#1: Everyone ran to the server room. (Time=0) #2: Everyone just stood around for a bit. (Time=+1min)
This shows why every middling sized computing and communication facility needs a well documented procedure in advance of any outage.
In real life, the power outage policy gets written after the first power outage or two:-)
At least once per year you should test your security policy. Make it a big deal with management, decide on a weekend many months in advance and stack your workload to support that. It can really be an excuse to party over a weekend and play around with stuff you normally can't touch for fear of retributuion.
You should cut the power and time how long the UPS boxes keep the servers running. You should see which machines kept running during the switchover. Which machines cleanly shutdown in advance of the batteries dying. Then decide on whether you have to all run to the machine room and shut things down in a panic, or if you have 30 minutes to wait for the power to come back before starting to shut down.
Having it written down can really cover your ass if you've tested it.
Bring your own. I've done a 2 week sail around the mediteranean with a girl I'd met at a friends wedding. I just called her up the next week, and asked if she could take a week off for sun, sea, and sex. By the end of the trip we were completely exhausted from all the sex, sunburned despite all the sunblock, and had a great relaxing time. One hint, 3 couple should not share a boat with only 2 cabins.
And I only went looking for internet cafes in a couple of ports:-)
Put me in category 2 for all mail servers I influence 2) use mail servers that support VRFY, but have disabled it. Its a good security policy, and many sites don't do VRFY or EXPN.
You even have a good reason to not DoS your potential customers who are clueless enough to be using a non-compliant MTA: (Microsoft Exchange 5.0, for example, hangs the Internet Mail Service if you send a VRFY for a valid address)."
That should stop you right there.
But the scary part of your question is
The client produces some extremely dangerous materials, (You'd be surprised at how deadly some of the materials your chips are made of really are....)
You mean like silane, arsine and other dopants for silicon? Hydrazine for etching? Hydrofluoric acid for surface cleaning?
I've worked in silicon foundries before, and it was damn difficult to order, transport, store and use those chemicals. There were a ton of laws controlling every part of their existence(of course, there were a lot more patri^H^H^H^H^Hterrorists around where I was). Are you implying your client is now going to ignore the laws requiring them to establish a solid business relationship before ever transporting the chemicals off site? Sounds like a very irresponsible thing to do, probably illegal.
One small part of this is ensuring that the potential customer has a valid e-mail address. I should hope you are establishing a solid business relationship with any potential customer before allowing them any access to the ordering process. This means face to face meetings, and an inspection of their facilities to meet federal hazmat guidelines. A check for a valid email address is pretty laughable, except for the fact that you might serve some prison time if anything bad ever happens because you shipped a tank of arsene to ima.badguy@terrorist.org and it was opened in the air conditioning of the MPAA offices. Hey, do you smell garlic?
If you have to establish a real B2B electronic relationship with your customers, then get some kind of token generators at a minimum. Cryptocards could help to verify a customer trusted enough to fill in an order form. Or a PGP/RSA style signature to ensure the customer is who they say they are. Search the web, there are hacked versions of sendmail which will tack on a PGP signature to any email matching certain criteria.
Your answer lies elsewhere for e-commerce security, young grasshopper. Seek out the knowledgable old farts who have done this before.
Ethernet was a direct descendant of the alohanet protocols. The first ethernet was a 3Mbps implementation of aloha, contained on a thick coax cable with terminators at each end, and each machine was assigned a callsign in what are now destination and source addresses. The original project was to simulate a number of radio stations, without actually transmitting, hence the name ethernet to indicate the coax was simulating the ether.
When BBN was developing IP, they looked at alohanet and liked what they saw. So many of the problems worked out by radio amateurs working across a "1 transmitter, many listener, non-reliable transmission" network were incorporated into IP.
Lots of people have email on boats now, it really is the best way to stay in touch at sea.
There are two ends to your problem, the boat end and the land end. You'll need to have radio gear on land, turned on 24/24, 7x7. Given how crowded the HF bands are these days, its not practical to set up your own landside transceiver. There is no way to connect to a dialup ISP these days by tunneling through a radio connection, so abandon that idea now. But there are many boater email services available, a few are linked below.
Satellite gear is expensive, ignore it if you can. It is all high-latency 1200 or 2400 baud packet transmissions, and you end up using the providers email service, and they aren't in the email business. You can't really use satellite phones to make modem calls to any ISP, but if you get desperate set up a 110/300 baud FSK modem on a phone line at home with UUCP on a linux box.
I would assume the boat is already equipped with a good HF radio. If not, then start shopping for a higher end radio with computer control designed to integrate with laptop computers and an SSB HF modem. Read a few boating mags, and a few amateur radio mags for reviews, and search deja for other reports.
In addition to a good HF rig, you'll need a good HF modem. Look at kantronics website for starters.
Get your mother trained up on HF radio operations. There is no easy shortcut when you are 1000 miles from the nearest land. It is as important as learning how to sail and basic emergency procedures.
No matter which route you go, it will be necessary to have a server landside to store the email and filter out spam whenever possible, and to intercept messages containing large attachments. Keep the email address off the internet, don't post it prominently on a web page, or post to usenet from it, or spam will follow. Give it out only to those who your mother wants to communicate with, and send out an explanitory email to her friends not to try to send pictures or big attachments.
The link will be between 300 and 1200 baud, so plan accordingly. But any modern HF gear can run in unattended mode, so picking up email can happen over a period of hours.
There are a bunch of commercial email gateway services to boaters.
Disclaimer, I've used globe, they work but you'll still need to know what you are doing on the boat end. And they cost a lot of money. And they don't have any spam filtering, since they make about $2 to $5 per message transferred.
Test out the service for at least a month before heading off to sea. Try it on a shakedown voyage as well. No sense on spending all that money and time just to haul a bunch of useless equipment to hawaii.
the AC [ I'm jealous as can be, now my day is shot thinking of sailing to hawaii:-]
You've got the SPCC bit right, but I thought United Telco, Centel, and dozens of others were the local interconnect companies who re-sold the capacity to large companies, and ensured connections to the local Bell and GTE plants. But my memory fails me in my old age:-)
SPCC was selling telephone service over buried copper trunks starting in the 1930s, from San Francisco to New Orleans and many other areas in the south. They added microwave capacity in the 60s. In the 80s they started to replace the copper with fibre.
I once saw a map of independent telcos in the US, and the ones that survived the longest and had the best connections were all along the SP track routes, and could negotiate long distance access because there was competition. The independents locked into an area with only Ma Bell to connect to were all eventually driven out of business by the abusive monopoly powers of Ma. Its what started the DoJ's anti-trust case which led to the breakup of Ma Bell. One can only hope the DoJ does better with M$:-)
How difficult is it to direct a pizza delivery guy to the cab of a freight train in the Chicago yards?
I was really young when I first heard of the battles between Sprint and Ma Bell. By the time the justice department started to look at the monopoly status of ol' Ma, they started to interconnect to competing long haul carriers. A few years after you could connect from a Bell to Sprint, MCI was created.
Southern Pacific Railroad INterstate Telephone system. The sales end was known as United Telephone, and they would connect directly to companies near railroad tracks, bypassing the local monopoly.
The rail companies all had their own internal telegraph and telephone systems, since they already had the right-of-way going from town to town. Once they realised they could sell the excess, a whole new industry was born.
The old SPRINT telephone system was a great learning grounds for some early phreakers. Security against fraud was non-existant, and gateways to the regular phone system were almost untraceable. Not that I would know any of this first-hand *ahem*:-)
1) There are almost always spare cables pulled when a control system is put in, for future expansion. Much of the cabling was put in when 1 signal == 1 pair of wires. Now, with modern computerised signalling techniques, 100's of signals == 2 pairs of wires. The extra wires can now be re-used for other things, they won't be carrying railway signals any more.
The highest cost of the internet, magnitudes higher than the routers and PCs, is the physical connection between distant points.
These signal lines will probably not carry web traffic, but lots of store and forward protocols such as email and batch file transfer. But a single linux box in an internet kiosk could provide thousands of villagers with an email address. Larger centres with higher bandwidth could have web browsing available.
2) Not all of indian villages are as primitive as the lowest tier model you mention. Many towns and villages are fairly modern by indian standards, but wireline telephone services are severely lacking because of many problems, copper is stolen by bandits, the population is quite evenly spread out everywhere, with only a few very dense centres making the economics look good. Electricity is starting to penetrate even into the most desolate places. Reliability is poor, but even with 6-12 hours of electricity per day, that's still good enough to route some email.
The most striking thing about india is that many of the poorest people seem to have a lot of free time. If they could be in school learning, they would. If there were jobs available for them, they would be working. With so much time available to them, I would love to see it channeled into learning about the internet and linux and all the other benefits a little knowledge brings. But that can't happen until the internet gets out to kiosks in railway stations in their area.
Maslow's Hierarchy isn't completely relevant here. People who have lived without plumbing don't absolutely require it before starting other projects to improve their lives. As their lives improve, then they will fill in the missing parts. But that doesn't exclude using the internet until there are enough doctors in india to meet everyone's needs.
-------begin/etc/issue---------- This is the AntiCypher main server, maintained by the European Cryptanalysis Association
You are connecting from %%unauthorised-IP-address%%, your unauthorised access has been traced and logged.
Access to this server is strictly forbidden. All access and hacking attempts are logged for prosecution. Please disconnect now.
The system administration team, security.alert@anti.co.uk -------end/etc/issue----------
With a message like this, you don't give away any information about your system. Certainly the information can be obtained through other means, but why help the script kiddies. You've got the basic "go away" requirement to keep the lawyers happy and if another system manager comes knocking on your door, there is an email address for them to contact. Don't put telephone numbers, you are only asking for trouble.
There are a bunch of other tools available, the telephone, contact names and numbers on web pages, whois database, online telephone directories, honeypots, sniffer or etherdump, openview, traceroute, nslookup, dig, looking glass, nmap, netcraft, finger, irc, email, bugtraq, dejanews, attrition.org, and the list goes on. Some are used to track the attack directly, but as Cliff points out, most are used in parallel as out-of-band investigations.
Firewall logs aren't the only tool available to those tracking the crackers. Many organizations are implementing Intrusion Detection Systems, which tend to pinpoint suspicious behaviour without all the large logs. This cuts the time needed to start watching a crack from hours to a few seconds. With a little quick reconfiguring of a network sniffer, much of the attack can be monitored in real time, allowing a quick response to keep the script-kiddie out of the network.
Firewalls are not the only place to be logging activity, in fact they are probably the worst for huge quantities of useless information. Key systems should be logging out-of-normal behaviour as well, allowing system admins to work with the network admins to limit intrusions. But 12Gb of information per day is easily searchable, once you know what you are looking for. It may take a few dozen refinements of your search as you analyse an attack, but a half days worth of work can get you some very precise information out of a few hundred Gbytes.
I use a stripped down, heavily customised version of a commercial system management tool. The real-time filtering and text analysis are fantastic, the engine is a compiled compiler, so analysing 50 to 100 Gbytes per day doesn't even load a sparc ultra 60 with 4 Gbytes of RAM. Many of the searches I run are on the previous week's worth of log files from several dozen systems, which pegs the system load for 10-60 seconds. I can go back and easily identify previous actions such as netPD illegally probing my systems looking for metallica on napster and other security holes.
Start with a packet sniffer to see where the packets are originating. Unless you get lucky and the idiot is coming directly from a dial-up, assume they are coming from a compromised system. Contact the NOC or system admins of those systems, using tools like a web browser (www.compromisedcompany.com) and whois for initial contacts. Also contact the NOC of the internet provider who controls that block of IP addresses, and let them know what is going on. They may have better contact details and can put the sysadmin in touch with you quicker than just leaving voicemail and email on a saturday morning. If the upstream cracked admins track the intrusion back even further, lather, rinse, repeat.
While waiting for the NOCs to respond, look at the types of intrusion probing, and try to figure out what tools the crackers are using. Then go back to your firewall and system logs and look for similar behaviour, you may find other similar attacks which failed, giving you better understanding of what berferd wants. Also, go look at recent postings on bugtraq, attrition.org, search dejanews, and monitor some irc channels. You may just find your network cracker likes to brag about their exploits, thus ensuring they will end up in jail at some point:-)
If you think it would take a knowledgable systems hacker an entire month to do any damage, you are very naive. A knowledgable hacker can get into a system with automated tools, and have a very good idea what is worth poking at after a matter of seconds or at most a few minutes. The best crackers use automated tools to get onto a system, log everything they can in a few seconds, then analyse the results offline. When they come back days or weeks later, the intrusion again only lasts a few minutes. Imagine the fines mediaone would have to pay if the cracker just corrupted some billing information, and thousands of customer complained about outrageous bills. That could be done by a slightly clued in cracker in less than an hour on a system.
And the best tool for actually catching and punishing crackers is a corporate policy allowing network admins to contact law enforcement and work with them. I have an ex-client completely compromised by crackers, but management refuses to implement a policy allowing the sys/net admins to deal with the problem. However, they are willing to throw millions of dollars at any security product with vague promises. They have a 200% turnover rate of their admins because of this.
The first phase of internet ready homes just have to market the fact they have a connection.
The next phase of internet ready communities will have to differentiate themselves by allowing several choices of connection, or perhaps just route to a regional tier 2 carrier with no filtering or firewalling. Or to be family friendly, offer a choice of a raw pipe or tie the connection to the community firewall/filter system.
There were several companies mentioned in the article who are jumping into the market to run the connections for these housing estates. It certainly sounds like a niche market for some smart people. I hope they are smart enough to offer more than just AOL, @HOME, and some other lame pseudo-internet connections. Certainly home-buyers, especially us internet-savvy post-IPO-vested nouveau-riche, will decide which housing estate to look at based on positive reports about good connectivity. Housing developments that only offer AOL will soon find the money goes somewhere else.
I've looked at a couple of "internet ready" homes in the last couple of years. The houses were wired internally with cat5 cable and a small ISDN router, but there was no permanent broadband connection to the internet. That is not "internet ready" by my standards.
This story shows a construction company that gets it. They are laying 2 conduits for fibre directly to each home in their estate, just like they now add connections for all the other utilities like electricity, gas, water and telephone. All that an internet provider has to do is lay a line out to this development, and tie into hundreds of waiting customers.
I'd really like to see housing estates with a clued-in homeowners association running their own router for the area. Then different ISPs would be invited to connect to the estate's POP, and each homeowner could choose their provider and switch between them depending on service and price. The estate could then run fibre to neighboring estate POPs and run local routing which wouldn't need to traverse an ISP, a true Metropolitan Area Network. Since the fibre would have a lot of unused bandwidth (except to my house), they could re-sell the bandwidth to local businesses and cut out the phone companies completely.
Aaaahhhhh, but I'm dreaming of a distant utopia:-)
the AC
[ for those who are building an internet ready house, where I live there are 7 routers, 100baseT running to all rooms in the house, with DSL, cable, ISDN, and wireless connections to several different ISPs in the area. Beat that:-]
How are you doing this, buying a service from your local provider, or creating your own cable network from scratch? If you are thinking of building your own, you will need to buy a headend router, which costs $$$$$$$.
What exactly are you hoping to achieve? Most cable modems have an ethernet connection to connect to your network. In home installations, the modem is really a router, with only a single IP address for a single computer.
Most cable modems are capable of offering up a range of IP addresses, certainly the newer DOCSIS modems have that capability. But it is up to the cable ISP to give/sell you a block of IP addresses instead of just a home user setup. Most cable operators in the US are only targeting the home market with 1 IP per connection, and have no idea how to offer their service to a business. Ask in advance, and don't rely on just calling their ordering line, go make an appointment with their sales department, and let them know you expect a professional level of service and are prepared to pay a slight premium for it. If you are trying to use someone like @HOME, they will cut you off if they detect a business use. They were promising to have a new service called @WORK real soon now, but I haven't seen it yet. @WORK is exactly the same as @HOME, except the T&C's allow you to use it for business use and maybe allow you to create a web server accessible from the internet, and of course it costs 4x the home service.
The way cable modems work, especially the new DOCSIS modems, is that there are several TV channels (6 MHz=~4.5 Mbps) devoted to the downstream connection (towards the user), and only one upstream TV channel (2-6 MHz=~1.2-4.5 Mbps). Typically the upstream channel is getting back to the headend through a series of carefully filtered reverse amps, usually on a channel which isn't propagated downstream by the regular repeaters. Don't count on being able to communicate from one cable modem in your building to another, or to use the cable as the replacement for a network. Their headend router may not allow one modem on the network to see any other modems on the network for security reasons (and also to prevent businesses like yours from doing exactly what you are proposing).
If you get just a single cable modem with a single IP address, then plug it into either a firewall running NAT, or a linux/BSD box with ipchains and ipmasquerading. Have 2 ethernet cards in the firewall/masqing machine, one to the cable modem, the other to your company network which will give all the machines access to the internet. Then you can rest a little easier about cybercriminals stomping all over your companies network (it'll keep the script kiddies out, anyways). Go read the various howto's on ipmasq, ipchains, cable modem connections, and anything else that looks reasonable. Go read cisco's web site, all their documentation is online and a lot of the technical stuff will give you a better understanding.
Holland, as well as Belgium and France, have completely de-centralised collecting and storing data on their citizens. This is because it was centralised to some fashion when the nazis took over and used those lists to weed out undesirables. The nazis seized each community's records, and then slowly but surely weeded out Jews, Gypsies, Gays, Philosophers, left leaning ex-politicians, Clergy, students who dropped out of school (possibly to join resistance), and the list goes on. After the war, it was made as difficult as possible for anyone in charge of the country to efficiently target any single group. It might start in one area, but that would alert others who could then take a counter-action to save lives.
Large random acts of distruction happen very rarely, and if it takes a little extra time to comb through some local tax and phone records to compile a list of people in a neighborhood, then we'll accept that extra bit of inefficiency. It is much better for a government to be inefficient than to give up all your privacy, and perhaps your life, because someone was able to dredge through a nationwide database and decide you are now undesirable.
I think the missing count is way down today, as they manually strike names off of various lists compiled in haste. But the body count is rising slowly as search efforts continue. Almost everyone in my town knows someone or of someone affected by the blast, it's sad, really.
There are several quotes floating around by various famous people who fought for freedom. Some americans, french, indians, south africans, and others who watched the horribly criminal actions of rogue governments who were a little too efficient in their enforcement of unfair laws. Look around, you'll see them as poster's sigs on/. and usenet.
the AC
The upside of having no central tax database is that many people move to a new district every year, because it takes about a year for the tax records to follow them. After 5 or 10 years, the tax authorities will finally catch up, and present a bill for the previous 3 years. YMMV & IANATL:-)
My recommendations follow most of the others. Get Majordomo for handling the list, and any decent MTA like sendmail or qmail for the actual sending. Make sure your machine is fairly reliable, and keep logs of everything you do. If you have problems, you probably are better off to not send out a joke one day than to send 2 or more jokes in a day trying to fix the problem.
Since you are rightly worried about security, I'd recommend going out and reading up on everything you can. bugtraq archives, dejanews, risks archive are a few of the places to start. You've obviously put some time and effort to grow a lame joke list to 10k subscribers, so put some effort into protecting it.
I noticed your emails coming into my/. only account starting soon after you posted this question. Did you notice someone loading up your mailing list with the complete user list scammed from/. ? Are you planning on cleaning up your list, or are you going to wait for each person to go clean it out themselves?
When I moved into this house, it had two phone lines already installed. But since we live entirely on our GSM phones, we didn't get analog access turned on. Tried to get ISDN access, but at the time it wasn't available. Now, thanks to a DSLAM I helped install in the local CO, I've got SDSL and a range of static IP addresses. We've also got cable access, but it doesn't get used as much. Sometime I have access to a major POP with a wireless connection.
The whole order entry process was very wierd, they have ruled it impossible to have a phone line without service. And I was standing in the room with the senior project managers, not trying to do this to an anonymous entry clerk on the end of a phone call. But they couldn't understand how I could live without an analog phone line. Its a very strange world, the old telco mindset.
The lines had battery but no dial tone, so the technician removed them physically from the plant MDF, and wired them straight to the DSLAM. That gave me 1 Mbps in each direction since I didn't need filters at either end. I have one machine powered up all the time in my place dedicated to doing quality checks for the DSL provider. We're on good terms, so I get to do what I want, and in return I help them out with some of the strange technical problems they run into. Of course, if I were to charge them for all that work, they would owe me lots of money, but its a great learning experience for me as well.
My current project for selfish reasons is to get the cable operator and the phone company to talk IP/BGP4 to each other. Traceroute from cable to DSL goes through 14 hops and the UK, even though the routers are only a few meters apart. I've even told them I would help out with the BGP4 routing so only traffic between the 2 systems would pass, and not be a major conduit. But they are both convinced that Belgian law forbids them from talking or connecting to each other. Given the lack of any enforcement of any laws in this country, I doubt it would ever be noticed.
Cellphone, PROS: When I'm on my American phone, I get telemarketer calls all the time, since the area code is the same as my home region, and the prefix has a mix of cell and land lines. Most of the people I know over there get them as well, and just hang up as soon as its obvious the call is not one they want. The telemarketers change their script to try to keep you on the line longer without you abrubtly hanging up. I talked to one last month, and she was perfectly aware she was calling a cell phone number and costing me money. She wanted me to buy cell phone accessories and insurance.
no landline, CONS: Internet access? You still use a POTS modem? xDSL, Cable, Wireless, ISDN and other new technologies should make the analog modem seem archaic. I use my land line for SDSL only, it doesn't have a phone number associated with it. Freaks out the installation technician, even though he knows me through work.
Your friends require you to be in the phone book? I hand my cell number out like candy to anyone who wants it. Phone books over here only have 50% of land lines listed, so most people just shrug if they don't find you in the book.
Speaking for the areas that I know best, Belgium, the Netherlands, France, England, Ireland and parts of eastern Europe, coverage is close to 100%. Other GSM areas cover all the major population centres and main roads, but with less coverage of rural areas. Many areas with no land line coverage often have a GSM signal, since a cell site will cover up to 5000 square Kms over a big flat rural area.
The only parts of Belgium where coverage is spotty is the hilly south east corner, where the signals don't get down into the tiny valleys, and downtown Brusssels when the cell sites get overwhelmed by the huge number of users. France has close to 90% coverage, with only some mountainous regions missing. Even travelling around Hungary, Slovakia, Slovenia and a few other former east bloc countries has an amazing level of coverage.
I've got an american dual-band digital and analog phone for when I have to work in America. I'm constantly surprised how little coverage there is, especially when taking a road trip on the main highways. Even around DC, where I would expect a heavy investment by the local companies to provide 100% coverage, there was no signal in many places.
But getting back on topic, YES, cell phones will eventually replace much of the land line installations, but not all. Businesses will never go wireless, it doesn't make sense except for maybe the sales force. Many citizens will stick to their landlines for now, they just don't lead the kind of lives where a portable makes sense. But younger people crave the independance of a cell phone, and if you read the euro-centric newsgroups you will find a lot of support for those who want to go completely wireless in their lives.
I lived for years without a land line, but it was very tricky to get GSM service without a land line to tie it to. In France, it is close to impossible to get a cell phone without proving 'domicile fixe' with a current phone bill in your name. But friends have done it, first getting the cell phone, then cancelling their land line. Normally FT and Belgacom will not let you cancel your service until you provide them with a new address, so the best plan is to tell them you are moving to another country for a while for work or school. You might even get your deposit back:-)
With any luck, when demand for hard lines starts to decrease, the phone companies will cut the prices way back, making POTS available for more poor people who can't afford it right now.
Give it some time. The M$ nasty letter was only received a few days ago, and after a flurry of press coverage its now a quiet weekend. Go see a new movie or something and give it a rest for a few days. More news will happen when people get back to work monday.
We won't see any real news until one of three things happens
M$ backs down and withdraws their copyright and trade secret claims. They will spin this action as a major victory for them, and quite possibly use it as more ammo requesting the DoJ forget the whole anti-trust action. Expect this to be the most logical outcome.
M$ gets upset because/. hasn't complied with their childish demands, and files a formal lawsuit. When this happens, that's when the gloves come off and the andover/VA linux lawyers can get down and nasty. But expect very little factual information to be posted on/. on the advice of counsel, and lots more coverage in the mainstream press. The lawsuit will be taken up by the ACLU, the EFF, MIT, and many others. M$ will have a hard time, spend millions, and probably lose in the long run. Its doubtful an intelligent law firm would proceed given the forces arrayed against them, but bill gates ego and large bank account can get lawyers to do anything.
The DoJ includes the anti-/. letter as another example of how M$ is truly unrepentant in their agressive stance, and ask for additional penalties. M$ then tries to let the whole thing blow over by being quiet about it, and leaves andover.net in the strange situation of ignoring a cease and desist letter, but with no follow-on legal action in which to defend themselves.
Certainly the/. community can come up with many more scenarios like these.
OptAck has been around for a while, but any commercial IP stack isn't going to implement it. It can and does break TCP transfers, and lusers will just complain the network is broken.
I did like the graph of how a flood of TCP packets shows up at the same time, essentally dumping all 60Mb of IE across a fat pipe all at once. That works when you are only a few hops away from the server (UoW to Redmond, line of sight), but it falls apart if you have 18-20 routers inbetween with widly fluctuating available bandwidth.
Time to hack this into the linux net3 stack as a switch during compile time. ENABLE_OPTIM_TCPACK_FLOOD=true and then get some hacked utilities taking advantage of it. Could be good for cable/dsl/OC3 people, but won't do much for poor modem users. A carefully controlled predictive TCP ACK can increase modem connections as well for big transfers. Another fun research project to take up my precious time AAAAUUUUGGGGGHHHHH!!!!:-):-)
This is making the rounds of some *nix mailing lists today. Rather than spam all the people I know, I'm posting it here for you to twitter at.
------------- Begin Forwarded Message ------------- For those Unix & Linux fanatics who're feeling left out, please forward this message to everyone you know and delete a bunch of your files at random. ------------- End Forwarded Message -------------
I didn't receive a single ILOVEYOU message from any of my friends or cow-orkers, but then again, most of them aren't clueless enough to be using an unsecured copy of LookOut.
All the probes are coming out of a cable system in the UK. Look on whois.ripe.net for the real source
inetnum: 62.254.209.128 - 62.254.209.159 netname: MP3PLTD descr: Internet applications for the music industry. admin-c: BW2097-RIPE tech-c: COH1-RIPE person: Bruse Ward address: 1st Floor,Godolphin House address: 2 The Avenue address: Newmarket Suffolk. CB8 9AA phone: +44 1633 670000 e-mail: Bruce@mp3police.co.uk nic-hdl: BW2097-RIPE changed: hostmaster@ntli.net 19991221 source: RIPE
but can't find the registry contact for mp3police.co.uk, it seems to be hosted at Xara.net.
According to logs, mp3police.co.uk were actively scanning http, ftp, and napster style connections starting in mid-april. Machines were under occasional cyber-attack by groups of 5 machines, each taking turns probing different services and trying to walk ftp trees on a few anonymous-login servers, and ignored robots.txt on the web servers. Couldn't tell from the logs what they were looking for, but since they didn't try to rattle any exploits, the rogue bots were ignored for more immediate threats.
It should be noted that for a while they were attempting napster type connections on whole banks of IP addresses, whether or not the nodes were running napster. It shows up kind of funny in the security logs when routers are probed by a rogue napster client.
So their scanning pre-dates the lawsuit, or else there were preparations for the suit going on for a long time.
I think mp3police or netpd have been getting ready to sell their services to the first lawsuit to come along. They've collected tons of logs over a period of months, and then when metallica hit the news their marketing guy contacted the lawyers. I wonder what their business plan looks like:-)
Slashdot Mirror
#1: Everyone ran to the server room. (Time=0)
:-)
#2: Everyone just stood around for a bit. (Time=+1min)
This shows why every middling sized computing and communication facility needs a well documented procedure in advance of any outage.
In real life, the power outage policy gets written after the first power outage or two
At least once per year you should test your security policy. Make it a big deal with management, decide on a weekend many months in advance and stack your workload to support that. It can really be an excuse to party over a weekend and play around with stuff you normally can't touch for fear of retributuion.
You should cut the power and time how long the UPS boxes keep the servers running. You should see which machines kept running during the switchover. Which machines cleanly shutdown in advance of the batteries dying. Then decide on whether you have to all run to the machine room and shut things down in a panic, or if you have 30 minutes to wait for the power to come back before starting to shut down.
Having it written down can really cover your ass if you've tested it.
the AC
what about the bitches?
:-)
Bring your own. I've done a 2 week sail around the mediteranean with a girl I'd met at a friends wedding. I just called her up the next week, and asked if she could take a week off for sun, sea, and sex. By the end of the trip we were completely exhausted from all the sex, sunburned despite all the sunblock, and had a great relaxing time. One hint, 3 couple should not share a boat with only 2 cabins.
And I only went looking for internet cafes in a couple of ports
the AC
Put me in category 2 for all mail servers I influence
2) use mail servers that support VRFY, but have disabled it.
Its a good security policy, and many sites don't do VRFY or EXPN.
You even have a good reason to not DoS your potential customers who are clueless enough to be using a non-compliant MTA:
(Microsoft Exchange 5.0, for example, hangs the Internet Mail Service if you send a VRFY for a valid address)."
That should stop you right there.
But the scary part of your question is
The client produces some extremely dangerous materials, (You'd be surprised at how deadly some of the materials your chips are made of really are....)
You mean like silane, arsine and other dopants for silicon? Hydrazine for etching? Hydrofluoric acid for surface cleaning?
I've worked in silicon foundries before, and it was damn difficult to order, transport, store and use those chemicals. There were a ton of laws controlling every part of their existence(of course, there were a lot more patri^H^H^H^H^Hterrorists around where I was). Are you implying your client is now going to ignore the laws requiring them to establish a solid business relationship before ever transporting the chemicals off site? Sounds like a very irresponsible thing to do, probably illegal.
One small part of this is ensuring that the potential customer has a valid e-mail address.
I should hope you are establishing a solid business relationship with any potential customer before allowing them any access to the ordering process. This means face to face meetings, and an inspection of their facilities to meet federal hazmat guidelines. A check for a valid email address is pretty laughable, except for the fact that you might serve some prison time if anything bad ever happens because you shipped a tank of arsene to ima.badguy@terrorist.org and it was opened in the air conditioning of the MPAA offices. Hey, do you smell garlic?
If you have to establish a real B2B electronic relationship with your customers, then get some kind of token generators at a minimum. Cryptocards could help to verify a customer trusted enough to fill in an order form. Or a PGP/RSA style signature to ensure the customer is who they say they are. Search the web, there are hacked versions of sendmail which will tack on a PGP signature to any email matching certain criteria.
Your answer lies elsewhere for e-commerce security, young grasshopper. Seek out the knowledgable old farts who have done this before.
the AC
Ethernet was a direct descendant of the alohanet protocols. The first ethernet was a 3Mbps implementation of aloha, contained on a thick coax cable with terminators at each end, and each machine was assigned a callsign in what are now destination and source addresses. The original project was to simulate a number of radio stations, without actually transmitting, hence the name ethernet to indicate the coax was simulating the ether.
When BBN was developing IP, they looked at alohanet and liked what they saw. So many of the problems worked out by radio amateurs working across a "1 transmitter, many listener, non-reliable transmission" network were incorporated into IP.
the AC
Lots of people have email on boats now, it really is the best way to stay in touch at sea.
:-]
There are two ends to your problem, the boat end and the land end. You'll need to have radio gear on land, turned on 24/24, 7x7. Given how crowded the HF bands are these days, its not practical to set up your own landside transceiver. There is no way to connect to a dialup ISP these days by tunneling through a radio connection, so abandon that idea now. But there are many boater email services available, a few are linked below.
Satellite gear is expensive, ignore it if you can. It is all high-latency 1200 or 2400 baud packet transmissions, and you end up using the providers email service, and they aren't in the email business. You can't really use satellite phones to make modem calls to any ISP, but if you get desperate set up a 110/300 baud FSK modem on a phone line at home with UUCP on a linux box.
I would assume the boat is already equipped with a good HF radio. If not, then start shopping for a higher end radio with computer control designed to integrate with laptop computers and an SSB HF modem. Read a few boating mags, and a few amateur radio mags for reviews, and search deja for other reports.
In addition to a good HF rig, you'll need a good HF modem. Look at kantronics website for starters.
Get your mother trained up on HF radio operations. There is no easy shortcut when you are 1000 miles from the nearest land. It is as important as learning how to sail and basic emergency procedures.
No matter which route you go, it will be necessary to have a server landside to store the email and filter out spam whenever possible, and to intercept messages containing large attachments. Keep the email address off the internet, don't post it prominently on a web page, or post to usenet from it, or spam will follow. Give it out only to those who your mother wants to communicate with, and send out an explanitory email to her friends not to try to send pictures or big attachments.
The link will be between 300 and 1200 baud, so plan accordingly. But any modern HF gear can run in unattended mode, so picking up email can happen over a period of hours.
There are a bunch of commercial email gateway services to boaters.
Check out Message Center , Mobile Marine Radio , the HF on Board guys are cool for DIY, and globe wireless are expensive but reliable.
Disclaimer, I've used globe, they work but you'll still need to know what you are doing on the boat end. And they cost a lot of money. And they don't have any spam filtering, since they make about $2 to $5 per message transferred.
Test out the service for at least a month before heading off to sea. Try it on a shakedown voyage as well. No sense on spending all that money and time just to haul a bunch of useless equipment to hawaii.
the AC
[ I'm jealous as can be, now my day is shot thinking of sailing to hawaii
Now I don't feel like the oldest fart on /. :-)
:-)
:-)
You've got the SPCC bit right, but I thought United Telco, Centel, and dozens of others were the local interconnect companies who re-sold the capacity to large companies, and ensured connections to the local Bell and GTE plants. But my memory fails me in my old age
SPCC was selling telephone service over buried copper trunks starting in the 1930s, from San Francisco to New Orleans and many other areas in the south. They added microwave capacity in the 60s. In the 80s they started to replace the copper with fibre.
I once saw a map of independent telcos in the US, and the ones that survived the longest and had the best connections were all along the SP track routes, and could negotiate long distance access because there was competition. The independents locked into an area with only Ma Bell to connect to were all eventually driven out of business by the abusive monopoly powers of Ma. Its what started the DoJ's anti-trust case which led to the breakup of Ma Bell. One can only hope the DoJ does better with M$
the AC
How difficult is it to direct a pizza delivery guy to the cab of a freight train in the Chicago yards?
I was really young when I first heard of the battles between Sprint and Ma Bell. By the time the justice department started to look at the monopoly status of ol' Ma, they started to interconnect to competing long haul carriers. A few years after you could connect from a Bell to Sprint, MCI was created.
Interconnect, that's where the money is!
the AC
are we off topic yet?
Southern Pacific Railroad INterstate Telephone system. The sales end was known as United Telephone, and they would connect directly to companies near railroad tracks, bypassing the local monopoly.
:-)
The rail companies all had their own internal telegraph and telephone systems, since they already had the right-of-way going from town to town. Once they realised they could sell the excess, a whole new industry was born.
The old SPRINT telephone system was a great learning grounds for some early phreakers. Security against fraud was non-existant, and gateways to the regular phone system were almost untraceable. Not that I would know any of this first-hand *ahem*
the AC
1) There are almost always spare cables pulled when a control system is put in, for future expansion. Much of the cabling was put in when 1 signal == 1 pair of wires. Now, with modern computerised signalling techniques, 100's of signals == 2 pairs of wires. The extra wires can now be re-used for other things, they won't be carrying railway signals any more.
The highest cost of the internet, magnitudes higher than the routers and PCs, is the physical connection between distant points.
These signal lines will probably not carry web traffic, but lots of store and forward protocols such as email and batch file transfer. But a single linux box in an internet kiosk could provide thousands of villagers with an email address. Larger centres with higher bandwidth could have web browsing available.
2) Not all of indian villages are as primitive as the lowest tier model you mention. Many towns and villages are fairly modern by indian standards, but wireline telephone services are severely lacking because of many problems, copper is stolen by bandits, the population is quite evenly spread out everywhere, with only a few very dense centres making the economics look good. Electricity is starting to penetrate even into the most desolate places. Reliability is poor, but even with 6-12 hours of electricity per day, that's still good enough to route some email.
The most striking thing about india is that many of the poorest people seem to have a lot of free time. If they could be in school learning, they would. If there were jobs available for them, they would be working. With so much time available to them, I would love to see it channeled into learning about the internet and linux and all the other benefits a little knowledge brings. But that can't happen until the internet gets out to kiosks in railway stations in their area.
Maslow's Hierarchy isn't completely relevant here. People who have lived without plumbing don't absolutely require it before starting other projects to improve their lives. As their lives improve, then they will fill in the missing parts. But that doesn't exclude using the internet until there are enough doctors in india to meet everyone's needs.
the AC
-------begin /etc/issue----------
/etc/issue----------
This is the AntiCypher main server, maintained by the European Cryptanalysis Association
You are connecting from %%unauthorised-IP-address%%, your unauthorised access has been traced and logged.
Access to this server is strictly forbidden. All access and hacking attempts are logged for prosecution.
Please disconnect now.
The system administration team, security.alert@anti.co.uk
-------end
With a message like this, you don't give away any information about your system. Certainly the information can be obtained through other means, but why help the script kiddies. You've got the basic "go away" requirement to keep the lawyers happy and if another system manager comes knocking on your door, there is an email address for them to contact. Don't put telephone numbers, you are only asking for trouble.
the AC
Your logs are only 12Gb? Thats all? :-)
:-)
There are a bunch of other tools available, the telephone, contact names and numbers on web pages, whois database, online telephone directories, honeypots, sniffer or etherdump, openview, traceroute, nslookup, dig, looking glass, nmap, netcraft, finger, irc, email, bugtraq, dejanews, attrition.org, and the list goes on. Some are used to track the attack directly, but as Cliff points out, most are used in parallel as out-of-band investigations.
Firewall logs aren't the only tool available to those tracking the crackers. Many organizations are implementing Intrusion Detection Systems, which tend to pinpoint suspicious behaviour without all the large logs. This cuts the time needed to start watching a crack from hours to a few seconds. With a little quick reconfiguring of a network sniffer, much of the attack can be monitored in real time, allowing a quick response to keep the script-kiddie out of the network.
Firewalls are not the only place to be logging activity, in fact they are probably the worst for huge quantities of useless information. Key systems should be logging out-of-normal behaviour as well, allowing system admins to work with the network admins to limit intrusions. But 12Gb of information per day is easily searchable, once you know what you are looking for. It may take a few dozen refinements of your search as you analyse an attack, but a half days worth of work can get you some very precise information out of a few hundred Gbytes.
I use a stripped down, heavily customised version of a commercial system management tool. The real-time filtering and text analysis are fantastic, the engine is a compiled compiler, so analysing 50 to 100 Gbytes per day doesn't even load a sparc ultra 60 with 4 Gbytes of RAM. Many of the searches I run are on the previous week's worth of log files from several dozen systems, which pegs the system load for 10-60 seconds. I can go back and easily identify previous actions such as netPD illegally probing my systems looking for metallica on napster and other security holes.
Start with a packet sniffer to see where the packets are originating. Unless you get lucky and the idiot is coming directly from a dial-up, assume they are coming from a compromised system. Contact the NOC or system admins of those systems, using tools like a web browser (www.compromisedcompany.com) and whois for initial contacts. Also contact the NOC of the internet provider who controls that block of IP addresses, and let them know what is going on. They may have better contact details and can put the sysadmin in touch with you quicker than just leaving voicemail and email on a saturday morning. If the upstream cracked admins track the intrusion back even further, lather, rinse, repeat.
While waiting for the NOCs to respond, look at the types of intrusion probing, and try to figure out what tools the crackers are using. Then go back to your firewall and system logs and look for similar behaviour, you may find other similar attacks which failed, giving you better understanding of what berferd wants. Also, go look at recent postings on bugtraq, attrition.org, search dejanews, and monitor some irc channels. You may just find your network cracker likes to brag about their exploits, thus ensuring they will end up in jail at some point
If you think it would take a knowledgable systems hacker an entire month to do any damage, you are very naive. A knowledgable hacker can get into a system with automated tools, and have a very good idea what is worth poking at after a matter of seconds or at most a few minutes. The best crackers use automated tools to get onto a system, log everything they can in a few seconds, then analyse the results offline. When they come back days or weeks later, the intrusion again only lasts a few minutes. Imagine the fines mediaone would have to pay if the cracker just corrupted some billing information, and thousands of customer complained about outrageous bills. That could be done by a slightly clued in cracker in less than an hour on a system.
And the best tool for actually catching and punishing crackers is a corporate policy allowing network admins to contact law enforcement and work with them. I have an ex-client completely compromised by crackers, but management refuses to implement a policy allowing the sys/net admins to deal with the problem. However, they are willing to throw millions of dollars at any security product with vague promises. They have a 200% turnover rate of their admins because of this.
the AC
The first phase of internet ready homes just have to market the fact they have a connection.
The next phase of internet ready communities will have to differentiate themselves by allowing several choices of connection, or perhaps just route to a regional tier 2 carrier with no filtering or firewalling. Or to be family friendly, offer a choice of a raw pipe or tie the connection to the community firewall/filter system.
There were several companies mentioned in the article who are jumping into the market to run the connections for these housing estates. It certainly sounds like a niche market for some smart people. I hope they are smart enough to offer more than just AOL, @HOME, and some other lame pseudo-internet connections. Certainly home-buyers, especially us internet-savvy post-IPO-vested nouveau-riche, will decide which housing estate to look at based on positive reports about good connectivity. Housing developments that only offer AOL will soon find the money goes somewhere else.
the AC
I've looked at a couple of "internet ready" homes in the last couple of years. The houses were wired internally with cat5 cable and a small ISDN router, but there was no permanent broadband connection to the internet. That is not "internet ready" by my standards.
:-)
:-]
This story shows a construction company that gets it. They are laying 2 conduits for fibre directly to each home in their estate, just like they now add connections for all the other utilities like electricity, gas, water and telephone. All that an internet provider has to do is lay a line out to this development, and tie into hundreds of waiting customers.
I'd really like to see housing estates with a clued-in homeowners association running their own router for the area. Then different ISPs would be invited to connect to the estate's POP, and each homeowner could choose their provider and switch between them depending on service and price. The estate could then run fibre to neighboring estate POPs and run local routing which wouldn't need to traverse an ISP, a true Metropolitan Area Network. Since the fibre would have a lot of unused bandwidth (except to my house), they could re-sell the bandwidth to local businesses and cut out the phone companies completely.
Aaaahhhhh, but I'm dreaming of a distant utopia
the AC
[ for those who are building an internet ready house, where I live there are 7 routers, 100baseT running to all rooms in the house, with DSL, cable, ISDN, and wireless connections to several different ISPs in the area. Beat that
How are you doing this, buying a service from your local provider, or creating your own cable network from scratch? If you are thinking of building your own, you will need to buy a headend router, which costs $$$$$$$.
What exactly are you hoping to achieve? Most cable modems have an ethernet connection to connect to your network. In home installations, the modem is really a router, with only a single IP address for a single computer.
Most cable modems are capable of offering up a range of IP addresses, certainly the newer DOCSIS modems have that capability. But it is up to the cable ISP to give/sell you a block of IP addresses instead of just a home user setup. Most cable operators in the US are only targeting the home market with 1 IP per connection, and have no idea how to offer their service to a business. Ask in advance, and don't rely on just calling their ordering line, go make an appointment with their sales department, and let them know you expect a professional level of service and are prepared to pay a slight premium for it. If you are trying to use someone like @HOME, they will cut you off if they detect a business use. They were promising to have a new service called @WORK real soon now, but I haven't seen it yet. @WORK is exactly the same as @HOME, except the T&C's allow you to use it for business use and maybe allow you to create a web server accessible from the internet, and of course it costs 4x the home service.
The way cable modems work, especially the new DOCSIS modems, is that there are several TV channels (6 MHz=~4.5 Mbps) devoted to the downstream connection (towards the user), and only one upstream TV channel (2-6 MHz=~1.2-4.5 Mbps). Typically the upstream channel is getting back to the headend through a series of carefully filtered reverse amps, usually on a channel which isn't propagated downstream by the regular repeaters. Don't count on being able to communicate from one cable modem in your building to another, or to use the cable as the replacement for a network. Their headend router may not allow one modem on the network to see any other modems on the network for security reasons (and also to prevent businesses like yours from doing exactly what you are proposing).
If you get just a single cable modem with a single IP address, then plug it into either a firewall running NAT, or a linux/BSD box with ipchains and ipmasquerading. Have 2 ethernet cards in the firewall/masqing machine, one to the cable modem, the other to your company network which will give all the machines access to the internet. Then you can rest a little easier about cybercriminals stomping all over your companies network (it'll keep the script kiddies out, anyways). Go read the various howto's on ipmasq, ipchains, cable modem connections, and anything else that looks reasonable. Go read cisco's web site, all their documentation is online and a lot of the technical stuff will give you a better understanding.
the AC
Holland, as well as Belgium and France, have completely de-centralised collecting and storing data on their citizens. This is because it was centralised to some fashion when the nazis took over and used those lists to weed out undesirables. The nazis seized each community's records, and then slowly but surely weeded out Jews, Gypsies, Gays, Philosophers, left leaning ex-politicians, Clergy, students who dropped out of school (possibly to join resistance), and the list goes on. After the war, it was made as difficult as possible for anyone in charge of the country to efficiently target any single group. It might start in one area, but that would alert others who could then take a counter-action to save lives.
/. and usenet.
:-)
Large random acts of distruction happen very rarely, and if it takes a little extra time to comb through some local tax and phone records to compile a list of people in a neighborhood, then we'll accept that extra bit of inefficiency. It is much better for a government to be inefficient than to give up all your privacy, and perhaps your life, because someone was able to dredge through a nationwide database and decide you are now undesirable.
I think the missing count is way down today, as they manually strike names off of various lists compiled in haste. But the body count is rising slowly as search efforts continue. Almost everyone in my town knows someone or of someone affected by the blast, it's sad, really.
There are several quotes floating around by various famous people who fought for freedom. Some americans, french, indians, south africans, and others who watched the horribly criminal actions of rogue governments who were a little too efficient in their enforcement of unfair laws. Look around, you'll see them as poster's sigs on
the AC
The upside of having no central tax database is that many people move to a new district every year, because it takes about a year for the tax records to follow them. After 5 or 10 years, the tax authorities will finally catch up, and present a bill for the previous 3 years. YMMV & IANATL
My recommendations follow most of the others. Get Majordomo for handling the list, and any decent MTA like sendmail or qmail for the actual sending. Make sure your machine is fairly reliable, and keep logs of everything you do. If you have problems, you probably are better off to not send out a joke one day than to send 2 or more jokes in a day trying to fix the problem.
/. only account starting soon after you posted this question. Did you notice someone loading up your mailing list with the complete user list scammed from /. ? Are you planning on cleaning up your list, or are you going to wait for each person to go clean it out themselves?
Since you are rightly worried about security, I'd recommend going out and reading up on everything you can. bugtraq archives, dejanews, risks archive are a few of the places to start. You've obviously put some time and effort to grow a lame joke list to 10k subscribers, so put some effort into protecting it.
I noticed your emails coming into my
the AC
When I moved into this house, it had two phone lines already installed. But since we live entirely on our GSM phones, we didn't get analog access turned on. Tried to get ISDN access, but at the time it wasn't available. Now, thanks to a DSLAM I helped install in the local CO, I've got SDSL and a range of static IP addresses. We've also got cable access, but it doesn't get used as much. Sometime I have access to a major POP with a wireless connection.
The whole order entry process was very wierd, they have ruled it impossible to have a phone line without service. And I was standing in the room with the senior project managers, not trying to do this to an anonymous entry clerk on the end of a phone call. But they couldn't understand how I could live without an analog phone line. Its a very strange world, the old telco mindset.
The lines had battery but no dial tone, so the technician removed them physically from the plant MDF, and wired them straight to the DSLAM. That gave me 1 Mbps in each direction since I didn't need filters at either end. I have one machine powered up all the time in my place dedicated to doing quality checks for the DSL provider. We're on good terms, so I get to do what I want, and in return I help them out with some of the strange technical problems they run into. Of course, if I were to charge them for all that work, they would owe me lots of money, but its a great learning experience for me as well.
My current project for selfish reasons is to get the cable operator and the phone company to talk IP/BGP4 to each other. Traceroute from cable to DSL goes through 14 hops and the UK, even though the routers are only a few meters apart. I've even told them I would help out with the BGP4 routing so only traffic between the 2 systems would pass, and not be a major conduit. But they are both convinced that Belgian law forbids them from talking or connecting to each other. Given the lack of any enforcement of any laws in this country, I doubt it would ever be noticed.
the AC
Cellphone, PROS:
When I'm on my American phone, I get telemarketer calls all the time, since the area code is the same as my home region, and the prefix has a mix of cell and land lines. Most of the people I know over there get them as well, and just hang up as soon as its obvious the call is not one they want. The telemarketers change their script to try to keep you on the line longer without you abrubtly hanging up. I talked to one last month, and she was perfectly aware she was calling a cell phone number and costing me money. She wanted me to buy cell phone accessories and insurance.
no landline, CONS:
Internet access? You still use a POTS modem? xDSL, Cable, Wireless, ISDN and other new technologies should make the analog modem seem archaic. I use my land line for SDSL only, it doesn't have a phone number associated with it. Freaks out the installation technician, even though he knows me through work.
Your friends require you to be in the phone book? I hand my cell number out like candy to anyone who wants it. Phone books over here only have 50% of land lines listed, so most people just shrug if they don't find you in the book.
the AC
Speaking for the areas that I know best, Belgium, the Netherlands, France, England, Ireland and parts of eastern Europe, coverage is close to 100%. Other GSM areas cover all the major population centres and main roads, but with less coverage of rural areas. Many areas with no land line coverage often have a GSM signal, since a cell site will cover up to 5000 square Kms over a big flat rural area.
:-)
The only parts of Belgium where coverage is spotty is the hilly south east corner, where the signals don't get down into the tiny valleys, and downtown Brusssels when the cell sites get overwhelmed by the huge number of users. France has close to 90% coverage, with only some mountainous regions missing. Even travelling around Hungary, Slovakia, Slovenia and a few other former east bloc countries has an amazing level of coverage.
I've got an american dual-band digital and analog phone for when I have to work in America. I'm constantly surprised how little coverage there is, especially when taking a road trip on the main highways. Even around DC, where I would expect a heavy investment by the local companies to provide 100% coverage, there was no signal in many places.
But getting back on topic, YES, cell phones will eventually replace much of the land line installations, but not all. Businesses will never go wireless, it doesn't make sense except for maybe the sales force. Many citizens will stick to their landlines for now, they just don't lead the kind of lives where a portable makes sense. But younger people crave the independance of a cell phone, and if you read the euro-centric newsgroups you will find a lot of support for those who want to go completely wireless in their lives.
I lived for years without a land line, but it was very tricky to get GSM service without a land line to tie it to. In France, it is close to impossible to get a cell phone without proving 'domicile fixe' with a current phone bill in your name. But friends have done it, first getting the cell phone, then cancelling their land line. Normally FT and Belgacom will not let you cancel your service until you provide them with a new address, so the best plan is to tell them you are moving to another country for a while for work or school. You might even get your deposit back
With any luck, when demand for hard lines starts to decrease, the phone companies will cut the prices way back, making POTS available for more poor people who can't afford it right now.
the AC
Give it some time. The M$ nasty letter was only received a few days ago, and after a flurry of press coverage its now a quiet weekend. Go see a new movie or something and give it a rest for a few days. More news will happen when people get back to work monday.
/. hasn't complied with their childish demands, and files a formal lawsuit. When this happens, that's when the gloves come off and the andover/VA linux lawyers can get down and nasty. But expect very little factual information to be posted on /. on the advice of counsel, and lots more coverage in the mainstream press. The lawsuit will be taken up by the ACLU, the EFF, MIT, and many others. M$ will have a hard time, spend millions, and probably lose in the long run. Its doubtful an intelligent law firm would proceed given the forces arrayed against them, but bill gates ego and large bank account can get lawyers to do anything.
/. community can come up with many more scenarios like these.
We won't see any real news until one of three things happens
M$ backs down and withdraws their copyright and trade secret claims. They will spin this action as a major victory for them, and quite possibly use it as more ammo requesting the DoJ forget the whole anti-trust action. Expect this to be the most logical outcome.
M$ gets upset because
The DoJ includes the anti-/. letter as another example of how M$ is truly unrepentant in their agressive stance, and ask for additional penalties. M$ then tries to let the whole thing blow over by being quiet about it, and leaves andover.net in the strange situation of ignoring a cease and desist letter, but with no follow-on legal action in which to defend themselves.
Certainly the
the AC
OptAck has been around for a while, but any commercial IP stack isn't going to implement it. It can and does break TCP transfers, and lusers will just complain the network is broken.
:-) :-)
I did like the graph of how a flood of TCP packets shows up at the same time, essentally dumping all 60Mb of IE across a fat pipe all at once. That works when you are only a few hops away from the server (UoW to Redmond, line of sight), but it falls apart if you have 18-20 routers inbetween with widly fluctuating available bandwidth.
Time to hack this into the linux net3 stack as a switch during compile time. ENABLE_OPTIM_TCPACK_FLOOD=true and then get some hacked utilities taking advantage of it. Could be good for cable/dsl/OC3 people, but won't do much for poor modem users. A carefully controlled predictive TCP ACK can increase modem connections as well for big transfers. Another fun research project to take up my precious time AAAAUUUUGGGGGHHHHH!!!!
the AC
This is making the rounds of some *nix mailing lists today. Rather than spam all the people I know, I'm posting it here for you to twitter at.
------------- Begin Forwarded Message -------------
For those Unix & Linux fanatics who're feeling left out, please forward
this message to everyone you know and delete a bunch of your files at
random.
------------- End Forwarded Message -------------
I didn't receive a single ILOVEYOU message from any of my friends or cow-orkers, but then again, most of them aren't clueless enough to be using an unsecured copy of LookOut.
the AC
NTP anyone?
the AC
ObBeowulf reference as well.
its 3:59:59 here in jolly ol' england
the AC
KarmaWhoring for the hell of it, gotta get some sleep.
All the probes are coming out of a cable system in the UK. Look on whois.ripe.net for the real source
:-)
inetnum: 62.254.209.128 - 62.254.209.159
netname: MP3PLTD
descr: Internet applications for the music industry.
admin-c: BW2097-RIPE
tech-c: COH1-RIPE
person: Bruse Ward
address: 1st Floor,Godolphin House
address: 2 The Avenue
address: Newmarket Suffolk. CB8 9AA
phone: +44 1633 670000
e-mail: Bruce@mp3police.co.uk
nic-hdl: BW2097-RIPE
changed: hostmaster@ntli.net 19991221
source: RIPE
but can't find the registry contact for mp3police.co.uk, it seems to be hosted at Xara.net.
According to logs, mp3police.co.uk were actively scanning http, ftp, and napster style connections starting in mid-april. Machines were under occasional cyber-attack by groups of 5 machines, each taking turns probing different services and trying to walk ftp trees on a few anonymous-login servers, and ignored robots.txt on the web servers. Couldn't tell from the logs what they were looking for, but since they didn't try to rattle any exploits, the rogue bots were ignored for more immediate threats.
It should be noted that for a while they were attempting napster type connections on whole banks of IP addresses, whether or not the nodes were running napster. It shows up kind of funny in the security logs when routers are probed by a rogue napster client.
So their scanning pre-dates the lawsuit, or else there were preparations for the suit going on for a long time.
I think mp3police or netpd have been getting ready to sell their services to the first lawsuit to come along. They've collected tons of logs over a period of months, and then when metallica hit the news their marketing guy contacted the lawyers. I wonder what their business plan looks like
the AC