This is essentially what I've been telling any lawmaker I share a beer with (well, not literally.) Given that the local telco here (formerly Verizon, now CenturyTel) owns all of the copper, and the cable company won't share their wires, our ISP has very few options: DSL (wholesale circuit prices are more for us than what they charge their ISP customers, SDSL and T1 (too pricey for all but a few customers) or wireless. The up-front costs associated with the hardware and logistics of widely-deployed wireless are kind of a bitch for a small company like us, but the city can afford it.
Discounting that Verizon's objectives are most likely to merely protect market share, as opposed to neat things like more choices for the consumer, I don't think it's a good idea to make Internet access a municipal city-wide service.
I like the roads analogy, and have felt strongly that if the $city thinks broadband should be available to all, it should make the infrastructure available to fill with traffic to any player with the expertise and desire to compete on a non-monopoly playing field. The courts, however seem to disagree.
This is a tough discussion. On one hand, we'd like to more broadband options for more customers, since our local telco routinely and blatently offers services and prices that are in violation of tariffs, but we also don't feel the municipal government should offer a service (infrastructure plus Internet) that would potentially put us out to pasture. Sure, a person could argue that without innovation (cue Microsoft jokes) we don't deserve to thrive, but we're stuck between an evil telco actively working to put us out of businsess, and the prospect of free or artificially low-priced alternatives. Somewhere in the middle would be nice.
You shouldn't give them any traffic unless they have a warrant. The police are not all bad but if they don't have their search approved by a judge, they'll get in the habbit of poppong round just to take a peek.
Oh, yeah. Forgot to mention that part. It was not really so much asking as politely demanding. He had a subpoena signed by a judge.
Yeah, like I'm supposed to buy a few hundred terabytes of storage for no other reason than to have records of traffic for whatever law enforcement dude that shows up in my office wanting to know what so-and-so IP address was doing two months ago? Hey, I'm all for backups, but I guess I can distill my feelings to a few words: "Are they on drugs, or just stupid?"
I've had a detective show up twice at my ISP and ask to see records for IP addresses regarding a criminal investigation (eBay fraud, as it turned out). He was amazed that we didn't have *all* traffic, like logs of the actual content of e-mails, from several months earlier. I tried to explain that something like that would require storage that we couldn't afford, and he said "well, AOL saves all e-mails." Rigghht, of course they do. Hell, it would be trivial for us to sniff and archive every single e-mail for a year.
Using public telecom infrastructure for private use has not worked thus far in Columbia, MO, as the ILEC filed a lawsuit to stop it, and basically won. There is an ongoing legal debate, as the telcos seem to think the FCC has prohibited municpal data access, but the cities say that the FCC has not.
Personally, I'm in favor of the model that has the city building the infrastructure, and telcos (note the use of plural) handle the stuff in the pipes. ILECs seem fond of just providing enough service to get by, and spending lots of time protecting their turf from rogues who want silly things like modern telecommunications services. It's no bloody wonder that wireless carriers are wiping the floor with them. Like many, I use no services of the ILEC in my home.
OK, so the guy tracked his stolen laptop. I've often thought about a way to run that as a daemon.
How about a trojan "periscope" app that talks to headquarters whenever an Internet connection is established, and if the laptop is stolen, the stealee can not only track, but instruct the laptop to eat the cyanide pill.
"Hi, thanks for calling tech support, my name is Larry, how can I help?"
"Yeah, I've got a problem. That stupid laptop theft thingie, well yeah, umm, like I've got this Powerpoint presentation that I have to give tomorrow, and well, like I think I typed the wrong password and the thing said 'no operating sytem found'."
I can imagine the ire that l33t haXors/crackers are voicing about this. The worm infects. The worm is easily removed. The patch is applied. For most systems, if not all, this fixes it. (Disclaimer: I have not yet removed this from a system. I have only talked to colleagues that have, and customers who have been affected.)
Let's try to imagine if it carried a Chernobyl-like payload, or the feared root name server DDoS. Man, that's scary. So, the first one with an exploit ruins it for the rest, as at least some of the world finally realizes that it needs to patch, rendering the real killer-virus less effective, should it ever see the light of day.
I guess in that context, we should be grateful. It's kinda like if your're walking down the street in a bad neighborhood. Wouldn't you rather have some a**hole just slap you in the face, rather than said person walking up and shooting you?
This is not the end-all of security, but one measure I use is to tear any CC receipt in half, always in the middle of the CC number. The right portion goes into my regular kitchen trash can, the left into a smaller can. When I take the trash out, in the unlikely event that a Dumpster-diver finds my receipt, he gets only half of the number. The other can (left half of the number) gets tossed in the Dumpster only when it can't be intermixed with the right-sides.
For the "pre-approved" credit cards, first remove any personally identifiable information, like the barcodes - you know, the ones right under where it says that you'll be subject to legal action if you tamper with the envelope. Seal it, and toss it in the mail empty. That part is just my revolt against the corporate thieves that charge 24.99% APR - $0.34 scored against them. Pretty lame, I know, but credit card debt is going to be the most likely thing to further damage our economy in the long run, IMHO. Of course, the contents of the credit offer are shredded.
My father has been a Mac person since there *was* a Mac, and quite a geek, to boot. Recently, he proposed doing a bunch of of server-y stuff on his G4, to which I responded "why potentially mess up your OS-X install when you can get FreeBSD on another server in the house?" (wired Cat-5 in every room.) He hooked me up with a 1GHZ Pentium with 512MB of memory, and a 40GB drive, now running in the basement with 4.8, horribly underutilized, but ready for anything.
I certainly don't wish to cast dispersions on OS-X, but since I work w/ FBSD, I'm more comfortable with this scenario, as the "critical data", i.e. 2 years of stuff, is still in its place on the Mac, and the new server is ready and willing to do whatever we throw at it.
So, mostly a fear of screwing up the OS-X stuff (I am nervous about a server-capable machine with a gui), I fall back to what I know. A colleague of his is running a WAP and Postgres from his Mac laptop, so, I suppose it's really about what you're comfortable with - provided it works, and is secure out of the box.
Before you flame, in my noob days, I got r00ted in RH (6.2 default) and FBSD (OpenSSH). But that was a lifetime ago, three years. In that time, the modularity of FBSD, IMHO, has allowed me to more easily and efficiently stay current and less vulnerable.
My favorite is sending back the envelopes from credit card companies, with nothing in them of course, save an index card with a smiley-face sticker. If they put a bar code on it, I cut it off, and if I see a long, serial-number-like string, I cut it off, ignoring the warning of legal action if the envelope is altered. Eww, I'm SO scared. If more people did this, well...at least the cost of mail-Spam would be higher for them.
For Spammers, I munge all Web-visible addresses, use SpamCop, and ban any servers that get through from ever sending to any of our 4500 customers.
For phone Spammers - I have no land-line, just PCS, so I get no phone-Spam (knock on wood). I do like the idea of having a voicemail message that is a modem screech, however...
One thing that I think is being overlooked is the trafficking of e-mail addresses. Sure, there are people actually selling things, but I'd suspect that a far higher proportion of Spam is designed solely for address verification/validation. Perhaps that's something to keep in mind in this war.
So, how 'bout a system whereby recipient tags mail as legitimate or Spam. Legitimate goes to Inbox. Spam goes to be "processed", which entails extracting any e-mail addresses and replying, but with forged headers, etc. That could at least dilute the effectiveness of that particular method of address trawling.
Bandwidth: As an ISP, Speakeasy's bottom line is determined partially by the amount of bandwidth customers utilize. Speakeasy can normally balance that cost and utilization while continuing to provide great service to all customers. Customers will not be charged for the bandwidth consumed, nor do we have specific limits or caps on that bandwidth. If you utilize any of your Speakeasy services in a manner which consumes excessive bandwidth or affects Speakeasy's core equipment, overall network performance, or other users' services, Speakeasy may require that you cease or alter these activities."
Link to TOS page
I wouldn't personally interpret that to say they are delighted to for you use "all of your bandwidth all of the time", and I still maintain that folks misinterpret 24/7 connectivity to mean that 24/7 full throttle both ways is quite OK with ISP's.
Try this link for links to such lists. I have used the technique in the past, but stopped when pages simply refused to load on many of my favorite sites.
Kind of reinforces one thing I sometimes forget to do on a new ftp install, and that is to immediately copy all of the binaries that one would use to detect a comprimised box -- ps, top, ls, md5, and several others that one could find in a book or Wepage devoted to security -- to a read-only CD. Oh yeah, throw in NMap, too. Of course, immediately next should be Tripwire.
That way, at the first sign of trouble, you just toss in the disk of known-good tools, with the confidence that at least that stuff is clean. Yes there are ways other than this, I'm sure, but for us non-super-guru types, it's pretty handy.
Fer fuck's sake...
I keep hearing bitching and moaning about what we can or cannot do. Does anyone bitching about this realize how much P2P can suck from a network? (Of course you do) I've looked at MRTG at the ISP where I work (and where I'd like to someday get a raise) and many people are running full-throttle on the upload; the outgoing circuit is saturated for days! This is a consumer-grade product! It is designed for reasonble and just usage.
We don't happen to give two shits whether you run a Web server or other stuff prohibited by other ISP's; in fact we promote ourselves as a "geek's ISP." But at some point we have to slap some people and remind them that a T costs a fuck-pile of money, and that they are not paying for a T, they are paying for DSL and such overuse is not in the "consumer envelope"
The bandwidth is not infinite. Somebody has to pay for it if everybody wants to beat the crap out of their connections. The problem is, the user doesn't want to be that person.
Ain't no free beer in this bar.
I'm *totally* for P2P, but seriously, we need to realize that it can be used irresponsibly.
- Hondo_san
Howdy all.
I've been following the project online for over a year. The cool part is that this is sort of a googlebot for the heavens.
See: http://www.astronomy.com/content/dynamic/articles/ 000/000/000/502vwthx.asp
Slashdot Mirror
Yep. Definitely the first thing that popped into my head too.
Discounting that Verizon's objectives are most likely to merely protect market share, as opposed to neat things like more choices for the consumer, I don't think it's a good idea to make Internet access a municipal city-wide service.
I like the roads analogy, and have felt strongly that if the $city thinks broadband should be available to all, it should make the infrastructure available to fill with traffic to any player with the expertise and desire to compete on a non-monopoly playing field. The courts, however seem to disagree.
This is a tough discussion. On one hand, we'd like to more broadband options for more customers, since our local telco routinely and blatently offers services and prices that are in violation of tariffs, but we also don't feel the municipal government should offer a service (infrastructure plus Internet) that would potentially put us out to pasture. Sure, a person could argue that without innovation (cue Microsoft jokes) we don't deserve to thrive, but we're stuck between an evil telco actively working to put us out of businsess, and the prospect of free or artificially low-priced alternatives. Somewhere in the middle would be nice.
Oh, yeah. Forgot to mention that part. It was not really so much asking as politely demanding. He had a subpoena signed by a judge.
I've had a detective show up twice at my ISP and ask to see records for IP addresses regarding a criminal investigation (eBay fraud, as it turned out). He was amazed that we didn't have *all* traffic, like logs of the actual content of e-mails, from several months earlier. I tried to explain that something like that would require storage that we couldn't afford, and he said "well, AOL saves all e-mails." Rigghht, of course they do. Hell, it would be trivial for us to sniff and archive every single e-mail for a year.
Freaking morons.
Personally, I'm in favor of the model that has the city building the infrastructure, and telcos (note the use of plural) handle the stuff in the pipes. ILECs seem fond of just providing enough service to get by, and spending lots of time protecting their turf from rogues who want silly things like modern telecommunications services. It's no bloody wonder that wireless carriers are wiping the floor with them. Like many, I use no services of the ILEC in my home.
For an even better explanation, try this Google Groups post.
"Hi, thanks for calling tech support, my name is Larry, how can I help?"
"Yeah, I've got a problem. That stupid laptop theft thingie, well yeah, umm, like I've got this Powerpoint presentation that I have to give tomorrow, and well, like I think I typed the wrong password and the thing said 'no operating sytem found'."
Nevermind...
Let's try to imagine if it carried a Chernobyl-like payload, or the feared root name server DDoS. Man, that's scary. So, the first one with an exploit ruins it for the rest, as at least some of the world finally realizes that it needs to patch, rendering the real killer-virus less effective, should it ever see the light of day.
I guess in that context, we should be grateful. It's kinda like if your're walking down the street in a bad neighborhood. Wouldn't you rather have some a**hole just slap you in the face, rather than said person walking up and shooting you?
For the "pre-approved" credit cards, first remove any personally identifiable information, like the barcodes - you know, the ones right under where it says that you'll be subject to legal action if you tamper with the envelope. Seal it, and toss it in the mail empty. That part is just my revolt against the corporate thieves that charge 24.99% APR - $0.34 scored against them. Pretty lame, I know, but credit card debt is going to be the most likely thing to further damage our economy in the long run, IMHO. Of course, the contents of the credit offer are shredded.
I certainly don't wish to cast dispersions on OS-X, but since I work w/ FBSD, I'm more comfortable with this scenario, as the "critical data", i.e. 2 years of stuff, is still in its place on the Mac, and the new server is ready and willing to do whatever we throw at it.
So, mostly a fear of screwing up the OS-X stuff (I am nervous about a server-capable machine with a gui), I fall back to what I know. A colleague of his is running a WAP and Postgres from his Mac laptop, so, I suppose it's really about what you're comfortable with - provided it works, and is secure out of the box.
Before you flame, in my noob days, I got r00ted in RH (6.2 default) and FBSD (OpenSSH). But that was a lifetime ago, three years. In that time, the modularity of FBSD, IMHO, has allowed me to more easily and efficiently stay current and less vulnerable.
The ports tree rocks.
For Spammers, I munge all Web-visible addresses, use SpamCop, and ban any servers that get through from ever sending to any of our 4500 customers.
For phone Spammers - I have no land-line, just PCS, so I get no phone-Spam (knock on wood). I do like the idea of having a voicemail message that is a modem screech, however...
The story of Serge is here
So, how 'bout a system whereby recipient tags mail as legitimate or Spam. Legitimate goes to Inbox. Spam goes to be "processed", which entails extracting any e-mail addresses and replying, but with forged headers, etc. That could at least dilute the effectiveness of that particular method of address trawling.
"Moderations of Use:
Bandwidth: As an ISP, Speakeasy's bottom line is determined partially by the amount of bandwidth customers utilize. Speakeasy can normally balance that cost and utilization while continuing to provide great service to all customers. Customers will not be charged for the bandwidth consumed, nor do we have specific limits or caps on that bandwidth. If you utilize any of your Speakeasy services in a manner which consumes excessive bandwidth or affects Speakeasy's core equipment, overall network performance, or other users' services, Speakeasy may require that you cease or alter these activities." Link to TOS page
I wouldn't personally interpret that to say they are delighted to for you use "all of your bandwidth all of the time", and I still maintain that folks misinterpret 24/7 connectivity to mean that 24/7 full throttle both ways is quite OK with ISP's.
Try this link for links to such lists. I have used the technique in the past, but stopped when pages simply refused to load on many of my favorite sites.
Still, it's a neat thing to try.
That way, at the first sign of trouble, you just toss in the disk of known-good tools, with the confidence that at least that stuff is clean. Yes there are ways other than this, I'm sure, but for us non-super-guru types, it's pretty handy.
In faux-Chinese: Perhaps that is the intent, grasshopper.
Aww, crap...here we go again....I guess I saw it coming when I saw viri in the original story.
Perhaps a pizza and a nice triple cappuccino would calm your nerves a bit. Ya' got kind of a light trigger pull right now...
I'm sure there is a reason why what I do is lame, but why not firewall NTP, and run an NTP server inside that does the following cronjob:
/usr/sbin/ntpdate time.nist.gov /usr/sbin/ntpdate time.nist.gov
1 0 * * *
1 12 * * *
It keeps my server sync-ed to no more than 0.8 seconds of drift at any given time.
Fer fuck's sake... I keep hearing bitching and moaning about what we can or cannot do. Does anyone bitching about this realize how much P2P can suck from a network? (Of course you do) I've looked at MRTG at the ISP where I work (and where I'd like to someday get a raise) and many people are running full-throttle on the upload; the outgoing circuit is saturated for days! This is a consumer-grade product! It is designed for reasonble and just usage. We don't happen to give two shits whether you run a Web server or other stuff prohibited by other ISP's; in fact we promote ourselves as a "geek's ISP." But at some point we have to slap some people and remind them that a T costs a fuck-pile of money, and that they are not paying for a T, they are paying for DSL and such overuse is not in the "consumer envelope" The bandwidth is not infinite. Somebody has to pay for it if everybody wants to beat the crap out of their connections. The problem is, the user doesn't want to be that person. Ain't no free beer in this bar. I'm *totally* for P2P, but seriously, we need to realize that it can be used irresponsibly. - Hondo_san
Howdy all. I've been following the project online for over a year. The cool part is that this is sort of a googlebot for the heavens. See: http://www.astronomy.com/content/dynamic/articles/ 000/000/000/502vwthx.asp