When all the content that is effectively obtainable is distributed by a select few, you have little choice.
Sure I'm sure there are a bunch of great indies out there. Just finding out about them isn't easy and unless you have a lot of YOUR time to invest in research it's a pain. I know I usually complain that others don't do enough research [re: buying computer gear] but we have to have priorities. Do I spend all day making good use of my research gear or finding that awesome acoustic track? At some point culture will be more important as a whole I guess...
Doesn't help though to have payola going on all the time. There was a time when MPAA/RIAA partners became rich and famous for THEIR TALENT. At one point though they just started using their fortunes to corrupt the system, payola, DRM and lawsuits are just their "modern" tricks.
There are very few bands today, at least under the superstar "description" that have 1/8th the talent as say the Beatles, The Who, The Monkeys, etc. And I'm only 24 so those bands were long gone before I was even born!
When all you hear is titney spears and her band of whore friends you have no choice but to either accept it or do without.
which is one of the major problems with DDoS. If I *know* that a packet from 24.68.77.15 is actually from 24.68.77.15 then I can hold them accountable [because ignorance is no defense btw].
Once people take their security seriously [or serious enough to get 15 minutes of training] then we're all set.
I mean in this day and age where everything is done over the net, why do you need training to drive a car but zero to own a high performance desktop with a crazy amount of bandwidth?
I'm not saying we should have computer licenses. Mostly just that you should be held reasonably accountable for the actions of your computer. This would have to draw lines in the sand and what not because obviously shit like 0-days happen. But the amount of people who don't patch or fix problems is tremendous and that is why botnets work in the first place!
What does an WinXP or MacOS CD come with that you need and that a Linux Distro doesn't have?
I have to install cygwin, msvc, mplayer, gaim, openoffice, etc before my windows box is of any use. That takes time and effort. Certainly no easier than "emerge gaim"...
If you find a stock WinXP CD "useful" then so be it. But I know a lot of people who would say otherwise.
Well I bet you I could misuse CHM too. Big deal. If you use the tools properly PDF is a very useful format. My math text is ~300 pages and is only 1.4MB as a PDF. That includes all the fonts, layout and text itself. It renders the same on my Linux boxes as it does on my PocketPC, Win32 and other boxes... No worrying if I have the "right" version of Sans Serif handy.
Most ebooks are images because yeah they print driver them or they're done that way on purpose to avoid piracy [e.g. copy/pasting].
Reflow only works on text. Which is why it probably didn't work for you.
I violently agree with what essentially we are both saying! hahahaha.
Yeah, admitedly it would be ideal to do the PF matching in hardware to reduce latency. Hell, I'd be for just doing it in the modems themselves. Make the damn thing locked and most zombie'ed machines wouldn't be able to work around it.
But that's costly as millions of people have modems already. There are fewer gateways than there are modems so...
This is just like the spam problem. A simple solution is hashcash but nobody seems to want to actually implement it. Oh well.
Why not? They already do it. Try inventing your own protocol stacked on 802.3 and get it routed through your ISPs network. Won't happen [or at least shouldn't].
Filtering based on IP src address is not a bad idea given how easy it is to abuse. There are few legitimate reasons you would spoof a src IP anyways.
And before you start jumping up and down about millions of customers, most ISPs have local gateways for a limited subset of customers. I'm in a/24. So there are at most 253 other people in this subnet. A single decent Opteron or Xeon box could handle a trivial PF rule [e.g. must be from the same/24] that would make spoofing irrelevant.
ISP. It's actually a really simple iptables or PF filter. On the gateway that serves [say] 70.8.4.0/24, you just reject all packets where the src address doesn't match.
If you want to get more fancy you could make sure ip associates with the MAC address. But generally if you can track a DDoS participant to an ISP gateway you can narrow it down from there if it's still active [or if you keep stats].
E.g. your address is 70.3.44.8, if your IP packets don't have that in the src address then null-route the sucker. Boom, no more anonymous DDoS as the zombies will be trackable and then can be held accountable.
A raw socket is basically an IP socket where you get to form the IP header and payload however you want. You can then send things like ICMP packets with the incorrect src address. Or you can issue TCP connect requests with the wrong address, etc...
Running httpd on port 81 is still a TCP/IP socket. You'd be sending out a valid src address and the like.
Yeah, shoplifting is a minor [in terms of violence] crime but it too is a short step from shoplifting with a knife or a gun. Deviant behaviour has to be curbed before it gets too "routine" for the offender. At the point where they have no moral compunction with DoS'ing for no-profit, they'll make the switch.
Frankly, "intent" aside if you did it you did it. If I rob a store, I may not intend to give the clerk a heart attack, but I did it just the same. Why shouldn't I be help accountable for it?
And again, example. They want [and should] be very strict because it can send an example that if you do this stuff there are very real consequences. Sure, it may not work against the truly dedicated [hello war on drugs] but if it's enough to scare off random script kiddies I'm all for it.
And no, I'm not for jail-time in all cases. Getting a red flag next to your identity [e.g. no personal net access] would be enough in my books. Not mitnick style though. I think you should be able to work [in the less extreme cases] with computers, just not unsupervised at your home. Make employers look after ya [if they'll have ya].
That's true in a certain sense, but also keep in mind the govt wants to make examples of these people. They may have only DoS'ed the government, but that's a small step to an extortion ring. Let me know when your company is going bankrupt because you have no net presence and thus no customers. See if you feel so liberal about it then.
That and frankly little script kiddies are not harmless, they're ignorant and there is a difference. The net really depends on the netizens actually playing nice [or at least fair] with one another. When people like this take it upon themselves to affect so many, they deserve an appropriate punishment.
Disabling raw sockets and making people more accountable for their machines may help too.
I don't care if you get exploited. You should know enough to figure out when it has happened [e.g. your modem goes crazy] and do something about it [e.g. turn computer off]. And why ISPs still let people transmit IP packets with forged src addresses I'll never know. Sure it's technically valid [as far as IP datagrams goes] but the only legitimate use is to DoS something.
The purpose of PDF is PORTABLE. How do you know your platform has the right [and exact] copies of the font(s) required to render that document?
At least with a PS or PDF output I know I'm set. PDF documents can have text, as in literal strings not bitmaps, and in Adobe they CAN reflow [I've done it on a PocketPC for instance].
... because god forbid our children [and yes that includes college kids] actually LEARN A DAMN THING. Let's make more money, take take take, and now let's be even more invasive.
It's already hard enough to motivate kids to study. Now they'll have ads bothering them? I really fear for the future.
Any smart professors would just change their teaching style to avoid text books as much as possible [hint: there are usually other books on any given topic outside the mainstream academia].
Clearly being an informed individual is some sort of negative quality. We should all work on impulse with zero concern for the consequences of our actions. I mean if you have to think about what you're doing clearly it's wrong. There are zero benefits to education.
How can you possibly benefit from knowing what you're actually buying? Outside of being able to use things as you see fit.
etc...
You just want your computer to work. I can appreciate that. So does MSFT. Unfortunately, they want that so long as "work" means buying MSFT. Not all hardware vendors subscribe to this business theorem. If you actually shop around you'll find out that YOU get to choose. Windows is already 300-400$ depending on the version and given that it comes with nothing of professional use that's a lot of money to shell out. What more do companies like MSFT have to do before they're not working in your best interest?
You seem to think I think Linux is the only OS on the planet.
My only point I'm trying to make is that blaming Linux because hardware vendors don't want to participate is backwards. Linux isn't exactly unheard of, or new, or even meritless [hint: servers? stable os? etc].
And it isn't even that your hardware manufacturers have to write the drivers themself. If the product is popular enough and the interface public, someone is bound to write a driver for it [hint: look at the drivers already in the kernel].
Hunt for drivers? My hardware is supported by the Linux kernel. If I don't have the module turned on it's a matter of building it [2 mins of my life] and a reboot. Whoa, hard.
Just because you're too ignorant to look doesn't mean Linux is broken. It means it's not for you. Which in and of itself is not bad. But when you just default to monopolyware because it's "warm and cozy" you're buying into that which they want you to. When you convince others that this is the only way to go about things you take choice away from people who may have otherwise had more initiative to try out what suits them.
It's not always a mistake it's just playing the odds.
If you have a 1/100000 chance of killing someone with your drug [who wouldn't have otherwise died] and then the chance of them linking it and suing is 1/1000 you have a 1/100000000 chance of getting screwed. Of course it's more like 1/10000 and 9/10 but you know what I mean:-)
Remember the goal of companies like GSK [and their ilk] is to make money for shareholders. Not actually treat real medical problems. I give you, viagra.
I dunno, my hardware works. I'm not "doing without" at least anything that I need to be productive and have fun.
If you just buy anything without a thought towards the implications you're more likely to buy vendor locked things that will lead to pain down the road.
So long as your happy not having choice about the matter all the power to you.
Personally I don't look forward to the day of the all machines are Intel running MSFT OSes with TPM up the wazoo. But I guess if you're nothing more than a pawn of industry that's what you WANT.
Slashdot Mirror
When all the content that is effectively obtainable is distributed by a select few, you have little choice.
Sure I'm sure there are a bunch of great indies out there. Just finding out about them isn't easy and unless you have a lot of YOUR time to invest in research it's a pain. I know I usually complain that others don't do enough research [re: buying computer gear] but we have to have priorities. Do I spend all day making good use of my research gear or finding that awesome acoustic track? At some point culture will be more important as a whole I guess...
Doesn't help though to have payola going on all the time. There was a time when MPAA/RIAA partners became rich and famous for THEIR TALENT. At one point though they just started using their fortunes to corrupt the system, payola, DRM and lawsuits are just their "modern" tricks.
There are very few bands today, at least under the superstar "description" that have 1/8th the talent as say the Beatles, The Who, The Monkeys, etc. And I'm only 24 so those bands were long gone before I was even born!
When all you hear is titney spears and her band of whore friends you have no choice but to either accept it or do without.
Tom
Well just think about this. DRM is their way of saying "fork over your money, you'll get to use it on our terms."
...
...
You may not have hit a DRM wall but that could because
1. You're not an enthuiast
2. You don't know what your rights are anyways [fairuse?]
3. You're not doing anything special with your media.
Try making a backup [shock! that's legal!] or a clip for a class or
Try to watch that movie on a "non-approved" device? Try to listen to that music CD in your computer, try to
DRM breaks otherwise valid products in a futile attempt to extract more money out of you.
Tom
which is one of the major problems with DDoS. If I *know* that a packet from 24.68.77.15 is actually from 24.68.77.15 then I can hold them accountable [because ignorance is no defense btw].
Once people take their security seriously [or serious enough to get 15 minutes of training] then we're all set.
I mean in this day and age where everything is done over the net, why do you need training to drive a car but zero to own a high performance desktop with a crazy amount of bandwidth?
I'm not saying we should have computer licenses. Mostly just that you should be held reasonably accountable for the actions of your computer. This would have to draw lines in the sand and what not because obviously shit like 0-days happen. But the amount of people who don't patch or fix problems is tremendous and that is why botnets work in the first place!
Tom
What does an WinXP or MacOS CD come with that you need and that a Linux Distro doesn't have?
I have to install cygwin, msvc, mplayer, gaim, openoffice, etc before my windows box is of any use. That takes time and effort. Certainly no easier than "emerge gaim"...
If you find a stock WinXP CD "useful" then so be it. But I know a lot of people who would say otherwise.
Tom
Well I bet you I could misuse CHM too. Big deal. If you use the tools properly PDF is a very useful format. My math text is ~300 pages and is only 1.4MB as a PDF. That includes all the fonts, layout and text itself. It renders the same on my Linux boxes as it does on my PocketPC, Win32 and other boxes... No worrying if I have the "right" version of Sans Serif handy.
Most ebooks are images because yeah they print driver them or they're done that way on purpose to avoid piracy [e.g. copy/pasting].
Reflow only works on text. Which is why it probably didn't work for you.
Tom
I violently agree with what essentially we are both saying! hahahaha.
...
Yeah, admitedly it would be ideal to do the PF matching in hardware to reduce latency. Hell, I'd be for just doing it in the modems themselves. Make the damn thing locked and most zombie'ed machines wouldn't be able to work around it.
But that's costly as millions of people have modems already. There are fewer gateways than there are modems so
This is just like the spam problem. A simple solution is hashcash but nobody seems to want to actually implement it. Oh well.
Tom
Why is it a bad thing? I'm actually curious to here your thinking.
Tom
Why not? They already do it. Try inventing your own protocol stacked on 802.3 and get it routed through your ISPs network. Won't happen [or at least shouldn't].
/24. So there are at most 253 other people in this subnet. A single decent Opteron or Xeon box could handle a trivial PF rule [e.g. must be from the same /24] that would make spoofing irrelevant.
Filtering based on IP src address is not a bad idea given how easy it is to abuse. There are few legitimate reasons you would spoof a src IP anyways.
And before you start jumping up and down about millions of customers, most ISPs have local gateways for a limited subset of customers. I'm in a
Tom
ISP. It's actually a really simple iptables or PF filter. On the gateway that serves [say] 70.8.4.0/24, you just reject all packets where the src address doesn't match.
If you want to get more fancy you could make sure ip associates with the MAC address. But generally if you can track a DDoS participant to an ISP gateway you can narrow it down from there if it's still active [or if you keep stats].
Tom
No, ***ISP***es should disable raw sockets.
E.g. your address is 70.3.44.8, if your IP packets don't have that in the src address then null-route the sucker. Boom, no more anonymous DDoS as the zombies will be trackable and then can be held accountable.
Tom
That's not what a raw socket is...
A raw socket is basically an IP socket where you get to form the IP header and payload however you want. You can then send things like ICMP packets with the incorrect src address. Or you can issue TCP connect requests with the wrong address, etc...
Running httpd on port 81 is still a TCP/IP socket. You'd be sending out a valid src address and the like.
Tom
Yeah, shoplifting is a minor [in terms of violence] crime but it too is a short step from shoplifting with a knife or a gun. Deviant behaviour has to be curbed before it gets too "routine" for the offender. At the point where they have no moral compunction with DoS'ing for no-profit, they'll make the switch.
Frankly, "intent" aside if you did it you did it. If I rob a store, I may not intend to give the clerk a heart attack, but I did it just the same. Why shouldn't I be help accountable for it?
And again, example. They want [and should] be very strict because it can send an example that if you do this stuff there are very real consequences. Sure, it may not work against the truly dedicated [hello war on drugs] but if it's enough to scare off random script kiddies I'm all for it.
And no, I'm not for jail-time in all cases. Getting a red flag next to your identity [e.g. no personal net access] would be enough in my books. Not mitnick style though. I think you should be able to work [in the less extreme cases] with computers, just not unsupervised at your home. Make employers look after ya [if they'll have ya].
Tom
That's true in a certain sense, but also keep in mind the govt wants to make examples of these people. They may have only DoS'ed the government, but that's a small step to an extortion ring. Let me know when your company is going bankrupt because you have no net presence and thus no customers. See if you feel so liberal about it then.
That and frankly little script kiddies are not harmless, they're ignorant and there is a difference. The net really depends on the netizens actually playing nice [or at least fair] with one another. When people like this take it upon themselves to affect so many, they deserve an appropriate punishment.
Tom
Disabling raw sockets and making people more accountable for their machines may help too.
I don't care if you get exploited. You should know enough to figure out when it has happened [e.g. your modem goes crazy] and do something about it [e.g. turn computer off]. And why ISPs still let people transmit IP packets with forged src addresses I'll never know. Sure it's technically valid [as far as IP datagrams goes] but the only legitimate use is to DoS something.
Oh, and a public flogging wouldn't hurt either.
Tom
Troll.
The purpose of PDF is PORTABLE. How do you know your platform has the right [and exact] copies of the font(s) required to render that document?
At least with a PS or PDF output I know I'm set. PDF documents can have text, as in literal strings not bitmaps, and in Adobe they CAN reflow [I've done it on a PocketPC for instance].
Tom
... because god forbid our children [and yes that includes college kids] actually LEARN A DAMN THING. Let's make more money, take take take, and now let's be even more invasive.
It's already hard enough to motivate kids to study. Now they'll have ads bothering them? I really fear for the future.
Any smart professors would just change their teaching style to avoid text books as much as possible [hint: there are usually other books on any given topic outside the mainstream academia].
Tom
Clearly being an informed individual is some sort of negative quality. We should all work on impulse with zero concern for the consequences of our actions. I mean if you have to think about what you're doing clearly it's wrong. There are zero benefits to education.
How can you possibly benefit from knowing what you're actually buying? Outside of being able to use things as you see fit.
etc...
You just want your computer to work. I can appreciate that. So does MSFT. Unfortunately, they want that so long as "work" means buying MSFT. Not all hardware vendors subscribe to this business theorem. If you actually shop around you'll find out that YOU get to choose. Windows is already 300-400$ depending on the version and given that it comes with nothing of professional use that's a lot of money to shell out. What more do companies like MSFT have to do before they're not working in your best interest?
Tom
You seem to think I think Linux is the only OS on the planet.
My only point I'm trying to make is that blaming Linux because hardware vendors don't want to participate is backwards. Linux isn't exactly unheard of, or new, or even meritless [hint: servers? stable os? etc].
And it isn't even that your hardware manufacturers have to write the drivers themself. If the product is popular enough and the interface public, someone is bound to write a driver for it [hint: look at the drivers already in the kernel].
Tom
Hunt for drivers? My hardware is supported by the Linux kernel. If I don't have the module turned on it's a matter of building it [2 mins of my life] and a reboot. Whoa, hard.
Just because you're too ignorant to look doesn't mean Linux is broken. It means it's not for you. Which in and of itself is not bad. But when you just default to monopolyware because it's "warm and cozy" you're buying into that which they want you to. When you convince others that this is the only way to go about things you take choice away from people who may have otherwise had more initiative to try out what suits them.
Tom
I'm picking on your comment of being right-wing and pro-business.
You can still love to produce something of value for sale and respect others and their freedoms.
It's a myth that you need to DRM [and the like] restrict people into your business model to have a success.
Tom
It's not always a mistake it's just playing the odds.
:-)
If you have a 1/100000 chance of killing someone with your drug [who wouldn't have otherwise died] and then the chance of them linking it and suing is 1/1000 you have a 1/100000000 chance of getting screwed. Of course it's more like 1/10000 and 9/10 but you know what I mean
Remember the goal of companies like GSK [and their ilk] is to make money for shareholders. Not actually treat real medical problems. I give you, viagra.
tom
I dunno, my hardware works. I'm not "doing without" at least anything that I need to be productive and have fun.
If you just buy anything without a thought towards the implications you're more likely to buy vendor locked things that will lead to pain down the road.
Tom
Psst: Don't get into a thread of "CPUs should have $X" if you don't know ASM mnemonics.
Tom
That's called sales.
Don't make me vertically align your solutions platform recovery strategy!
Tom
So long as your happy not having choice about the matter all the power to you.
Personally I don't look forward to the day of the all machines are Intel running MSFT OSes with TPM up the wazoo. But I guess if you're nothing more than a pawn of industry that's what you WANT.
Tom