Re:Automatic DDoS mitigation at backbone level
on
Zombie Report By ISP
·
· Score: 1
Seems like that system has flexibility that renders the usefulness of the forced compliance aspect of the system I suggested somewhat less, er, useful, but it's good to know that somebody is thinking along these lines.
Oddly enough, TFA actually has a link that answers your question. IPac, a political action committee focused on consumer-side intellectual property rights, endorsed six candidates in 2004, five of which won re-election. This article mentions them all by name.
Part of the point of the DMCRA is to revoke the provisions of the DMCA that made it illegal to produce devices that bypassed copy protection features, as long as the uses of the content are fair (e.g., not sharing it wholesale over the Internet). Boucher wants to ensure that we can do things like time-shift television shows, skip commercials, watch it backwards or extra-fast, or keep an archival copy, not to mention all the things that libraries, journalists, and academicians in the humanities might need to do with digital media.
He doesn't want the version of the broadcast flag that the MPAA tried to ramrod through the FCC - he wants a sane version that protects digital content from being unfairly abused while still protecting our rights as consumers. Hopefully, he can extend this concept to the 5C system that is essentially Broadcast-Flag-For-Cable, for which there is currently no moderating influence, and for which the MPAA is getting their every wish.
Re:Automatic DDoS mitigation at backbone level
on
Zombie Report By ISP
·
· Score: 1
This is about improving detection and mandating compliance. If current attack detection were sufficient, DDoS wouldn't be a problem, so obviously something more is needed. You indicate that the CS issue is one reason why small ISPs don't want to deal with blocking end users unless they have to. Having a system where their upstream provider blocks part or all of the small ISP's network space if they don't comply helps to solve this issue.
One way to mitigate the impact of increased CS calls is to route web page requests on compromised hosts to a special server that acts as a gateway to provide automated service and to provide access to cleaning tools. (ISPs could actually *make* money selling links to antivirus providers if they really wanted.) The network at the university where I work does something similar for new unregistered hosts on the network - the only thing an unregistered host can reach on the web is a campus site that provides things like Windows service packs, firewalls, and other anti-compromise utilities (in addition to host registration and such).
Automatic DDoS mitigation at backbone level
on
Zombie Report By ISP
·
· Score: 2, Interesting
What is really needed is a system that performs automatic blacklisting based on a report-confirm-block scheme. That is, a customer or a bottom-level ISP becomes the target of a DDoS attack. It reports the IPs of each attacker to its service provider, which reports to its service provider, and so on, up. If an IP address corresponds to an ISP that receives a report, then the ISP examines the traffic originating from that IP address locally (as locally as possible, to distribute the load so no one routing device gets overloaded), determines whether the traffic constitutes participation in a DDoS attack, and if it does, blocks the IP locally.
Eventually some of the reports will reach backbone providers. At the top, IPs are reported to peers, which then route the reports back down to the local ISPs, who confirm the report and block the IP address locally. The problem then shifts to the end user, who must take responsibility for his or her machine and keep it secure.
Obviously, compliance is an issue, but this can be solved by having a higher-level provider begin blocking lower level subnets if the lower-level ISP does not comply with the mitigation request.
This scheme is in every ISP's interest, since backbone providers can reduce traffic and thus costs (carrot incentive) while smaller ISPs must comply or be blacklisted (stick incentive).
Now all we need is for a smart person to write up an RFC.:)
Each million AOL subscribers contribute 0.54% of the total DoS load. Thus, the 21.7 million AOL subscribers contribute 21.7 million * 0.54%/million = 11.7% of total load.
Why go to this "nationmaster.com" site when you can go straight to the source? You get a more up-to-date version of the page, plus the talk page, for free.
The snippet Morinaga quoted is interesting, but there's even more to the story than that. I really recommend that everyone follow the link and read the entire post.
They're probably referring to EQ2, which has graphics that are technologically more impressive than in WoW. (Whether they make for more compelling gameplay is another matter altogether that I won't get into, never having actually played EQ2.)
TES: Oblivion will knock the socks off of both of them when it comes out within the next year (hopefully by the end of 2005), but it's a single-player RPG, not a MMOG.
Care to offer any proof of that? I mean actual proof, going beyond anecdotal reports of a few people posting on the WoW forums that "my friend got banned so I'm posting this for them", which are often easily debunked as "my friend broke the rules and got banned, and instead of owning up to his wrongdoing, I'm making this post on his behalf to make Blizzard look like the bad guys".
Or are you referring to the old BBB report on Vivendi Universal, which discusses large numbers of account bans (130k of them), which has also been consistently debunked on the WoW forums as actually being account bans from battle.net for massive cases of item duping in Diablo II?
Tsunami can strike hundreds, sometimes thousands, of miles away from where the related earthquake happens. The potential for a tsunami truly has global scope (at least as much global scope as the Xbox 360, which much of Africa has little interest in, for example).
A tsunami warning system is both a technological and sociological device, as discussed by the last linked article. While it was certainly a bit thin on details, it is probably of interest to at least some nerds, even if you personally don't give a rat's ass.
Never let it be said that the Utah legistlature had real brain power. After all, the state produced Orrin Hatch!
Ahh, yet another rational post derailed by an ad hominem attack.
But the real reason I'm bothering to respond is because in reality, the ACLU rarely takes up the civil liberty causes of people with rightward leanings. Those few cases where they have helped conservatives were motivated by a desire to put up a front of impartiality, by supporting just enough cases to get people to argue that they are impartial.
Jeff Bezos's commercial spaceflight company, Blue Origin, has kept its plans secret to better compete with rivals such as Richard Branson's Virgin Galactic.
Commercial manned space travel still seems like quite a lofty goal - lofty enough, and expensive enough, that trying to ensure competition in the marketplace at this very early stage seems counterproductive. One would think that everyone could benefit from open cooperation between Blue Origin and Virgin Galactic, at least until they both get a revenue stream going (read: customers actually in space).
Unless, that is, Bezos and/or Branson think the first-mover advantage will really translate into significant profits. I suspect, however, that those profits are in the pretty distant future, and the best way to bring the profits closer would be to cooperate.
Believe it or not, I don't listen to Rush Limbaugh, because I got tired of hearing the same unsubstantiated rumors and ad hominem attacks over and over again. He's every bit as bad as Al Franken (though when it comes to misinformation, I think Michael Moore has him beat).
It is pretty ironic how the supposedly tolerant liberals turn out to be just as exclusionary, prejudiced, and judgmental as the conservatives they ridicule (as opposed to entering an intelligent discourse with) on a daily basis.
What makes South Park better at political commentary than The Simpsons is that, ultimately, South Park approaches a view based on common sense, that doesn't kowtow to the left or the right, but sits somewhere in between where most non-ideologues are.
I mean.... Voting between a Giant Douche and a Turd Sandwich? Classic!
On the other hand, The Simpsons and Futurama (I think Futurama, especially) are still not bad at political commentary because they take a situation or issue (like global warming, for instance) and, while bringing it to light in an episode, also turn the issue on its head (like when burning robot exhaust gases are used to shift the Earth into a wider orbit, thus cooling the planet). There's still a political bias there, but it isn't used to beat you over the head with like most dramas do these days, and so even if you disagree with the political views, you're still entertained and not offended.
We're talking about cryptographic hashes here, not encryption. Encryption is meant to be a reversible process, and is therefore one-to-one. In other words, there's no concern over collisions with encryption.
With cryptographic hashes, you're throwing away nearly all of the data to obtain a hash (a number) which represents the larger data set in such a way that (hopefully) the hash will never turn up again in practical usage. The article here indicates that there are ways being devised to force two data sets to have a hash collision while keeping the practical parts of the data sets the same.
As for accusing encryption of being "security through obscurity", you're misusing that term. If knowing the encryption algorithm allowed you instant access to all data encrypted with that algorithm, then yes, the only security present would be dependent upon the secrecy of the algorithm itself. But that's not the case here. Encryption typically works by public key exchange, meaning that a key (a number) used to encrypt messages is shared with the encrypting partner, while the key to decrypt and recover the data is kept private (is never transmitted). Recovering the private key through brute force is not a compromise of the algorithm itself - given enough time, any private key can be recovered, regardless of the algorithm, but by increasing the key size arbitrarily, the time taken to find that key can also be increased arbitrarily.
Fry: Is this gonna be another crazy experiment that crosses a line man was not meant to cross? Prof. Farnsworth grins, raises his hand, and holds his thumb and forefinger a half inch apart.
As long as they're upping the deadlines for TVs to support digital broadcasts, they should also be putting regulatory pressure on broadcasters and content makers to provide digital HD content, even if there's no mandated DRM yet to "protect" said content from evil people like us who want to commit the heinous crimes of skipping commercials and time/space/format-shifting the shows we watch.
Seems like that system has flexibility that renders the usefulness of the forced compliance aspect of the system I suggested somewhat less, er, useful, but it's good to know that somebody is thinking along these lines.
Oddly enough, TFA actually has a link that answers your question. IPac, a political action committee focused on consumer-side intellectual property rights, endorsed six candidates in 2004, five of which won re-election. This article mentions them all by name.
Did you actually RTFA that you linked?
Part of the point of the DMCRA is to revoke the provisions of the DMCA that made it illegal to produce devices that bypassed copy protection features, as long as the uses of the content are fair (e.g., not sharing it wholesale over the Internet). Boucher wants to ensure that we can do things like time-shift television shows, skip commercials, watch it backwards or extra-fast, or keep an archival copy, not to mention all the things that libraries, journalists, and academicians in the humanities might need to do with digital media.
He doesn't want the version of the broadcast flag that the MPAA tried to ramrod through the FCC - he wants a sane version that protects digital content from being unfairly abused while still protecting our rights as consumers. Hopefully, he can extend this concept to the 5C system that is essentially Broadcast-Flag-For-Cable, for which there is currently no moderating influence, and for which the MPAA is getting their every wish.
This is about improving detection and mandating compliance. If current attack detection were sufficient, DDoS wouldn't be a problem, so obviously something more is needed. You indicate that the CS issue is one reason why small ISPs don't want to deal with blocking end users unless they have to. Having a system where their upstream provider blocks part or all of the small ISP's network space if they don't comply helps to solve this issue.
One way to mitigate the impact of increased CS calls is to route web page requests on compromised hosts to a special server that acts as a gateway to provide automated service and to provide access to cleaning tools. (ISPs could actually *make* money selling links to antivirus providers if they really wanted.) The network at the university where I work does something similar for new unregistered hosts on the network - the only thing an unregistered host can reach on the web is a campus site that provides things like Windows service packs, firewalls, and other anti-compromise utilities (in addition to host registration and such).
What is really needed is a system that performs automatic blacklisting based on a report-confirm-block scheme. That is, a customer or a bottom-level ISP becomes the target of a DDoS attack. It reports the IPs of each attacker to its service provider, which reports to its service provider, and so on, up. If an IP address corresponds to an ISP that receives a report, then the ISP examines the traffic originating from that IP address locally (as locally as possible, to distribute the load so no one routing device gets overloaded), determines whether the traffic constitutes participation in a DDoS attack, and if it does, blocks the IP locally.
:)
Eventually some of the reports will reach backbone providers. At the top, IPs are reported to peers, which then route the reports back down to the local ISPs, who confirm the report and block the IP address locally. The problem then shifts to the end user, who must take responsibility for his or her machine and keep it secure.
Obviously, compliance is an issue, but this can be solved by having a higher-level provider begin blocking lower level subnets if the lower-level ISP does not comply with the mitigation request.
This scheme is in every ISP's interest, since backbone providers can reduce traffic and thus costs (carrot incentive) while smaller ISPs must comply or be blacklisted (stick incentive).
Now all we need is for a smart person to write up an RFC.
Each million AOL subscribers contribute 0.54% of the total DoS load. Thus, the 21.7 million AOL subscribers contribute 21.7 million * 0.54%/million = 11.7% of total load.
Why go to this "nationmaster.com" site when you can go straight to the source? You get a more up-to-date version of the page, plus the talk page, for free.
I'd rather see Spitzer make an example out of these people and nail their collective ass to the wall. A settlement just doesn't cut it.
The snippet Morinaga quoted is interesting, but there's even more to the story than that. I really recommend that everyone follow the link and read the entire post.
They're probably referring to EQ2, which has graphics that are technologically more impressive than in WoW. (Whether they make for more compelling gameplay is another matter altogether that I won't get into, never having actually played EQ2.)
TES: Oblivion will knock the socks off of both of them when it comes out within the next year (hopefully by the end of 2005), but it's a single-player RPG, not a MMOG.
Care to offer any proof of that? I mean actual proof, going beyond anecdotal reports of a few people posting on the WoW forums that "my friend got banned so I'm posting this for them", which are often easily debunked as "my friend broke the rules and got banned, and instead of owning up to his wrongdoing, I'm making this post on his behalf to make Blizzard look like the bad guys".
Or are you referring to the old BBB report on Vivendi Universal, which discusses large numbers of account bans (130k of them), which has also been consistently debunked on the WoW forums as actually being account bans from battle.net for massive cases of item duping in Diablo II?
Tsunami can strike hundreds, sometimes thousands, of miles away from where the related earthquake happens. The potential for a tsunami truly has global scope (at least as much global scope as the Xbox 360, which much of Africa has little interest in, for example).
A tsunami warning system is both a technological and sociological device, as discussed by the last linked article. While it was certainly a bit thin on details, it is probably of interest to at least some nerds, even if you personally don't give a rat's ass.
A series of giant interstellar brains deliver facts on placards to the Infosphere.
Infosphere:
Beavers mate for life.
11 > 4.
For quality carpets, visit Kaplan's Carpet Warehouse!!
Never let it be said that the Utah legistlature had real brain power. After all, the state produced Orrin Hatch!
Ahh, yet another rational post derailed by an ad hominem attack.
But the real reason I'm bothering to respond is because in reality, the ACLU rarely takes up the civil liberty causes of people with rightward leanings. Those few cases where they have helped conservatives were motivated by a desire to put up a front of impartiality, by supporting just enough cases to get people to argue that they are impartial.
Jeff Bezos's commercial spaceflight company, Blue Origin, has kept its plans secret to better compete with rivals such as Richard Branson's Virgin Galactic.
Commercial manned space travel still seems like quite a lofty goal - lofty enough, and expensive enough, that trying to ensure competition in the marketplace at this very early stage seems counterproductive. One would think that everyone could benefit from open cooperation between Blue Origin and Virgin Galactic, at least until they both get a revenue stream going (read: customers actually in space).
Unless, that is, Bezos and/or Branson think the first-mover advantage will really translate into significant profits. I suspect, however, that those profits are in the pretty distant future, and the best way to bring the profits closer would be to cooperate.
Believe it or not, I don't listen to Rush Limbaugh, because I got tired of hearing the same unsubstantiated rumors and ad hominem attacks over and over again. He's every bit as bad as Al Franken (though when it comes to misinformation, I think Michael Moore has him beat).
Bender pumps the keg furiously, trying to get some beer, when he realizes....
Bender: Oh, wait. You're a robot.
Kegbot: Don't stop.
Bender: Ewwww....
It is pretty ironic how the supposedly tolerant liberals turn out to be just as exclusionary, prejudiced, and judgmental as the conservatives they ridicule (as opposed to entering an intelligent discourse with) on a daily basis.
What makes South Park better at political commentary than The Simpsons is that, ultimately, South Park approaches a view based on common sense, that doesn't kowtow to the left or the right, but sits somewhere in between where most non-ideologues are.
I mean.... Voting between a Giant Douche and a Turd Sandwich? Classic!
On the other hand, The Simpsons and Futurama (I think Futurama, especially) are still not bad at political commentary because they take a situation or issue (like global warming, for instance) and, while bringing it to light in an episode, also turn the issue on its head (like when burning robot exhaust gases are used to shift the Earth into a wider orbit, thus cooling the planet). There's still a political bias there, but it isn't used to beat you over the head with like most dramas do these days, and so even if you disagree with the political views, you're still entertained and not offended.
We're talking about cryptographic hashes here, not encryption. Encryption is meant to be a reversible process, and is therefore one-to-one. In other words, there's no concern over collisions with encryption.
With cryptographic hashes, you're throwing away nearly all of the data to obtain a hash (a number) which represents the larger data set in such a way that (hopefully) the hash will never turn up again in practical usage. The article here indicates that there are ways being devised to force two data sets to have a hash collision while keeping the practical parts of the data sets the same.
As for accusing encryption of being "security through obscurity", you're misusing that term. If knowing the encryption algorithm allowed you instant access to all data encrypted with that algorithm, then yes, the only security present would be dependent upon the secrecy of the algorithm itself. But that's not the case here. Encryption typically works by public key exchange, meaning that a key (a number) used to encrypt messages is shared with the encrypting partner, while the key to decrypt and recover the data is kept private (is never transmitted). Recovering the private key through brute force is not a compromise of the algorithm itself - given enough time, any private key can be recovered, regardless of the algorithm, but by increasing the key size arbitrarily, the time taken to find that key can also be increased arbitrarily.
Sure, just make sure to rip on the Bush administration, like this guy did.
Fry: Is this gonna be another crazy experiment that crosses a line man was not meant to cross?
Prof. Farnsworth grins, raises his hand, and holds his thumb and forefinger a half inch apart.
The market is overcrowded, yet the RIAA is trying to get retail prices increased? Hello, antitrust legislation!
The Grand Nagus will be displeased.
As long as they're upping the deadlines for TVs to support digital broadcasts, they should also be putting regulatory pressure on broadcasters and content makers to provide digital HD content, even if there's no mandated DRM yet to "protect" said content from evil people like us who want to commit the heinous crimes of skipping commercials and time/space/format-shifting the shows we watch.