Funny thing about your argument.. I happen to work in an industry that does contract to acquire data including DMV information. For the right price, a private company can acquire all the drivers license data, as well as complete history on every vehicle you've ever owned.
TSA may not be law enforcement, but DHS sure is. With that being true, it would be trivial for them to pass the data back to TSA. It may not be a total dump of all the records into a TSA database. Most likely, the would be live searches against the DHS databases.
This already happens to a degree. When you book the ticket, your information is cross checked with the DHS "no-fly" database. It's not a large stretch of the imagination to query the DHS databases for drivers license and ICE records.
What I think is completely nuts is, someone with outstanding warrants can book a ticket and fly to anywhere they'd like. Despite the fact that the identity was checked against the DHS no-fly database, and the passenger passed through a DHS owned and operated checkpoint (TSA random molestation checkpoint), they aren't stopped even for special consideration. Checks against the FBI's NCIC database happen all the time. If you're stopped for a simple speeding ticket, you are checked against NCIC.
I don't say that as an assumption. I've personally known of people with outstanding warrants who have flown. It's not just a commuter flight in the same state either. One in particular was out on bail pending a felony hearing. They weren't to leave the city. So what'd they do? Traveled back and forth from the US to Europe several times without a single question being raised. The kicker? They were accused of international drug smuggling, via commercial airlines. The case itself wasn't that interesting though. If I gave the details, anyone would say it shouldn't have even been an arrest. Regardless, they were waiting for their time in federal court on the felony charges.
The only thing that really holds up this whole process is bureaucracy. That, and giving the checkpoint agents any entry level PC with a network connection.
Rather than utilizing tools that they already have on hand, they find other creative methods to burn up billions of dollars.
I agree, the piece of paper (or laminated credit card size id) in hand is not secure. It's at least a clue though, and would make it easier for the gate agent to cross check against the database stored information. As it is now, almost anyone with a bit of gear could print up their own drivers license, book a ticket in that name, and pass through what is claimed to be a "sterile" environment. The only way it works is, they don't actually believe anyone is going to do anything malicious.
It's the illusion of security, or as others say "security theater". It makes the average citizen believe that they are safer, because some random stranger gets to cup your balls, fondle your breasts, or take photos through your clothes. Sometimes 2 of 3 of those. Usually not all 3.:)
I never understood why they didn't tie in the TSA checkpoint with state DMV and ICE.
Does the photo on the ID handed to you look like the photo on the screen? Yes/No
Does the name on the ID handed to you match the name on the screen? Yes/No
Does the name on the boarding pass match the name on the ID? Yes/No
Does the airline ticketing system information match the boarding pass as provided? Yes/No
If any questions were answered with a "No", separate the person for further evaluation.
Years ago, someone demonstrated that they could print up first class boarding passes to get through the TSA checkpoint in the preferred travelers line. It didn't do any good getting on a plane, but it got them into the secure area with no hassles. The TSA has no method for checking that a boarding pass is legitimate. Right in the airport. Where every ticket agent has access to the information already. {sigh}
All US states now have photographs on their drivers license. 13 states allow for an exemption due to religious beliefs.
Foreign nationals entering the US have to show their passport. Recording the ID at the checkpoint is trivial, and is probably being done already.
So, if you plan to get on a plane, you probably have a photo on file, that can be retrieved electronically.
I found out that my state not only has my most recent photo on file, but particular departments can get every drivers license photo I've ever had electronically and virtually instantaneously. That is, it took longer to type my name, than for my pictures to load. I would have said BS, but they were kind enough to turn the screen so I could see it. Our licenses for the last few years have printed. They had photos from years ago where the license was hand typed and laminated with a photo in it.
I don't quite understand how all federal law enforcement departments don't already have access to this information, other than the fact that our entire country is a clusterfuck of bureaucracy. They've had over a decade to fight it out, where it shouldn't have taken more than a few months to agree upon the terms, and maybe another year to implement.
Well, the "untouchable" portion is really up to how much he divulged.
In this case, I don't think they're goin gto try too hard to track down every backup that may be stored anywhere.
With the bandwidth that I'm sure he was using he could have used a system such as disk to disk over the Internet first, then disk to tape at each facility.
He was bringing in enough money to be able to afford all kinds of neat features, like redundant datacenters, and paying a guy to go collect the tapes from the jukebox once a week. Having a site in the US, Canada, Germany, Argentina, and China (random places off the top of my head), would have provided for the ability to get the site back up, regardless of what may be seized in any single country. Unless there was a massive coordinated effort for the shutdown, someone's going to walk away with the data, even if it's kept in some friend's garage in a box marked "1976 tax papers"
The difference between you, I, and him is that he was making a boatload of money at it, so it's a pretty good idea to pay for good precautions. I have to assume that he had at least one person mention "disaster recovery" to him...
Because your backups are always kept with the servers, right?
You're suppose to keep a set of backups locally, in case they need to be restored on the spot. Those would have been seized.
You're suppose to keep another set of backups off-site, somewhere safe. If that's with a 3rd party business (like Iron Mountain); a safety deposit box at a nearby bank; or even a safe in a secure warehouse, it doesn't really matter as long as it isn't close by. You have to keep it far enough away so if a catastrophic local event happens, you don't lose everything.
If I remember right, he lost control of the servers, and his bank accounts were frozen. He also had thousands of servers, and hundreds of people employed. So, he couldn't use his servers. He couldn't buy or lease new servers. He couldn't even pay the staff. I'm sure there were a few die-hard individuals who would have stayed to help, to ensure their future employment with him. The hard part is getting new servers setup and racked. That's far from an overnight proposition, and impossible with no funds.
Nah, it makes perfect sense to have distributed support in the nations that it has customers. I just know where the patriotic fan thoughts go. "They're in America, therefore it's all in America!"
I've had to argue the same thing with the Dell fans, who swore up and down that Michael Dell hand selected and tested all the parts for the Dell servers, and they were manufactured from scratch in Texas.
Hardcore Apple fans believe the hand of [deity of choice] reached down and made each and every Apple, and they are better than anything will ever be.
I'm pretty sure IBM fans believe androids from the future design and build every IBM server, and they must buy Big Blue, lest we bring their wrath and extermination of all of humanity.:)
It's kind of scary, and a reality check has to be dropped on 'em on occasion.
I'm sure there's more localized hiring going on too. It's advantageous to have the local management team looking for local talent, rather than advertising globally for all entry level positions.
Q: A Porsche, Ferrari, and Lamborghini drive up to a bar. A priest, monk, and rabbi get out.... They go to the bartender and ask, "What is the correct answer?"
A: 42 B: Red C: Round D: C=MC^2 E: All of the above.
oh.. Not quite what you meant.:)
(BTW, the answer is A: 42, obviously. It's always the answer.)
From what I remember, a lot of them were very indistinct. The answer would be what was mentioned in the book. Quite often, you couldn't apply logic to the questions, without trying to guess at the thought of the test writer. That's doable if you know the teacher who wrote the test. If the test is derived from the book and multiple authors, it becomes an exercise in futility. I've seen questions where there are clearly 3 answers that are correct on various merit. Then it becomes a game of "guess one."
Here's an example. I'm just making this one up, but it serves as an illustration. I've seen such questions on standardized tests, where you are suppose to think about what the right answer is.
Q: Which one is different?
1) Cow
2) Dog
3) Car
4) Tree
5) Mountain
1,2,4 are all living things.
3,4,5 can all be green.
1,2 are mammals.
1,2,4,5 are all natural.
1,2,5 all have the vowel "O" in them.
1,2,3 only have one vowel letter.
1,2,3,5 all have a vowel in the second position.
So, based on the criteria I chose, weighing each answer by the number of matches, it would make up:
1) 6
2) 6
3) 3
4) 3
5) 4
The right answer (since I made up the test) is actually 2. I intended the answer to be which is smallest.
It's never to who can apply the best logic to the question. It's a game of "can you guess what the writer was thinking?" I've taken constructive thinking classes, and this was one of the questions that I remember.
Q: Which one is different?
1) A
2) E
3) I
4) O
5) X
The right answer in that one is 4. Why? Because they were looking at the shapes that make up the letters, not the fact that 1-4 were vowels. There were no hints towards that conclusion, nor guiding questions leading up to it. It probably made sense on a previous revision of the test, where other questions helped you understand what this question was looking for. In the case of the test that was on, it was just dropped in the middle of a bunch of other random questions.
No, the most important lesson here is that authority can and should be challenged.
I agree totally.
I happened to have survived the Florida educational system, although many years ago. The examples given were not only in the FCAT tests, but virtually every standardized test, as well as teacher generated and rehashed tests.
Some teachers were (and I assume still are) really good about listening to the *student* and re-evaluating the accuracy of the test. With those teachers, when challenged and provided with an accurate review of the question and answers, where it could be shown that more than one answer is the correct one, the teacher would re-grade the tests and change the question for next year. With those teachers, when the circumstances presented themselves, I would turn a C grade to an A, because my answers were already correct.
Some teachers passed it off with "use the *best* answer if there are more than one which are correct." Best answer for who? The teacher apparently, so they didn't have to consider that their test was flawed.
And some teachers (the majority) were just plain dumb as rocks and honestly were glorified babysitters. They would say "that's what the book says, it has to be right." Usually, those teachers didn't know or care about the material, and the sessions were typically "read these chapters", and then hand out photocopies of the test from the teachers edition of the book. It seemed this was preferred over actually discussing the topics with the students, where they could get feedback from a real person.
I'm surprised more people don't just quit school. There is some point where you simply won't learn any more, or you'll realize that the material being presented to you is just wrong.
You may want to take another peek at those numbers.
156,111,429 registered domains that they have information on.
137,146,863 (87.85%) have IPv4 addresses assigned.
3,236,871 (2.07%) have IPv6 addresses assigned.
46,385 AS counted 40,890 (88.15%) AS for IPv4
5,495 (11.84%) AS for IPv6
1,000,000 Alexa top 1 million sites. 941,619 (94.16%) with direct IPv4 addresses 11,370 (1.13%) with direct IPv6 addresses
Sorry, those numbers don't represent a majority. They don't represent a minority. That would usually be considered a fringe group. At this time, I don't know of anyone who's given IPv6 only. I've contracted for several business and enterprise class lines recently. Only one provider has offered IPv6 in any form. Theirs was a small mention, buried on their business customer help pages. Their CS knew nothing about it. If you're going to do it, you have to get your IPs delegated on your own, get your own ASN, and then ask for routing. At that point, it was still contingent on getting their permission. Doing the prerequisites is no guarantee that they actually will route your IPv6 traffic appropriately.
I brought up my HE tunnel this evening, and started bringing up sites on it.
I also discovered something rather disappointing. My brand new residential router/AP (Belkin F9K1103) does not support IPv6. It also doesn't pass the tunneled IPv6 traffic properly. I tried with HE's instructions. I tried gogoNet clients. No go there either. I went looking around for information on what residential devices *do* support it. Oddly enough, not many do. Some list it as available in the documentation, but don't advertise it as a feature or supported item. Some have it, but it's known to be flaky.
So, at this time, and for the near future, it is not feasible to consider that it will be available as our salvation to the IPv4 problem. You'll most likely see carrier grade NAT deployed first, which will push IPv6 adoption off by decades. No residential provider wants to do a wide spread deployment, because it will cost them a fortune in new hardware. Commercial providers look at the same numbers you provided and I summarized, and say it's not worth considering at this time.
I will admit, there are more places using it now than a few years ago, but it's still nowhere near enough to consider it near mainstream.
The sky hasn't fallen. Customers can still get new IP blocks assigned. It won't be until providers are told "No, you can't have any IPs, because we don't have any to assign.", that it will become urgent. That is the business mindset. You as a hosting customer, or you as a residential customer, will continue to need to live with the providers corporate decisions.
Before that day comes, a lot of companies will reduce their IP overhead. Further aggregation and load balancing will be done with fewer public IPs. Residential customers will find the wonders of carrier grade NAT. You can say it's coming until you are blue in the face. The simple fact is, it's not happening today, tomorrow, or even this year. It probably won't reach real mainstream adoption this decade.
I'm bringing my servers up with IPv6 for the novelty of it, and the simple bragging rights. I seriously doubt I'll see more than a small fraction of my traffic coming in from IPv6 clients.
So everyone has to add IPv6 to IPv4. How does that fix the fact that the world is ending on... ummm.. Sometime in 2008, 2009, 2010, 2011, and the beginning of this year, later this year, or maybe 10 to 20 years from now.
Wake me up when it's globally adopted.
I'm not *against* going to IPv6. I'm actually all for it. I got my block assigned quite a while ago. I just don't run around saying "The sky is falling, we're out of IPs, we have to switch now!" or even "Oh my gosh, vendor X forgot to include Y! "
You know, I've been waiting for it to become "mainstream" for over a decade now. Constantly, people have said "It's coming! It's coming!". Support has been added to just about everything. The problem is still that all those pesky web sites that people want to reach haven't converted. I went cruising through the IPv6 migration sites, they show the dozens of sites that are available.
So, if you just switch over, you can't use google.com, unless you remember to use ipv6.google.com. You can't reach Slashdot. Try all the sites you frequent. Of my daily reading list, the only one that works by its normal name is xkcd.com. Most of them are big sites.
I'd expect to see ISP wide NAT deployed before IPv6. IPv6 is a novelty that may get adopted sometime in the future, but I wouldn't hold my breath on it.
Actually, the statement was "Now I can carry a... when I fly instead of having to ship it by ground freight."
So, can you fly with it, checked or carried, or do you have to ship it separate of the flight? It's easier to bring a weapon to the airport with you, than to ship by a freight service. I don't need my weapon in the airport, just like I don't need it in a police station or bank. They have paid staff carrying.
There's a limit of some sort. I'm pretty sure it's the total weight of the bag, just like any other checked luggage.
I don't typically carry an assault rifle, since it's not usually what I need with me.:) I do carry a pistol and two loaded magazines. I pack it in a TSA/FAA compliant way.
I have one of this hip pouch holsters, even though I don't actually use it. I leave both magazines loaded in it, with the zipper shut. You aren't suppose to store the ammunition with the pistol, so the magazines don't go in the locked hard case.
The in-the-pants holster goes in the locked hard case with the pistol. The tactical (leg) holster gets left loose in the luggage. I bring both, so I'm prepared for which every carry method I need. I usually carry concealed. I like having the tactical holster somewhere close by, in case I need it.
Both the hip pouch and the pistol case get put into my one checked luggage bag.
When I get to the airport to depart, I move everything when I'm getting my bags out of the car. That way I can go straight to the ticket counter, declare it, and leave the bag with them.
When I arrive at my destination and get my luggage, I check to make sure everything is still there. When I get to the rental car, I rearrange it to my normal non-tactical carry position. That's usually in my laptop bag, so I can reach it quickly if necessary.
It may not seem quite right, but I ask to verify every time I check the luggage at the airport. If they want it packed differently, I'll work with them. Having the ammunition isn't a big deal. If they told me that I couldn't bring it, I'd politely hand it off to a LEO. I have not been asked to surrender the ammunition yet. I can always buy more when I get to my destination.
I know their rules have changed. Not too long after 9/11, I had to open the locked case, so a LEO could inspect to verify the weapon was not loaded. More recently (in the last few years) my assurance that it is not loaded is all they require. In both cases, there's a very small form for me to sign, which goes in the luggage.
The first time I flew with a weapon, I had a friend drive me to the airport, just in case I was told I was carrying wrong. My friend thought it was amazing. Because I declared a weapon, I got special treatment, which was amazingly polite. My bag doesn't just get tossed with the rest. It gets a personal escort for TSA screening. That's just so the screener knows there is a declared weapon.
Last time I was departing home, there was another guy with a huge custom rifle case. Judging by the size of the case, he probably had something like a Barrett Arms 50 BMG of some model. It made my.45 ACP pistol look like a toy. His ammunition probably cost more than my weapon.:)
You can bring your assault rifle with you. All that they really require is that you put the loaded magazine in a separate container.
I've brought pistols with me plenty of times. Check it at the ticket counter, pick it up at baggage claim. Technically, I'm armed, except for the short duration inside of airports and aircraft.
Shipping a weapon is more difficult. The receiver must have a FFL. The exception to this is that you can ship to yourself, even if it's c/o someone else. For example, I had intended to drive to from the lower 48 to Alaska. It would take a mountain of paperwork, and most likely be declined, permission to carry a weapon through Canada. I can stop at a FedEx/UPS store on the American side of the border, with it appropriately boxed, and ship it to myself at my destination in Alaska. It can go to the residence I would end up at. The c/o means that the receiving party can accept the package, but if they open it, they've committed a crime. Alternatively, it can be shipped to hold at the depot in the destination area. I can ship to myself in Alaska, and ask for it to be held at the FedEx depot. They will require my photo ID when I arrive to take possession of it.
You can't ship the others items by any normal freight courier (USPS, FedEx, UPS). That's for the safety of the courier service. The last thing you need is for your canister of VX to leak in transit. I've seen many accounts where someone shipped a substance that they shouldn't have, and it leaked in transit. Couriers, such as UPS do have special conditions for handling hazardous materials. You appeared to be suggesting shipping the items without consideration of their hazardous properties.
About the moment seized the equipment, it became their problem. As I understand it, Megaupload lost privileges to do anything. It's now evidence. They should have taken possession of it.
But since Megaupload is contractually obliged to pay for the space and bandwidth, and the equipment is still there, they have to keep paying on the contract.
The judge *should* have ordered that the hosting provider was either required to hold onto the equipment indefinitely, or hand it over to the DoJ. Either of those would be at the expense of the DoJ. This decision of "go work it out for yourselves" really smells like the DoJ doesn't have enough of a case for the judge to sign off on taking possession.
The equipment must take up about 30 racks or so. That's a pretty sizable footprint in most datacenters. It seems the hosting provider is being very cooperative, and even though the "storage" cost seems high, it's about right for full racks, if they're dropped the power and network connections.
Well, our "finite" resources are absolutely huge. What if the governments of the world set aside a small fraction of their military budgets, and trained half the unemployed populations of the world in aerospace technology *and* have them the means to work together on furthering the human space program?
We're not talking about just the US, or any single nation. Cooperation under a single multi-national leadership. A leadership like a single corporation funded by all nations. If it was done as a cooperation of various independent agencies (like the ISS is now), you'll end up with huge budgets spent on meetings and planning, and another large chunk wasted on incompatible designs.
The unemployed population (out of work, retired, etc) would give the knowledge base and manpower to accomplish virtually anything.
Tell me why we don't have the bigger, better space program going yet? Fuel is expensive? Now you have the employees to manufacture it. There's no money for it? The same money that goes towards welfare and unemployment would now be part of the employees salaries. But (oh my gosh) we can't trust other countries. They'd get access to our secrets! Secrets that we quietly sell to our allies this year who become our enemies in another decade. {sigh}
I get a different result with telnet. Maybe it was simplified for people who use wget. At least they're keeping up with the server.
$ telnet havewegoneasfaraswerewillingtogoinspace.com 80 Trying 108.33.70.68... Connected to havewegoneasfaraswerewillingtogoinspace.com. Escape character is '^]'. GET ? HTTP/1.0
HTTP/1.1 200 OK Date: Sat, 14 Apr 2012 10:44:49 GMT Server: Apache/2.2.22 Connection: close Content-Type: text/html; charset=UTF-8
<html>
<head>
<title>Earth Interstellar Flight Project</title>
</head>
<body>
No further events planned. Project terminated. Funding diverted to Department of Defense. 20/Aug/1977
</body> </html> Connection closed by foreign host.
I'd rather my great grandchildren be telling the tales in transit between other solar systems, rather than telling the tales of wild dreams and overambitious artists depictions of the way it could have been.
In future years, they'll become a novelty, and finally be left behind some antiquities museum. Or they'll be scrapped out when the floor space in the museum is more valuable for a gift shop.
Soon enough, the only trace that a human ever left the Earth will be what we left on the moon. That will eventually be destroyed by incoming space debris.
Correct. That's why you'd want to set up firewall rules to protect it. I generally drop all traffic except for what is allowed. It just makes it that much harder to scan. If you happen to be sitting on an authorized network, you'll see the port. If you're not, nothing.
But the casual attacker just goes over large blocks looking for port 22. Failure to see it, they move on to easier targets.
Consider a/24. 254 requests to check port 22 is fairly quick. Scanning ports 1 through 65534 is 16.6 million requests. Rejected connections are helpful. Dropped connections, or checking IPs without hosts on will delay it significantly. A lot of people drop unwelcome traffic, including ICMP, so you'd have to go with something like:
That'd still an awful long time to try to check every port on every possible IP on any substantial size network. It's much easier to check a single host. One IP of 4.2 billion. Or only 8.7 million years for all ports, from a single machine and one thread to scan. Versus just 48,938 years to check one port on every IP.:) That's where the power of malware infested drones would come in useful.
I double that up. sshd to a nonstandard port, and firewall rules to only allow access in from very specific IPs and networks.
You really shouldn't be able to ssh in from just anywhere. Even if that means throwing a copy of OpenVPN up at a static location, to ssh to the second.
I can get to most of my stuff directly from home. At a hotel, airport, or coffee shop, I am on a hostile network, and shouldn't even be able to see that the port is open.
But, most people scanning for machines with SSH on them to hit are blindly scanning port 22. It's people interested in your specific network will scan every port on every machine. Someone determined to hit your machine specifically will try every trick they can, and having SSH on port 2222, 9222, or 64222 won't help, if you have a weak password or an exploitable version.
My first modem was 300 baud. It wasn't til those blazing fast 2400 baud modems came out, that a friend gave me an old 110 baud acoustic coupler.
I still remember the claims about how each generation was "as fast as it will ever be". Nonsense about frequencies and capacity of the copper. I remember a rather heated discussion on FidoNet, about the fact that going faster than 2400 baud would melt phone lines, and as CPU speeds reached radio frequencies the interference would cripple all RF transmissions (TV, radio, and those "new" cordless phones). At the time, there was no cellular phone service in the area.
I definitely can live without ever setting another init string to make some off-brand modem work properly. I used to have all the codes, and S registers of various manufacturers memorized. I love where we are now. "Plug it in. Your machine will get an IP via DHCP. You're done."
I freaked someone out not long ago, because I whistled to a fax machine to make it connect. It was just a quick test, to see that the line worked. I can only get 2400 baud, but it's enough to say it connected, and throw an error.:) I used to be able to do 9600 baud to some modems.
Slashdot Mirror
Funny thing about your argument.. I happen to work in an industry that does contract to acquire data including DMV information. For the right price, a private company can acquire all the drivers license data, as well as complete history on every vehicle you've ever owned.
TSA may not be law enforcement, but DHS sure is. With that being true, it would be trivial for them to pass the data back to TSA. It may not be a total dump of all the records into a TSA database. Most likely, the would be live searches against the DHS databases.
This already happens to a degree. When you book the ticket, your information is cross checked with the DHS "no-fly" database. It's not a large stretch of the imagination to query the DHS databases for drivers license and ICE records.
What I think is completely nuts is, someone with outstanding warrants can book a ticket and fly to anywhere they'd like. Despite the fact that the identity was checked against the DHS no-fly database, and the passenger passed through a DHS owned and operated checkpoint (TSA random molestation checkpoint), they aren't stopped even for special consideration. Checks against the FBI's NCIC database happen all the time. If you're stopped for a simple speeding ticket, you are checked against NCIC.
I don't say that as an assumption. I've personally known of people with outstanding warrants who have flown. It's not just a commuter flight in the same state either. One in particular was out on bail pending a felony hearing. They weren't to leave the city. So what'd they do? Traveled back and forth from the US to Europe several times without a single question being raised. The kicker? They were accused of international drug smuggling, via commercial airlines. The case itself wasn't that interesting though. If I gave the details, anyone would say it shouldn't have even been an arrest. Regardless, they were waiting for their time in federal court on the felony charges.
The only thing that really holds up this whole process is bureaucracy. That, and giving the checkpoint agents any entry level PC with a network connection.
Rather than utilizing tools that they already have on hand, they find other creative methods to burn up billions of dollars.
I agree, the piece of paper (or laminated credit card size id) in hand is not secure. It's at least a clue though, and would make it easier for the gate agent to cross check against the database stored information. As it is now, almost anyone with a bit of gear could print up their own drivers license, book a ticket in that name, and pass through what is claimed to be a "sterile" environment. The only way it works is, they don't actually believe anyone is going to do anything malicious.
It's the illusion of security, or as others say "security theater". It makes the average citizen believe that they are safer, because some random stranger gets to cup your balls, fondle your breasts, or take photos through your clothes. Sometimes 2 of 3 of those. Usually not all 3. :)
Did you see the price tag on it??
I never understood why they didn't tie in the TSA checkpoint with state DMV and ICE.
Years ago, someone demonstrated that they could print up first class boarding passes to get through the TSA checkpoint in the preferred travelers line. It didn't do any good getting on a plane, but it got them into the secure area with no hassles. The TSA has no method for checking that a boarding pass is legitimate. Right in the airport. Where every ticket agent has access to the information already. {sigh}
All US states now have photographs on their drivers license. 13 states allow for an exemption due to religious beliefs.
Foreign nationals entering the US have to show their passport. Recording the ID at the checkpoint is trivial, and is probably being done already.
So, if you plan to get on a plane, you probably have a photo on file, that can be retrieved electronically.
I found out that my state not only has my most recent photo on file, but particular departments can get every drivers license photo I've ever had electronically and virtually instantaneously. That is, it took longer to type my name, than for my pictures to load. I would have said BS, but they were kind enough to turn the screen so I could see it. Our licenses for the last few years have printed. They had photos from years ago where the license was hand typed and laminated with a photo in it.
I don't quite understand how all federal law enforcement departments don't already have access to this information, other than the fact that our entire country is a clusterfuck of bureaucracy. They've had over a decade to fight it out, where it shouldn't have taken more than a few months to agree upon the terms, and maybe another year to implement.
Well, the "untouchable" portion is really up to how much he divulged.
In this case, I don't think they're goin gto try too hard to track down every backup that may be stored anywhere.
With the bandwidth that I'm sure he was using he could have used a system such as disk to disk over the Internet first, then disk to tape at each facility.
He was bringing in enough money to be able to afford all kinds of neat features, like redundant datacenters, and paying a guy to go collect the tapes from the jukebox once a week. Having a site in the US, Canada, Germany, Argentina, and China (random places off the top of my head), would have provided for the ability to get the site back up, regardless of what may be seized in any single country. Unless there was a massive coordinated effort for the shutdown, someone's going to walk away with the data, even if it's kept in some friend's garage in a box marked "1976 tax papers"
The difference between you, I, and him is that he was making a boatload of money at it, so it's a pretty good idea to pay for good precautions. I have to assume that he had at least one person mention "disaster recovery" to him...
Because your backups are always kept with the servers, right?
You're suppose to keep a set of backups locally, in case they need to be restored on the spot. Those would have been seized.
You're suppose to keep another set of backups off-site, somewhere safe. If that's with a 3rd party business (like Iron Mountain); a safety deposit box at a nearby bank; or even a safe in a secure warehouse, it doesn't really matter as long as it isn't close by. You have to keep it far enough away so if a catastrophic local event happens, you don't lose everything.
If I remember right, he lost control of the servers, and his bank accounts were frozen. He also had thousands of servers, and hundreds of people employed. So, he couldn't use his servers. He couldn't buy or lease new servers. He couldn't even pay the staff. I'm sure there were a few die-hard individuals who would have stayed to help, to ensure their future employment with him. The hard part is getting new servers setup and racked. That's far from an overnight proposition, and impossible with no funds.
Nah, it makes perfect sense to have distributed support in the nations that it has customers. I just know where the patriotic fan thoughts go. "They're in America, therefore it's all in America!"
I've had to argue the same thing with the Dell fans, who swore up and down that Michael Dell hand selected and tested all the parts for the Dell servers, and they were manufactured from scratch in Texas.
Hardcore Apple fans believe the hand of [deity of choice] reached down and made each and every Apple, and they are better than anything will ever be.
I'm pretty sure IBM fans believe androids from the future design and build every IBM server, and they must buy Big Blue, lest we bring their wrath and extermination of all of humanity. :)
It's kind of scary, and a reality check has to be dropped on 'em on occasion.
Sorry, but you can put the Apple/American flag down.
http://support.apple.com/kb/HE57
I know, a phone number can really go anywhere in the world. But here's a sampling.
http://jobs.jobs/search?q=Apple&company=Apple&exact_title=&location=&exact_loc=
Or check them out on Apple's own site. Select Job Categories -> Customer Sales and Support.
http://jobs.apple.com/index.ajs?BID=1&method=mExternal.showSearchInterface
I'm sure there's more localized hiring going on too. It's advantageous to have the local management team looking for local talent, rather than advertising globally for all entry level positions.
Q: A Porsche, Ferrari, and Lamborghini drive up to a bar. A priest, monk, and rabbi get out .... They go to the bartender and ask, "What is the correct answer?"
A: 42
B: Red
C: Round
D: C=MC^2
E: All of the above.
oh.. Not quite what you meant. :)
(BTW, the answer is A: 42, obviously. It's always the answer.)
From what I remember, a lot of them were very indistinct. The answer would be what was mentioned in the book. Quite often, you couldn't apply logic to the questions, without trying to guess at the thought of the test writer. That's doable if you know the teacher who wrote the test. If the test is derived from the book and multiple authors, it becomes an exercise in futility. I've seen questions where there are clearly 3 answers that are correct on various merit. Then it becomes a game of "guess one."
Here's an example. I'm just making this one up, but it serves as an illustration. I've seen such questions on standardized tests, where you are suppose to think about what the right answer is.
Q: Which one is different?
1) Cow
2) Dog
3) Car
4) Tree
5) Mountain
1,2,4 are all living things.
3,4,5 can all be green.
1,2 are mammals.
1,2,4,5 are all natural.
1,2,5 all have the vowel "O" in them.
1,2,3 only have one vowel letter.
1,2,3,5 all have a vowel in the second position.
So, based on the criteria I chose, weighing each answer by the number of matches, it would make up:
1) 6
2) 6
3) 3
4) 3
5) 4
The right answer (since I made up the test) is actually 2. I intended the answer to be which is smallest.
It's never to who can apply the best logic to the question. It's a game of "can you guess what the writer was thinking?" I've taken constructive thinking classes, and this was one of the questions that I remember.
Q: Which one is different?
1) A
2) E
3) I
4) O
5) X
The right answer in that one is 4. Why? Because they were looking at the shapes that make up the letters, not the fact that 1-4 were vowels. There were no hints towards that conclusion, nor guiding questions leading up to it. It probably made sense on a previous revision of the test, where other questions helped you understand what this question was looking for. In the case of the test that was on, it was just dropped in the middle of a bunch of other random questions.
I agree totally.
I happened to have survived the Florida educational system, although many years ago. The examples given were not only in the FCAT tests, but virtually every standardized test, as well as teacher generated and rehashed tests.
Some teachers were (and I assume still are) really good about listening to the *student* and re-evaluating the accuracy of the test. With those teachers, when challenged and provided with an accurate review of the question and answers, where it could be shown that more than one answer is the correct one, the teacher would re-grade the tests and change the question for next year. With those teachers, when the circumstances presented themselves, I would turn a C grade to an A, because my answers were already correct.
Some teachers passed it off with "use the *best* answer if there are more than one which are correct." Best answer for who? The teacher apparently, so they didn't have to consider that their test was flawed.
And some teachers (the majority) were just plain dumb as rocks and honestly were glorified babysitters. They would say "that's what the book says, it has to be right." Usually, those teachers didn't know or care about the material, and the sessions were typically "read these chapters", and then hand out photocopies of the test from the teachers edition of the book. It seemed this was preferred over actually discussing the topics with the students, where they could get feedback from a real person.
I'm surprised more people don't just quit school. There is some point where you simply won't learn any more, or you'll realize that the material being presented to you is just wrong.
You may want to take another peek at those numbers.
156,111,429 registered domains that they have information on.
137,146,863 (87.85%) have IPv4 addresses assigned.
3,236,871 (2.07%) have IPv6 addresses assigned.
46,385 AS counted
40,890 (88.15%) AS for IPv4
5,495 (11.84%) AS for IPv6
1,000,000 Alexa top 1 million sites.
941,619 (94.16%) with direct IPv4 addresses
11,370 (1.13%) with direct IPv6 addresses
Sorry, those numbers don't represent a majority. They don't represent a minority. That would usually be considered a fringe group. At this time, I don't know of anyone who's given IPv6 only. I've contracted for several business and enterprise class lines recently. Only one provider has offered IPv6 in any form. Theirs was a small mention, buried on their business customer help pages. Their CS knew nothing about it. If you're going to do it, you have to get your IPs delegated on your own, get your own ASN, and then ask for routing. At that point, it was still contingent on getting their permission. Doing the prerequisites is no guarantee that they actually will route your IPv6 traffic appropriately.
I brought up my HE tunnel this evening, and started bringing up sites on it.
I also discovered something rather disappointing. My brand new residential router/AP (Belkin F9K1103) does not support IPv6. It also doesn't pass the tunneled IPv6 traffic properly. I tried with HE's instructions. I tried gogoNet clients. No go there either. I went looking around for information on what residential devices *do* support it. Oddly enough, not many do. Some list it as available in the documentation, but don't advertise it as a feature or supported item. Some have it, but it's known to be flaky.
So, at this time, and for the near future, it is not feasible to consider that it will be available as our salvation to the IPv4 problem. You'll most likely see carrier grade NAT deployed first, which will push IPv6 adoption off by decades. No residential provider wants to do a wide spread deployment, because it will cost them a fortune in new hardware. Commercial providers look at the same numbers you provided and I summarized, and say it's not worth considering at this time.
I will admit, there are more places using it now than a few years ago, but it's still nowhere near enough to consider it near mainstream.
The sky hasn't fallen. Customers can still get new IP blocks assigned. It won't be until providers are told "No, you can't have any IPs, because we don't have any to assign.", that it will become urgent. That is the business mindset. You as a hosting customer, or you as a residential customer, will continue to need to live with the providers corporate decisions.
Before that day comes, a lot of companies will reduce their IP overhead. Further aggregation and load balancing will be done with fewer public IPs. Residential customers will find the wonders of carrier grade NAT. You can say it's coming until you are blue in the face. The simple fact is, it's not happening today, tomorrow, or even this year. It probably won't reach real mainstream adoption this decade.
I'm bringing my servers up with IPv6 for the novelty of it, and the simple bragging rights. I seriously doubt I'll see more than a small fraction of my traffic coming in from IPv6 clients.
So everyone has to add IPv6 to IPv4. How does that fix the fact that the world is ending on ... ummm .. Sometime in 2008, 2009, 2010, 2011, and the beginning of this year, later this year, or maybe 10 to 20 years from now.
Wake me up when it's globally adopted.
I'm not *against* going to IPv6. I'm actually all for it. I got my block assigned quite a while ago. I just don't run around saying "The sky is falling, we're out of IPs, we have to switch now!" or even "Oh my gosh, vendor X forgot to include Y! "
You know, I've been waiting for it to become "mainstream" for over a decade now. Constantly, people have said "It's coming! It's coming!". Support has been added to just about everything. The problem is still that all those pesky web sites that people want to reach haven't converted. I went cruising through the IPv6 migration sites, they show the dozens of sites that are available.
Here's a quick look.
So, if you just switch over, you can't use google.com, unless you remember to use ipv6.google.com. You can't reach Slashdot. Try all the sites you frequent. Of my daily reading list, the only one that works by its normal name is xkcd.com. Most of them are big sites.
I'd expect to see ISP wide NAT deployed before IPv6. IPv6 is a novelty that may get adopted sometime in the future, but I wouldn't hold my breath on it.
Actually, the statement was "Now I can carry a ... when I fly instead of having to ship it by ground freight."
So, can you fly with it, checked or carried, or do you have to ship it separate of the flight? It's easier to bring a weapon to the airport with you, than to ship by a freight service. I don't need my weapon in the airport, just like I don't need it in a police station or bank. They have paid staff carrying.
There's a limit of some sort. I'm pretty sure it's the total weight of the bag, just like any other checked luggage.
I don't typically carry an assault rifle, since it's not usually what I need with me. :) I do carry a pistol and two loaded magazines. I pack it in a TSA/FAA compliant way.
http://www.tsa.gov/travelers/airtravel/assistant/editorial_1666.shtm
The pistol has to be in a locked hard case.
I have one of this hip pouch holsters, even though I don't actually use it. I leave both magazines loaded in it, with the zipper shut. You aren't suppose to store the ammunition with the pistol, so the magazines don't go in the locked hard case.
The in-the-pants holster goes in the locked hard case with the pistol. The tactical (leg) holster gets left loose in the luggage. I bring both, so I'm prepared for which every carry method I need. I usually carry concealed. I like having the tactical holster somewhere close by, in case I need it.
Both the hip pouch and the pistol case get put into my one checked luggage bag.
When I get to the airport to depart, I move everything when I'm getting my bags out of the car. That way I can go straight to the ticket counter, declare it, and leave the bag with them.
When I arrive at my destination and get my luggage, I check to make sure everything is still there. When I get to the rental car, I rearrange it to my normal non-tactical carry position. That's usually in my laptop bag, so I can reach it quickly if necessary.
It may not seem quite right, but I ask to verify every time I check the luggage at the airport. If they want it packed differently, I'll work with them. Having the ammunition isn't a big deal. If they told me that I couldn't bring it, I'd politely hand it off to a LEO. I have not been asked to surrender the ammunition yet. I can always buy more when I get to my destination.
I know their rules have changed. Not too long after 9/11, I had to open the locked case, so a LEO could inspect to verify the weapon was not loaded. More recently (in the last few years) my assurance that it is not loaded is all they require. In both cases, there's a very small form for me to sign, which goes in the luggage.
The first time I flew with a weapon, I had a friend drive me to the airport, just in case I was told I was carrying wrong. My friend thought it was amazing. Because I declared a weapon, I got special treatment, which was amazingly polite. My bag doesn't just get tossed with the rest. It gets a personal escort for TSA screening. That's just so the screener knows there is a declared weapon.
Last time I was departing home, there was another guy with a huge custom rifle case. Judging by the size of the case, he probably had something like a Barrett Arms 50 BMG of some model. It made my .45 ACP pistol look like a toy. His ammunition probably cost more than my weapon. :)
You can bring your assault rifle with you. All that they really require is that you put the loaded magazine in a separate container.
I've brought pistols with me plenty of times. Check it at the ticket counter, pick it up at baggage claim. Technically, I'm armed, except for the short duration inside of airports and aircraft.
Shipping a weapon is more difficult. The receiver must have a FFL. The exception to this is that you can ship to yourself, even if it's c/o someone else. For example, I had intended to drive to from the lower 48 to Alaska. It would take a mountain of paperwork, and most likely be declined, permission to carry a weapon through Canada. I can stop at a FedEx/UPS store on the American side of the border, with it appropriately boxed, and ship it to myself at my destination in Alaska. It can go to the residence I would end up at. The c/o means that the receiving party can accept the package, but if they open it, they've committed a crime. Alternatively, it can be shipped to hold at the depot in the destination area. I can ship to myself in Alaska, and ask for it to be held at the FedEx depot. They will require my photo ID when I arrive to take possession of it.
You can't ship the others items by any normal freight courier (USPS, FedEx, UPS). That's for the safety of the courier service. The last thing you need is for your canister of VX to leak in transit. I've seen many accounts where someone shipped a substance that they shouldn't have, and it leaked in transit. Couriers, such as UPS do have special conditions for handling hazardous materials. You appeared to be suggesting shipping the items without consideration of their hazardous properties.
Well....
About the moment seized the equipment, it became their problem. As I understand it, Megaupload lost privileges to do anything. It's now evidence. They should have taken possession of it.
But since Megaupload is contractually obliged to pay for the space and bandwidth, and the equipment is still there, they have to keep paying on the contract.
The judge *should* have ordered that the hosting provider was either required to hold onto the equipment indefinitely, or hand it over to the DoJ. Either of those would be at the expense of the DoJ. This decision of "go work it out for yourselves" really smells like the DoJ doesn't have enough of a case for the judge to sign off on taking possession.
The equipment must take up about 30 racks or so. That's a pretty sizable footprint in most datacenters. It seems the hosting provider is being very cooperative, and even though the "storage" cost seems high, it's about right for full racks, if they're dropped the power and network connections.
Well, our "finite" resources are absolutely huge. What if the governments of the world set aside a small fraction of their military budgets, and trained half the unemployed populations of the world in aerospace technology *and* have them the means to work together on furthering the human space program?
We're not talking about just the US, or any single nation. Cooperation under a single multi-national leadership. A leadership like a single corporation funded by all nations. If it was done as a cooperation of various independent agencies (like the ISS is now), you'll end up with huge budgets spent on meetings and planning, and another large chunk wasted on incompatible designs.
The unemployed population (out of work, retired, etc) would give the knowledge base and manpower to accomplish virtually anything.
Tell me why we don't have the bigger, better space program going yet? Fuel is expensive? Now you have the employees to manufacture it. There's no money for it? The same money that goes towards welfare and unemployment would now be part of the employees salaries. But (oh my gosh) we can't trust other countries. They'd get access to our secrets! Secrets that we quietly sell to our allies this year who become our enemies in another decade. {sigh}
Didn't they already make that one? I'm pretty sure it's in the list somewhere.
I get a different result with telnet. Maybe it was simplified for people who use wget. At least they're keeping up with the server.
I'd rather my great grandchildren be telling the tales in transit between other solar systems, rather than telling the tales of wild dreams and overambitious artists depictions of the way it could have been.
Hey! The space race is on, we're aimed at the stars.
Oh... ya... We're down to one type of manned craft that can even make it to the IIS, and a few pipe dreams for further exploration.
Without commercial interest, or a international government dick size contest, we're dwindling down to nothing.
Soviet Buran
US Space Shuttle Orbiter "Enterprise"
In future years, they'll become a novelty, and finally be left behind some antiquities museum. Or they'll be scrapped out when the floor space in the museum is more valuable for a gift shop.
8 sad aircraft graveyards
And, the eventual fate will be just like USS Enterprise CV-6
Soon enough, the only trace that a human ever left the Earth will be what we left on the moon. That will eventually be destroyed by incoming space debris.
Correct. That's why you'd want to set up firewall rules to protect it. I generally drop all traffic except for what is allowed. It just makes it that much harder to scan. If you happen to be sitting on an authorized network, you'll see the port. If you're not, nothing.
But the casual attacker just goes over large blocks looking for port 22. Failure to see it, they move on to easier targets.
Consider a /24. 254 requests to check port 22 is fairly quick. Scanning ports 1 through 65534 is 16.6 million requests. Rejected connections are helpful. Dropped connections, or checking IPs without hosts on will delay it significantly. A lot of people drop unwelcome traffic, including ICMP, so you'd have to go with something like:
nmap -sV -P0 --max-rtt-timeout 1000 --max-retries 1 -O 192.168.1.0/24
That'd still an awful long time to try to check every port on every possible IP on any substantial size network. It's much easier to check a single host. One IP of 4.2 billion. Or only 8.7 million years for all ports, from a single machine and one thread to scan. Versus just 48,938 years to check one port on every IP. :) That's where the power of malware infested drones would come in useful.
I double that up. sshd to a nonstandard port, and firewall rules to only allow access in from very specific IPs and networks.
You really shouldn't be able to ssh in from just anywhere. Even if that means throwing a copy of OpenVPN up at a static location, to ssh to the second.
I can get to most of my stuff directly from home. At a hotel, airport, or coffee shop, I am on a hostile network, and shouldn't even be able to see that the port is open.
But, most people scanning for machines with SSH on them to hit are blindly scanning port 22. It's people interested in your specific network will scan every port on every machine. Someone determined to hit your machine specifically will try every trick they can, and having SSH on port 2222, 9222, or 64222 won't help, if you have a weak password or an exploitable version.
I've been passing as human for years, you insensitive clod!
My first modem was 300 baud. It wasn't til those blazing fast 2400 baud modems came out, that a friend gave me an old 110 baud acoustic coupler.
I still remember the claims about how each generation was "as fast as it will ever be". Nonsense about frequencies and capacity of the copper. I remember a rather heated discussion on FidoNet, about the fact that going faster than 2400 baud would melt phone lines, and as CPU speeds reached radio frequencies the interference would cripple all RF transmissions (TV, radio, and those "new" cordless phones). At the time, there was no cellular phone service in the area.
I definitely can live without ever setting another init string to make some off-brand modem work properly. I used to have all the codes, and S registers of various manufacturers memorized. I love where we are now. "Plug it in. Your machine will get an IP via DHCP. You're done."
I freaked someone out not long ago, because I whistled to a fax machine to make it connect. It was just a quick test, to see that the line worked. I can only get 2400 baud, but it's enough to say it connected, and throw an error. :) I used to be able to do 9600 baud to some modems.