This is my current project, so here is my take on what micros~1 is doing.
First, some background as to what Dynamic DNS truly is, because its obvious most of the slashdotters are posting without a clue. Here's a clue, and its free, as in free software:-) At the end is an opinion, which is not a clue, but can be ignored or countered as you see fit.
What is Dynamin DNS?
DynDNS is result of putting together several RFC documented techniques in a quite nifty way. Start with DNS [rfc1034 & 1035], add DHCP [1531, 1532, 1533, 1534] and tie the two together with Incremental Zone Transfers and Notify [rfc 1995 & 1996], and call it DynDNS [rfc 2136 & 2137].
Read rfcs 1995 & 1996 for a discussion on why full zone transfers [AXFR] are a bad thing (for bandwidth consumption), and see the elegant solution proposed with the incremental zone transfer [IXFR] extension. This is the basis for updating a primary name server with a new RR containing the hostname & IP pair (and IP->hostname reverse pair). You can also use this mechanism to remove a RR when the host is no longer associated with that address. There is also a discussion of security so that only pre-programmed IP addresses can do IXFRs, and allows extensions for fully authenticated updates when someone gets around to writing the code someday.
Read rfc 2132 to understand how a DHCP client does a DHCPREQUEST to a dhcp server, and how it can pass its hostname inside of option 61, client identifier. This is what win9x currently does with its client code, but only a patched version of some dhcp clients for linux do this.
Now, to put it all together.
A machine [win or linux] with a dhcp client boots up, broadcasts a bootp request (the transport mechanism for dhcp) with a DHCPDISCOVER message. A dhcp server on the network responds with its local address in a broadcast (because the client has no IP address at this point, all traffic must be broadcasts), and then the client broadcasts a DHCPREQUEST to that specific server. Contained in the REQUEST packet is option 61, containing the hostname of the machine. In win9x, this is what is entered in the network control panel "computer name" field, in *nix it the contents of/etc/hostname.
Then there is a whole bunch of communication between the dhcp server and client so they both agree on things (go read the rfcs, or sniff some packets off the wire, or both) with the end result the dhcp server now has given the client a lease on an IP address for a certain amount of time.
Now comes the DynDNS bit.
The dhcp server now communicates to the primary name server with an IXFR message, sending a RR containing an A record (and a PTR to the reverse DNS server) with the any and all information that might be contained in a RR, and the TTL is set to one half of the lease time given to the client. If the name and IP address are not currently in the DNS database, they are added. If they already exist, the IXFR message is refused, and the DHCP server must change the name to something unique. This is one mechanism to prevent overwriting your important servers addresses with bogus info.
What micros~1 is doing.
From what I can tell from some presentations I have seen, and playing with win2k beta, they have tied their DynDNS into ActiveDirectory as an attempt to shut out the *nix/OSS implementations until they get a foothold in the corporate door. I can't tell exactly what they are doing until I get a lab testbed set up and see if they interact correctly with BIND 8.2.1 or other rfc2136 compliant systems (someone mentioned cisco's registrar product, its real nice, and real expensive, and not based on any bind code). There is something going on with rfc 2052 defining directory servers on the internet, but I only read enough of it to give me a headache.
Static vs. Dynamic
M$ strategy is to put all IP addresses into AD, making the entire network a big, dynamic mess. As a network guy, I want all the important services to have static IP addresses. This means servers, DNS machines, router ports, mail servers, and anything else that should be stable.
M$ considers servers to be unstable (based on BSoDs and regular reboots), so they want the IP addresses to be dynamic. That's a bad way of thinking.
The article in ZD is actually correct on a lot of things. There are already battles going on between the ultra-reliable thinking *nix admins and the reboots-are-good ninnies who have realised they can't make M$s win2k work in a unix based world.
The only solution is for the OSS community to make a standard implementation of dhcp client, one that by default passes/etc/hostname in option 61 of the DHCPREQUEST, and get that code into every major package out there. Then the FUDders will not be able to do any more than superficial damage.
The high-end cisco certifications are based not on a simple paper test, but on a two day demonstration of your knowledge of designing, building and debugging a modern network. There is a 40% to 60% fail rate for first time testers. When you pay your $1000 for the test, they sit you in front of $1million worth of equipment and give you a handfull of assignments to complete in 8 hours the first day. There is so much to be done you don't have time to look anything up in the documentation except for a few rare commands.
Companies who rely heavily on their networks will pay twice the market rate for a CCIE badged engineer over one with equivalent work experience. When a CCIE walks in the door, they know everything from cabling to major routing protocols, and not just IP protocols but SNA, appletalk, decnet, IPX, and others.
I was a paper CNE, I passed after only 2 days of study and one practice install. I spent 6 months preparing for my CCIE, and that almost wasn't enough. I have access to a pile of cisco equipment and spent 5 to 20 hours per week working on scenarios. You don't just get one of these by reading a few books.
There are only about 4000 CCIEs in the world right now, its a pretty elite clique. When you get the top cert, you can literally name your price:-)
Sorry if you got the impression I truly wanted to make money off of something that should always be free. I have the greatest respect for Jon Postel and all the amazing works he accomplished.
For years there was a.earth domain, and although it wasn't official, it was fun to play with and use for training and playing. Vint Cerf is now working on a couple of projects to expand addressing and routing to the vagaries of space. All of this started a couple of years ago when NASA sent a web server up with the shuttle into orbit, and a new TLD.orb was created for the occasion. It was fun probing around the Root Name Servers to see the delegation to a NASA gateway, and for a short while it allowed zone transfers of the handful of records that existed.
Now.orb has gone away, and there is a working group trying to protect some of the future space naming schemes. Given the various attempts by various organisations to control the TLDs and naming in general, Jon Postel and now the people he inspired are working hard to keep future naming schemes open and available for everyone, not just a greedy corporate controlled WIPO or ICANNt.
From a common quote file: "Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway" --Andrew Tanenbaum
I've lived this quote several times:-)
This quote is relevent to linux users because it originated during some discussions between AST and Linus Torvalds. See: http://www.dina.kvl.dk/~abraham/Linus_vs_Tanenba um.html although I no longer find the quote there:-( check the babyl archives.
This is a bit of old news, Vint Cerf has been working on this for more than a year now. He is acting now in advance of bad decisions expected by the ICANNt and NSI. There has been a fight going on for years over expanding the TLDs from the current 227 to thousands, millions, or an unlimited number.
Then I could be anti@cypher, and my mail would get to me, and you could eyeball my webpage http://www.anti.cypher and so on.
For years I ran a shadow TLD of.earth, and there were several hundred machines on the internet which used.earth with a physical location for a hostname (leuven.earth, london.earth, ougadougou.earth:-) Sendmail on those hosts believed the fake RNSs added to the bind root.hints file, and the whole thing worked quite nicely from 1989 until 1997. Then Vint asked our group to stop using.earth so he could plan on using it as a new TLD as part of an interplanetary addressing scheme.
There are several projects going on at the same time for this "interplanetary internet" (exonet?, xenonet?). Vint Cerf and company are working on an extensible naming scheme for planets, moons, orbits, asteroids and ships in transit.
There is another group working on reliable transmission protocols and routing protocols to deal with huge round trip times and extremely expensive transmission costs. Just ACKing a transmission is not going to cut it, the ACKs need to be piggybacked on transmissions going the other way, and the state machine to keep track of it all will be huge.
There is a group at Caltech working on the low level transmission characteristics (layer 1 stuff) with a large amount of redundancy. Cyclical and longitudinal redundancy woven into the bitstream, multi-frequency phase encoding, all the coolest tech for RF fanatics.
When all this stuff comes together there will be at least one ISS and possibly some private orbital stations. Expect some privately funded space exploration missions as soon as it becomes possible for a corporation to buy some cheap boost to LEO and from there they will start to explore in the hopes of finding something to make their stockholders very rich. I've been predicting for years that cheap space missions will be the next "revolution" to replace all the hype around the internet.
I still want to control.earth as a TLD, and the gateways sending messages between the earth domain and the space domain. Could get very rich that way:-)
ESR is right in that the huge number of *nix variations are slowly being abandoned. Over the years there have been hundreds of *nix variations, and it got to be ridiculous to try and support an application on more than a few of them.
Its a good thing the *nix vendors realize there is more money to be made in service and support, rather than tricky features and special proprietary hardware. As more of them are being absorbed by the OSS model, they realize exactly where the profit comes from and focus on it.
It would be a bad thing if there were too few *nix variations, as many knowledgeable slashdotters point out whenever there is a melissa style virus sweeping thru the media. If there were only 10 or so variations of *nix just like there are only 10 variations of Windoze, then an exploit could hurt many more people with less effort.
I doubt there will ever be only 1 version of unix in the future, but it would be nice to see no more than 20 or 30, with most of them touting their adherence to a common standard for libraries and structure.
Just in case anyone is still reading this thread...
I'm not a windoze type, I normally just work on networks, and anything above layer 4 is ignored.
The last couple of days I was sitting in a microsoft building listening to marketing droids spew about Active Directory, and announcing as a fact that win2k would have a big kickoff on October 7th. Of course, they were so uncertain as to what was in AD, I doubt these low-level serfs actually know what redmond will do any more than an outsider. Just because they are badge wearing certifiable microserfs doesn't give them any more insight than the press reports they read.
If you want to know where the next big round of security holes on networks will come from, look to active directory. Closed source bloatware security for micro~1 networks where its own security was added as an afterthought.
From what I heard a few minutes ago, you are right about the Release Candidates. RC1 aka beta 4 will be available in the next few weeks. There might possibly be several RCs, just to fix embarassing cosmetic bugs or show-stopping fuckups. Only the most trusted people will be getting the RCs to test.
But the guy from micro~1 swears on the Oct 7 date, and I've got 6 weeks to be ready for it. Bleh.
Was just told today the ship date has been fixed for Oct 7th, and the media machines are to be unleashed immediately.
Any certified developer who has submitted a bug for beta 3 will be allowed to order a CD with beta 4, which is the final candidate. Beta 4 is timebombed, and won't be DLable from micr~1.com.
This was from a M$ drone, so I'll believe it on Oct 7th, not a day before:-)
How come since the Linux World Expo we have been getting many recycled news items, most are months old, and most have been on slashdot before.
Here we have an article from April on a radar for cops to detect a person on the other side of a wall. Old news.
Then there is the month old article on NSI changing the whois rules, covered originally in http://slashdot.org/articles/99/07/07/1744250.sh tml and regurgitated in http://slashdot.org/article.pl?sid=99/08/18/0151 203
I was hoping the andover buyout would help slashdot become better, giving our cherished cmdrTaco and Hemos some time to better read their submissions and make good choices.
Does anyone else notice this, or should I just be moderated into oblivion on this topic?
the AC slashdot! Old news for nerds, stuff thats been covered and forgotten by the mainstream press.
How many people reading/. keep a list of important IP addresses with their computer?
In case of RNS failure (its happened a couple of times) can you still read/.? The routers running the internet don't need DNS to keep routing, as long as you can put an IP address into your browser you will be happy.
I've written a script which pulls out a handful of IP addresses from my bind cache every few hours, so I can drop back to an IP only level of connectivity when (not if) things break again. The biggest problem with broken DNS is sendmail implementations which require a DNS lookup before accepting/processing a connection.
Actually, this sounds like business as usual in Europe. Micro~1 has rebounded lately in their pressure on PC makers in europe when they realized the commission has no enforcement of articles 81, 82 and 83 (and a few others). Micro~1 is smart, they don't explicitly put the exclusion in writing, but the companies know very well they must be 100% M$ or they will not have their license renewed next year.
Several large customers who were able to negotiate deliveries of non-M$ machines a year ago are no longer able to get machines without win98 pre-installed. Even customers with site licenses are once again being forced to pay the micro~1 tax on all new machines from Dell, Gateway, and others.
I doubt a couple of emails from a low level acount manager to a university in Belgium would be enough to get the commission moving on the issue. Micro~1 is now reaping the rewards from scaring off the investigators, by once again forcing all computer users to pay the tax. They can act with impunity for the next year or more inside of Europe until after the next round of elections.
I think/. would do better to find more stories on cool new toys, nanotech, space, and real computer advances, and spare us from more micro~1 bashing.
Routers have enough other things to do than try and detect a machine sniffing. Cisco routers (75% of the internet) don't have any such capability directly built in.
The l0pht anti-sniff program just does a couple of well known tricks to detect the response time of a normal machine hacked to be in promiscuous mode. A router could be used to do the same thing, just a bit more crudely, with less reliability (antisniff is pretty unreliable, I've been testing with it)
Your router admin sounds like a know-it-all with no real knowledge. Ask for details, and if you get anything solid then email me. I'm always looking for new tricks:-)
As I've said before on slashdot, intel put the cpu ID opcode into the Pentium III at the request of micro~1.oft. The ID function built into each CPU will be one of the main components of the software rental business.
Software rental will require a scheme where a user can contact a rental server, enter their CPU and credit card details, then store this information locally so the software can check for current rental authorization before running.
The software can be pre-installed on the machine (the current micro~1.oft model of bundling all its software with the OS), or delivered as a try-before-buy demo CD, or DLable from the internet or ASP, use your imagination.
The user then has to enter into an agreement with the owner of the software to rent/license the software for a certain amount of time. The ASP then returns a certificate (strong encryption is their friend here!) which unlocks the software for a certain amount of time/usage (1 year or 3000 saves, whichever comes first).
The software then uses a cryptographically secure hash to compare the CPU ID, authenticated timecode (from an internet source), a local cert accompanying the software image, and the licensing cert sent by the ASP.
As others have pointed out here, the UCITA is another key component to protect software rental schemes like timebombing and limited usage, and to prevent reverse engineering with criminal penalties. Where the Sun/Oracle network computer model didn't make sense 2 years ago, now with the UCITA it starts to make a lot more sense.
I have to deal with timebombed rental/demo software all the time, it is a real pain in the ass. I've got clients who accidently base some key part of their NOC on some timebombed code, which blew up earlier this year. The outages were bad enough some of them made the news, but PR people were able to blame glitches or lightning storms. This rental model is going to fail in the long term, and the medium term peak will not be the trillion $$$ revenue stream some are predicting, but it might reach 10%-20% of the total software market before collapsing.
Last year a client required a 100% response on a y2k questionnaire before they would pay their invoices. They required everyone to provide a list of suppliers and rate their importance and provide proof we contacted them, received a y2k compliance statement, and forwarded it on.
So we rated importance of suppliers like this: Loo paper Junk food Coffee Breakfast cereal Electricity
Then we wrote up a justification on the importance of bog roll (toilet paper) to the proper functioning of a company, indicated that all rolls had no date function, provided a list of alternatives, risks of loss of supply on morale and productivity. Pretty funny stuff. We submitted it with a handful of y2k statements we found on the web, and got paid.
If I weren't on the road now I could post a copy, get some feedback for new ideas in case anyone else is stupid enough to ask us for another statement.
the AC KY-2K: when you have to cram four digits where only two would fit before
Yes, there were many different architectures of computers back in the 70's. Some were 36 bit (DEC PDP-10), some were 72 bit (Burroughs something), and others had "really big words" of 128 bits. There was no standard, just whatever the engineers decided was big enough.
Intel and others are just now getting to true 64 bit architecture because they are sticking it all on one chip. That doesn't mean the government had 64 bit chips 30 years ago. They just bought whatever the computer manufacturers made at the time, and I'm sure some of them internally had 64+ bits of bus width or accumulator space.
The U.S. government classified teflon (PTFE) during the war, because it was used to line pipes in uranium extraction equipment. But a french chemist discovered the same thing in 1957, and took out a patent on it, then sold the patent to a frying pan company so they could make non-stick pans. A few years later the U.S. government discovered what was going on when the pans started showing up in department stores and went ape shit.
They made one attempt asking the french government to classify the substance before they realised it was a hopeless cause. The french like to recall this story every time the U.S. tries to get europeans to do things the 'Merkin way. Its the same for encryption.
If Shamir is touting this design, I think it is more to scare people into believing short keys are soon to be crackable, and this will get them to demand much longer keys. The design is very "blue sky", with all the emphasis on optical computing on a very large scale. But if OC takes off in the next few years, then any university with an OC lab could produce a machine like this as a student group project. Then all the short key length RSA protected systems are at risk. Shamir is just trying to bump the key length up to something reasonable for the next decade or so.
Outside of a little village called Villers-la-Chevre (the goat village).
There was a few hundred blue sky seekers there, most drove up in the last few minutes before totality. But the big spot of blue sky kind of filled up at the last minute as the temperature dropped. Not bad enough to miss any of the eclipse.
I was looking to the next ridge of fields to the west, and there was a big spot of direct sunshine (lucky people). I could also see a few other fields further north and west.
Right before the totality the field about 5 Kms west just faded out, and then a second later we got into darkness ourselves, so I missed that moment where the last bead of light winks out. I made up for it by seeing the sun re-appear, so I didnt see if there was a wave of light rushing to the west.
There were too many clouds around the area to properly see the shadow. I've seen the shadow approach in another eclipse years ago in North America, where we had a good clear sky. But it happens so fast you have to decide where you are going to be looking, either up or in the direction of the shadow.
The bad part about having a sky mostly filled with clouds was no interference patterns on the ground. In an eclipse with a clear sky, there are wavy light patterns all over everything. Its a pretty cool side effect.
This webserver was on/. about 2 months ago. It was generally agreed the "compliant TCP/IP stack in 256x12 bit words" was bogus.
Although the web page has been updated to include more info, I'm still a bit skeptical. Now it has a ROM and the iPIC, so they might be able to allow single connections and serve up a simple page.
Lets see the source code (granted, its going to be hand crafted binary)
Was out in eastern france earlier today, beat the traffic out there by leaving last night, then spent the morning finding a place with some sunshine.
I was up on the top of a ridge with a few hundred other people spread around the fields. We were able to see the shadow coming at us across the fields right as the sun winked out. Then there was a lot of cheering and horn honking, and when the light came back 2 minutes later everyone just went wild.
The temperature dropped from 17 C at 11:00, to 12 C during the eclipse, then went back up to 21 later in the day. And the clouds got thicker as the temperature dropped, which made it a bust for most people.
The corona was amazing. It was so bright in the sky, but everything else around was dark. Didn't see any stars or planets, but that was because there were still too many clouds in the area, and most of the time I was looking at the corona through a thin cloud.
And the GSM telephone network was saturated for about 20 minutes, as everyone phoned everyone else to swap stories.
It took 7 hours to get back to Paris, the traffic was pretty dense. Millions of dutch and germans heading north, millions more parisians heading home. What was wild is that everyone seems friendly today on the roads, having all been out to share a common experience.
This has been punted around the industry for a few years now. Read some back issues of the IEEE mags, especially the Technically Speaking column.
This is a great idea, because it separates the two systems of ^10 and ^2. The only ones who will suffer in the long run are the marketing assholes who like to cheat in their specifications.
Without a doubt, even if this system is adopted (and it will be, the debate has gone on for years, and is now tilting towards acceptance), it will be another decade or two until it reaches widespread use. But for a while, it will hilight the differences between leading edge geeks who like change, and unimaginative nerds who like things to stay the same (640 Kbytes is enough memory for anyone for ever).
The only thing I would also like to see is some larger and smaller values, into the ranges of 2^-100 and 2^100 or even further. How much space will there be if the other story on 3D holographic storage turns out to be the next great thing? I would love to have a credit card sized 2^100 bytes of information, could keep all the world's pr0n and MP3s on it:-)
I've been seeing this promise for years. There are a number of stumbling blocks...
The problem has to lend itself to parallel computation. This means most simple inline code with simple branches doesn't take advantage of parallelism. So the program has to be written to break the problem into small chunks which can be processed asynchronously in parallel. The program has to re-assemble the results into a cohesive whole, re-calcing the missing bits as needed.
For multi-machine parallel processing, there has to be a whole suite of network communication protocols. These protocols have to ensure parts are distributed correctly to waiting machines, and valid results are returned. On top of that, you have to re-assemble the parts before returning them to the calling program, since the processing power of individual nodes is generally unknown, forcing results to be returned at random times. There also has to be a mechanism to duplicate the work sent to a node in case no answer is returned within a reasonable amount of time.
There was a parallel computing model called Linda put out in the early 1980s which tried to take advantage of networking. The idea was for something like distributed.net, with hundreds of machines all participating in parallelism. Some machines would be designated as Compute Servers, basically Crays sitting on the networks for any spreadsheet to take advantage of. The designers were eventually overwhelmed with the logistics keeping track of all the outstanding queries and responses. The overhead in the main controlling program grew expotentially as large problems were spread to hundreds of other machines, and eventually the main machine was doing nothing but keeping track, not working on the problem at hand.
Parallism is a different mindset from sequentialism (turing machines), where every large problem has to have clearly defined interfaces between each subset of small problems. It works for cracking MD5 keys, because each subset is a range of keys, and for S@H with their time and frequency ranges.
I hope the slashdotting of the server stops when school gets back in session.
Hey, if the "capitol of Burkina Faso" question made it into the list, what about all the other good, off topic questions? Could have had some outlandish answers. Maybe some of them will work their ways into future strips:-)
Anyways, we love ya, Illiad. Keep up the good work.
Slashdot Mirror
This is my current project, so here is my take on what micros~1 is doing.
:-) At the end is an opinion, which is not a clue, but can be ignored or countered as you see fit.
/etc/hostname.
/etc/hostname in option 61 of the DHCPREQUEST, and get that code into every major package out there. Then the FUDders will not be able to do any more than superficial damage.
First, some background as to what Dynamic DNS truly is, because its obvious most of the slashdotters are posting without a clue. Here's a clue, and its free, as in free software
What is Dynamin DNS?
DynDNS is result of putting together several RFC documented techniques in a quite nifty way. Start with DNS [rfc1034 & 1035], add DHCP [1531, 1532, 1533, 1534] and tie the two together with Incremental Zone Transfers and Notify [rfc 1995 & 1996], and call it DynDNS [rfc 2136 & 2137].
Read rfcs 1995 & 1996 for a discussion on why full zone transfers [AXFR] are a bad thing (for bandwidth consumption), and see the elegant solution proposed with the incremental zone transfer [IXFR] extension. This is the basis for updating a primary name server with a new RR containing the hostname & IP pair (and IP->hostname reverse pair). You can also use this mechanism to remove a RR when the host is no longer associated with that address. There is also a discussion of security so that only pre-programmed IP addresses can do IXFRs, and allows extensions for fully authenticated updates when someone gets around to writing the code someday.
Read rfc 2132 to understand how a DHCP client does a DHCPREQUEST to a dhcp server, and how it can pass its hostname inside of option 61, client identifier. This is what win9x currently does with its client code, but only a patched version of some dhcp clients for linux do this.
Now, to put it all together.
A machine [win or linux] with a dhcp client boots up, broadcasts a bootp request (the transport mechanism for dhcp) with a DHCPDISCOVER message. A dhcp server on the network responds with its local address in a broadcast (because the client has no IP address at this point, all traffic must be broadcasts), and then the client broadcasts a DHCPREQUEST to that specific server. Contained in the REQUEST packet is option 61, containing the hostname of the machine. In win9x, this is what is entered in the network control panel "computer name" field, in *nix it the contents of
Then there is a whole bunch of communication between the dhcp server and client so they both agree on things (go read the rfcs, or sniff some packets off the wire, or both) with the end result the dhcp server now has given the client a lease on an IP address for a certain amount of time.
Now comes the DynDNS bit.
The dhcp server now communicates to the primary name server with an IXFR message, sending a RR containing an A record (and a PTR to the reverse DNS server) with the any and all information that might be contained in a RR, and the TTL is set to one half of the lease time given to the client. If the name and IP address are not currently in the DNS database, they are added. If they already exist, the IXFR message is refused, and the DHCP server must change the name to something unique. This is one mechanism to prevent overwriting your important servers addresses with bogus info.
What micros~1 is doing.
From what I can tell from some presentations I have seen, and playing with win2k beta, they have tied their DynDNS into ActiveDirectory as an attempt to shut out the *nix/OSS implementations until they get a foothold in the corporate door. I can't tell exactly what they are doing until I get a lab testbed set up and see if they interact correctly with BIND 8.2.1 or other rfc2136 compliant systems (someone mentioned cisco's registrar product, its real nice, and real expensive, and not based on any bind code). There is something going on with rfc 2052 defining directory servers on the internet, but I only read enough of it to give me a headache.
Static vs. Dynamic
M$ strategy is to put all IP addresses into AD, making the entire network a big, dynamic mess. As a network guy, I want all the important services to have static IP addresses. This means servers, DNS machines, router ports, mail servers, and anything else that should be stable.
M$ considers servers to be unstable (based on BSoDs and regular reboots), so they want the IP addresses to be dynamic. That's a bad way of thinking.
The article in ZD is actually correct on a lot of things. There are already battles going on between the ultra-reliable thinking *nix admins and the reboots-are-good ninnies who have realised they can't make M$s win2k work in a unix based world.
The only solution is for the OSS community to make a standard implementation of dhcp client, one that by default passes
the AC
The high-end cisco certifications are based not on a simple paper test, but on a two day demonstration of your knowledge of designing, building and debugging a modern network. There is a 40% to 60% fail rate for first time testers. When you pay your $1000 for the test, they sit you
:-)
in front of $1million worth of equipment and give you a handfull of assignments to complete in 8 hours the first day. There is so much to be
done you don't have time to look anything up in the documentation except for a few rare commands.
Companies who rely heavily on their networks will pay twice the market rate for a CCIE badged engineer over one with equivalent work experience. When a CCIE walks in the door, they know everything from cabling to major routing protocols, and not just IP protocols but SNA, appletalk, decnet, IPX, and others.
I was a paper CNE, I passed after only 2 days of study and one practice install. I spent 6 months preparing for my CCIE, and that almost wasn't
enough. I have access to a pile of cisco equipment and spent 5 to 20 hours per week working on scenarios. You don't just get one of these by
reading a few books.
There are only about 4000 CCIEs in the world right now, its a pretty elite clique. When you get the top cert, you can literally name your price
the AC
Sorry if you got the impression I truly wanted to make money off of something that should always be free. I have the greatest respect for Jon Postel and all the amazing works he accomplished.
.earth domain, and although it wasn't official, it was fun to play with and use for training and playing. Vint Cerf is now working on a couple of projects to expand addressing and routing to the vagaries of space. All of this started a couple of years ago when NASA sent a web server up with the shuttle into orbit, and a new TLD .orb was created for the occasion. It was fun probing around the Root Name Servers to see the delegation to a NASA gateway, and for a short while it allowed zone transfers of the handful of records that existed.
.orb has gone away, and there is a working group trying to protect some of the future space naming schemes. Given the various attempts by various organisations to control the TLDs and naming in general, Jon Postel and now the people he inspired are working hard to keep future naming schemes open and available for everyone, not just a greedy corporate controlled WIPO or ICANNt.
For years there was a
Now
Sorry for the misunderstanding
the AC
From a common quote file:
:-)
a um.html :-( check the babyl archives.
"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway"
--Andrew Tanenbaum
I've lived this quote several times
This quote is relevent to linux users because it originated during some discussions between AST and Linus Torvalds. See:
http://www.dina.kvl.dk/~abraham/Linus_vs_Tanenb
although I no longer find the quote there
the AC
This is a bit of old news, Vint Cerf has been working on this for more than a year now. He is acting now in advance of bad decisions expected by the ICANNt and NSI. There has been a fight going on for years over expanding the TLDs from the current 227 to thousands, millions, or an unlimited number.
.earth, and there were several hundred machines on the internet which used .earth with a physical location for a hostname (leuven.earth, london.earth, ougadougou.earth :-) Sendmail on those hosts believed the fake RNSs added to the bind root.hints file, and the whole thing worked quite nicely from 1989 until 1997. Then Vint asked our group to stop using .earth so he could plan on using it as a new TLD as part of an interplanetary addressing scheme.
.earth as a TLD, and the gateways sending messages between the earth domain and the space domain. Could get very rich that way :-)
Then I could be anti@cypher, and my mail would get to me, and you could eyeball my webpage http://www.anti.cypher and so on.
For years I ran a shadow TLD of
There are several projects going on at the same time for this "interplanetary internet" (exonet?, xenonet?). Vint Cerf and company are working on an extensible naming scheme for planets, moons, orbits, asteroids and ships in transit.
There is another group working on reliable transmission protocols and routing protocols to deal with huge round trip times and extremely expensive transmission costs. Just ACKing a transmission is not going to cut it, the ACKs need to be piggybacked on transmissions going the other way, and the state machine to keep track of it all will be huge.
There is a group at Caltech working on the low level transmission characteristics (layer 1 stuff) with a large amount of redundancy. Cyclical and longitudinal redundancy woven into the bitstream, multi-frequency phase encoding, all the coolest tech for RF fanatics.
When all this stuff comes together there will be at least one ISS and possibly some private orbital stations. Expect some privately funded space exploration missions as soon as it becomes possible for a corporation to buy some cheap boost to LEO and from there they will start to explore in the hopes of finding something to make their stockholders very rich. I've been predicting for years that cheap space missions will be the next "revolution" to replace all the hype around the internet.
I still want to control
the AC
ESR is right in that the huge number of *nix variations are slowly being abandoned. Over the years there have been hundreds of *nix variations, and it got to be ridiculous to try and support an application on more than a few of them.
Its a good thing the *nix vendors realize there is more money to be made in service and support, rather than tricky features and special proprietary hardware. As more of them are being absorbed by the OSS model, they realize exactly where the profit comes from and focus on it.
It would be a bad thing if there were too few *nix variations, as many knowledgeable slashdotters point out whenever there is a melissa style virus sweeping thru the media. If there were only 10 or so variations of *nix just like there are only 10 variations of Windoze, then an exploit could hurt many more people with less effort.
I doubt there will ever be only 1 version of unix in the future, but it would be nice to see no more than 20 or 30, with most of them touting their adherence to a common standard for libraries and structure.
the AC
Just in case anyone is still reading this thread...
I'm not a windoze type, I normally just work on networks, and anything above layer 4 is ignored.
The last couple of days I was sitting in a microsoft building listening to marketing droids spew about Active Directory, and announcing as a fact that win2k would have a big kickoff on October 7th. Of course, they were so uncertain as to what was in AD, I doubt these low-level serfs actually know what redmond will do any more than an outsider. Just because they are badge wearing certifiable microserfs doesn't give them any more insight than the press reports they read.
If you want to know where the next big round of security holes on networks will come from, look to active directory. Closed source bloatware security for micro~1 networks where its own security was added as an afterthought.
the AC
From what I heard a few minutes ago, you are right about the Release Candidates. RC1 aka beta 4 will be available in the next few weeks. There might possibly be several RCs, just to fix embarassing cosmetic bugs or show-stopping fuckups. Only the most trusted people will be getting the RCs to test.
But the guy from micro~1 swears on the Oct 7 date, and I've got 6 weeks to be ready for it. Bleh.
the AC
Oh wait, Kiki is not a SW character :-)
Oooooh, a light saber, pretty! Can I play with it? Poing!!! Poing!!
the AC
Was just told today the ship date has been fixed for Oct 7th, and the media machines are to be unleashed immediately.
:-)
Any certified developer who has submitted a bug for beta 3 will be allowed to order a CD with beta 4, which is the final candidate. Beta 4 is timebombed, and won't be DLable from micr~1.com.
This was from a M$ drone, so I'll believe it on Oct 7th, not a day before
the AC
How come since the Linux World Expo we have been getting many recycled news items, most are months old, and most have been on slashdot before.
h tml 1 203
Here we have an article from April on a radar for cops to detect a person on the other side of a wall. Old news.
Then there is the month old article on NSI changing the whois rules, covered originally in
http://slashdot.org/articles/99/07/07/1744250.s
and regurgitated in
http://slashdot.org/article.pl?sid=99/08/18/015
I was hoping the andover buyout would help slashdot become better, giving our cherished cmdrTaco and Hemos some time to better read their submissions and make good choices.
Does anyone else notice this, or should I just be moderated into oblivion on this topic?
the AC
slashdot! Old news for nerds, stuff thats been covered and forgotten by the mainstream press.
How many people reading /. keep a list of important IP addresses with their computer?
/.? The routers running the internet don't need DNS to keep routing, as long as you can put an IP address into your browser you will be happy.
In case of RNS failure (its happened a couple of times) can you still read
I've written a script which pulls out a handful of IP addresses from my bind cache every few hours, so I can drop back to an IP only level of connectivity when (not if) things break again. The biggest problem with broken DNS is sendmail implementations which require a DNS lookup before accepting/processing a connection.
the AC
Actually, this sounds like business as usual in Europe. Micro~1 has rebounded lately in their pressure on PC makers in europe when they realized the commission has no enforcement of articles 81, 82 and 83 (and a few others). Micro~1 is smart, they don't explicitly put the exclusion in writing, but the companies know very well they must be 100% M$ or they will not have their license renewed next year.
/. would do better to find more stories on cool new toys, nanotech, space, and real computer advances, and spare us from more micro~1 bashing.
Several large customers who were able to negotiate deliveries of non-M$ machines a year ago are no longer able to get machines without win98 pre-installed. Even customers with site licenses are once again being forced to pay the micro~1 tax on all new machines from Dell, Gateway, and others.
I doubt a couple of emails from a low level acount manager to a university in Belgium would be enough to get the commission moving on the issue. Micro~1 is now reaping the rewards from scaring off the investigators, by once again forcing all computer users to pay the tax. They can act with impunity for the next year or more inside of Europe until after the next round of elections.
I think
the AC
Routers have enough other things to do than try and detect a machine sniffing. Cisco routers (75% of the internet) don't have any such capability directly built in.
:-)
The l0pht anti-sniff program just does a couple of well known tricks to detect the response time of a normal machine hacked to be in promiscuous mode. A router could be used to do the same thing, just a bit more crudely, with less reliability (antisniff is pretty unreliable, I've been testing with it)
Your router admin sounds like a know-it-all with no real knowledge. Ask for details, and if you get anything solid then email me. I'm always looking for new tricks
the AC
Doesn't matter, its all downhill.
the AC
As I've said before on slashdot, intel put the cpu ID opcode into the Pentium III at the request of micro~1.oft. The ID function built into each CPU will be one of the main components of the software rental business.
.02 euros
Software rental will require a scheme where a user can contact a rental server, enter their CPU and credit card details, then store this information locally so the software can check for current rental authorization before running.
The software can be pre-installed on the machine (the current micro~1.oft model of bundling all its software with the OS), or delivered as a try-before-buy demo CD, or DLable from the internet or ASP, use your imagination.
The user then has to enter into an agreement with the owner of the software to rent/license the software for a certain amount of time. The ASP then returns a certificate (strong encryption is their friend here!) which unlocks the software for a certain amount of time/usage (1 year or 3000 saves, whichever comes first).
The software then uses a cryptographically secure hash to compare the CPU ID, authenticated timecode (from an internet source), a local cert accompanying the software image, and the licensing cert sent by the ASP.
As others have pointed out here, the UCITA is another key component to protect software rental schemes like timebombing and limited usage, and to prevent reverse engineering with criminal penalties. Where the Sun/Oracle network computer model didn't make sense 2 years ago, now with the UCITA it starts to make a lot more sense.
I have to deal with timebombed rental/demo software all the time, it is a real pain in the ass. I've got clients who accidently base some key part of their NOC on some timebombed code, which blew up earlier this year. The outages were bad enough some of them made the news, but PR people were able to blame glitches or lightning storms. This rental model is going to fail in the long term, and the medium term peak will not be the trillion $$$ revenue stream some are predicting, but it might reach 10%-20% of the total software market before collapsing.
my
the AC
Last year a client required a 100% response on a y2k questionnaire before they would pay their invoices. They required everyone to provide a list of suppliers and rate their importance and provide proof we contacted them, received a y2k compliance statement, and forwarded it on.
So we rated importance of suppliers like this:
Loo paper
Junk food
Coffee
Breakfast cereal
Electricity
Then we wrote up a justification on the importance of bog roll (toilet paper) to the proper functioning of a company, indicated that all rolls had no date function, provided a list of alternatives, risks of loss of supply on morale and productivity. Pretty funny stuff. We submitted it with a handful of y2k statements we found on the web, and got paid.
If I weren't on the road now I could post a copy, get some feedback for new ideas in case anyone else is stupid enough to ask us for another statement.
the AC
KY-2K: when you have to cram four digits where only two would fit before
Yes, there were many different architectures of computers back in the 70's. Some were 36 bit (DEC PDP-10), some were 72 bit (Burroughs something), and others had "really big words" of 128 bits. There was no standard, just whatever the engineers decided was big enough.
.02 euros,
Intel and others are just now getting to true 64 bit architecture because they are sticking it all on one chip. That doesn't mean the government had 64 bit chips 30 years ago. They just bought whatever the computer manufacturers made at the time, and I'm sure some of them internally had 64+ bits of bus width or accumulator space.
The U.S. government classified teflon (PTFE) during the war, because it was used to line pipes in uranium extraction equipment. But a french chemist discovered the same thing in 1957, and took out a patent on it, then sold the patent to a frying pan company so they could make non-stick pans. A few years later the U.S. government discovered what was going on when the pans started showing up in department stores and went ape shit.
They made one attempt asking the french government to classify the substance before they realised it was a hopeless cause. The french like to recall this story every time the U.S. tries to get europeans to do things the 'Merkin way. Its the same for encryption.
If Shamir is touting this design, I think it is more to scare people into believing short keys are soon to be crackable, and this will get them to demand much longer keys. The design is very "blue sky", with all the emphasis on optical computing on a very large scale. But if OC takes off in the next few years, then any university with an OC lab could produce a machine like this as a student group project. Then all the short key length RSA protected systems are at risk. Shamir is just trying to bump the key length up to something reasonable for the next decade or so.
my
the AC
Outside of a little village called Villers-la-Chevre (the goat village).
There was a few hundred blue sky seekers there, most drove up in the last few minutes before totality. But the big spot of blue sky kind of filled up at the last minute as the temperature dropped. Not bad enough to miss any of the eclipse.
I was looking to the next ridge of fields to the west, and there was a big spot of direct sunshine (lucky people). I could also see a few other fields further north and west.
Right before the totality the field about 5 Kms west just faded out, and then a second later we got into darkness ourselves, so I missed that moment where the last bead of light winks out. I made up for it by seeing the sun re-appear, so I didnt see if there was a wave of light rushing to the west.
There were too many clouds around the area to properly see the shadow. I've seen the shadow approach in another eclipse years ago in North America, where we had a good clear sky. But it happens so fast you have to decide where you are going to be looking, either up or in the direction of the shadow.
The bad part about having a sky mostly filled with clouds was no interference patterns on the ground. In an eclipse with a clear sky, there are wavy light patterns all over everything. Its a pretty cool side effect.
the AC
This webserver was on /. about 2 months ago. It was generally agreed the "compliant TCP/IP stack in 256x12 bit words" was bogus.
Although the web page has been updated to include more info, I'm still a bit skeptical. Now it has a ROM and the iPIC, so they might be able to allow single connections and serve up a simple page.
Lets see the source code (granted, its going to be hand crafted binary)
the AC
Was out in eastern france earlier today, beat the traffic out there by leaving last night, then spent the morning finding a place with some sunshine.
I was up on the top of a ridge with a few hundred other people spread around the fields. We were able to see the shadow coming at us across the fields right as the sun winked out. Then there was a lot of cheering and horn honking, and when the light came back 2 minutes later everyone just went wild.
The temperature dropped from 17 C at 11:00, to 12 C during the eclipse, then went back up to 21 later in the day. And the clouds got thicker as the temperature dropped, which made it a bust for most people.
The corona was amazing. It was so bright in the sky, but everything else around was dark. Didn't see any stars or planets, but that was because there were still too many clouds in the area, and most of the time I was looking at the corona through a thin cloud.
And the GSM telephone network was saturated for about 20 minutes, as everyone phoned everyone else to swap stories.
It took 7 hours to get back to Paris, the traffic was pretty dense. Millions of dutch and germans heading north, millions more parisians heading home. What was wild is that everyone seems friendly today on the roads, having all been out to share a common experience.
Thats all from france,
the AC
This has been punted around the industry for a few years now. Read some back issues of the IEEE mags, especially the Technically Speaking column.
:-)
This is a great idea, because it separates the two systems of ^10 and ^2. The only ones who will suffer in the long run are the marketing assholes who like to cheat in their specifications.
Without a doubt, even if this system is adopted (and it will be, the debate has gone on for years, and is now tilting towards acceptance), it will be another decade or two until it reaches widespread use. But for a while, it will hilight the differences between leading edge geeks who like change, and unimaginative nerds who like things to stay the same (640 Kbytes is enough memory for anyone for ever).
The only thing I would also like to see is some larger and smaller values, into the ranges of 2^-100 and 2^100 or even further. How much space will there be if the other story on 3D holographic storage turns out to be the next great thing? I would love to have a credit card sized 2^100 bytes of information, could keep all the world's pr0n and MP3s on it
the AC
I've been seeing this promise for years. There are a number of stumbling blocks...
The problem has to lend itself to parallel computation. This means most simple inline code with simple branches doesn't take advantage of parallelism. So the program has to be written to break the problem into small chunks which can be processed asynchronously in parallel. The program has to re-assemble the results into a cohesive whole, re-calcing the missing bits as needed.
For multi-machine parallel processing, there has to be a whole suite of network communication protocols. These protocols have to ensure parts are distributed correctly to waiting machines, and valid results are returned. On top of that, you have to re-assemble the parts before returning them to the calling program, since the processing power of individual nodes is generally unknown, forcing results to be returned at random times. There also has to be a mechanism to duplicate the work sent to a node in case no answer is returned within a reasonable amount of time.
There was a parallel computing model called Linda put out in the early 1980s which tried to take advantage of networking. The idea was for something like distributed.net, with hundreds of machines all participating in parallelism. Some machines would be designated as Compute Servers, basically Crays sitting on the networks for any spreadsheet to take advantage of. The designers were eventually overwhelmed with the logistics keeping track of all the outstanding queries and responses. The overhead in the main controlling program grew expotentially as large problems were spread to hundreds of other machines, and eventually the main machine was doing nothing but keeping track, not working on the problem at hand.
Parallism is a different mindset from sequentialism (turing machines), where every large problem has to have clearly defined interfaces between each subset of small problems. It works for cracking MD5 keys, because each subset is a range of keys, and for S@H with their time and frequency ranges.
the AC
Seems to be in yoyo mode for the last few hours.
:-)
I hope the slashdotting of the server stops when school gets back in session.
Hey, if the "capitol of Burkina Faso" question made it into the list, what about all the other good, off topic questions? Could have had some outlandish answers. Maybe some of them will work their ways into future strips
Anyways, we love ya, Illiad. Keep up the good work.
the AC