A traceroute from my DSL connection goes through AT&T and Level3 before it hits Google. This means that, at the very least, Google is paying Level3 for transit. They might have some sort of settlement-free peering situation with Level3, but Level3 certainly isn't going to give them transit for free. Plus, AT&T has a TON of customers, thus requiring Google to pay a TON in transit fees in order to get to them through third-parties (like Level3).
No, most new switches use store-and-forward, especially when they have gigabit-or-faster ports. The latency "penalty" involved in store-and-forward switching becomes less and less noticable at faster network speeds, thus making cut-through undesirable (i.e. its costs outweigh its benefits). As an example, look at Foundry's EdgeIron 8X10G:
It employs store-and-forward, as do most new Cisco switches (if I remember correctly). I can understand why certain ultra-latency-sensitive applications may still require cut-through switching, but 95% of all other applications won't gain much from being on a cut-through switch.
I hope to fan the flame of stories like these in the hopes that certain Slashdotters will quit citing some nonsense they read in Wiki as Gospel Truth which disproves my facts from the Webster's dictionary, Encyclopedia Brittanica, US & World Report, two published books specific to the topic, and a live interview with somebody who was there.
You're kidding, right? You're complaining about people getting "Gospel Truth" from Wikipeida, but then claim that the dictionary, encyclopedia, and a weekly news magazine are sources of fact? I hate to be the one to break it to you, but you should level the same sceptical eye towards those sources as you do towards Wikipedia. None of these things are original sources, and all are vulnerable to incorrect information. The same can be said for many published books -- just because someone published something doesn't make it correct.
Here in the US, a few lucky folks get free scholarships, but that's tough to do and not the norm.
Once you get to the graduate level, free school is a very common thing. You should look into the Research Assistant or Teaching Assistant jobs that are given to grad students; it is very common for those students to get a stipend as well as a tuition waiver, regardless of their residency status.
Besides, there's only so many jobs to go around anyways, so there's no reason to educate hoardes of poor children.
Actually, there are some great incentives to educate the poor. Not only does it hopefully lower your crime rates, but it also helps prepare those people to create new jobs.
Kinda like hits on any given website? It would be allll to easy to tell how many people downloaded the torrent link... This is not nearly as complex as you people are making it.
It has nothing to do with "complexity", per se, but has everything to do with accurate and reliable statistics. Tell me, how hard would it be to create some fake hits to your web site? Advertisers aren't going to drop a load of cash on a system that relies on the broadcaster/web site being completely honest about their stats. There is a definite need for an independent, third-party measurement company, like Nielsen.
Why don't the networks give people the choice to either download HDTV shows in WITH ADS from their site for FREE or download HDTV shows WITHOUT ADS for $2.00?
One of the major problems with this is that they don't have ads to show; advertisers aren't exactly biting at the bit to stick their ads on a download instead of on-air. Why is that? Because there does not exist an official ratings system for downloads. Until Nielsen or some other group begins collecting reliable and independent stats on viewership of video downloads, you won't see any advertisers that are willing to pay big money for ads on downloaded video.
Of course, an even bigger problem is the affiliates. If a major network were to start competing with its local affiliates, then you would have a complete mutiny of all the affiliates within hours of the announcement. The networks may be big and powerful, but they could not resist the power of the combined affiliates, given the fact that the affliates reach millions of homes that can't be reached any other way. Combine that with the fact that the affliates, as a whole, have more power, influence, and money than the networks do, and you will come to the conclusion that the networks would be commiting suicide by pissing off the affiliates right now.
Stay tuned, though (so to speak)... your concept of skipping the affiliates will happen within five to ten years. Its really quite inevitable, but it will take a while for the networks to screw up enough courage to write off their affiliates.
Do you remember in the late 80s when Japan was about to take over the USA? Where are they now? If you had made your career choice based on the news back then you would have gone ahead and studied Japanese.
Well, they've been kicking the US auto industry around for a couple of decades. I would certainly recommend that anyone that is interested in designing cars for a living should go ahead and study Japanese.
Instead of heckling others and being outright xenophobic, look at yourself and try to figure out why you were fired?
Who's heckling? They are valid questions that deserve answers. And you shouldn't assume anything about me -- I'm in a MS program for CS at a major public university, have a full-time job as a network/system admin for a large company, and have never been fired in my life. My questions are not driven by some personal vendetta, but rather by a desire to hear real answers to basic economic questions facing people with CS careers.
And outsourcing, the work which is outsourced is generally the low end one, but if people stop studying advanced level technical subjects, then pretty soon even the high level work will have to be outsourced.
Why would the high level work stay here, even if US residents (or future US residents) do study "advanced level technical subjects"? You do realize that you can get an MS or Ph.D. in CS in China, India, and a whole host of other countries? For that matter, many of my classmates that are foreign nationals will undoubtedly return to their home country once they have finished their training here. The hard reality is that there are thousands upon thousands of highly trained and intelligent workers in other countries that have significantly lower costs of living. As you mention, there can be communication problems, but companies will analyze the cost versus the benefit and decide which way to go. I'm guessing that as the outsourcing process becomes more and more refined, its inherent cost will decrease and thus lead to more and more outsourcing, creating a dearth of demand for engineers in the US market.
Obviously, Bill Gates pulled this stunt in an effort to curb the declining CS enrollment in the US. The problem with his approach, though, is that this won't do anything to change the situation; the problem isn't that anyone considers computer science to be irrelevant, but rather that many people see it as having a limited future in this country. Look no further than the very visible layoffs due to outsourcing, and you will see why CS enrollment is down.
If I had been in the class, I would have asked Bill the following:
What financial motivation do large software companies have to keep CS jobs in the United States?
Do you see outsourcing as a growing or shrinking trend?
If overseas workers are brilliant, low-paid, and trained in the US, then how will US workers ever be able to compete?
How would you compare the long-term job prospects in the US of a business major vs. a computer science major?
"When engineers make mistakes, people die. You must be ever vigilant, and you must be perfect."
This is true. Of course, it is true for a lot of fields, including the low-level "serfs" that engineers look down upon. When a construction worker makes a mistake, people die. When a quality control person makes a mistake, people die. When the driver of a Hummer makes a mistake, people die. When a CEO makes a mistake, people die. When a politician makes a mistake, hundreds of thousands of people die.
Stop claiming that the potential for harming people means that a field needs to be a bitch to get into. It isn't true.
It seems that a lot of people are criticizing Kern for dropping out. I somewhat agree -- if Kern is as smart as he says he is then he could have made it through. If he had made it through then no doubt he would be on Slashdot making fun of people who didn't.
On the other hand, people don't seem to understand his point: if you want more people to go into engineering then you need to change the system. There is a large barrier to entry to become an engineer (i.e. feeling like you've been raped every week for four years), and the anticipated payoff for entering the field is shrinking (i.e. less job stability, lower pay, fewer job choices, etc...). Engineering is therefore becoming less and less appealing as a career, and thus society needs to change the system if it wants more people to become engineers.
Now, this doesn't necessarily mean that you need to dumb down the material. Like Kern says, you could start by just hiring professors and TA's based upon their actual teaching ability rather than their ability to pull in research dollars. Of course, that's not as easy as it sounds, but it is the reality that universities need to start facing. Kern may or may not be a perfect example of an engineering student, but let's face it -- universities aren't perfect examples of teaching, and that's where society needs to start focusing its reform efforts.
Not only does the linked page say it was published in mid-2004, but the study itself is from early 2003. How does this qualify as a 'recent' study? Just because someone read it for the first time today doesn't mean it was created today...
Sheesh -- with such outdated news, I almost felt like I was reading the newspaper or something.
This guy needs to get out more. Some of my favorite parts:
Most of my internet traffic goes through at least three firewalls. Is that too paranoid?
Almost definitely, yes.
Sure, the threat might not be real. No one may ever actually want what you have on your PC. But does that really matter?
Yes, it does. Welcome to the real world, where you have finite resources and impatient users. If you only have X amount of resources, do you spend them on protecting things that are a target or on things that nobody cares about?
Its not that I think someone is trying to hack me, but I also don't think someone is not trying to hack me.
So, can anyone tell me exactly what he's thinking? It seems like he doesn't even know.
It takes five passwords to boot up my laptop and check my e-mail. One of those passwords is over 50 characters long.
50 characters long? Why stop there? Why not 128 characters long? Why not memorize your entire public and private keys?
I think that this fact alone -- that he has a 50-character password -- shows that he's not playing with a full deck of cards.
I can tell you that the larger issue is the amount of bandwidth used by students.
Yes and no. Bandwidth consumption is a large issue, but so is the possibility of a lawsuit from the RIAA or MPAA. The fact that they terminated his access based on his "illegal activity", not based on his bandwidth consumption, tells me that they are scared of lawsuits.
So, they are always looking for some way to justify restricting its use.
The justification is the very reason that you said earlier -- bandwidth is an expensive and limited resource, and academic pursuits take precedence. Who needs to invent some further justification of illegal activities to curb bandwidth usage? In any case, any organization that cares about bandwidth usage will install some sort of QoS box to guarantee that HTTP traffic is given priority, thus eliminating the need to justify any connection terminiations.
It's sad that they have basically called you a theif (sic), but don't take it personally.
No, he should take it personally. He wasn't engaged in illegal activity (at least, according to his description he wasn't), and he has suffered the loss of his internet connection because of it. If a cop gave you a ticket for shoplifting, when you had actually bought the item in question, would you be upset?
It's wrong and it sucks for you, but that's the bottom line.
Unfortunately for the university, that's the stuff lawsuits are made of.
University IT departments tend not to consider anything to be "legitimate" unless it has a valid academic application.
I think that is generally true when you're talking about "public" IT resources on campus, but it seems that schools tend to be more liberal when dealing with students' private computers on the network, especially when they live on campus. Who would ever expect a student to only pursue academic endeavors during their off-hours at "home"?
Do you know of any academic uses for BitTorrent?
Yes, don't you? It's really not that hard to think of some, as BitTorrent is simply a way of transferring files -- it has no direct correlation to illegal activity. Your statement is similar to saying, "Do you know of any academic uses for FTP or HTTP?"
I just can't resist adding one of my favorite computer science quotes from von Neumann: Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.
I have yet to see popular OSS software show real innovation.
That's odd, because you don't usually see major corporations (such as Microsoft) innovate either. The standard operating procedure is to buy innovations, not invent them in-house. There are countless examples of this: Microsoft, Cisco, etc... The reality is that you typically see innovations coming from small startups, which are then gulped up by bigger companies that want to have the new technology.
RTFA. He didn't have a position to cement in the first place -- he had no legal claim to the patents, which were owned by the company that employed him. They screwed up with the patents, not him.
If I think Sony owes me millions, I'm not going to give two shits what my startup companys bean-counter (a lawyer in a corp that small is no more than a glorified accountant) has to say about it.
You will care if the bean-counter is the one that owns the patents, as was the case in the story. He wasn't "too chickenshit to sue", as you so brilliantly put it, but rather had no legal recourse other than to bend over and take it -- the company funded his research and thus it ended up with control of the patents.
Moreover, they give you this little thing called the SOURCE CODE that let's you be pretty darn sure what you're running. Read the code, and compile it yourself, or trust others to look at the code and check MD5 signatures.
That's completely bogus on multiple levels. First of all, it is impossible in practice to do a complete review of the entire Firefox code (or any sizeable project) and find all of the security problems; otherwise, no project would ever release software with holes. I could slip you a copy of Firefox with a trojan horse in it and the chances are that you wouldn't find it, even if you did do some sort of code review.
Secondly, MD5 signatures aren't the end all of computer security; they are easily defeated if a cracker gets access to the MD5SUMS file, which is typically stored on the same server as the release software. Some sort of signature using a public key infrastructure is much more useful for ensuring file integrity.
I must admit, I think that the "read and compile for security" attitude is totally ridiculous. In theory, it is possible to absolutely guarantee that a certain piece of code has no inherent vulnerabilities or problems, but only in the sense that it is possible to empty an ocean with a teaspoon.
Abcdef-1 looks like an easy pattern to you, but it's not to a cracking algorithm.
It depends on the cracking algorithm, now doesn't it? If you have a semi-intelligent algorithm that would guess several thousand easy passwords first, then his 'wkxudf1' password would be much more resistant to cracking than the 'Abcdef-1' password.
wkxudf1 uses the pattern space a-z,0-9 and 7 characters
No it doesn't. Just because YOU know that his password doesn't contain any uppercase letters doesn't mean the cracking program knows it; a brute-force approach would still need to check the entire A-Z space, as well as the 20-or-so symbols that you referred to. In addition, the cracking program wouldn't know the length of the password and thus would need to check the range from the minimum allowed length to the maximum allowed length.
So, you'll realize that the password does not define the pattern space, the constraints do. Thus, theoretically, by enforcing tighter contraints you are actually decreasing the number of possible password combinations that a brute-force algorithm would need to try. In practice, this isn't necessarily always true due to the aforementioned semi-intelligent crackers.
I think it would be a interesting experiment to analyze passwords on a system that said it required at least 1 symbol and 1 uppercase letter. I'm willing to bet that the vast majority of the passwords end up having EXACTLY 1 symbol and 1 uppercase letter. By stating a necessary condition, you're almost guaranteeing that people exactly satisfy that condition.
Slashdot Mirror
A traceroute from my DSL connection goes through AT&T and Level3 before it hits Google. This means that, at the very least, Google is paying Level3 for transit. They might have some sort of settlement-free peering situation with Level3, but Level3 certainly isn't going to give them transit for free. Plus, AT&T has a TON of customers, thus requiring Google to pay a TON in transit fees in order to get to them through third-parties (like Level3).
No, most new switches use store-and-forward, especially when they have gigabit-or-faster ports. The latency "penalty" involved in store-and-forward switching becomes less and less noticable at faster network speeds, thus making cut-through undesirable (i.e. its costs outweigh its benefits). As an example, look at Foundry's EdgeIron 8X10G:
e dgeiron_install/7_intro_8X10G.html
http://www.foundrynet.com/services/documentation/
It employs store-and-forward, as do most new Cisco switches (if I remember correctly). I can understand why certain ultra-latency-sensitive applications may still require cut-through switching, but 95% of all other applications won't gain much from being on a cut-through switch.
You're kidding, right? You're complaining about people getting "Gospel Truth" from Wikipeida, but then claim that the dictionary, encyclopedia, and a weekly news magazine are sources of fact? I hate to be the one to break it to you, but you should level the same sceptical eye towards those sources as you do towards Wikipedia. None of these things are original sources, and all are vulnerable to incorrect information. The same can be said for many published books -- just because someone published something doesn't make it correct.
Once you get to the graduate level, free school is a very common thing. You should look into the Research Assistant or Teaching Assistant jobs that are given to grad students; it is very common for those students to get a stipend as well as a tuition waiver, regardless of their residency status.
Besides, there's only so many jobs to go around anyways, so there's no reason to educate hoardes of poor children.
Actually, there are some great incentives to educate the poor. Not only does it hopefully lower your crime rates, but it also helps prepare those people to create new jobs.
It has nothing to do with "complexity", per se, but has everything to do with accurate and reliable statistics. Tell me, how hard would it be to create some fake hits to your web site? Advertisers aren't going to drop a load of cash on a system that relies on the broadcaster/web site being completely honest about their stats. There is a definite need for an independent, third-party measurement company, like Nielsen.
One of the major problems with this is that they don't have ads to show; advertisers aren't exactly biting at the bit to stick their ads on a download instead of on-air. Why is that? Because there does not exist an official ratings system for downloads. Until Nielsen or some other group begins collecting reliable and independent stats on viewership of video downloads, you won't see any advertisers that are willing to pay big money for ads on downloaded video.
Of course, an even bigger problem is the affiliates. If a major network were to start competing with its local affiliates, then you would have a complete mutiny of all the affiliates within hours of the announcement. The networks may be big and powerful, but they could not resist the power of the combined affiliates, given the fact that the affliates reach millions of homes that can't be reached any other way. Combine that with the fact that the affliates, as a whole, have more power, influence, and money than the networks do, and you will come to the conclusion that the networks would be commiting suicide by pissing off the affiliates right now.
Stay tuned, though (so to speak)... your concept of skipping the affiliates will happen within five to ten years. Its really quite inevitable, but it will take a while for the networks to screw up enough courage to write off their affiliates.
Wow, I can't figure out whether you're trying to be funny or not.
Well, they've been kicking the US auto industry around for a couple of decades. I would certainly recommend that anyone that is interested in designing cars for a living should go ahead and study Japanese.
Who's heckling? They are valid questions that deserve answers. And you shouldn't assume anything about me -- I'm in a MS program for CS at a major public university, have a full-time job as a network/system admin for a large company, and have never been fired in my life. My questions are not driven by some personal vendetta, but rather by a desire to hear real answers to basic economic questions facing people with CS careers.
And outsourcing, the work which is outsourced is generally the low end one, but if people stop studying advanced level technical subjects, then pretty soon even the high level work will have to be outsourced.
Why would the high level work stay here, even if US residents (or future US residents) do study "advanced level technical subjects"? You do realize that you can get an MS or Ph.D. in CS in China, India, and a whole host of other countries? For that matter, many of my classmates that are foreign nationals will undoubtedly return to their home country once they have finished their training here. The hard reality is that there are thousands upon thousands of highly trained and intelligent workers in other countries that have significantly lower costs of living. As you mention, there can be communication problems, but companies will analyze the cost versus the benefit and decide which way to go. I'm guessing that as the outsourcing process becomes more and more refined, its inherent cost will decrease and thus lead to more and more outsourcing, creating a dearth of demand for engineers in the US market.
If I had been in the class, I would have asked Bill the following:
Im in the middle of Indiana.
one must interact with many differant langauge backgrounds
What more can the government due to encourage higher education?
Let me guess... you were the TA that was trying to communicate with Kern. No wonder he had a hard time.
This is true. Of course, it is true for a lot of fields, including the low-level "serfs" that engineers look down upon. When a construction worker makes a mistake, people die. When a quality control person makes a mistake, people die. When the driver of a Hummer makes a mistake, people die. When a CEO makes a mistake, people die. When a politician makes a mistake, hundreds of thousands of people die.
Stop claiming that the potential for harming people means that a field needs to be a bitch to get into. It isn't true.
On the other hand, people don't seem to understand his point: if you want more people to go into engineering then you need to change the system. There is a large barrier to entry to become an engineer (i.e. feeling like you've been raped every week for four years), and the anticipated payoff for entering the field is shrinking (i.e. less job stability, lower pay, fewer job choices, etc...). Engineering is therefore becoming less and less appealing as a career, and thus society needs to change the system if it wants more people to become engineers.
Now, this doesn't necessarily mean that you need to dumb down the material. Like Kern says, you could start by just hiring professors and TA's based upon their actual teaching ability rather than their ability to pull in research dollars. Of course, that's not as easy as it sounds, but it is the reality that universities need to start facing. Kern may or may not be a perfect example of an engineering student, but let's face it -- universities aren't perfect examples of teaching, and that's where society needs to start focusing its reform efforts.
He probably doesn't believe in parachutes, condoms, or car insurance, either.
Sheesh -- with such outdated news, I almost felt like I was reading the newspaper or something.
Most of my internet traffic goes through at least three firewalls. Is that too paranoid?
Almost definitely, yes.
Sure, the threat might not be real. No one may ever actually want what you have on your PC. But does that really matter?
Yes, it does. Welcome to the real world, where you have finite resources and impatient users. If you only have X amount of resources, do you spend them on protecting things that are a target or on things that nobody cares about?
Its not that I think someone is trying to hack me, but I also don't think someone is not trying to hack me.
So, can anyone tell me exactly what he's thinking? It seems like he doesn't even know.
It takes five passwords to boot up my laptop and check my e-mail. One of those passwords is over 50 characters long.
50 characters long? Why stop there? Why not 128 characters long? Why not memorize your entire public and private keys?
I think that this fact alone -- that he has a 50-character password -- shows that he's not playing with a full deck of cards.
Yes and no. Bandwidth consumption is a large issue, but so is the possibility of a lawsuit from the RIAA or MPAA. The fact that they terminated his access based on his "illegal activity", not based on his bandwidth consumption, tells me that they are scared of lawsuits.
So, they are always looking for some way to justify restricting its use.
The justification is the very reason that you said earlier -- bandwidth is an expensive and limited resource, and academic pursuits take precedence. Who needs to invent some further justification of illegal activities to curb bandwidth usage? In any case, any organization that cares about bandwidth usage will install some sort of QoS box to guarantee that HTTP traffic is given priority, thus eliminating the need to justify any connection terminiations.
It's sad that they have basically called you a theif (sic), but don't take it personally.
No, he should take it personally. He wasn't engaged in illegal activity (at least, according to his description he wasn't), and he has suffered the loss of his internet connection because of it. If a cop gave you a ticket for shoplifting, when you had actually bought the item in question, would you be upset?
It's wrong and it sucks for you, but that's the bottom line.
Unfortunately for the university, that's the stuff lawsuits are made of.
I think that is generally true when you're talking about "public" IT resources on campus, but it seems that schools tend to be more liberal when dealing with students' private computers on the network, especially when they live on campus. Who would ever expect a student to only pursue academic endeavors during their off-hours at "home"?
Do you know of any academic uses for BitTorrent?
Yes, don't you? It's really not that hard to think of some, as BitTorrent is simply a way of transferring files -- it has no direct correlation to illegal activity. Your statement is similar to saying, "Do you know of any academic uses for FTP or HTTP?"
I just can't resist adding one of my favorite computer science quotes from von Neumann:
Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.
That's odd, because you don't usually see major corporations (such as Microsoft) innovate either. The standard operating procedure is to buy innovations, not invent them in-house. There are countless examples of this: Microsoft, Cisco, etc... The reality is that you typically see innovations coming from small startups, which are then gulped up by bigger companies that want to have the new technology.
RTFA. He didn't have a position to cement in the first place -- he had no legal claim to the patents, which were owned by the company that employed him. They screwed up with the patents, not him.
You will care if the bean-counter is the one that owns the patents, as was the case in the story. He wasn't "too chickenshit to sue", as you so brilliantly put it, but rather had no legal recourse other than to bend over and take it -- the company funded his research and thus it ended up with control of the patents.
That's completely bogus on multiple levels. First of all, it is impossible in practice to do a complete review of the entire Firefox code (or any sizeable project) and find all of the security problems; otherwise, no project would ever release software with holes. I could slip you a copy of Firefox with a trojan horse in it and the chances are that you wouldn't find it, even if you did do some sort of code review.
Secondly, MD5 signatures aren't the end all of computer security; they are easily defeated if a cracker gets access to the MD5SUMS file, which is typically stored on the same server as the release software. Some sort of signature using a public key infrastructure is much more useful for ensuring file integrity.
I must admit, I think that the "read and compile for security" attitude is totally ridiculous. In theory, it is possible to absolutely guarantee that a certain piece of code has no inherent vulnerabilities or problems, but only in the sense that it is possible to empty an ocean with a teaspoon.
It depends on the cracking algorithm, now doesn't it? If you have a semi-intelligent algorithm that would guess several thousand easy passwords first, then his 'wkxudf1' password would be much more resistant to cracking than the 'Abcdef-1' password.
wkxudf1 uses the pattern space a-z,0-9 and 7 characters
No it doesn't. Just because YOU know that his password doesn't contain any uppercase letters doesn't mean the cracking program knows it; a brute-force approach would still need to check the entire A-Z space, as well as the 20-or-so symbols that you referred to. In addition, the cracking program wouldn't know the length of the password and thus would need to check the range from the minimum allowed length to the maximum allowed length.
So, you'll realize that the password does not define the pattern space, the constraints do. Thus, theoretically, by enforcing tighter contraints you are actually decreasing the number of possible password combinations that a brute-force algorithm would need to try. In practice, this isn't necessarily always true due to the aforementioned semi-intelligent crackers.
I think it would be a interesting experiment to analyze passwords on a system that said it required at least 1 symbol and 1 uppercase letter. I'm willing to bet that the vast majority of the passwords end up having EXACTLY 1 symbol and 1 uppercase letter. By stating a necessary condition, you're almost guaranteeing that people exactly satisfy that condition.
We basically have, but it isn't a good long-term solution. We can't use Red Hat 7.3 for the next five to ten years; we'll need new releases sometime.