Having spent the last several years watching 'telecom implode', I would observe that that has largley been the result of tulip-mania style business decisions.
Those VERY few telcos that stuck to sound business decisions avoided chapter 11, and are laughing all the way to the bank!
That being said, VoIP, properly implemented, is a very strong contender going into the next 5 years, because more and more businesses are looking for a 'silver bullet' for ALL their comm needs. The carrier that hands them a magic box that serves their internet, voice, VPN and PBX needs will retain the business of the Enterprise customer, and be successful.
This hasn't really been possible until about next year, when we reach a critical mass of clue in the Enterprise world. IP PBX vendors are already starting to clean up, because, contrary to what voice only guys tell you, or data only guys tell you, IT IS AMAZINGLY EASY to get a VoIP PBX going, if you have enough bandwidth (and most anyone can afford enough bandwidth in their office), and it is SLIGHTLY LESS EASY to get it delivered through a smart carrier, who will bring you a multi-megabit facility to handle your voice and data needs...
Bottleneck removed, Class of Service (via MPLS) built in, works seemlessly...
Don't we already have this? It turned out to be too much of a PITA to use, hence the current quagmire...
Public Key authenticated mail, backed up with a whitelist, and actualy following the rules for PGP key admission (i.e. there needs to be a place you can register your key with that will certify that it belongs specificly to you)
Don't know where I found this at, but it's pretty old... Share and Enjoy! .procmailrc
----------Cut Here-------------
#Define the password
PASSWD_=PASSWORD
#Whatever other recipes in between.
# Email is not challanged from: :0
* ^From: myfriend@aol\.com
${DEFAULT}
#Return email if the password is not there :0:passwd.lock
#
# Check for (the lack of) the password
* $ ! ^Subject:.*${PASSWD_}
#
# Avoid email loops
* ! ^X-Loop: your-addrs@mail\.isp\.net
* ! ^From:.*your-addrs@([-a-z0-9_]+\.)mail\.isp\.net
#
# Prepare and send the notification
# Be sure to customize your sendmail path
| (formail -r \
-i"Subject: Returned email: Password or privileges required" \
-A"X-Loop: your-addrs@mail.isp.net" ; \
echo "* This is a computer-generated response message *" ; \
echo ; \
echo "Email password required!" ; \
echo "Please include (${PASSWD_}) anywhere on your subject line." ; \
echo "Then kindly resend your email to your-addrs@isp.net") \
|/usr/sbin/sendmail -t
ATM networks have the ability to police traffic based on the configuration of the channels you build accross the network.
You can have 1000 channels if you want (try PVCs or SVCs)
The thing is, you 1)Consume more bandwidth to do this, because of the ATM cell overhead 2) Fragment the crap out of your data, because ATM has a fixed cell length (Ie, your 1024byte TCP Frame gets cellified into 48 bytes chunks) any one if which is lost, causes the entire packet to get retransmited (unless you have decent cell buffering system on your ATM switch).
Is generally not recomened for pure date networks, because of the above, ATM was designed more for pure Video/Telephone style apps (realtime) to compete with data apps (Non Realtime)
If all of the apps on your network use IP, ATM is a redudant waste of money and resources.
If you have a video or voice system (or even a private line emulation system) that speaks NATIVE ATM, then it makes sense to go ahead and use that, build a CBR or VBR-RT PVC for that application, and let the data traffic run on ABR or VBR-NRT PVCs...
Otherwise, you should just use QoS at the IP level, and let the routers handle the policing. If you are dealing with trully anal design specs, you will also have to install RSVP to 'reserve' bandwidth, but a proper analysis of most networks will show a properly designed network app will not need to reserve any bandwidth on the network, if the policing is setup properly on the routers.
The nice thing about the 2 examples of certification you cite are that they are extreamly static, from a skill set point of view.
Not to mention, certification is ZERO gaurantee you are actually going to get what you expect... The last time I used a CERTIFIED mechanic to work on my car, they tried to tell me I was going to need over $500 dollars worth of work + a new battery! (the mechanic in question was a 15 year ASA Mechanic)... Since I already new exactly what was wrong with the car, I told them they were nuts, and told them why... both his shop manager and the mechanic insisted they were correct in their diagnosis, and proceded to flaunt their certs at me...
I then went, skined up my nuckles a little bit, and fixed the loose nut on the alternator of the car, PUSH started the car, and drove off, a year later, when I sold the car, it still had the same battery and still worked perfectly...
Certs for PCs are even MORE worthless, IMHO, because it simply means that the person in possesion of it managed to pass some tests that may or may not have anything to do with your type of setup, and doesn't necessarily bother to test if the person who is applying for the cert actually has the troubleshooting aptitude necessary to actually FIX a problem.
Not to mention the fact that anyone with a cert would need to re-cert on a very VERY regular basis, to keep current with the latest and greatest tech... Of course, that doesn't help you if the person with their newly minted Piece of Paper tryes to work on a 386 running win3.1 that has worked fine for someone for the last 8 years, no need to upgrade now!
The whole point of computers and engineers is to make things SIMPLER. Certifications bring a great deal of complication to the process of servicing existing systems.
As always, the best way to avoid getting screwed, is to get educated! If you are one of those folks who doesn't know much about PCs/Networks, does the person selling you one seem to take an interest in informing you why it's necessary to buy what you are buying? Does he back it up with demonstrations, facts, or even glossys? If so, you are probably not going to get ripped off. But if he relies ONLY on a Certification of some type (as an excuse that he knows, and you should just TRUST him), I would run away, and run away fast.
You have met someone who feels you are too stupid for him to bother explaining why he is doing what he is doing with your money, doesn't respect you as a customer, and probably is going to rip you off if he gets the feeling he can!
Yes, I do understand that a BGP feed will do that. Can you think of a better incentive to have the source of the DDOS actually do something about it. (Flash crowds are another issue completely, and should be handled by the local site. I think you would be hard pressed to find any site that doesn't already have a solution for 'flash' crowds availble. If it is a regular issue, you can always Akamize... If not, there is nothing stopping you from rate limiting at the edge. Forcing the core of someone else's network to rate limit based on your arbitrary rules is totally the wrong way to deal with flash crowds, IMHO)
I actually had this argument with a few router vendors a few years ago, my argument was quite simple. When you get to the point where the core switch has enough power to do all of things that it would need to do in order to.
1) filter on src/dst/port/URL whatever 2) implement these filters into multiple OC-192 trunks connections without taking too much a % loss 3) making it scale to 'Internet' size.
You have spent more money buying the switch than if you had simply gone with an 'all or nothing' solution.
AND you achieve pretty much the same result. (from the 'I need to let paying customers use the bandwidth vs these DDOS hax0r l33t skript kiddies point of view)
This is the diffrence between someone who doesn't have to pay for implementation of a technicaly superior soltion, vs someone who has to worry about how little money is being made with these expensive switches, because everyone expects their multi-megabyte broadband connection to be $29.95 a month.
Did you REALLY think it was a coincedence so many IP backbones have gone out of business? Trying to keep up with the Jones doesn't help, and feature enhancment requests to high end switches like this only increase the complexity and cost of Internet, for dubious improvment.
This idea has been hashed to death for years. The basic implementation has already been done.
What is novel and new about this paper is the suggestion that upstream routers are going to allow any tom, dick and mary to tell them what packets to throttle.
Always ass-uming that the larger switches can actually do this on the scale that is hinted at in the paper.
While issue 1 is specificly a political issue between carriers and customers, one could always point to the ease of which BGP routes are exchanged as an example of how easy this would be to do. Unfortunatly, since we are now talking about something that could effectivly put a transit provider out of business, there is no way issue number 1 will be overcome, unless the router manufactures give me the same kind of filter and ruleset technology I have for BGP. This would allow me to ignore anything I want from anyone, and would have the net affect of the feature being disabled!
as for 2, I'm sure some router manufacture has been touting this type of 'feature' on thier new multi-gig-a-bit MPLS/IP-does-everything-at-once switch. Don't believe it until it's out of the lab, guys. As many times as carriers have been screwed over by these new startups and their 'awsume powerful technology', I'm supprised anyone believes thier line of crap anymore.
It's too bad DDOS attacks don't go on for weeks, then we could use something like RBL to deal with it. Since they are so transitory, blackholing on the fly, (which is basicly what this paper is advocating) would require a lot more thinking about than has been put into this work.
Perhaps, instead of trying to complicate our lives with Yet Another New Protocol, you could simply come up with and IDS concatonation system, that puts together 'lists' of known DDOS sources at the current moment, and put it into a BGP feed... What a concept! Taking 2 technolgies that are known to work, and available to ANYONE that does BGP on the internet, and making it work!
Under the Options selection, change the Release Name: to the appropriate version you want to install.
Then, perform an 'Upgrade' from the main manu.
This will do a binary replacement upgrade. If you did a custom kernel, it will NOT install the new sources, so before you do this, copy your kernel config file somewhere else and nuke the src directory, or learn about cvsup.
Secure networks are simple. Just don't plug anyone you don't know into it. Universities have lax security because it is not a priority. Nothing they have would matter if someone else saw it. No one is going to DIE if thier grades get 'stolen'.
however, just because it isn't a priority doesn't mean they couldn't if they wanted to. Don't confuse lack of need with lack of knowledge.
Where things go wrong is when some secretary wants to check her AOL mail, and manages to convince the network admin she is sleeping with to hook 'AOL' into the secure network...
Uh, no. NAPs don't carry very much traffic, for the exact reason you stated. UUnet carries a tremendous amount of traffic due mainly to thier market leadership in transit connectivity.
For UUnet to go 'down' as you put it, would be very difficult, as the network itself is very decentralized. it's not like they pull all thier traffic back to one spot and then send it back out again.
Of course, them going out of business would be another thing all together.
This sounds more like some politicos trying to 'make a diffrence' over something that doesn't need to be dealt with.
NO ONE relies on the Internet for matters of 'life and death', which is the only reason you would go to the expense/aggrivation to make something that fault tolerant (can you hear the drums beating out the old 'we must be safe from everything' rythm?).
When people couldn't get all the pretty pictures on the last few disasters we have had online, what did they do. They went to a medium better suited for broad and instantaneous information distribution. Television and Radio! What a concept! An amazing technology that is capable of reaching millions of people within range of any one of hundreds of 'broadcast stations' located all over the planet!
Of course, because the Internet doesn't work that way, there must be something wrong with it, right?
This reminds me of the telcos demanding QoS for IP, so they could start using a more familiar revenue model for IP and IP services...
Wow! someone wants to do something that doesn't require new technology to do! I'm truly amazed!
Considering this is the kind of thing certain companys have been trying to sell your ILECs for years, I have to wonder if it's actually a viable way to produce revenue, but I would love to see someone try it!
In the begining, the Mosix project was for BSDs, but switched to linux, as it was percieved to be the more widespread kernel...
From the emails I swapped with the fellow in charge of the project (I'm going from memory, and this was towards the end of 1998), they really liked BSD, and all the code was written for the BSD kernel, but had, in the end, decided to rewrite for linux.
I was crushed, as I had just setup a nice small network of BSD machines (for bandwidth and QoS testing), and really wanted to try it... but, I got over it, and decided clustering wasn't going to address any of my issues anyway.
Ok, ok, so these clowns think they can make diffrence... does it really matter, while we watch all the start up telcos in the US start to go belly up, taking a lot of the infrastructure support companies with them? I mean REALLY! who cares !
There is a wonderful misconception, that because people from texas have a slow, deliberate way of speaking, that we are lacking in the IQ department somehow.
Nothing could be further from the truth, JK. What I saw was a man who's advisers where telling him the nation needed to see him calm, and in control, not raging that we were gonna find the fools who did this and rain the righteous hell fire of the U.S. down on thier heads...
He managed to say it anyway, but just watching him get off the his helicopter, and stride accross the lawn to his office, I saw one thing: A resolve to get the job done.
Had a lot of fun at my 1st field day. Spent the evening and wee hours working APRS stations! For those of you that are unfamillier with 'digital modes' APRS = Automatic Position Reporting System. It also has a built in 'intant messaging' system, which we are calling an 'unconventional digital mode' LOL...
At any rate WRT the comment about geo-caching and field day... try fox hunting much more fun!
Slashdot Mirror
Okay, I had to do it
Having spent the last several years watching 'telecom implode', I would observe that that has largley been the result of tulip-mania style business decisions.
Those VERY few telcos that stuck to sound business decisions avoided chapter 11, and are laughing all the way to the bank!
That being said, VoIP, properly implemented, is a very strong contender going into the next 5 years, because more and more businesses are looking for a 'silver bullet' for ALL their comm needs. The carrier that hands them a magic box that serves their internet, voice, VPN and PBX needs will retain the business of the Enterprise customer, and be successful.
This hasn't really been possible until about next year, when we reach a critical mass of clue in the Enterprise world. IP PBX vendors are already starting to clean up, because, contrary to what voice only guys tell you, or data only guys tell you, IT IS AMAZINGLY EASY to get a VoIP PBX going, if you have enough bandwidth (and most anyone can afford enough bandwidth in their office), and it is SLIGHTLY LESS EASY to get it delivered through a smart carrier, who will bring you a multi-megabit facility to handle your voice and data needs...
Bottleneck removed, Class of Service (via MPLS) built in, works seemlessly...
The key, as always, is access and bandwidth.
Don't we already have this? It turned out to be too much of a PITA to use, hence the current quagmire...
Public Key authenticated mail, backed up with a whitelist, and actualy following the rules for PGP key admission (i.e. there needs to be a place you can register your key with that will certify that it belongs specificly to you)
Use the network adapter and this $50 piece of software...
PS2 Divx/MP3 Player
Very cool, just run the media from it's existing location, no need to replicate.
ATM networks have the ability to police traffic based on the configuration of the channels you build accross the network.
You can have 1000 channels if you want (try PVCs or SVCs)
The thing is, you
1)Consume more bandwidth to do this, because of the ATM cell overhead
2) Fragment the crap out of your data, because ATM has a fixed cell length (Ie, your 1024byte TCP Frame gets cellified into 48 bytes chunks)
any one if which is lost, causes the entire packet to get retransmited (unless you have decent cell buffering system on your ATM switch).
Is generally not recomened for pure date networks, because of the above, ATM was designed more for pure Video/Telephone style apps (realtime) to compete with data apps (Non Realtime)
If all of the apps on your network use IP, ATM is a redudant waste of money and resources.
If you have a video or voice system (or even a private line emulation system) that speaks NATIVE ATM, then it makes sense to go ahead and use that, build a CBR or VBR-RT PVC for that application, and let the data traffic run on ABR or VBR-NRT PVCs...
Otherwise, you should just use QoS at the IP level, and let the routers handle the policing. If you are dealing with trully anal design specs, you will also have to install RSVP to 'reserve' bandwidth, but a proper analysis of most networks will show a properly designed network app will not need to reserve any bandwidth on the network, if the policing is setup properly on the routers.
Just ask me for more details if you need em!
The nice thing about the 2 examples of certification you cite are that they are extreamly static, from a skill set point of view.
Not to mention, certification is ZERO gaurantee you are actually going to get what you expect... The last time I used a CERTIFIED mechanic to work on my car, they tried to tell me I was going to need over $500 dollars worth of work + a new battery! (the mechanic in question was a 15 year ASA Mechanic)... Since I already new exactly what was wrong with the car, I told them they were nuts, and told them why... both his shop manager and the mechanic insisted they were correct in their diagnosis, and proceded to flaunt their certs at me...
I then went, skined up my nuckles a little bit, and fixed the loose nut on the alternator of the car, PUSH started the car, and drove off, a year later, when I sold the car, it still had the same battery and still worked perfectly...
Certs for PCs are even MORE worthless, IMHO, because it simply means that the person in possesion of it managed to pass some tests that may or may not have anything to do with your type of setup, and doesn't necessarily bother to test if the person who is applying for the cert actually has the troubleshooting aptitude necessary to actually FIX a problem.
Not to mention the fact that anyone with a cert would need to re-cert on a very VERY regular basis, to keep current with the latest and greatest tech... Of course, that doesn't help you if the person with their newly minted Piece of Paper tryes to work on a 386 running win3.1 that has worked fine for someone for the last 8 years, no need to upgrade now!
The whole point of computers and engineers is to make things SIMPLER. Certifications bring a great deal of complication to the process of servicing existing systems.
As always, the best way to avoid getting screwed, is to get educated! If you are one of those folks who doesn't know much about PCs/Networks, does the person selling you one seem to take an interest in informing you why it's necessary to buy what you are buying? Does he back it up with demonstrations, facts, or even glossys? If so, you are probably not going to get ripped off. But if he relies ONLY on a Certification of some type (as an excuse that he knows, and you should just TRUST him), I would run away, and run away fast.
You have met someone who feels you are too stupid for him to bother explaining why he is doing what he is doing with your money, doesn't respect you as a customer, and probably is going to rip you off if he gets the feeling he can!
Certs are bad, MMMkkk?
Yes, I do understand that a BGP feed will do that. Can you think of a better incentive to have the source of the DDOS actually do something about it. (Flash crowds are another issue completely, and should be handled by the local site. I think you would be hard pressed to find any site that doesn't already have a solution for 'flash' crowds availble. If it is a regular issue, you can always Akamize... If not, there is nothing stopping you from rate limiting at the edge. Forcing the core of someone else's network to rate limit based on your arbitrary rules is totally the wrong way to deal with flash crowds, IMHO)
I actually had this argument with a few router vendors a few years ago, my argument was quite simple. When you get to the point where the core switch has enough power to do all of things that it would need to do in order to.
1) filter on src/dst/port/URL whatever
2) implement these filters into multiple OC-192 trunks connections without taking too much a % loss
3) making it scale to 'Internet' size.
You have spent more money buying the switch than if you had simply gone with an 'all or nothing' solution.
AND you achieve pretty much the same result. (from the 'I need to let paying customers use the bandwidth vs these DDOS hax0r l33t skript kiddies point of view)
This is the diffrence between someone who doesn't have to pay for implementation of a technicaly superior soltion, vs someone who has to worry about how little money is being made with these expensive switches, because everyone expects their multi-megabyte broadband connection to be $29.95 a month.
Did you REALLY think it was a coincedence so many IP backbones have gone out of business? Trying to keep up with the Jones doesn't help, and feature enhancment requests to high end switches like this only increase the complexity and cost of Internet, for dubious improvment.
This idea has been hashed to death for years.
The basic implementation has already been done.
What is novel and new about this paper is the suggestion that upstream routers are going to allow any tom, dick and mary to tell them what packets to throttle.
Always ass-uming that the larger switches can actually do this on the scale that is hinted at in the paper.
While issue 1 is specificly a political issue between carriers and customers, one could always point to the ease of which BGP routes are exchanged as an example of how easy this would be to do. Unfortunatly, since we are now talking about something that could effectivly put a transit provider out of business, there is no way issue number 1 will be overcome, unless the router manufactures give me the same kind of filter and ruleset technology I have for BGP. This would allow me to ignore anything I want from anyone, and would have the net affect of the feature being disabled!
as for 2, I'm sure some router manufacture has been touting this type of 'feature' on thier new multi-gig-a-bit MPLS/IP-does-everything-at-once switch. Don't believe it until it's out of the lab, guys. As many times as carriers have been screwed over by these new startups and their 'awsume powerful technology', I'm supprised anyone believes thier line of crap anymore.
It's too bad DDOS attacks don't go on for weeks, then we could use something like RBL to deal with it. Since they are so transitory, blackholing on the fly, (which is basicly what this paper is advocating) would require a lot more thinking about than has been put into this work.
Perhaps, instead of trying to complicate our lives with Yet Another New Protocol, you could simply come up with and IDS concatonation system, that puts together 'lists' of known DDOS sources at the current moment, and put it into a BGP feed... What a concept! Taking 2 technolgies that are known to work, and available to ANYONE that does BGP on the internet, and making it work!
Thank You, Come Again.
/stand/sysintall
Under the Options selection, change the
Release Name: to the appropriate version you want to install.
Then, perform an 'Upgrade' from the main manu.
This will do a binary replacement upgrade.
If you did a custom kernel, it will NOT install the new sources, so before you do this, copy your kernel config file somewhere else and nuke the src directory, or learn about cvsup.
It was one of the 1st games I actually BOUGHT! because I wanted the manual!
C=64 version was definitly the best. I loved this game!
I can't believe how few people actually played it.
Secure networks are simple. Just don't plug anyone you don't know into it. Universities have lax security because it is not a priority. Nothing they have would matter if someone else saw it. No one is going to DIE if thier grades get 'stolen'.
:)
however, just because it isn't a priority doesn't mean they couldn't if they wanted to. Don't confuse lack of need with lack of knowledge.
Where things go wrong is when some secretary wants to check her AOL mail, and manages to convince the network admin she is sleeping with to hook 'AOL' into the secure network...
Think it can't happen? LOL
Uh, no. NAPs don't carry very much traffic, for the exact reason you stated. UUnet carries a tremendous amount of traffic due mainly to thier market leadership in transit connectivity.
For UUnet to go 'down' as you put it, would be very difficult, as the network itself is very decentralized. it's not like they pull all thier traffic back to one spot and then send it back out again.
Of course, them going out of business would be another thing all together.
This sounds more like some politicos trying to 'make a diffrence' over something that doesn't need to be dealt with.
NO ONE relies on the Internet for matters of 'life and death', which is the only reason you would go to the expense/aggrivation to make something that fault tolerant (can you hear the drums beating out the old 'we must be safe from everything' rythm?).
When people couldn't get all the pretty pictures on the last few disasters we have had online, what did they do. They went to a medium better suited for broad and instantaneous information distribution. Television and Radio! What a concept! An amazing technology that is capable of reaching millions of people within range of any one of hundreds of 'broadcast stations' located all over the planet!
Of course, because the Internet doesn't work that way, there must be something wrong with it, right?
This reminds me of the telcos demanding QoS for IP, so they could start using a more familiar revenue model for IP and IP services...
Wow! someone wants to do something that doesn't require new technology to do! I'm truly amazed!
Considering this is the kind of thing certain companys have been trying to sell your ILECs for years, I have to wonder if it's actually a viable way to produce revenue, but I would love to see someone try it!
Late 70s, Early 80s...
A bunch of junkyard/salvage types...
Later shows had them hooking thier 'special' rockets onto an iceberg?
read about this back in the 1983... in a sci-fi book called 'Single Combat' by Dean Ing...
The man even included a basic sketch outline of a plan... called it a 'boucher relay'
In the begining, the Mosix project was for BSDs, but switched to linux, as it was percieved to be the more widespread kernel...
From the emails I swapped with the fellow in charge of the project (I'm going from memory, and this was towards the end of 1998), they really liked BSD, and all the code was written for the BSD kernel, but had, in the end, decided to rewrite for linux.
I was crushed, as I had just setup a nice small network of BSD machines (for bandwidth and QoS testing), and really wanted to try it... but, I got over it, and decided clustering wasn't going to address any of my issues anyway.
You can't keep people from expressing thier opinions... of course, that doesn't mean you can chase after them if they slander you...
In other words, we already have laws to deal with this, we don't need diffrent ones.
Look in the Mirror
Ok, ok, so these clowns think they can make diffrence... does it really matter, while we watch all the start up telcos in the US start to go belly up, taking a lot of the infrastructure support companies with them? I mean REALLY! who cares !
The World is a Dangerous Place. Sometimes, you have to be Dangerous Back.
You sir, obviously don't know texans...
There is a wonderful misconception, that because people from texas have a slow, deliberate way of speaking, that we are lacking in the IQ department somehow.
Nothing could be further from the truth, JK. What I saw was a man who's advisers where telling him the nation needed to see him calm, and in control, not raging that we were gonna find the fools who did this and rain the righteous hell fire of the U.S. down on thier heads...
He managed to say it anyway, but just watching him get off the his helicopter, and stride accross the lawn to his office, I saw one thing: A resolve to get the job done.
If you prefer
This was a result of total bastards trying to take advantage of the situation. Report any such station to the local attorney general's office.
Had a lot of fun at my 1st field day. Spent the evening and wee hours working APRS stations! For those of you that are unfamillier with 'digital modes' APRS = Automatic Position Reporting System. It also has a built in 'intant messaging' system, which we are calling an 'unconventional digital mode' LOL...
At any rate WRT the comment about geo-caching and field day... try fox hunting much more fun!
true enough. Of course, PHDs have high marketing points, on the BS scale too! LOL