, multiple links to each multiple transit providers).
(And I'm not involved in networking in our team, I look after servers and applications).
"The definition makes no distinction between tangible and intellectual property, and a thief is simply a person who steals."
Which is why, after the invention of the printing press, a new term was created for those who were given permission to steal copies of an author's work using this device, thieveryright.
Right?
Wrong. The English Language does not therefore define theft as the unauthorised copying of a work that is already being distributed (for a fee) to the public.
According to the development page (https://wiki.mageia.org/en/Mageia_6_Development), the last ISO was the stabilisation (aka beta) snapshot 1 (sta1), there should be another snapshot this month, and after that there should be an RC.
Sure, maybe Fortinet has market share in the "internet backbone" business, of you consider firewalls to be the backbone of the internet.
However, most people consider routers to be the backbone of the internet, and in that segment the players are (in approximate order of market share) Cisco, Juniper, Alcatel-Lucent/Nokia, Huawei, Extreme Networks (and then the other 4).
High-end firewalls can handle about 100Gbps peak, fully-specced core routers can route in region of 10Tbps (depending on which vendor) or more.
Regarding availability of earphones with aptX support, most mainstream Android phone makers (Samsung, Sony, LG etc.) and the high-end audio brands (e.g. Sennheiser, Yamaha) have at least one pair listed, but a lot of the other bluetooth headset brands (Jabra, Skullcandy etc.) don't seem to have any listed on the AptX site.
Lots of Bluetooth soeakers and portable bluetooth speakers to choose from though.
And AptX is available on at least the Samsung Galaxy S3 and newer (https://www.aptx.com/products?field_product_brand_tid=12&field_product_category_tid=126), but still not on any Apple devices.
Works nicely withy S6 and the August EP-650 bluetooth headphones (which I also use on my linux desktop and was painless to use).
In our service-provider environment, about 1/3rd of all our services have been migrated to RHEL7 (about 120 VMs) so far. I haven't had a single problem with systemd.
I am actually requiring specific motivation from any team wanting to run RHEL6, because system means 1)less divergence from upstream, 2)portability between distros
Any decent config managrment system should be able to handle systemd vs sysvinit (ansible does). But then sysvinit scripts will work just fine on RHEL7 with the same commands.
And if they are trying some form of packet inspection, good luck doing that on an encrypted HTTPS YouTube stream.
The 3 leading DPI platforms currently have no problem identifying Youtube over HTTPS. I think most of them use the certificate exchange to do so at present. Encrypted certificate exchange which is being considered as an enhancement to HTTP2 may prevent this.
The two most common ways to track usage (in DSL/fibre networks, I am not that familiar with cabke) are: - RADIUS accounting from the BNG where the PPP (e.g. PPPoE) session terminates - From a DPI-basen in-line system (3GPP terminology is 'PCEF'). This can also typically be used from enabling transparent caching (but that can also be done with e.g. WCCP on a router in-linr IIRC, but DPI can make better decisions on what traffic to send to caches).
But, typically there isn't authentication involved with accessing transparent caches...
All the different distributions of Linux combined with no user friendly way of keeping the latest patches installed is just asking to be trouble.
All the distros I have used have had both n00b-friendly and cli-autobatible options for installing updates for more than a decade. E.g. red icon pops up in systray, click it to see what updates are available, deselect some if you need to defer restarting something, click the update button. and carry on with what you were doing. If a kernel or very common lubrary update was installed, you're informed at the end that you should reboot and you are asked if you want to reboot or do it yourself later.
I don't know how it could be any more user friendly.
Well try running a whole enterprise with clustering, eSAN storage, virtual switching, failovers, cloud integration for backups, expiring VM's, auditing for infosec, ability to move the VM's anywhere, and command line tools to automate tens of thousands of virtual servers all on virtualbox and let me see how far you get?
Why would I do that when i could just use ovirt, or the commercially supported version that is faster and significantly cheaper with 90% feature parity to vSphere Enterprise Plus, Red Hat Enterprise Virtualisation (RHEV)?
Since they provide GPL copyright notices in their products pertaining to 3rd-party components that they distribute to others legal entities, they have agreed to it or are guilty of copyright infringement.
Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released.
Why hasn't anyone sued Oracle then? Oh right, this is obviously false and you are trolling.
Although we had planned for no one outside of this company to ever use, let alone see the source code, we were now put in a difficult position.
Yes, that of explaining how you paid lawyers who don't understand the word 'distribute'.
Slashdot Mirror
It's almost as if:
- Users of large distribution lists don't know how to avoid having people reply (even if they use reply-all) to an email sent to many (e.g. > 100) recipients to all recipients, for example by putting the large distribution list in BCC instead of To
- Many recipients of emails sent to large distribution lists are very slow learners and also seem to think that receiving one unnecessary email is worth complaining about
- Email admins have forgotten about moderated mailing lists, and haven't ensured their users are educated on the points above
Yes, the IT section (500 people) of our large ICT company has also had this happen twice in the past 5 years. You would think people in IT would know better ..
"When I give personal info to FB or Google or whoever I make the decision to do so, and I know what I've told them."
Really? Th8s is exactly the double standard. You *think* that because you don't use facebook that they don't know about you. But, every Facebook 'like' button on any website you use is tracking you. Using this information, and correlating visits to various sites by non-Facebook users and Facebook users, Facebook probably already has a profile on you and can determine to some degree your interests, friends, associates.
Why do you think various big players are interested in LetsEncrypt? They can track you with SSL everywhere while others can't. You are giving them more exclusive access to everything you do.
"When the telcos vacuum up my info they grab everything without even asking."
How do you know this? Regardless of what information they collect, the better question is, what protections do they provide? Since this is a European Telco, they would have some decent privacy protections in place (which Facebook and Google have violated).
Of course you Americsn don't seem to think a universal privacy law is required, the FCC is considering imposing restrictions on ISPs, but to anyone else you are fair game.
In many other countries, there are wider laws that cover all industries and regulate the storing and processing of private information. If you had something like this, you wouldn't have any irrational fears that ISPs track you more than Facebook, and everyone would have more privacy from the likes of Facebook and Google.
fuck the telcos.
But can the telco do analytics on call patterns to provide data to companies who would be interested in knowing, say how many telephone subscribers aged 20-30 in a specific area call fast-food numbers more than once a week.
Pay residents (or even better, just ask rabid supporters of one party amd tell them they can help their party win) of different voting districts to register and then do the 'needful' on voting day.
Considering recent fraud operations ny syndicates have managed to withdraw funds from 1400 ATMs in 2 hours (e.g. http://money.cnn.com/2016/05/2...) it really shouldn't be significantly more difficult to swing an election result.
Gnome15 (https://gnome15.org/features/overview/) may do what you want with similar investments of time.
From what I can see, the Logitech G930 headphones seem seem to work out-the-box (but you may not have known where to look) although maybe missing some features:
http://blog.brendel.com/2011/0...
For the keyboard, did you try g15daemon? See e.g. https://ubuntuforums.org/showt...
"Mercedes are just Kia's with 'gimmicks'? How can you completely dismiss the user experience?"
Kia's have the same (or better emgines), transmission, wheels, brakes and the rest of the transmission as a Mercedes? I didn't know that ...
I have used linux on an IBM Thinkpad, a Dell Inspiron, and 4 HP laptops of various lines, and this is the full list of hardware that didn't work:
- One TV tuner
- The fingerprint reader on at least 1 laptops (one other laptop with fingerprint reader worked). I haven't checked if there is a solution for the newer fingerprint readers.
All have suspended/resumed adequately compared to their behaviour under Windows. WiFi worked out-the-box except for one that required extraction of the firmware from the Windows driver (didn't require any command line though).
My current laptop has a Windows partition that gets almost no use, my usual linux distro, and an installation of RHEL7.2. The installation of my normal distro suspends fine, but the RHEL7.2 installation won't suspend. So, there may be differences such as this between distros depending on their focus.
"AT&T and Comcast have both had 20 years, *two* decades, an *entire generation* to roll out their own fiber, but they didn't, because they're a monopoly"
The fact that FTTH only became financially viable in the past 10 years has nothing to do with them not rolling out FTTH before that ...
I didn't read the details of the attack, but if it was using UDP DNS requests the source IPs could have been spoofed (if they originate from networks that don't have uRPF enabled).
In that case, their transit providers would only be able to identify them by traffic patterns on their circuits, or by more in-depth analysis if the provider can afford to run IPFIX/Netflow analysis on all their traffic.
"But on the IPv6 network, you have the potential to have thousands of DNS servers, or even multicast/anycast addresses for DNS servers."
Most large DNS deployments already use IP Anycast on IPv4.
For example, Google's public recursive DNS (8.8.4.4, 8.8.8.8) uses IP Anycast. Most DNS root servers use IP Anycast.
There are two main benefits to IP Anycast, but the most relevant is allowing the distribution of an IP address over multiple geographic location, which allows lower latency, but also limits the number of attackers who can attack a specific deployment.
"Good, because 802.1x isn't MAC authentication, so MAC spoofing is unrelated to that topic. "
My mention of MAC spoofing was with reference to using port security instead of 802.1x (to avoid outages when your radius server is down).
"And your solution of active/active load balancers still leaves you with a single point of failure. Active/active, by definition, has a single configuration across the devices. So one typo on one device can take down both. Back to a single point of failure."
Active-active load balancers are one means of achieving active-active setups, IP anycast is another (more applicable to stateless services). Which one you use may depend on the application.
But this discussion started out about preventing failures due to equipment failure. If you employ idiots (who can't implement a GLBP change correctly the first time or test it on a non-customer affecting environment) then of course there is no way you can offer SLAs.
"What's your redundancy? HSRP? What happens when someone spoofs your VIP/virtual MAC? Everything is down. I've seen large offices taken down becuase they used 192.168.1.1 as an important device, and someone plugged in a home router under their desk as an AP, causing a conflict that took down a "redundant" network."
Why would you trunk your service VLANs to your user access switches?
You don't need to do 802.1x for distribution or server switches, you can just do port security (slightly higher admin overhead for ports on really important places). It might not prevent MAC spoofing being an issue, but surely you would physically secure switches which carry 'production' VLANs.
Even if you had a failure in one layer 2 domain, you surely have your critical services active-active across geographically redundant sites (using IP anycast if you can, or a geographic load balancer like F5s BigIP GTM) with 5-second or less failover, that share no single points of failure (e.g. multiple route reflectors, multiple peering points, multiple links to each multiple transit providers).
(And I'm not involved in networking in our team, I look after servers and applications).
"The definition makes no distinction between tangible and intellectual property, and a thief is simply a person who steals."
Which is why, after the invention of the printing press, a new term was created for those who were given permission to steal copies of an author's work using this device, thieveryright.
Right?
Wrong. The English Language does not therefore define theft as the unauthorised copying of a work that is already being distributed (for a fee) to the public.
According to the development page (https://wiki.mageia.org/en/Mageia_6_Development), the last ISO was the stabilisation (aka beta) snapshot 1 (sta1), there should be another snapshot this month, and after that there should be an RC.
This matches what I see on my closest mirror.
Sure, maybe Fortinet has market share in the "internet backbone" business, of you consider firewalls to be the backbone of the internet.
However, most people consider routers to be the backbone of the internet, and in that segment the players are (in approximate order of market share) Cisco, Juniper, Alcatel-Lucent/Nokia, Huawei, Extreme Networks (and then the other 4).
High-end firewalls can handle about 100Gbps peak, fully-specced core routers can route in region of 10Tbps (depending on which vendor) or more.
Left out the link for the August EP-650s:
https://www.aptx.com/products/...
Regarding availability of earphones with aptX support, most mainstream Android phone makers (Samsung, Sony, LG etc.) and the high-end audio brands (e.g. Sennheiser, Yamaha) have at least one pair listed, but a lot of the other bluetooth headset brands (Jabra, Skullcandy etc.) don't seem to have any listed on the AptX site.
Lots of Bluetooth soeakers and portable bluetooth speakers to choose from though.
And AptX is available on at least the Samsung Galaxy S3 and newer (https://www.aptx.com/products?field_product_brand_tid=12&field_product_category_tid=126), but still not on any Apple devices.
Works nicely withy S6 and the August EP-650 bluetooth headphones (which I also use on my linux desktop and was painless to use).
In our service-provider environment, about 1/3rd of all our services have been migrated to RHEL7 (about 120 VMs) so far. I haven't had a single problem with systemd.
I am actually requiring specific motivation from any team wanting to run RHEL6, because system means 1)less divergence from upstream, 2)portability between distros
Any decent config managrment system should be able to handle systemd vs sysvinit (ansible does). But then sysvinit scripts will work just fine on RHEL7 with the same commands.
And if they are trying some form of packet inspection, good luck doing that on an encrypted HTTPS YouTube stream.
The 3 leading DPI platforms currently have no problem identifying Youtube over HTTPS. I think most of them use the certificate exchange to do so at present. Encrypted certificate exchange which is being considered as an enhancement to HTTP2 may prevent this.
ISPs don't use proxies for that.
The two most common ways to track usage (in DSL/fibre networks, I am not that familiar with cabke) are:
- RADIUS accounting from the BNG where the PPP (e.g. PPPoE) session terminates
- From a DPI-basen in-line system (3GPP terminology is 'PCEF'). This can also typically be used from enabling transparent caching (but that can also be done with e.g. WCCP on a router in-linr IIRC, but DPI can make better decisions on what traffic to send to caches).
But, typically there isn't authentication involved with accessing transparent caches ...
All the different distributions of Linux combined with no user friendly way of keeping the latest patches installed is just asking to be trouble.
All the distros I have used have had both n00b-friendly and cli-autobatible options for installing updates for more than a decade. E.g. red icon pops up in systray, click it to see what updates are available, deselect some if you need to defer restarting something, click the update button. and carry on with what you were doing. If a kernel or very common lubrary update was installed, you're informed at the end that you should reboot and you are asked if you want to reboot or do it yourself later.
I don't know how it could be any more user friendly.
Well try running a whole enterprise with clustering, eSAN storage, virtual switching, failovers, cloud integration for backups, expiring VM's, auditing for infosec, ability to move the VM's anywhere, and command line tools to automate tens of thousands of virtual servers all on virtualbox and let me see how far you get?
Why would I do that when i could just use ovirt, or the commercially supported version that is faster and significantly cheaper with 90% feature parity to vSphere Enterprise Plus, Red Hat Enterprise Virtualisation (RHEV)?
"Did Vmware actually agree to the GPL?"
Since they provide GPL copyright notices in their products pertaining to 3rd-party components that they distribute to others legal entities, they have agreed to it or are guilty of copyright infringement.
Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released.
Why hasn't anyone sued Oracle then? Oh right, this is obviously false and you are trolling.
Although we had planned for no one outside of this company to ever use, let alone see the source code, we were now put in a difficult position.
Yes, that of explaining how you paid lawyers who don't understand the word 'distribute'.