I work for a company that moved back. (I'm not speaking on behalf of my employer, though.)
This happened a few times: *ring ring* Us: Hello [company] tech support. India: Hello, yes? Your application is down. Us: REALLY? *checks monitor* Everything seems normal. India: Well, it's not responding. Us: Hmm.. *typing* No. It's up. What exactly is the problem? India: We just can't connect. Us: Uh.. try google. India: Yeah. Google's down, too. Us: *SIGH* Your internet connection is down, AGAIN. India: Ok, can you fix it? Us: No. It's your problem. Call your ISP (just like last time).
Being fluent in French, and growing up in New Brunswick, and now living in Quebec, I can attest that there are at LEAST 3 types of french that I've run into: 1) Acadian 2) Quebecois 3) French (France)
I did a little PHP when I worked for Hawk (moosehead.ca -> been changed since); but other than that, nobody was doing it, then (2000). I moved to Montreal. I just got a new job. $50k+
My point was that someone who is used to working in a specific sub-field (think OpenGL), isn't inherently able to jump fields without a learning curve... That's all.
I agree that anyone who's "exceptionally good" in a sub-field has the ability to learn another sub-field.. but when the disciplines are different, there needs to be some [self-]education.
Agreed. My frustration comes from a team of application developers being thrown into a web project that was "due yesterday" without casting a care on the consequences (security and otherwise) of not being well versed in the web medium.
That's all. A good developer should NOT be constrained to one language.
I hate this mentality.. I know you were joking, but far too many people believe this.
Web development is a distinct programming discipline.
You don't expect a developer who's exceptionally good at 3D/game programming to be able to write optimized code for a database engine, do you?
Same way that you can't expect an application programmer to be able to simply switch over to web programming.
Web developers don't know about memory allocation, loop optimization and buffer overruns; Application developers don't know about HTTP headers, session hijacking and SQL Injection.
(generally speaking, of course; and I'm talking GOOD developers in all cases.. there are plenty of idiot web devs floating around, writing nasty code)
As far as I can tell, this device blocks traffic on the "local" side of your pipe to your ISP.
This allows the DDoSers to saturate your pipe, thus DDoSing you.
Even if it DOES block all traffic, and magically re-opens your pipe, you're still not safe: If these "gangs" control thousands, or hundreds of thousands of "drones", there's nothing stopping them from generating "LEGITIMATE" (well-formed; handshake; non-spoofed) traffic on an allowed protocol and saturating your bandwidth, this way. You can put 50,000 null-routes in your ACLs.. your hardware will choke, and the IPs will change, so you'll block legit traffic.
Pretty much the only thing you can do is call your upstream router and ask them to block traffic from DDoS hosts -- an extremely time-consuming and tedious task, supposing your upstream router even gives a damn about you.
AND, this only works if the originating packets don't have spoofed source addresses...
saturated our bandwidth. there was really nothing we could do outside of using a proxy (to absorb the raw bandwidth consumption)... "real" http requests get passed on to us.
I work for a financial company, but this opinion is mine.
When doing ACH transfers (ie, when you cash a check at one bank, but the funds come from another), there's a 6 month window where a transaction can be reversed (ie, similar to a credit card chargeback). Most banks will settle within 10 days, but there's really no way of knowing that an ACH will not reverse, until that window has closed. It's usually the backwoods banks run by "Nan and Boyd" that take forever to settle ACH.
I'm definitely not a MS proponent, but there will probably be an NativeTDS/ODBC hookup for the WinFS datasource, which will make it incredibly EASY to "access all this" via (relatively) simple T-SQL (which in itself is not without fault).
Even from other platforms (I access MSSQL (via FreeTDS and/or the *nix Sybase client) from my Linux workstation, constantly).
[excerpt:] DMN: Now, you're saying it's the first 64-bit desktop machine. But isn't there an Opteron dual-processor machine? It shipped on June 4th. BOXX Technologies shipped it. It has an Opteron 244 in it.
Rubinstein: Uh...
Akrout: It's not a desktop.
DMN: That's a desktop unit.
Akrout: It depends on what you call a desktop, now.
I purposely wrote my post in a respectful, non-insulting manner. I was not talking down to you. Just because I don't agree with you doesn't mean I think you're a "malicious moron". I meant nothing personal by my post, please don't take it so (just as your "lack of tact" compaint doesn't deeply hurt me).
I'm not pushing any agenda other than "be polite".
I don't know you. I can't say whether or not you're a selfish person (and I didn't). I said "it _is_ selfish", and by that, I meant the action of responding to spam. I thought that was obvious.
All I'm saying is that if 1000 other people are doing what you're doing, that can be trouble, and there's no way for you to know about the other 999. One email from your machine, per hour won't make outlook sluggish. One per hour, "clustered" over 1000 machines will not make any of those machines sluggish. I wouldn't want to be on the receiving end of those 1000 emails, though (and 1000 is small potatoes).
It has potential to facilitate a Joe Job, and there's no practical method of monitoring to make sure it DOESN'T. If/when your software reaches "critical mass", there will be problems.
Slashdot Mirror
Microsoft doesn't pay taxes anyway.
S
I work for a company that moved back.
(I'm not speaking on behalf of my employer, though.)
This happened a few times:
*ring ring*
Us: Hello [company] tech support.
India: Hello, yes? Your application is down.
Us: REALLY? *checks monitor* Everything seems normal.
India: Well, it's not responding.
Us: Hmm.. *typing* No. It's up. What exactly is the problem?
India: We just can't connect.
Us: Uh.. try google.
India: Yeah. Google's down, too.
Us: *SIGH* Your internet connection is down, AGAIN.
India: Ok, can you fix it?
Us: No. It's your problem. Call your ISP (just like last time).
Sad..
S
Being fluent in French, and growing up in New Brunswick, and now living in Quebec, I can attest that there are at LEAST 3 types of french that I've run into:
1) Acadian
2) Quebecois
3) French (France)
S
You're doing PHP in Moncton??
Who is?
I did a little PHP when I worked for Hawk (moosehead.ca -> been changed since); but other than that, nobody was doing it, then (2000). I moved to Montreal. I just got a new job. $50k+
(-;
S
It seems I was unclear, and I apologize.
My point was that someone who is used to working in a specific sub-field (think OpenGL), isn't inherently able to jump fields without a learning curve... That's all.
I agree that anyone who's "exceptionally good" in a sub-field has the ability to learn another sub-field.. but when the disciplines are different, there needs to be some [self-]education.
S
Agreed.
My frustration comes from a team of application developers being thrown into a web project that was "due yesterday" without casting a care on the consequences (security and otherwise) of not being well versed in the web medium.
That's all. A good developer should NOT be constrained to one language.
My beef is with management, really.
S
*sigh*
I hate this mentality.. I know you were joking, but far too many people believe this.
Web development is a distinct programming discipline.
You don't expect a developer who's exceptionally good at 3D/game programming to be able to write optimized code for a database engine, do you?
Same way that you can't expect an application programmer to be able to simply switch over to web programming.
Web developers don't know about memory allocation, loop optimization and buffer overruns; Application developers don't know about HTTP headers, session hijacking and SQL Injection.
(generally speaking, of course; and I'm talking GOOD developers in all cases.. there are plenty of idiot web devs floating around, writing nasty code)
S
Nothing stopping ISPs from implementing this in IPv4, even.
Tell your router to drop traffic that doesn't have a source or destination of your block, and it will. No IPv6 magic necessary.
The problem is that ISPs won't, and don't.
S
As far as I can tell, this device blocks traffic on the "local" side of your pipe to your ISP.
This allows the DDoSers to saturate your pipe, thus DDoSing you.
Even if it DOES block all traffic, and magically re-opens your pipe, you're still not safe:
If these "gangs" control thousands, or hundreds of thousands of "drones", there's nothing stopping them from generating "LEGITIMATE" (well-formed; handshake; non-spoofed) traffic on an allowed protocol and saturating your bandwidth, this way. You can put 50,000 null-routes in your ACLs.. your hardware will choke, and the IPs will change, so you'll block legit traffic.
S
The blacklist hosts were DDoSed into oblivion.
Ironically..
(-:
S
Pretty much the only thing you can do is call your upstream router and ask them to block traffic from DDoS hosts -- an extremely time-consuming and tedious task, supposing your upstream router even gives a damn about you.
AND, this only works if the originating packets don't have spoofed source addresses...
S
That WOULD have solved the problem.
The same is true of spam and open relays, though.
S
saturated our bandwidth. there was really nothing we could do outside of using a proxy (to absorb the raw bandwidth consumption)... "real" http requests get passed on to us.
S
What exactly would this consultant / administrative talent DO?
You have 10,000 zombies firing packets at you, spoofed on random IPs, how do you stop this?
We had to Akamize our stuff.. and that's extremely pricey (think 2+ salaries).
S
drawing from real life.. (-:
And I'm Canadian.
S
I work for a financial company, but this opinion is mine.
When doing ACH transfers (ie, when you cash a check at one bank, but the funds come from another), there's a 6 month window where a transaction can be reversed (ie, similar to a credit card chargeback). Most banks will settle within 10 days, but there's really no way of knowing that an ACH will not reverse, until that window has closed. It's usually the backwoods banks run by "Nan and Boyd" that take forever to settle ACH.
S
Even a wicked-busy web maven likely sends less than 1000 emails a day outside of their own company LAN
The company that I work for sends ~15000 legitimate emails per day (order, refund notifications, etc). These are not spam.
What about mailing lists? I'd hate to run bugtraq if it were taxed (not that I _do_ run bugtraq, of course).
S
I'm definitely not a MS proponent, but there will probably be an NativeTDS/ODBC hookup for the WinFS datasource, which will make it incredibly EASY to "access all this" via (relatively) simple T-SQL (which in itself is not without fault).
Even from other platforms (I access MSSQL (via FreeTDS and/or the *nix Sybase client) from my Linux workstation, constantly).
S
Just did a WC on our PHP modules: 103510 lines.
It's being maintained by 2 guys. (including new development). Yes, this is hearsay, but I can't really talk details.
S
Maybe I'm in the dark about this, but I understand that the jumper usually resets settings, and not the actual BIOS code. Is this correct?
S
We have had great success with Nagios. We even wrote custom plugins to monitor certain other aspects of our custom system (in PHP, no less).
S
I read your response. I see what you're saying. I don't totally disagree. The problem is that there IS NO GOOD SOLUTION.. )-:
Sad, really.
S
See: http://www.digitalvideoediting.com/2003/06_jun/fea tures/cw_macg5_interview.htm. Funny stuff.
[excerpt:]
DMN: Now, you're saying it's the first 64-bit desktop machine. But isn't there an Opteron dual-processor machine? It shipped on June 4th. BOXX Technologies shipped it. It has an Opteron 244 in it.
Rubinstein: Uh...
Akrout: It's not a desktop.
DMN: That's a desktop unit.
Akrout: It depends on what you call a desktop, now.
---
S
You can see insider trades here.
Insider only, remember.
S
I purposely wrote my post in a respectful, non-insulting manner. I was not talking down to you. Just because I don't agree with you doesn't mean I think you're a "malicious moron". I meant nothing personal by my post, please don't take it so (just as your "lack of tact" compaint doesn't deeply hurt me).
I'm not pushing any agenda other than "be polite".
I don't know you. I can't say whether or not you're a selfish person (and I didn't). I said "it _is_ selfish", and by that, I meant the action of responding to spam. I thought that was obvious.
All I'm saying is that if 1000 other people are doing what you're doing, that can be trouble, and there's no way for you to know about the other 999. One email from your machine, per hour won't make outlook sluggish. One per hour, "clustered" over 1000 machines will not make any of those machines sluggish. I wouldn't want to be on the receiving end of those 1000 emails, though (and 1000 is small potatoes).
It has potential to facilitate a Joe Job, and there's no practical method of monitoring to make sure it DOESN'T. If/when your software reaches "critical mass", there will be problems.
S