I've been in IT Management for 15+ and I can assure you it is a good thing you are not in management. I would lose my job in a heartbeat if production server decided to take a dump and I had shut off all our fail-over servers.
It's not just a matter of what those fail-over servers costs. It's the question "Can we afford (financially) to NOT have fail-over servers?". If you stand to lose more due to a production server failure than the cost of running a fail-over for a year then you will not EVER wish to be caught without one.
I'm with you in general but it can be incredibly difficult to get an estimate from business intelligence on how much you actually stand to lose per hour of downtime.
But how hard is it to automate a process that says, in effect, "if no data is going in or out of this server, shut it down"? I suspect that there is a more nefarious purpose here and I propose a corollary to Hanlon's (Heinlein's) Razor:
This is the 21st Century - "You have attributed conditions to villainy that simply result from villainy". Incompetence is for the proletariat - we're the NSA. You're toast.
If a customer is paying for it to be there and be kept turned on *maybe* that customer has some use for the server oh I don't know maybe its a hot spare in case another server in another data center goes down? So you turn it off, their other server goes down, their service can't fail over and now your customer has a problem.
This does not stop the UK from allowing private backups and copies -- many EU states* do. This is a violation of EU regulations, where, if such copying is allowed, there must be compensation from government.
This typically takes the form of an extra blank CD or DVD tax, or tax proportional to the memory size of the device (bigger can hold more copying.) Presumably direct payments taxed some other way are also acceptable.
But sorry, welcome to...
* The United States of Europe! All mere States shall be broken to the saddle of the Federal Government. Muahahahahaha
Can you imagine a European FBI? I imagine it composed mostly of Mr Beans and Inspector Clouseaus.
When you have 0/0, you hit two "obvious" but contradictory rules in basic algebra:
Rule one: anything multiplied by zero is zero Rule two: anything divided by itself is one
Mathematicians don't know which rule has precedence for 0/0, so there's no way a dumb machine can figure it out, which is why most programing languages just throw an exception if zero is the denominator.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
Those of us who wrote for PowerPC may recall the architecture returned 0 for integer division by 0. It's been done before and, in my opinion, was a good trade off between mathematical purity and pragmatism. The vast majority of the code I write follows the pattern result = (denominator != 0) ? (numerator / denominator) : 0.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
Zero doesn't make a lot of sense if for instance you are dividing something by a dynamically changing denominator that hits zero at some point... the result would change from a very large number suddenly to 0.
Divide by zero is infinity so using the largest supported number type seems reasonable for the calculation of real numbers.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
Division by zero if anything would be +infinity or -infinity depending on signs, not zero.
A while ago I wrote an autopilot that handled division by zero by looking at the signs and setting the result to (maxpos) or (maxneg), the zero's sign being derived from the variable's last value scavenged from the PID function.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
But the Limit as x approaches 0- of a/x = negative infinity.
because this represents a jump-discontinuity, the value of a/0 is just plain undefined.
This is like week-1 of high school precalc shit. Come on.
Its even simpler than that
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this: x/0 = c = y/0 therefore x = y for all numbers.
I've rarely seen such crap posted on/. pretending to be knowledgeable.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
divide by zero is UNDEFINED and in programming languages should trigger an exception or error which should be handled in whatever way is appropriate in that program.
First issue, x/0 mathematically is infinity, not zero. Plus, you want the same exact result across all applications ever? There are certainly times where zero is appropriate, there are also many times when one would want to have some representation of infinity; yet others where this simply indicates an error of some other sort and zero is a valid result.
I've rarely seen such crap posted on/. pretending to be knowledgeable.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
MI5 work inside Britain (think FBI/secret service), and MI6 (actually called 'SIS') works outside of Britain (think CIA).
Because of the way 5 eyes works I think MI5 work more closely with the NSA and CIA than MI6 does; MI5 have to know and be known to the NSA and CIA so that MI5 don't accidentally interfere with some US spying operation in the UK.
Stop using half the states water to raise crops for cattle and there will be plenty of water for people. Every time you eat a pound of beef you waste 1800 gallons of water.
I think its actually the nuts that are using the most water, not the meat. So in actuality its the vegans who are responsible for wasting most of the water with their demand for things like almond milk and nut patties.
You're obviously patching your own machine, not thousands of other people's machines, for whom any patch carries the risk of breaking mission-critical software and potentially costing your company millions of dollars in lots productivity per day.
Not quite *any* patch.
Debian has a good reputation for not changing anything in a security patch other than the security vulnerability itself. Ie if the version of the software in the distribution is, say 1.0 then patching security updates will never change the version to 2.0. The patched version has exactly the same behaviors as the version its updating minus the security vulnerabilities. If you were somehow taking advantage of those vulnerabilities then, well, thats your problem. Also if you are mixing 3rd party non-Debian packaged software in, you are on your own there too. But a pure Debian server should be able to be apt-get upgraded with no problems.
(There was one time when the package maintainer of sudo _decided_ that the defaults for handling environment variables were 'unsecure' and changed them as a security update, which broke a lot of peoples shit. But that was a long time ago).
Thank you for your deep insight into this problem. Now that you have tossed OpenSSL what are you going to be replacing it with.
Nothing. We'll overload the fuckers. They are probably throwing away petabytes of encrypted data because, given its context, decrypting it to find out if it happens to be valuable is too much work. If we send everything in the plain they will have to devote billions of man hours of human intelligence to everyones blathering! The NSA etc would be overwhelmed! Genius!
The Met Police would not have the legal authority to implement such a network. They are bound by the law and require warrants for interception. The only two potential sources are MI5 and GCHQ.
GCHQ would have better options than mere IMSI catchers, so that would leave MI5 as the source. Again, these guys are meant to be bound by UK on telecoms interception.
The network is clearly illegal under UK law, so I am somewhat surprised that the Met Police has not moved to prosecute. Technically, that would be aiding and abetting, perhaps even conspiracy charges.
Given this has hit the media, no doubt it will be taken further.
The MET might have bought them so that MI5 can say "We don't have that capability" and the MET lets MI5 use them so the MET can say "We're not even doing anything with these things!", then MI5 shares the intel with the MET. A bit like the way 5 eyes works but internal to the UK.
"There is absolutely no reason for the force such as the metropolitan police to use or invest in such equipment when all data collation is done by other british agencies already do this"
MET is the force that does this, they got the 'domestic terrorist detection role', I even showed you the intelligence division of the MET that does it. They don't deny it, they confirm bad stuff (see below).
As to GCHQ doing it, yep I'm sure they do, and I'm also sure that that is flatly illegal which is why the MET probably does the more illegal stuff on their behalf. MET handles anti-terror which in turn has provided a two way link making a mockery of any domestic spying limits on GCHQ.
"Keith Bristow, the director-general of the National Crime Agency, said: “Some of what we would like to talk about to get the debate informed and logical, we can’t, because it would defeat the purpose of having the tactics in the first place. Frankly, some of what we need to do is intrusive, it is uncomfortable, and the important thing is we set that out openly and recognise there are difficult choices to be made.”"
Incorrect. NAT does have a security benefit. Unless ports are opened, there is no direct inbound access into the backend subnet. Yes, firewalls exist and can protect IPv6, but having a NAT simplifies security for most home users.
No, what you need isn't NAT, its a PROPER FIREWALL.
Absence of NAT is a feature! If not THE feature of IPv6!
NAT has many benefits besides reducing the number of IP addresses required. It has important security benefits in that it allows one to hide one's internal network structure from the outside world. Without NAT, attackers would know how many systems you have on your network as well as your router deployment. Potential attackers could benefit greatly from this information when planning and launching attacks.
Routing and firewalling are the appropriate methods of hiding ones internal network structure, not NAT.
If you use NAT for this then you are doing it wrong.
Slashdot Mirror
I've been in IT Management for 15+ and I can assure you it is a good thing you are not in management. I would lose my job in a heartbeat if production server decided to take a dump and I had shut off all our fail-over servers.
It's not just a matter of what those fail-over servers costs. It's the question "Can we afford (financially) to NOT have fail-over servers?". If you stand to lose more due to a production server failure than the cost of running a fail-over for a year then you will not EVER wish to be caught without one.
I'm with you in general but it can be incredibly difficult to get an estimate from business intelligence on how much you actually stand to lose per hour of downtime.
Money (or lack of it) IS a management issue....
But how hard is it to automate a process that says, in effect, "if no data is going in or out of this server, shut it down"? I suspect that there is a more nefarious purpose here and I propose a corollary to Hanlon's (Heinlein's) Razor:
This is the 21st Century - "You have attributed conditions to villainy that simply result from villainy". Incompetence is for the proletariat - we're the NSA. You're toast.
If a customer is paying for it to be there and be kept turned on *maybe* that customer has some use for the server oh I don't know maybe its a hot spare in case another server in another data center goes down? So you turn it off, their other server goes down, their service can't fail over and now your customer has a problem.
This does not stop the UK from allowing private backups and copies -- many EU states* do. This is a violation of EU regulations, where, if such copying is allowed, there must be compensation from government.
This typically takes the form of an extra blank CD or DVD tax, or tax proportional to the memory size of the device (bigger can hold more copying.) Presumably direct payments taxed some other way are also acceptable.
But sorry, welcome to...
* The United States of Europe! All mere States shall be broken to the saddle of the Federal Government. Muahahahahaha
Can you imagine a European FBI? I imagine it composed mostly of Mr Beans and Inspector Clouseaus.
When you have 0/0, you hit two "obvious" but contradictory rules in basic algebra:
Rule one: anything multiplied by zero is zero
Rule two: anything divided by itself is one
Mathematicians don't know which rule has precedence for 0/0, so there's no way a dumb machine can figure it out, which is why most programing languages just throw an exception if zero is the denominator.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
Those of us who wrote for PowerPC may recall the architecture returned 0 for integer division by 0. It's been done before and, in my opinion, was a good trade off between mathematical purity and pragmatism. The vast majority of the code I write follows the pattern result = (denominator != 0) ? (numerator / denominator) : 0.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
Zero doesn't make a lot of sense if for instance you are dividing something by a dynamically changing denominator that hits zero at some point... the result would change from a very large number suddenly to 0.
Divide by zero is infinity so using the largest supported number type seems reasonable for the calculation of real numbers.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
The reciprocal of x increases as x decreases.You want infinity, not zero, for x=0.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
Pretty sure that anything divided by zero is an uncountable infinity. You may want it to be 0, but it mathematically isn't.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
Division by zero if anything would be +infinity or -infinity depending on signs, not zero.
A while ago I wrote an autopilot that handled division by zero by looking at the signs and setting the result to (maxpos) or (maxneg), the zero's sign being derived from the variable's last value scavenged from the PID function.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
No, it does not equal infinity.
The Limit as x aproaches 0+ of a/x = infinity.
But the Limit as x approaches 0- of a/x = negative infinity.
because this represents a jump-discontinuity, the value of a/0 is just plain undefined.
This is like week-1 of high school precalc shit. Come on.
Its even simpler than that
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
I've rarely seen such crap posted on /. pretending to be knowledgeable.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
divide by zero is UNDEFINED and in programming languages should trigger an exception or error which should be handled in whatever way is appropriate in that program.
First issue, x/0 mathematically is infinity, not zero. Plus, you want the same exact result across all applications ever? There are certainly times where zero is appropriate, there are also many times when one would want to have some representation of infinity; yet others where this simply indicates an error of some other sort and zero is a valid result.
I've rarely seen such crap posted on /. pretending to be knowledgeable.
If x/0 = some constant, whatever that constant might be whether infinity, zero, 8 or whatever, you get this:
x/0 = c = y/0 therefore x = y for all numbers.
So all numbers are equal and mathematics completely breaks down.
MI5 work inside Britain (think FBI/secret service), and MI6 (actually called 'SIS') works outside of Britain (think CIA).
Because of the way 5 eyes works I think MI5 work more closely with the NSA and CIA than MI6 does; MI5 have to know and be known to the NSA and CIA so that MI5 don't accidentally interfere with some US spying operation in the UK.
Stop growing almonds.
Stop wasting water. Recycle your waste into your water treatment plant and back to you.
Stop being so gay. Number 1 job! Frivolity breeds waste.
But what will the vegans do without their almond milk!??!?
Stop using half the states water to raise crops for cattle and there will be plenty of water for people. Every time you eat a pound of beef you waste 1800 gallons of water.
I think its actually the nuts that are using the most water, not the meat. So in actuality its the vegans who are responsible for wasting most of the water with their demand for things like almond milk and nut patties.
Clearly they do a lot of business in Israel. Plus the fear being called antisemetic.
MY GOODNESS are you implying that Israel might be behind this? What? Are you ANTISEMITIC?????
You're obviously patching your own machine, not thousands of other people's machines, for whom any patch carries the risk of breaking mission-critical software and potentially costing your company millions of dollars in lots productivity per day.
Not quite *any* patch.
Debian has a good reputation for not changing anything in a security patch other than the security vulnerability itself. Ie if the version of the software in the distribution is, say 1.0 then patching security updates will never change the version to 2.0. The patched version has exactly the same behaviors as the version its updating minus the security vulnerabilities. If you were somehow taking advantage of those vulnerabilities then, well, thats your problem. Also if you are mixing 3rd party non-Debian packaged software in, you are on your own there too. But a pure Debian server should be able to be apt-get upgraded with no problems.
(There was one time when the package maintainer of sudo _decided_ that the defaults for handling environment variables were 'unsecure' and changed them as a security update, which broke a lot of peoples shit. But that was a long time ago).
Thank you for your deep insight into this problem. Now that you have tossed OpenSSL what are you going to be replacing it with.
Nothing. We'll overload the fuckers. They are probably throwing away petabytes of encrypted data because, given its context, decrypting it to find out if it happens to be valuable is too much work. If we send everything in the plain they will have to devote billions of man hours of human intelligence to everyones blathering! The NSA etc would be overwhelmed! Genius!
The Met Police would not have the legal authority to implement such a network. They are bound by the law and require warrants for interception. The only two potential sources are MI5 and GCHQ.
GCHQ would have better options than mere IMSI catchers, so that would leave MI5 as the source. Again, these guys are meant to be bound by UK on telecoms interception.
The network is clearly illegal under UK law, so I am somewhat surprised that the Met Police has not moved to prosecute. Technically, that would be aiding and abetting, perhaps even conspiracy charges.
Given this has hit the media, no doubt it will be taken further.
The MET might have bought them so that MI5 can say "We don't have that capability" and the MET lets MI5 use them so the MET can say "We're not even doing anything with these things!", then MI5 shares the intel with the MET. A bit like the way 5 eyes works but internal to the UK.
"There is absolutely no reason for the force such as the metropolitan police to use or invest in such equipment when all data collation is done by other british agencies already do this"
MET is the force that does this, they got the 'domestic terrorist detection role', I even showed you the intelligence division of the MET that does it. They don't deny it, they confirm bad stuff (see below).
As to GCHQ doing it, yep I'm sure they do, and I'm also sure that that is flatly illegal which is why the MET probably does the more illegal stuff on their behalf. MET handles anti-terror which in turn has provided a two way link making a mockery of any domestic spying limits on GCHQ.
"Keith Bristow, the director-general of the National Crime Agency, said: “Some of what we would like to talk about to get the debate informed and logical, we can’t, because it would defeat the purpose of having the tactics in the first place. Frankly, some of what we need to do is intrusive, it is uncomfortable, and the important thing is we set that out openly and recognise there are difficult choices to be made.”"
'Domestic terrorism detection role' would be MI5
Wrong, if you have router without NAT you are leaking internal addresses in the packets and therefore structure.
Thats not really security, thats just obscurity.
Mind you, if you want obscurity IPv6 has an enormous address space you could use for that. Try running nmap over a /48
Incorrect. NAT does have a security benefit. Unless ports are opened, there is no direct inbound access into the backend subnet. Yes, firewalls exist and can protect IPv6, but having a NAT simplifies security for most home users.
No, what you need isn't NAT, its a PROPER FIREWALL.
Absence of NAT is a feature! If not THE feature of IPv6!
NAT has many benefits besides reducing the number of IP addresses required. It has important security benefits in that it allows one to hide one's internal network structure from the outside world. Without NAT, attackers would know how many systems you have on your network as well as your router deployment. Potential attackers could benefit greatly from this information when planning and launching attacks.
Routing and firewalling are the appropriate methods of hiding ones internal network structure, not NAT.
If you use NAT for this then you are doing it wrong.
Copy protection often uses a form of encryption. Do they want this to be banned as well?