I have decades (yes, plural) of mainframe experience, but I haven't touched one in a few years. Since I've been out of work for a while, I tried dipping my toes back in the water.
Fuck them. Most companies with mainframes have downsized all the competent managers, the ones who knew how much investment was tied up in the big iron. Then they use some young, stupid, "fresh" managers who wonder why they can't just replace a billion dollars (and 25+ years) worth of investment with a couple of windoze machines and some minimum wage operators. Several I talked to said straight out they only wanted recent experience, a gap of a few years to design and build a world spanning telecomms network meant I couldn't be trusted with the machines I've worked around for 20 years. Not that anything much has changed, except for a huge Y2K investment. But the pointy-hairs are so devoid of clue they are killing their companies because they will only pay shit wages to recent graduates. Then they complain about the lack of experienced workers when they won't even hire untrained kids to help round out the teams and take up the reins when the time comes.
One place was a former client, where I had designed and built a complex remote mainframe operations centre. The new management knew nothing of my work, but the few remaining old timers told them to contact me for a similar job. They could only offer me enough money to laughably call an insult. They had a fixed budget, which they had mostly spent on hiring recent graduates at close to minimum wage. Those guys had no experience with big systems, and thus caused a lot of downtime, and cost the company a lot of money. After more than six months, they had burned through most of the budget, and had to scrap the whole project. The new managers wanted me to do the 4 month project in 4 weeks, because that is how much money they had left. When I accepted (hey, a few weeks pay for project I've done successfully five times), they backed off, claiming they would wait for someone with immediate recent experience. Six months later, and 50 million euros in losses to the company, HR fuckheads are still trying to find anyone currently in an identical job. Fuck them.
Ooops, this rant was in no way influenced by the many, many fine Bruges Tripel consumed earlier this evening.
Retaining Call Detail Records is fairly common knowledge, but I wouldn't say public knowledge. The public are, in general, too stupid to understand anything more complicated than the weather and the price of food.
used to trace stolen mobile phones
That is what the IMEI number is supposed to help with, but the cost of building and maintaining an industry wide database of stolen phones has made it almost non-existant. When the press reported in Britain last year the most common crime was cell phone theft, there was some political movement to start cutting off stolen phones, but the project has not even started yet. The phone companies are resisting having to run such a system, because it would require cooperation between all the providers, and need a small but expensive full time staff to run.
On the plus side, when I want a new cell phone, I just go to the flea market on a saturday morning. Buy a recently stolen phone for about 10, wander into a dodgy phone card centre and pay them another 10 to unblock/recode the phone, and buy a rechargable phone card from them. 45 for the latest Nokia phone with no long term service contract, not too bad if you can ignore the associated bad karma.
as long as it requires a court order
You're new here, aren't you?
In order for retention to be usable, there will be a nice simple point-n-drool interface for investigators to get the data, along with a way to preserve the raw data to be used in prosecutions. When the system becomes simple to exploit, then requirements like court orders will completely disappear. Today, most of the data is handed over with no questions asked, its only when it is time to go to court that the DPP get formal and file proper court reveiwed requests so the defence can not trash the data in court.
never to a non-govermental agency
Once the tools are in place to easily extract this data, then Eir-con (and Orange and all others) will set up a group to market the service to private companies. They already have a working group asking around about how valuable cooked CDR data would be, if combined with customer data. They want 3rd party companies to purchase access to this data and combine it with other data and services to resell to end users. Think services to companies to track their employees both during work hours and after hours, services to worried parents who want to track their children's phone movements and usage 24/24, and private investigators who want to track down skips or deadbeats.
Blogs pointing to blogs pointing to blogs. Not one scrap of technical detail, very little political detail, and only innuendo about gardai (police) involvement. Perfect/. fodder.
Irish telcos, thats my old domain. What they are probably talking about is Call Detail Records from telephone switching equipment, SS7 data from SPs and STPs, lookups of SCP features, billing and customer data. The total amount of data is not that large, a few hundred megabytes per day for all landlines in a small market like Ireland. Mobile system switches can generate much more data, such as cell site handoffs, signal strength, power cycle events and SMS content. GSM/GPRS/UMTS data could total 4-6 Gbytes/day in a market with 2 million handsets.
CDR data was normally kept for a legal minimum of 90 days past each billing cycle, to allow for customer service to deal with complaints. Any disputed data would be copied out of the dataset and kept with the customer record in case the problem took a long time to resolve.
Typically, hard disk based CDR and customer records were kept for nine months before being moved to the recovery pool, and the disk/tape space would be recovered within a year. Billing and customer records are kept permanently, or at least ten years until they are unreadable by modern equipment (9 track, Wang magneto-microfiche, and other horrors)
Immediately after the Omagh bombing, a copy of the complete datasets of all systems in the Republic and NI going back at least 10 months was made and turned over to the police and intelligence services. Combing through that data, the investigators were able to track the exact trips made by the usual suspects in the weeks before the bombing, the exact routes they took, and calls made from vehicle to vehicle in the convoy carrying the bomb south to Omagh. The BBC aired a report on all this about two years ago, much to the chagrin of the powers that be.
This does not seem to concern ISPs, at least for the moment. The meeting seems to have been about who pays for longer data retention, and who pays for investigator access to the data. With a dozen requests per week to a telco for detailed records relating to various cases, it could take several experienced and expensive engineers most of their time. The Irish telcos, as well as ones in the U.S., have been trying to make Law Enforcement Access into a revenue centre. If a detective wants the complete calling history of a certain GSM phone, that could be a billable item. If a prosecutor wants additional data for a conviction, they'll have to dig into their budget and pay the telco for the data. The government wants to compel the telcos to provide this service in return for tax incentives, regulatory breaks, and some other backroom deals.
So this geek pulled this off with a minimum of thought. I admire the fact he did it, and was able to recover the baloon. But really, if he had put a little more thought into this, he'd probably have a much better geek experiment. That's why its version 1.0
The first time he ever tried assembling the whole thing was sitting in a park the morning of the launch. He had never weighed the whole thing until then, and then just randomly filled the balloon until it "seemed right", but that only got him about 60% of the lift he wanted.
Aligator clips on batteries. Ugh. Plus a quick run home to solder up a permanent connection while his friends hung around the park. Some staging for the week before the flight would have eliminated lots of these little problems.
He didn't check his ham frequency to see if others were using it, and his QRM walked all over other amateurs in the area, and their chatter kept his unit from receiving commands. Bad ham, no cookie!
Obscure perl bugs. Wouldn't be a geek experiment without them.
Bubble wrap for electrical insulation. ZZZZzzzzaaaaapppp!!
Here's to hoping Balloon 2.0 makes it into slashback soon (or just another dupe from CT). With more hacked up sensors, better photos, and a flight track out past Kansas:-)
Basically we're looking at 512kb/s [in both] directions
For the prices you will pay for 512kb/s, you can afford to hire an engineer who has done this before for less than your first month's bill. If you have so little clue "being the solo IT pleb here" you have to ask/., then your company is going to be in for some very nasty surprises. A company with only one IT guy doesn't have the budget for what the satcomms companies will propose, 512k with both/several ground stations, maintenance contracts, SLAs, installation, training, commisioning, licensing, etc.
Others have pointed out the technical problems you will face, TCP slow start vs. transaction mode, TCP windows, TCP/UDP/ICMP timeouts. Those technical problems are small compared to the administrative, billing, negotiation and regulatory problems you must deal with. Find an expert, pay them what they are worth, and avoid being screwed by the satcomms companies. It will be worth it, even in the short term.
Packeteer was working on specialised satellite gear, but I don't see anything on their web page. Ask them, their boxes work great for tweaking long latency and high congestion links. Somehow you will have to tweak the machines on both sides of the link, either at the router level or each machine's TCP stack. Consider not allowing "interactive" traffic, especially not web browsing, or putting some severe restrictions on which web sites the lusers can view.
the.name service should all be put to death (in a texas department of corrections sense of the word) for their crimes against the internet community.
Really, what they have done is squat on tens of thousands of names, in the hopes of extorting a few services from the masses. They don't offer traditional DNS services, where someone types in a name and the resolver returns the IP address of your name server, they are offering only email and web redirecting services. Nothing else.
I want anticypher.name to point to my name server, but they won't do that. They will give me a heavily spammed anti@cypher.name email forwarding service, or a web redirector with WWW tacked on the front. I know a few people who stupidly signed up for these services, and got a torrent of spam afterwards because they are then marked as gullible, naive idiots, the scammers choice of easy victims.
The whole service should die, the sooner the better.
Let me guess, your senior thesis was written in word and only 22 pages long? Wow, I gotta get back into an american university. I can crank out 19 meg word docs every week:-)
the AC First you take.bmp full screen captures of the text in various windows, and paste them into powerpoint, then embed the powerpoint objects into cells in an excel spreadsheet with bits of text around to explain each image, then export views from excel into word, and htmlize the result and email it out to the european-wide mailing list. They'll never find the body of the last luser who did that on my network!
Re:YYYYoouurrrrr in luckkkkk
on
Superbowl XXXVII
·
· Score: 5, Funny
24,432 fuckwits have done so, counting the hits on my firewall. 1 hit on port 1434 yesterday, 0 on thursday.
Wait, there are some dups, it seems that each machine hits the same addresses over and over again, about once every 4 to 12 minutes. grep|awk|sort|uniq gives 11,901 unique IP addresses in my firewall logs.
Quickly scanning a statistical sampling of machines which have probed my IP space, I see that most of them are wide open to the internet. Ports 137/139, 25, 1029, etc. are all available, and 3 of the 11 show BackOrifice on port 31337.
I have a friend (oracle expert) over trying to set up a vulnerable MS Sqweal server so we can study the worms actions on an isolated test network. I want to see which addresses does it scan, rate of repetition, and other things, since the code is pretty simple and just hashes the addresses (low cyclical rate) over and over again. I've also learned some new bad Vlamsk (dutch) language today.
I've got a packet that might crash vulnerable MsSqueal server processes using the same buffer overflow technique. Could be a good return packet to send to scanning machines to get them to shut up until the admins get around to patching/rebooting their fucked windoze machines.
But first I will test it on my own machines, I really don't believe in affecting other's machines on the internet, even if the owners are fuckwits. But after yet another microshit worm fucking things up for everyone else, I've moved my limit closer to their processes.
the AC I'm also waiting for the first few variants with better IP address scanning routines, which will be much more virulent. Monday will be a *fun* day
Its not just you, the two completely different DNS databases require different lookups, a common enough mis-understanding. Consider yourself less ignorant now:-)
To do a reverse lookup, the resolver sends a different request type, asking for a PTR resource record. The form is to put the IP address (or network address) backwards, and append.in-addr.arpa to the request. All (well, ok, most) IPv4 addresses are mapped under the.in-addr.arpa domain. But these misconfigured resolvers are sending A (address) record requests but with a IP address included instead of a domain name.
If you have your own DNS server and watch your DNS traffic, you can see these two effects happening differently.
For a forward (A or MX record) lookup:
Local server queries root server for an A record
Root server responds with NS record for the registry of the domain
Local server contacts registry server for A
Registry server responds with NS records for the domain
Local server contacts the domain's server, which responds with an A record
Local server answers the resolver with the A record.
For a reverse (PTR) lookup, the resolver traverses the netblock providers:
Local server queries the root servers with a properly constructed PTR request (z.y.x.w.in-addr.arpa.)
Root server knows only where major net blocks are allocated, and returns the NS record of a Regional Internet Registry (RIPE, APNIC, etc)
Local server again queries an RIR NS with the PTR
RIR NS knows which ISPs hold which blocks, so responds with the ISP NS record
Local server again queries the ISP NS server, which either has the reverse hostname, or once again returns the NS record of the the local DNS server.
The two different types of queries follow different paths, either Name Registries or Netblock Providers. This article points out that many resolvers are broken because they allow obvious reverse lookups to pass as forward lookups, and then can't deal with the resulting error messages.
I have often seen broken resolvers repeatedly query DNS servers I manage, possibly because as the article points out, fucked firewalls allow the requests out, but block the requests from getting back to the resolver. It happens so much I just ignore it when I see it, its not worth notifying the admins because they are usually too clueless to know how to fix the problem.
I'm sorry dear, I didn't realise what my geek friends would do with that much duct tape. We can try apologising to your brides maids again, can't we? I know those photos didn't make it too far on the internet, the link just got posted to a little visited site called slashdot. I'm sure those photos will never again surface to embarass your best friend. But you have to admit, they were right about being able to duct tape your father to the ceiling and the sticky would hold him in place. Honey, please tell me you are going to use that carving knife to cut me loose from all this duct tape, right? Please!
Some day we'll all look back on this wedding, laugh nervously and change the subject.
I hit his page last night (4:30 AM rebuild of a machine with a failed hard drive) right when this article hit/., and his page counter was 19363.
That is why network admins fear the/. effect:-)
I love his comments on the pringles can, and appreciate that he dumped it as fast as his GI tract dumped the pringles. Real RF hackers build yagi antennas, not helical cantennas. The only reason to go with a shielded helical cantenna is when you want to block unwanted signals in a noisy area, like the centres of large cities when war*ing. In a coastal resort town, just trim down an old TV antenna to the right length/spacing and don't alert the thieves/authorities (same thing) to something interesting on your roof.
Ford is offering up to two years worth of petrol (gas) when you buy a new car here. I think its 1200 maximum over 24 months.
The catch? They give you a card you can use like a credit card at only one type of gas stations (total-fina-elf associates), and each time you fill your car, you have to enter the odometer reading on the keypad. If you put another brand of petrol in, then you lose the remainder of your free petrol because they can detect you suddenly got a large increase in kilometrage between fillups.
Its the same as a rebate, but tied into making you a habitual customer of their partner gasoline company.
When you sign up for the free petrol offer, you agree they can share the data with their "business partners". They are approaching other companies offering detailed marketing data on buyers, on things like geographic usage (people who drove to the south of spain 3 times this year, etc). They can also track the consumption of petrol quite accurately over a large sampling of their vehicles, which probably gives their engineers more data on fuel efficiency as motors wear over the first two years.
Would you really want a bunch of pasty white geeks getting their kit off on stage, and "joining in" on the action?
It would certainly violate most cities decency laws, as well as pushing the bounds of bad taste in ways only John Waters could almost tolerate.
the AC I'm going to relapse into a quivering useless mass until I purge those thoughts from my poor brain
Re:RIGHT! RIGHT! RIGHT!!! (ding!)
on
DOD vs. 802.11b
·
· Score: 2
This pentagon group isn't really looking out directly for the U.S. military, they're a pressure group for the big (lock-mart, boing, et.al.) defence contractors who want that spectrum for themselves for cheap.
The U.S. is sending a large delegation to the WARC (world administrative radio conference) in June/July of 2003, to argue with all the other delegates about, well, everything (amateur bands, satellites, modulation schemes, software radio, digital TV, maritime, aeronautique). This U.S. pressure group is trying to make sure the U.S. delegation fights to ensure the 5GHz band doesn't get given up to the public for free. They want the delegation to try to defeat the move for another globally accepted chunk of spectrum for low cost commercial products.
The meeting was with the main U.S. commercial groups making a fortune off of 802.11b kit(aetheros, intersil, TI, intel), in order to convince them they would be un-patriotic if they try to duplicate the only bright spot in the electronics world today in another small chunk of the spectrum. This in the face of reality of 802.11a products already on the market.
This is old school thinking, to try and preserve the scarcity of the spectrum, because another small "free" section would "cheapen" property values in the spectral neighborhood. Better to keep as much spectrum out of the hands of the public, in order to keep the value sky-high.
The Europeans are getting their act together through the ETSI, and telling each national government to clear out all military and commercial users from the 5GHz 802.11h band. They've been studying this for at least the last two years, and finding very little in the band that isn't easily moved. There are no fixed military radar systems using that part of the 5GHz band, but some agile systems may sweep through it.
802.11a may never be allowed in Europe, and given the speed *ahem* working group H is proceeding, the first 802.11h kit might be available soon after WARC. Of course, h kit is much more complex than a kit, meaning longer times to market, more expensive, and lots of interop problems are going to be seen between chipsets. But the DFS/TPC features will mean many more 802.11h products can co-exist in dense city centres, where it counts. The american chip designers placed their bets on getting 802.11a to market faster with a less capable product in the hopes grabbing the lions share.
When the rest of the world starts using 802.11h for all kinds of shiny cool toys, the U.S. may outlaw it in the name of national defence. That would be sad, but typical.
This next WARC meeting should be as interesting (in the chinese sense) as the previous ones. Think "a more wretched hive of scum and villainy has never been seen on this planet".
There needs to be more awareness in the internet world about not breaking some of the underlying technologies. What the authors are talking about is sites with fuckheaded admins who blindly block all ICMP traffic with their firewalls.
Path Maximum Transmission Unit Discovery, ICMP type 3 code 4, is sent to an IP stack telling it to send smaller IP packets so the packets don't get fragmented along the way. When nearly 75% of broadband users in Europe are forced to use PPPOE, they count on a working PMTUD message making things work.
There is a workaround, called MSS clamping, built into Roaring Penguin PPPOE (great software, guys!) which tweaks the TCP stack for web traffic. Unfortunately, it breaks all kinds of other traffic which doesn't expect the MSS to change.
So this paper is a good start to informing network admins there is no security risk in allowing some types of ICMP traffic. MSS clamping and PMTUD problems were a main topic of coffee break discussions at the last RIPE meeting. Now it remains to convince the firewall manufacturers to change their defaults so that they aren't breaking more and more of the internet. Adding this information to Firewall-HOWTOs would also be a good idea.
the AC
Re:How to totally screw up any windoze machine
on
Gnarly Error Messages
·
· Score: 3, Interesting
try deleting your own MAC address from the machine.
arp -d [your mac addy]
Note to idiots willing to try this: You will have to completely re-install windows after doing this. You will lose all the data on your hard drives. You will not be able to restore your machine in any other way.
I haven't yet tried this on XP, but I've done demos on 95, 98, nt4 and 2000, and in each time the MCSEs could never recover the system afterwards.
EMI/Virgin records has announced it will earn a US$67million tax credit this year by donating 5.5 million unsold Mariah Carey CDs to charity groups. The CDs will be delivered in CD players glued shut, with no pause/stop buttons and extra long life batteries to ensure they can play continuously for the next 6 months.
An unidentified spokesman for one of the affected charities was quoted as saying "Oh, God! the humanity! Why us? What did we ever do to deserve this?"
There was no comment from the EPA about rumors of an investigation into hazardous waste dumping by EMI/Virgin.
the AC
Source(s) of the OpenBrick
on
Tiny Boxen
·
· Score: 3, Informative
That web site looks much better than the one I found with a little googling.
The original design seems to come from Lucky Star in taiwan, but they went out of business earlier this year. Their PDFs show a lot more details of the boards and connectors.
Nagasaki looks like they have picked up the product line and are continuing with it. It would sure be nice to get a few of these for cheaper than the 470 Euros the OpenBrick guys are reselling them for. I can't google up any other distis here in Europe this late at night. Maybe I'll try again during the working week.
I've learned the chinese/taiwanese shops in the big cities are quite willing to get in exotic parts like these boxen. Every one of them seems to have an uncle or a brother as a contact in taiwan who knows someone, etc. It just takes a little social engineering to get them to dig for you, on the hope you'll buy lots of those components.
I've got a project coming up to make small, cheap, customisable firewalls supporting DSL or cable clients, no fans or noise or hard disks. Has to be half the price of a cisco pix 501, which are on ebay for around 500 euros. This MS2100/OpenBrick box would almost do it, except I don't want to be powering a sound card, parallel port, NTSC video, or all that other useless cruft.
the AC
Re:Mmm, can anyone say car unit?
on
Tiny Boxen
·
· Score: 2
Yes! My first two thoughts were:
Car mounted netstumbler unit for permanent wardriving. When you get home, the unit detects your home WLAN, and transfers the day's results to your awaiting home server. I'm working on some scripts to do this now with a laptop.
Cheap secure WAPs, running SSH/IPSec to force all users to communicate through a tunnel. Cheaper than the cisco units by a tiny amount, but even better, they'll run linux or BSD which could allow some serious customization.
I've been wardriving on two vacations now with an expensive laptop hidden in the back of the car. Not trusting most neighborhoods where I parked, I ended up yanking the laptop every evening to haul around with me. Not optimal. It would be nice to have a small low power unit which could survive random power cuts every time you stop the motor. Something that could be mounted in the boot, with an external antenna camouflaged on the rear deck.
the AC 470 Euros for the cheapest unit, ttc? Fuck me harder guys, these are just some cheap taiwanese SBCs you are importing!
Slashdot Mirror
I have decades (yes, plural) of mainframe experience, but I haven't touched one in a few years. Since I've been out of work for a while, I tried dipping my toes back in the water.
Fuck them. Most companies with mainframes have downsized all the competent managers, the ones who knew how much investment was tied up in the big iron. Then they use some young, stupid, "fresh" managers who wonder why they can't just replace a billion dollars (and 25+ years) worth of investment with a couple of windoze machines and some minimum wage operators. Several I talked to said straight out they only wanted recent experience, a gap of a few years to design and build a world spanning telecomms network meant I couldn't be trusted with the machines I've worked around for 20 years. Not that anything much has changed, except for a huge Y2K investment. But the pointy-hairs are so devoid of clue they are killing their companies because they will only pay shit wages to recent graduates. Then they complain about the lack of experienced workers when they won't even hire untrained kids to help round out the teams and take up the reins when the time comes.
One place was a former client, where I had designed and built a complex remote mainframe operations centre. The new management knew nothing of my work, but the few remaining old timers told them to contact me for a similar job. They could only offer me enough money to laughably call an insult. They had a fixed budget, which they had mostly spent on hiring recent graduates at close to minimum wage. Those guys had no experience with big systems, and thus caused a lot of downtime, and cost the company a lot of money. After more than six months, they had burned through most of the budget, and had to scrap the whole project. The new managers wanted me to do the 4 month project in 4 weeks, because that is how much money they had left. When I accepted (hey, a few weeks pay for project I've done successfully five times), they backed off, claiming they would wait for someone with immediate recent experience. Six months later, and 50 million euros in losses to the company, HR fuckheads are still trying to find anyone currently in an identical job. Fuck them.
Ooops, this rant was in no way influenced by the many, many fine Bruges Tripel consumed earlier this evening.
the AC
Retaining Call Detail Records is fairly common knowledge, but I wouldn't say public knowledge. The public are, in general, too stupid to understand anything more complicated than the weather and the price of food.
used to trace stolen mobile phones
That is what the IMEI number is supposed to help with, but the cost of building and maintaining an industry wide database of stolen phones has made it almost non-existant. When the press reported in Britain last year the most common crime was cell phone theft, there was some political movement to start cutting off stolen phones, but the project has not even started yet. The phone companies are resisting having to run such a system, because it would require cooperation between all the providers, and need a small but expensive full time staff to run.
On the plus side, when I want a new cell phone, I just go to the flea market on a saturday morning. Buy a recently stolen phone for about 10, wander into a dodgy phone card centre and pay them another 10 to unblock/recode the phone, and buy a rechargable phone card from them. 45 for the latest Nokia phone with no long term service contract, not too bad if you can ignore the associated bad karma.
as long as it requires a court order
You're new here, aren't you?
In order for retention to be usable, there will be a nice simple point-n-drool interface for investigators to get the data, along with a way to preserve the raw data to be used in prosecutions. When the system becomes simple to exploit, then requirements like court orders will completely disappear. Today, most of the data is handed over with no questions asked, its only when it is time to go to court that the DPP get formal and file proper court reveiwed requests so the defence can not trash the data in court.
never to a non-govermental agency
Once the tools are in place to easily extract this data, then Eir-con (and Orange and all others) will set up a group to market the service to private companies. They already have a working group asking around about how valuable cooked CDR data would be, if combined with customer data. They want 3rd party companies to purchase access to this data and combine it with other data and services to resell to end users. Think services to companies to track their employees both during work hours and after hours, services to worried parents who want to track their children's phone movements and usage 24/24, and private investigators who want to track down skips or deadbeats.
the AC
Blogs pointing to blogs pointing to blogs. Not one scrap of technical detail, very little political detail, and only innuendo about gardai (police) involvement. Perfect /. fodder.
Irish telcos, thats my old domain. What they are probably talking about is Call Detail Records from telephone switching equipment, SS7 data from SPs and STPs, lookups of SCP features, billing and customer data. The total amount of data is not that large, a few hundred megabytes per day for all landlines in a small market like Ireland. Mobile system switches can generate much more data, such as cell site handoffs, signal strength, power cycle events and SMS content. GSM/GPRS/UMTS data could total 4-6 Gbytes/day in a market with 2 million handsets.
CDR data was normally kept for a legal minimum of 90 days past each billing cycle, to allow for customer service to deal with complaints. Any disputed data would be copied out of the dataset and kept with the customer record in case the problem took a long time to resolve.
Typically, hard disk based CDR and customer records were kept for nine months before being moved to the recovery pool, and the disk/tape space would be recovered within a year. Billing and customer records are kept permanently, or at least ten years until they are unreadable by modern equipment (9 track, Wang magneto-microfiche, and other horrors)
Immediately after the Omagh bombing, a copy of the complete datasets of all systems in the Republic and NI going back at least 10 months was made and turned over to the police and intelligence services. Combing through that data, the investigators were able to track the exact trips made by the usual suspects in the weeks before the bombing, the exact routes they took, and calls made from vehicle to vehicle in the convoy carrying the bomb south to Omagh. The BBC aired a report on all this about two years ago, much to the chagrin of the powers that be.
This does not seem to concern ISPs, at least for the moment. The meeting seems to have been about who pays for longer data retention, and who pays for investigator access to the data. With a dozen requests per week to a telco for detailed records relating to various cases, it could take several experienced and expensive engineers most of their time. The Irish telcos, as well as ones in the U.S., have been trying to make Law Enforcement Access into a revenue centre. If a detective wants the complete calling history of a certain GSM phone, that could be a billable item. If a prosecutor wants additional data for a conviction, they'll have to dig into their budget and pay the telco for the data. The government wants to compel the telcos to provide this service in return for tax incentives, regulatory breaks, and some other backroom deals.
the AC
So this geek pulled this off with a minimum of thought. I admire the fact he did it, and was able to recover the baloon. But really, if he had put a little more thought into this, he'd probably have a much better geek experiment. That's why its version 1.0
:-)
The first time he ever tried assembling the whole thing was sitting in a park the morning of the launch. He had never weighed the whole thing until then, and then just randomly filled the balloon until it "seemed right", but that only got him about 60% of the lift he wanted.
Aligator clips on batteries. Ugh. Plus a quick run home to solder up a permanent connection while his friends hung around the park. Some staging for the week before the flight would have eliminated lots of these little problems.
He didn't check his ham frequency to see if others were using it, and his QRM walked all over other amateurs in the area, and their chatter kept his unit from receiving commands. Bad ham, no cookie!
Obscure perl bugs. Wouldn't be a geek experiment without them.
Bubble wrap for electrical insulation. ZZZZzzzzaaaaapppp!!
Here's to hoping Balloon 2.0 makes it into slashback soon (or just another dupe from CT). With more hacked up sensors, better photos, and a flight track out past Kansas
the AC
Basically we're looking at 512kb/s [in both] directions
/., then your company is going to be in for some very nasty surprises. A company with only one IT guy doesn't have the budget for what the satcomms companies will propose, 512k with both/several ground stations, maintenance contracts, SLAs, installation, training, commisioning, licensing, etc.
For the prices you will pay for 512kb/s, you can afford to hire an engineer who has done this before for less than your first month's bill. If you have so little clue "being the solo IT pleb here" you have to ask
Others have pointed out the technical problems you will face, TCP slow start vs. transaction mode, TCP windows, TCP/UDP/ICMP timeouts. Those technical problems are small compared to the administrative, billing, negotiation and regulatory problems you must deal with. Find an expert, pay them what they are worth, and avoid being screwed by the satcomms companies. It will be worth it, even in the short term.
Packeteer was working on specialised satellite gear, but I don't see anything on their web page. Ask them, their boxes work great for tweaking long latency and high congestion links. Somehow you will have to tweak the machines on both sides of the link, either at the router level or each machine's TCP stack. Consider not allowing "interactive" traffic, especially not web browsing, or putting some severe restrictions on which web sites the lusers can view.
the AC
the .name service should all be put to death (in a texas department of corrections sense of the word) for their crimes against the internet community.
Really, what they have done is squat on tens of thousands of names, in the hopes of extorting a few services from the masses. They don't offer traditional DNS services, where someone types in a name and the resolver returns the IP address of your name server, they are offering only email and web redirecting services. Nothing else.
I want anticypher.name to point to my name server, but they won't do that. They will give me a heavily spammed anti@cypher.name email forwarding service, or a web redirector with WWW tacked on the front. I know a few people who stupidly signed up for these services, and got a torrent of spam afterwards because they are then marked as gullible, naive idiots, the scammers choice of easy victims.
The whole service should die, the sooner the better.
the AC
My senior thesis was over 19 megs
:-)
.bmp full screen captures of the text in various windows, and paste them into powerpoint, then embed the powerpoint objects into cells in an excel spreadsheet with bits of text around to explain each image, then export views from excel into word, and htmlize the result and email it out to the european-wide mailing list. They'll never find the body of the last luser who did that on my network!
Let me guess, your senior thesis was written in word and only 22 pages long? Wow, I gotta get back into an american university. I can crank out 19 meg word docs every week
the AC
First you take
IIIiii jjuuusssssssttttt ppppoooooorrrrreeeeddd aaaa wwwwoooolllleeeee jjaaaaaarrrrrrr oooffffff NNNNNnnnnaaaacccccoooooo ccccCCCCCccccceeeeeesssssseeeee ddddddiiiiiiiiippppp iiiiiiinnnnnntttttooooooooo mmmmmmmmyyyyyyyyyyyyyy kkkkkkkkkeeeeeeeeyyyyyyyyyy bbbbbbbbboooooooooaaaaaaarrrrrrrddddd,,,, iiiitttt sssooooouuuuullllldddd bbbbbbe tttttteeeerrrrreeee aaaannnnnyyy mmmmiiinnnuuuttteee nnnnnnooooowwwww
ttttteeeeee AAAaaaCCCCCCcccccc
[author of cheesedip over IP protocol]
Whoever puts a database outside a firewall
24,432 fuckwits have done so, counting the hits on my firewall. 1 hit on port 1434 yesterday, 0 on thursday.
Wait, there are some dups, it seems that each machine hits the same addresses over and over again, about once every 4 to 12 minutes. grep|awk|sort|uniq gives 11,901 unique IP addresses in my firewall logs.
Quickly scanning a statistical sampling of machines which have probed my IP space, I see that most of them are wide open to the internet. Ports 137/139, 25, 1029, etc. are all available, and 3 of the 11 show BackOrifice on port 31337.
I have a friend (oracle expert) over trying to set up a vulnerable MS Sqweal server so we can study the worms actions on an isolated test network. I want to see which addresses does it scan, rate of repetition, and other things, since the code is pretty simple and just hashes the addresses (low cyclical rate) over and over again. I've also learned some new bad Vlamsk (dutch) language today.
I've got a packet that might crash vulnerable MsSqueal server processes using the same buffer overflow technique. Could be a good return packet to send to scanning machines to get them to shut up until the admins get around to patching/rebooting their fucked windoze machines.
But first I will test it on my own machines, I really don't believe in affecting other's machines on the internet, even if the owners are fuckwits. But after yet another microshit worm fucking things up for everyone else, I've moved my limit closer to their processes.
the AC
I'm also waiting for the first few variants with better IP address scanning routines, which will be much more virulent. Monday will be a *fun* day
To do a reverse lookup, the resolver sends a different request type, asking for a PTR resource record. The form is to put the IP address (or network address) backwards, and append
If you have your own DNS server and watch your DNS traffic, you can see these two effects happening differently.
For a forward (A or MX record) lookup:
Local server queries root server for an A record
Root server responds with NS record for the registry of the domain
Local server contacts registry server for A
Registry server responds with NS records for the domain
Local server contacts the domain's server, which responds with an A record
Local server answers the resolver with the A record.
For a reverse (PTR) lookup, the resolver traverses the netblock providers:
Local server queries the root servers with a properly constructed PTR request (z.y.x.w.in-addr.arpa.)
Root server knows only where major net blocks are allocated, and returns the NS record of a Regional Internet Registry (RIPE, APNIC, etc)
Local server again queries an RIR NS with the PTR
RIR NS knows which ISPs hold which blocks, so responds with the ISP NS record
Local server again queries the ISP NS server, which either has the reverse hostname, or once again returns the NS record of the the local DNS server.
The two different types of queries follow different paths, either Name Registries or Netblock Providers. This article points out that many resolvers are broken because they allow obvious reverse lookups to pass as forward lookups, and then can't deal with the resulting error messages.
I have often seen broken resolvers repeatedly query DNS servers I manage, possibly because as the article points out, fucked firewalls allow the requests out, but block the requests from getting back to the resolver. It happens so much I just ignore it when I see it, its not worth notifying the admins because they are usually too clueless to know how to fix the problem.
the AC
Kinky!
I'm sorry dear, I didn't realise what my geek friends would do with that much duct tape. We can try apologising to your brides maids again, can't we? I know those photos didn't make it too far on the internet, the link just got posted to a little visited site called slashdot. I'm sure those photos will never again surface to embarass your best friend. But you have to admit, they were right about being able to duct tape your father to the ceiling and the sticky would hold him in place. Honey, please tell me you are going to use that carving knife to cut me loose from all this duct tape, right? Please!
Some day we'll all look back on this wedding, laugh nervously and change the subject.
the AC
You can keep me from teaching and singing songs to people by cutting my throat.
"Your terms are acceptable"
--Edgar, Men In Black, now working with the insects of the RIAA
the AC
I hit his page last night (4:30 AM rebuild of a machine with a failed hard drive) right when this article hit /., and his page counter was 19363.
/. effect :-)
That is why network admins fear the
I love his comments on the pringles can, and appreciate that he dumped it as fast as his GI tract dumped the pringles. Real RF hackers build yagi antennas, not helical cantennas. The only reason to go with a shielded helical cantenna is when you want to block unwanted signals in a noisy area, like the centres of large cities when war*ing. In a coastal resort town, just trim down an old TV antenna to the right length/spacing and don't alert the thieves/authorities (same thing) to something interesting on your roof.
the AC
Ford is offering up to two years worth of petrol (gas) when you buy a new car here. I think its 1200 maximum over 24 months.
The catch? They give you a card you can use like a credit card at only one type of gas stations (total-fina-elf associates), and each time you fill your car, you have to enter the odometer reading on the keypad. If you put another brand of petrol in, then you lose the remainder of your free petrol because they can detect you suddenly got a large increase in kilometrage between fillups.
Its the same as a rebate, but tied into making you a habitual customer of their partner gasoline company.
When you sign up for the free petrol offer, you agree they can share the data with their "business partners". They are approaching other companies offering detailed marketing data on buyers, on things like geographic usage (people who drove to the south of spain 3 times this year, etc). They can also track the consumption of petrol quite accurately over a large sampling of their vehicles, which probably gives their engineers more data on fuel efficiency as motors wear over the first two years.
the AC
Whaddya mean my disk is full? Again? /*
But it hasn't been a week since I last did
sudo rm -r
the AC
"The steady state of disks is full." -- Ken Thompson Ahhh, that 'splains it!
Would you really want a bunch of pasty white geeks getting their kit off on stage, and "joining in" on the action?
It would certainly violate most cities decency laws, as well as pushing the bounds of bad taste in ways only John Waters could almost tolerate.
the AC
I'm going to relapse into a quivering useless mass until I purge those thoughts from my poor brain
This pentagon group isn't really looking out directly for the U.S. military, they're a pressure group for the big (lock-mart, boing, et.al.) defence contractors who want that spectrum for themselves for cheap.
The U.S. is sending a large delegation to the WARC (world administrative radio conference) in June/July of 2003, to argue with all the other delegates about, well, everything (amateur bands, satellites, modulation schemes, software radio, digital TV, maritime, aeronautique). This U.S. pressure group is trying to make sure the U.S. delegation fights to ensure the 5GHz band doesn't get given up to the public for free. They want the delegation to try to defeat the move for another globally accepted chunk of spectrum for low cost commercial products.
The meeting was with the main U.S. commercial groups making a fortune off of 802.11b kit(aetheros, intersil, TI, intel), in order to convince them they would be un-patriotic if they try to duplicate the only bright spot in the electronics world today in another small chunk of the spectrum. This in the face of reality of 802.11a products already on the market.
This is old school thinking, to try and preserve the scarcity of the spectrum, because another small "free" section would "cheapen" property values in the spectral neighborhood. Better to keep as much spectrum out of the hands of the public, in order to keep the value sky-high.
The Europeans are getting their act together through the ETSI, and telling each national government to clear out all military and commercial users from the 5GHz 802.11h band. They've been studying this for at least the last two years, and finding very little in the band that isn't easily moved. There are no fixed military radar systems using that part of the 5GHz band, but some agile systems may sweep through it.
802.11a may never be allowed in Europe, and given the speed *ahem* working group H is proceeding, the first 802.11h kit might be available soon after WARC. Of course, h kit is much more complex than a kit, meaning longer times to market, more expensive, and lots of interop problems are going to be seen between chipsets. But the DFS/TPC features will mean many more 802.11h products can co-exist in dense city centres, where it counts. The american chip designers placed their bets on getting 802.11a to market faster with a less capable product in the hopes grabbing the lions share.
When the rest of the world starts using 802.11h for all kinds of shiny cool toys, the U.S. may outlaw it in the name of national defence. That would be sad, but typical.
This next WARC meeting should be as interesting (in the chinese sense) as the previous ones. Think "a more wretched hive of scum and villainy has never been seen on this planet".
the AC
I accidentally deleted my bookmarks
First, you should establish some "Affordable and Safe Data Protection Practices"
Then, maybe, you could spend a few minutes googling up some links from
alt.folklore.computers
the AC
lose your last meal
kill your sex drive for at least a week
cause you to violate several local pr0n ordnances
disturb your sleep for a long time to come
the AC
Don't say I didn't warn you
Well, daytime here. In Europe. No sense in being impolite or immoral with such an outstanding figure in her community.
Funny, since the parent to this message was posted, the number is always engaged. We've slashdotted her phone. Awwwww.
Maybe someone could get her cell phone number as well (a quick search turned up nothing), as americans get charged for incoming cell phone calls.
the AC
[Any Aussies want to pick up the relay?]
There needs to be more awareness in the internet world about not breaking some of the underlying technologies. What the authors are talking about is sites with fuckheaded admins who blindly block all ICMP traffic with their firewalls.
Path Maximum Transmission Unit Discovery, ICMP type 3 code 4, is sent to an IP stack telling it to send smaller IP packets so the packets don't get fragmented along the way. When nearly 75% of broadband users in Europe are forced to use PPPOE, they count on a working PMTUD message making things work.
There is a workaround, called MSS clamping, built into Roaring Penguin PPPOE (great software, guys!) which tweaks the TCP stack for web traffic. Unfortunately, it breaks all kinds of other traffic which doesn't expect the MSS to change.
So this paper is a good start to informing network admins there is no security risk in allowing some types of ICMP traffic. MSS clamping and PMTUD problems were a main topic of coffee break discussions at the last RIPE meeting. Now it remains to convince the firewall manufacturers to change their defaults so that they aren't breaking more and more of the internet. Adding this information to Firewall-HOWTOs would also be a good idea.
the AC
try deleting your own MAC address from the machine.
arp -d [your mac addy]
Note to idiots willing to try this:
You will have to completely re-install windows after doing this. You will lose all the data on your hard drives. You will not be able to restore your machine in any other way.
I haven't yet tried this on XP, but I've done demos on 95, 98, nt4 and 2000, and in each time the MCSEs could never recover the system afterwards.
the AC
EMI/Virgin records has announced it will earn a US$67million tax credit this year by donating 5.5 million unsold Mariah Carey CDs to charity groups. The CDs will be delivered in CD players glued shut, with no pause/stop buttons and extra long life batteries to ensure they can play continuously for the next 6 months.
An unidentified spokesman for one of the affected charities was quoted as saying "Oh, God! the humanity! Why us? What did we ever do to deserve this?"
There was no comment from the EPA about rumors of an investigation into hazardous waste dumping by EMI/Virgin.
the AC
That web site looks much better than the one I found with a little googling.
The original design seems to come from Lucky Star in taiwan, but they went out of business earlier this year. Their PDFs show a lot more details of the boards and connectors.
Nagasaki looks like they have picked up the product line and are continuing with it. It would sure be nice to get a few of these for cheaper than the 470 Euros the OpenBrick guys are reselling them for. I can't google up any other distis here in Europe this late at night. Maybe I'll try again during the working week.
I've learned the chinese/taiwanese shops in the big cities are quite willing to get in exotic parts like these boxen. Every one of them seems to have an uncle or a brother as a contact in taiwan who knows someone, etc. It just takes a little social engineering to get them to dig for you, on the hope you'll buy lots of those components.
I've got a project coming up to make small, cheap, customisable firewalls supporting DSL or cable clients, no fans or noise or hard disks. Has to be half the price of a cisco pix 501, which are on ebay for around 500 euros. This MS2100/OpenBrick box would almost do it, except I don't want to be powering a sound card, parallel port, NTSC video, or all that other useless cruft.
the AC
Yes! My first two thoughts were:
Car mounted netstumbler unit for permanent wardriving. When you get home, the unit detects your home WLAN, and transfers the day's results to your awaiting home server. I'm working on some scripts to do this now with a laptop.
Cheap secure WAPs, running SSH/IPSec to force all users to communicate through a tunnel. Cheaper than the cisco units by a tiny amount, but even better, they'll run linux or BSD which could allow some serious customization.
I've been wardriving on two vacations now with an expensive laptop hidden in the back of the car. Not trusting most neighborhoods where I parked, I ended up yanking the laptop every evening to haul around with me. Not optimal. It would be nice to have a small low power unit which could survive random power cuts every time you stop the motor. Something that could be mounted in the boot, with an external antenna camouflaged on the rear deck.
the AC
470 Euros for the cheapest unit, ttc? Fuck me harder guys, these are just some cheap taiwanese SBCs you are importing!