Re:Yes it sounds like a plain old slashdotting.
on
SCO DOS'ed
·
· Score: 1
You're showing your cluelessness. You can support a heck of a lot of dial-up customers and web sites on a single T1. When I compiled the survey answers for the ISP Forum a few years ago, I saw that the vast majority of ISP's had a single T1. A T3 from MCI is $45,000 per month (with a discount) and we're paying almost $25,000 per month from Sprint with a long-term contract. $100,000+ per month (for the four T3's) is a very large independent ISP. It's by no means "rinky-dink."
Actually, I'm showing my provinciality.
I work for a company that makes boxes for ISPs. And to hear our executive suite talk - especially the marketing department - there's nobody out there but the big fish. Baby Bells and Covad in the US, one to three major carriers in each other country. "The CLECs are dead." And the small ISPs with them. The guy with one POP, a couple Cisco routers, a modem bank, and maybe a DSLAM or a contract with a baby bell for circuits, isn't even on their radar screen - even if he DOES feed several non-trivial businesses.
And the boxes we make are sized for those big fish. In the product line I'm designing for, while T1 and E1 line cards are limited in line count by the number of lines you can get to the card edges without violating surge-suppression rules, T3 line cards start at a dozen lines each - again all we can wire (though you can get 'em cheaper feature-protected to less). SONET card capacities go 'way up from there. For non-US standards, STM cards are of the same capacity as SONET, E3 and E1 similar to T3 and T1 (though not identical).
Yes the vast majority of the ISPs are small carriers - "Mom and POPs". But the same is true of many industries - from retail grocery to automobile manufacturing. A great school of little fish and a very small number of whales.
So what fraction of the subscriber base is served by single-T3-and-smaller ISPs, compared to the likes of SBC, Verizon, Covad, MCI, Nippon Telecom, Deutsch Telecom, etc.? More to the point from my management's viewpoint: What fraction of the expenditure for our kind of boxen comes from the whales and what fraction COULD come from the minnows? How much support will we need to provide to each little guy who buys one or two boxes, compared to the big ones that buy dozens or hundreds at a crack? Could we afford to price a product within his reach? Are the little guys still expanding and buying equipment, or are they being squeezed to extinction by the big ones?
I'd LOVE to build boxes for the little guys. That's what I started out to do, as a little guy, before I ended up here. And it's still where my heart lies. But if there's a market there for our company I need to have solid evidence for it, so I can beat our executives about the head and shoulders with it. Without such a clue-by-four they'll keep chasing the slow dimes and ignore the fast nickles.
ISP forum survey, eh? Can you point me to it? Does it answer any of my questions? Is there a version more recent than "a few years ago"? Are there other surveys and market analyses available? (You can tell I'm not a marketing guy or I'd already know.) Do they show a market for us, say, if we were to let a downsized box out of the lab and price it within their reach?
Software industry is dead? That's interesting - since the hardware manufacturers now think that the software industry is the only place there's money to be made in networking and IT.
Sounds to me more like Larry is trying to make it harder on his competition by cutting off the supply of new talent by misdirecting college kids to other fields.
Yes, games are out, the round trip time being more half an hour to Mars. On a slightly more practical note, instant messaging won't be fun either.
Nor will any protocol based on TCP, or any other handshaking or window/retransmissin error-correction scheme (unless you're willing to wait a LONG time for your data).
We'll need something with serious forward error correction. And a lot of the fundamental components of the net will need a rethink before they're usable by humans at even lunar distances.
For starters, web browsing will need a local cache - of essentially the whole internet. Think spiders and massive archives, and serious redesign on sites with dynamic content.
But the pipes are necessarily too small for optimistically broadcasting everything - even if it doesn't change milisecond-by-milisecond. Serious filtering.
And most of the data for sites is the images in the ads. That just HAS to get filtered down - as will other images. Boon or bane?
Re:Yes it sounds like a plain old slashdotting.
on
SCO DOS'ed
·
· Score: 1
STS-1 (the data format of an OC-1) holds 1 T3, or slightly more if it's running native. It was originally sized to efficiently hold a T3 (or inefficiently hold an E3) as one of its native payloads.
So STS-N = OC-N = N T3s.
Yes it sounds like a plain old slashdotting.
on
SCO DOS'ed
·
· Score: 5, Interesting
Are they sure it wasn't just an old-fashioned slashdotting?
Sounds like it:
CO's Internet service provider, ViaWest, told SCO that about 100 high-speed T1 data-transmission lines of network capacity--about 90 percent of its total bandwidth--was being consumed in the attack.
Well, let's see:
A single T3 is 28 T1s. So four T3s is 112 T1s. 90% of that is 100.8 T1s - "about a hundred T1s".
So it sounds like Via West, their ISP, only HAS four T3s worth of connectivity to the rest of the net. That's pretty rinky-dink as ISPs go - but the Santa Cruz area is pretty small, over the coastal range from the main drag for communication lines, and doesn't have a lot of industry. I could easily see the local ISPs getting by on foure T3s rather than stringing a couple fibers that far (or renting them from somebody who did). That's big bucks for a small user community.
Given that SCO's website was mentioned in a slashdot article, I could easily see the readers following the link and slashdotting it until their ISP was at 90% with the web requests.
But the Business Week article also says that the attack was from 138 zombies, not from the general net. 138 machines could easily produce a DDoS attack of that magnitude. But a slashdotting would be a lot less traffic each from a lot more sites across the whole net.
Some time ago a mailing list on a controversial subject was running on my home machine. One of the rules was that no criminal activity could be discussed or facilitated via postings to the list.
As a matter of policy, while that list was running all traffic both on the list and to and from the machine was UNencrypted.
The reasoning:
- Someone unhappy with the subject matter of the list, with being kicked off it for misbehavior, or just mad at the list operators for unrelated reasons, might file a tip with a police agency claiming illegal activity.
- Due to the list's subject matter, the tip might be considered credible.
- If the traffic to the site was UNencrypted, they could obtain a wiretap warrant and examine it offsite (and would prefer to do it this way).
- If any of the traffic to the site was encrypted, they would have to sieze and examine the machine to satisfy their investigation, causing considerable disruption. (And they might also take encrypted traffic as a confirmation of the tip.)
The list administrator says it well: Leave it unencrypted and they get to bore themselves to tears.
The list was retired (and a successor started at another site) before I needed to do encrypted traffic between home and work.
That was quite some time back, and encrypted traffic was uncommon then except for security agencies, a very few businesses, a few experimenters, and a few crooks. At this point encryption is far more common - what with VPN, SSH, and IPSec. And with ready-for-primetime FreeSWAN it will become still more comomn.
But the core of the original risk is still there: If you're using world-class encryption, and the government gets a bee in its bonnet about you doing something undesirable, they'll need to physically search your machine for evidence or keys, or plant an onsite bug such as a keyboard monitor, to find out what you're up to. (Or they'll find it less expensive to do it that way than try to crack your encryption from outside.)
Fortunately, a sudden widespread deployment of encryption can get us "over the hump" - going past the point where it is rare enough that security agencies can target people who use it, to the point where wiretapping is pointless and searches on only suspicion-plus-encryption are too expensive.
That would create an economic incentive to avoid fishing expeditions and mostly search only on credible evidence of wrongdoing (plus an occasional governmental rape of a political enemy or other terrorist action against an outgroup or annoyance-to-cops).
Anyway, this will never work - there's too many clueless [ISP] administrators out there who will think it's just someone attacking their core routers or overloading their DNS server, or something else equally inane, and they won't bother to check what the port really is.
I assume you're talking about ISP administrators, since you mention core routers, and because FreeSWAN won't attempt ANYTHING unusual with an end site unless that site published an invitation in its DNS records.
Perhaps the scenairo you mentioned was common when IPSec was first being rolled out. But at this point it's much more common, so that shouldn't be an issue.
And if it still IS an issue, it will stop being an issue once FreeSWAN is rolled out, so that IPSec traffic is much more common.
But if your ISP has enough manpower to hassle everyone who turns on IPSec after the next couple weeks, you're being overcharged and need to switch carriers. B-)
Even if some mad Microsoft employee sneaked out with the source for Word or Outlook and ported it to Linux, a lot of us would still keep far away from it because of the profound flaws in the applications.
Hell. Even if Microsoft released it under an open-source license a lot of us would keep away from it for the same reason - only looking at it to create compatable interfaces for porting data out of Microsoft applications (and maybe back in, for lusers still stuck with it).
What does credibility have to do with it? I have stated facts that are easily verified. Besides, only a confounded moron would trust a single stranger on the internet, regardless of his freaking sig.
It was a joke. That's why it had a smiley. Laugh!
To get back on topic, in case you didn't get it, there is a higher probability of you being killed by a frozen pig that fell out of a cargo plane that was hit by a meteor than being harmed in any ever so subtle way by -rays emmitted from a TV, even if you were living and sleeping between 10 foot high stacks of running TVs.
Hey - I'M not worried. (If I was, I'd spring a few hundred bux and switch to an LCD, rather than stuffing my face into an enormous hi-res color graphic screen for 14 hours/day.)
The whole POINT was the original tidbit is that, sitting in front of a MONOCHROME screen, the radiation hazard is LESS than sitting at the same desk with no screen, despite the tree-hugging luddites' panic over the small amount of X-rays produced by the screen.
Fucking bullshit. [comparison of modern color monitor X-ray emission to other sources deleted]
Yes, modern color monitors are a lot less "hot" than early-model color TVs. It's pretty hard to get a "deep sunburn" off 'em now. (But even the new ones are still hot enough to raise, rather than lower, your radiation exposure - even if they're now trivial compared to other sources.)
But I think people would trust your posted stats a bit more if your sig line wasn't:
Did you know you can fertilize your lawn with used motor oil?
Well, that and you need to be licking the monitor 24/7. The law of squares pretty much guarantees your exposure to the TV or (most) monitors is going to be less than what you get from going outside.
The inverse-square law only applies to a point source. An infinite line source has an inverse-first-power law, and an infinite plane source doesn't fall off with distance at all.
You're close enough to a monitor at a workstation that it's closer to an infinite plane source than a point source - so it falls off pretty slowly until you get several feet back.
Fortunately, modern color monitors have a lot less radiation than early model color TV sets - thanks to voltage-limited accelleration-anode supplies, leaded glass faceplates, and government regulation.
Who really cares? everyday i keep seeing the same bullshit. Guy controls train with PDA. whoohoo. instead of posting constructive topics, we get this weird shit.
You are apparently ignorant of history. Much of compter science came from a model railroad club.
If you stare at a CRT for that long, the radiation will most likely cause an inoperable brain tumor...
Only if it's a color CRT (which, even with modern designs, generates a non-trivial amount of soft X-rays due to the electrons slamming into the shadow-mask).
Black-and-white monitors make much less X-rays, due to the lower accelleration voltage, lower beam current (i.e. fewer electrons) and lighter target. Meanwhile, the charge on the screen tends to suck the dust out of the air in front of the user's face. There is still some X-ray from the screen. But some studies have estimated that the reduction in risk of lung cancer from radioactive and/or chemically-reactive particles of inhaled dust more than compensates for any increase in risk from the small amount of X-rays from a B&W CRT.
Of course who uses a monochrome monitor these days?
... Craig Fiebig,... is quoted as saying "In dollar terms, patching is the most expensive security measures...
Is Mr Fiebig telling us that things don't go so smoothly if you use MS products? Or that MS can't keep up with a bunch of amatures?
Looks to me what he's doing is spin control. Claiming that Microsoft software is better than open source because it's cheaper to use antivirus configuration updates than patches - when the only way to defend open source against a viral exploit is with a patch.
Of course that completely neglects the enormous difference in vulnerability levels - so you don't have to patch your open-source stuff as often as you do Microsoftware.
His company's software is SO VULNERABLE that it has spawned a BILLION DOLLAR INDUSTRY to protect it from exploits so common that multiple new ones are released daily. And he's trying to spin this into a cost-saving feature.
I'd just say go the simple and tried and true route w/ cat 5. I mean...come on, can you go wrong with cat5?
I agree totally with those suggesting using 100 Mbps Ethernet over Cat5. That's definitely the way to go. (Use DSL only if your condo is a subdivision rather than a building.)
One caveat: If the Cat5 is run in anything other than conduit - especially if it's run in an air duct - spring the extra bucks for "plenum" rated wire. In a fire the ordinary stuff may emit toxic gas. Plenum-rated wire is designed to retrofit old buildings by stringing it through the air ducts, and uses a more expensive plastic that does NOT emit toxic gas (or nowhere near as much) and also doesn't spread fire.
One other item: Check what your building's phone system is already wired with. There may already BE a 4-pair cat5 or cat5e to each unit. And if the phone company's demark point is the phone closet rather than the unit's phone junction box you folk OWN the wire. So if a unit has any two pair free you can use 'em and not have to string new stuff.
Note that 10/100 ethernet only uses two of the four pair in the bundle. Traditionally it's pair 2 (white/orange) and 3 (white/green), leaving 1 (white/blue) and 4 (white/brown) free for other things - such as a second ethernet drop, one or two phone lines, or power distribution to distant hubs and/or low-power equipment.
But the pair are all the same (except for the color code). So you can use any two pair for the ethernet feed, and sort it out at a junction at the far end. You can generally splice 'em if you're careful to keep the lengths of the two conductors in the pair equal and twist 'em back together afterward. (Don't sweat getting the twist rate to match exactly. Just avoid having a big untwisted gap with the wires hanging apart.)
Run one drop to the unit and have the unit's owner add a hub (or his own firewall machine) if he wants to run more than one box.
Signals and semaphores can only send a few bits of meaningful info.
Qualify that to "unix/linux semaphores" and you may be right. But not in general.
There is a variant of semaphores called "communicating semaphores" that explicitly manages queues - of messages waiting for processes, or processes waiting for messages. They can be impelmented to handle messages of arbitrary size, and yet still perform all the other primitive operations needed in an OS kernel.
With a single mechanism handling interprocess communication, interrupt handler/driver communication, producer/consumer data streaming, mutual exclusion, signaling, memory and other resource allocation and arbitration, you can build a real-time OS kernel with actor-based applications in a HYSTERICALLY tiny amount of code.
You know the scary part about this, is that he probably got 20 extra people to show up and made a sale off of the first spam.
I note that the big gripe was that it was commercial speech on the ARPAnet, at a time when it was restricted to research projects. (This despite the fact that such a product announcement, intrusive as bulk eamil was, might actually have been consered "news" rather than a mere advertisement.)
Of course that changed with the legislation that got Al Gore his rep for "claiming to invent the Internet". What the bill he pushed did was open the Internet to commercial use. On one hand, it's a boon. On the other hand, advertising is a "commercial use", which makes it a bit tougher for companies charging for Internet access to argue that the behavior is improper. Thus "Al Gore legalized Spam".
... I DO recall that the first email spam I got was an advertisement for an email spamming software package.
I remember thinking "Oh, oh! There goes email!"
And sure enough I had several ads within a couple weeks, and the volume has been ramping up ever since.
I saved it all for a while. But my disk filled up and the saved spam was the big disk-eater, so I dumped it. (Probably should have saved the first few for posterity...)
The question is not how many bandwidth do you have, it is how do you use it?
QoS is the key. You can make voice work in a very congested link if you turn the right knobs.
Even without QoS-capable routers in your enterprise you can still get good VoIP service even when the LAN backbone is saturated.
Just use a separate branch of the net for the VoIP traffic, with a router or switch (rather than a hub) between that and the rest of the LAN.
Yes that means two Cat5s drops to each cube. But you probably have that anyhow - one for the net, one for the POTS phone. Just recycle the POTS drop for the new VoIP phones.
You can use wep which is almost completely useless for an added bonus.
WEP is NOT useless. It is a "NO TRESSPASSING" sign. It informs a casual passerby that you INTEND the AP to be private (perhaps saving his time trying to figure out why this particular "open" AP isn't working for him).
And if your firewall or configuration screws up, or somebody cracks it, it gives you ammunition in court to show that the guy who broke in knew he wasn't supposed to be there.
So, the way I read it is: the owner is responsible for securing the network, but its legal IF and ONLY IF you were legally granted access, would have been granted access if asked, or had no way of knowing whether or not you were allowed to use the network.
Pretty much so.
This doesn't protect wardriving at all: if you're knowingly going around looking for unsecured wireless access points, you've already failed 1 & 2. The only issue up for debate is 3: would you have known that you were not authorized? I'm sure once this hits court, the party with the better lawyer is going to win.
Nope. You pass 1. That's because some people put up open links deliberately, and flag them by such means as leaving WEP off and perhaps leaving the network name at the default.
Because the owner of a wireless computer network is responsible for securing it, and leaving the settings at the default both fails to secure it in the slightest and can be mistaken for a deliberately-open network, a reasonable and prudent person would believe that finding such a network means that the owner failed to secure it because he INTENDED it to be used.
Waitaminute. What you're saying -- in essence -- is that you think it should be *legal* for people to enter your house without your permission if you're too stupid/lazy to keep your door unlocked. I'm sorry, I have to disagree with you. Unlawful entry is unlawful entry, and unlawful hacking is unlawful hacking.
(At the risk of putting words in his mouth...)
Nope.
What we're saying is "If you leave the door open and put up a sign that says 'open', don't gripe if someone walks in. Even if the door had an 'open' sign painted on it and a crowd-bar but no lock when it came from the hardware store. It's up to YOU to close the door and/or put up the no-tresspassing sign if you want a private space."
For half a century the convention on computing systems that have a permission system is that, unless otherwise flagged somehow, the permission settings are ALSO the expression of the user's intent. If it's read-all it's OK to read it, if it's read-write all it's OK to change it. If it's read only it's OK to look but not touch, etc.
If the system had a "guest" account with an open password, or a "newuser" automatic-account-generation login, or no-password do-some-function accounts or commands, it was assumed that the owners WANTED people to make SOME use of the system. If all accounts have passwords it was assumed you were supposed to ask for access.
WiFi has a perfectly good mechanism for flagging whether the user intends to let it be used: WEP. As a security measure it is TOTALLY cracked. But as an expression of intent it's perfectly usable.
If WEP is off the implied intent is that the system owner is not worried about you making non-destructive use of the access point. (Doubly so if it also is running DHCP and ACTIVELY HELPS you hook up.) If WEP is on, the implied intent is that you ask permission. Simple, no? And there are LOTS of people who WANT you to use their access points for free.
Now it's unfortunate that many of the devices are shipped in the open-sign-glowing rather than the posted-no-tresspassing state. But IMHO the government would be acting properly (and consistently with property law) to put the trivial burden of putting up the no-tresspassing sign on the access-point owner, rather than putting the burden of discovering the ower's unanounced intent on the users.
You're showing your cluelessness. You can support a heck of a lot of dial-up customers and web sites on a single T1. When I compiled the survey answers for the ISP Forum a few years ago, I saw that the vast majority of ISP's had a single T1. A T3 from MCI is $45,000 per month (with a discount) and we're paying almost $25,000 per month from Sprint with a long-term contract. $100,000+ per month (for the four T3's) is a very large independent ISP. It's by no means "rinky-dink."
Actually, I'm showing my provinciality.
I work for a company that makes boxes for ISPs. And to hear our executive suite talk - especially the marketing department - there's nobody out there but the big fish. Baby Bells and Covad in the US, one to three major carriers in each other country. "The CLECs are dead." And the small ISPs with them. The guy with one POP, a couple Cisco routers, a modem bank, and maybe a DSLAM or a contract with a baby bell for circuits, isn't even on their radar screen - even if he DOES feed several non-trivial businesses.
And the boxes we make are sized for those big fish. In the product line I'm designing for, while T1 and E1 line cards are limited in line count by the number of lines you can get to the card edges without violating surge-suppression rules, T3 line cards start at a dozen lines each - again all we can wire (though you can get 'em cheaper feature-protected to less). SONET card capacities go 'way up from there. For non-US standards, STM cards are of the same capacity as SONET, E3 and E1 similar to T3 and T1 (though not identical).
Yes the vast majority of the ISPs are small carriers - "Mom and POPs". But the same is true of many industries - from retail grocery to automobile manufacturing. A great school of little fish and a very small number of whales.
So what fraction of the subscriber base is served by single-T3-and-smaller ISPs, compared to the likes of SBC, Verizon, Covad, MCI, Nippon Telecom, Deutsch Telecom, etc.? More to the point from my management's viewpoint: What fraction of the expenditure for our kind of boxen comes from the whales and what fraction COULD come from the minnows? How much support will we need to provide to each little guy who buys one or two boxes, compared to the big ones that buy dozens or hundreds at a crack? Could we afford to price a product within his reach? Are the little guys still expanding and buying equipment, or are they being squeezed to extinction by the big ones?
I'd LOVE to build boxes for the little guys. That's what I started out to do, as a little guy, before I ended up here. And it's still where my heart lies. But if there's a market there for our company I need to have solid evidence for it, so I can beat our executives about the head and shoulders with it. Without such a clue-by-four they'll keep chasing the slow dimes and ignore the fast nickles.
ISP forum survey, eh? Can you point me to it? Does it answer any of my questions? Is there a version more recent than "a few years ago"? Are there other surveys and market analyses available? (You can tell I'm not a marketing guy or I'd already know.) Do they show a market for us, say, if we were to let a downsized box out of the lab and price it within their reach?
Thanks.
Software industry is dead? That's interesting - since the hardware manufacturers now think that the software industry is the only place there's money to be made in networking and IT.
Sounds to me more like Larry is trying to make it harder on his competition by cutting off the supply of new talent by misdirecting college kids to other fields.
So, whats the internet address for Uranus? http://ipn.myhomepage.ass ? or, .anus?
Reminds me of when Uranus' faint rings were first discovered. Headline:
IS THERE A RING OF DEBRIS AROUND URANUS?
Probably missed because the "correct" pronunciation is "YOUR-ah-nus".
Right up there with "MILK DRINKERS TURN TO POWDER".
Yes, games are out, the round trip time being more half an hour to Mars. On a slightly more practical note, instant messaging won't be fun either.
Nor will any protocol based on TCP, or any other handshaking or window/retransmissin error-correction scheme (unless you're willing to wait a LONG time for your data).
We'll need something with serious forward error correction. And a lot of the fundamental components of the net will need a rethink before they're usable by humans at even lunar distances.
For starters, web browsing will need a local cache - of essentially the whole internet. Think spiders and massive archives, and serious redesign on sites with dynamic content.
But the pipes are necessarily too small for optimistically broadcasting everything - even if it doesn't change milisecond-by-milisecond. Serious filtering.
And most of the data for sites is the images in the ads. That just HAS to get filtered down - as will other images. Boon or bane?
4 T3s ~ 1 OC-12 trunk. That's a pretty fat trunk !
No.
4 T1s = 1/4 of 1 OC-12 trunk.
STS-1 (the data format of an OC-1) holds 1 T3, or slightly more if it's running native. It was originally sized to efficiently hold a T3 (or inefficiently hold an E3) as one of its native payloads.
So STS-N = OC-N = N T3s.
Sounds like it:
Well, let's see:
A single T3 is 28 T1s. So four T3s is 112 T1s. 90% of that is 100.8 T1s - "about a hundred T1s".
So it sounds like Via West, their ISP, only HAS four T3s worth of connectivity to the rest of the net. That's pretty rinky-dink as ISPs go - but the Santa Cruz area is pretty small, over the coastal range from the main drag for communication lines, and doesn't have a lot of industry. I could easily see the local ISPs getting by on foure T3s rather than stringing a couple fibers that far (or renting them from somebody who did). That's big bucks for a small user community.
Given that SCO's website was mentioned in a slashdot article, I could easily see the readers following the link and slashdotting it until their ISP was at 90% with the web requests.
But the Business Week article also says that the attack was from 138 zombies, not from the general net. 138 machines could easily produce a DDoS attack of that magnitude. But a slashdotting would be a lot less traffic each from a lot more sites across the whole net.
So, no, it looks like a real DDoS.
What would they do with the $1 Billion if they won?
Pocket most of it and sue somebody else. Retire rich. Start new companies in unrelated fields.
Some time ago a mailing list on a controversial subject was running on my home machine. One of the rules was that no criminal activity could be discussed or facilitated via postings to the list.
As a matter of policy, while that list was running all traffic both on the list and to and from the machine was UNencrypted.
The reasoning:
- Someone unhappy with the subject matter of the list, with being kicked off it for misbehavior, or just mad at the list operators for unrelated reasons, might file a tip with a police agency claiming illegal activity.
- Due to the list's subject matter, the tip might be considered credible.
- If the traffic to the site was UNencrypted, they could obtain a wiretap warrant and examine it offsite (and would prefer to do it this way).
- If any of the traffic to the site was encrypted, they would have to sieze and examine the machine to satisfy their investigation, causing considerable disruption. (And they might also take encrypted traffic as a confirmation of the tip.)
The list administrator says it well: Leave it unencrypted and they get to bore themselves to tears.
The list was retired (and a successor started at another site) before I needed to do encrypted traffic between home and work.
That was quite some time back, and encrypted traffic was uncommon then except for security agencies, a very few businesses, a few experimenters, and a few crooks. At this point encryption is far more common - what with VPN, SSH, and IPSec. And with ready-for-primetime FreeSWAN it will become still more comomn.
But the core of the original risk is still there: If you're using world-class encryption, and the government gets a bee in its bonnet about you doing something undesirable, they'll need to physically search your machine for evidence or keys, or plant an onsite bug such as a keyboard monitor, to find out what you're up to. (Or they'll find it less expensive to do it that way than try to crack your encryption from outside.)
Fortunately, a sudden widespread deployment of encryption can get us "over the hump" - going past the point where it is rare enough that security agencies can target people who use it, to the point where wiretapping is pointless and searches on only suspicion-plus-encryption are too expensive.
That would create an economic incentive to avoid fishing expeditions and mostly search only on credible evidence of wrongdoing (plus an occasional governmental rape of a political enemy or other terrorist action against an outgroup or annoyance-to-cops).
Anyway, this will never work - there's too many clueless [ISP] administrators out there who will think it's just someone attacking their core routers or overloading their DNS server, or something else equally inane, and they won't bother to check what the port really is.
I assume you're talking about ISP administrators, since you mention core routers, and because FreeSWAN won't attempt ANYTHING unusual with an end site unless that site published an invitation in its DNS records.
Perhaps the scenairo you mentioned was common when IPSec was first being rolled out. But at this point it's much more common, so that shouldn't be an issue.
And if it still IS an issue, it will stop being an issue once FreeSWAN is rolled out, so that IPSec traffic is much more common.
But if your ISP has enough manpower to hassle everyone who turns on IPSec after the next couple weeks, you're being overcharged and need to switch carriers. B-)
Even if some mad Microsoft employee sneaked out with the source for Word or Outlook and ported it to Linux, a lot of us would still keep far away from it because of the profound flaws in the applications.
Hell. Even if Microsoft released it under an open-source license a lot of us would keep away from it for the same reason - only looking at it to create compatable interfaces for porting data out of Microsoft applications (and maybe back in, for lusers still stuck with it).
What does credibility have to do with it? I have stated facts that are easily verified. Besides, only a confounded moron would trust a single stranger on the internet, regardless of his freaking sig.
It was a joke. That's why it had a smiley. Laugh!
To get back on topic, in case you didn't get it, there is a higher probability of you being killed by a frozen pig that fell out of a cargo plane that was hit by a meteor than being harmed in any ever so subtle way by -rays emmitted from a TV, even if you were living and sleeping between 10 foot high stacks of running TVs.
Hey - I'M not worried. (If I was, I'd spring a few hundred bux and switch to an LCD, rather than stuffing my face into an enormous hi-res color graphic screen for 14 hours/day.)
The whole POINT was the original tidbit is that, sitting in front of a MONOCHROME screen, the radiation hazard is LESS than sitting at the same desk with no screen, despite the tree-hugging luddites' panic over the small amount of X-rays produced by the screen.
Fucking bullshit. [comparison of modern color monitor X-ray emission to other sources deleted]
Yes, modern color monitors are a lot less "hot" than early-model color TVs. It's pretty hard to get a "deep sunburn" off 'em now. (But even the new ones are still hot enough to raise, rather than lower, your radiation exposure - even if they're now trivial compared to other sources.)
But I think people would trust your posted stats a bit more if your sig line wasn't:
Did you know you can fertilize your lawn with used motor oil?
B-)
Well, that and you need to be licking the monitor 24/7. The law of squares pretty much guarantees your exposure to the TV or (most) monitors is going to be less than what you get from going outside.
The inverse-square law only applies to a point source. An infinite line source has an inverse-first-power law, and an infinite plane source doesn't fall off with distance at all.
You're close enough to a monitor at a workstation that it's closer to an infinite plane source than a point source - so it falls off pretty slowly until you get several feet back.
Fortunately, modern color monitors have a lot less radiation than early model color TV sets - thanks to voltage-limited accelleration-anode supplies, leaded glass faceplates, and government regulation.
Who really cares? everyday i keep seeing the same bullshit. Guy controls train with PDA. whoohoo. instead of posting constructive topics, we get this weird shit.
You are apparently ignorant of history. Much of compter science came from a model railroad club.
The MIT model railroad club, to be exact. See Hackers: Heroes of the Computer Revolution for more details.
These are the folks who brought you emacs, time-sharing, and open source.
So don't be surprised at the occasional computer-controlled-model-railroad story on slashdot. That's what they were trying to do in the FIRST place.
It's nice to see that its finally working. B-)
What goes around comes around.
--- and around
--- and around
If you stare at a CRT for that long, the radiation will most likely cause an inoperable brain tumor...
Only if it's a color CRT (which, even with modern designs, generates a non-trivial amount of soft X-rays due to the electrons slamming into the shadow-mask).
Black-and-white monitors make much less X-rays, due to the lower accelleration voltage, lower beam current (i.e. fewer electrons) and lighter target. Meanwhile, the charge on the screen tends to suck the dust out of the air in front of the user's face. There is still some X-ray from the screen. But some studies have estimated that the reduction in risk of lung cancer from radioactive and/or chemically-reactive particles of inhaled dust more than compensates for any increase in risk from the small amount of X-rays from a B&W CRT.
Of course who uses a monochrome monitor these days?
Is Mr Fiebig telling us that things don't go so smoothly if you use MS products? Or that MS can't keep up with a bunch of amatures?
Looks to me what he's doing is spin control. Claiming that Microsoft software is better than open source because it's cheaper to use antivirus configuration updates than patches - when the only way to defend open source against a viral exploit is with a patch.
Of course that completely neglects the enormous difference in vulnerability levels - so you don't have to patch your open-source stuff as often as you do Microsoftware.
His company's software is SO VULNERABLE that it has spawned a BILLION DOLLAR INDUSTRY to protect it from exploits so common that multiple new ones are released daily. And he's trying to spin this into a cost-saving feature.
What gall!
I'd just say go the simple and tried and true route w/ cat 5. I mean...come on, can you go wrong with cat5?
I agree totally with those suggesting using 100 Mbps Ethernet over Cat5. That's definitely the way to go. (Use DSL only if your condo is a subdivision rather than a building.)
One caveat: If the Cat5 is run in anything other than conduit - especially if it's run in an air duct - spring the extra bucks for "plenum" rated wire. In a fire the ordinary stuff may emit toxic gas. Plenum-rated wire is designed to retrofit old buildings by stringing it through the air ducts, and uses a more expensive plastic that does NOT emit toxic gas (or nowhere near as much) and also doesn't spread fire.
One other item: Check what your building's phone system is already wired with. There may already BE a 4-pair cat5 or cat5e to each unit. And if the phone company's demark point is the phone closet rather than the unit's phone junction box you folk OWN the wire. So if a unit has any two pair free you can use 'em and not have to string new stuff.
Note that 10/100 ethernet only uses two of the four pair in the bundle. Traditionally it's pair 2 (white/orange) and 3 (white/green), leaving 1 (white/blue) and 4 (white/brown) free for other things - such as a second ethernet drop, one or two phone lines, or power distribution to distant hubs and/or low-power equipment.
But the pair are all the same (except for the color code). So you can use any two pair for the ethernet feed, and sort it out at a junction at the far end. You can generally splice 'em if you're careful to keep the lengths of the two conductors in the pair equal and twist 'em back together afterward. (Don't sweat getting the twist rate to match exactly. Just avoid having a big untwisted gap with the wires hanging apart.)
Run one drop to the unit and have the unit's owner add a hub (or his own firewall machine) if he wants to run more than one box.
Signals and semaphores can only send a few bits of meaningful info.
Qualify that to "unix/linux semaphores" and you may be right. But not in general.
There is a variant of semaphores called "communicating semaphores" that explicitly manages queues - of messages waiting for processes, or processes waiting for messages. They can be impelmented to handle messages of arbitrary size, and yet still perform all the other primitive operations needed in an OS kernel.
With a single mechanism handling interprocess communication, interrupt handler/driver communication, producer/consumer data streaming, mutual exclusion, signaling, memory and other resource allocation and arbitration, you can build a real-time OS kernel with actor-based applications in a HYSTERICALLY tiny amount of code.
You know the scary part about this, is that he probably got 20 extra people to show up and made a sale off of the first spam.
I note that the big gripe was that it was commercial speech on the ARPAnet, at a time when it was restricted to research projects. (This despite the fact that such a product announcement, intrusive as bulk eamil was, might actually have been consered "news" rather than a mere advertisement.)
Of course that changed with the legislation that got Al Gore his rep for "claiming to invent the Internet". What the bill he pushed did was open the Internet to commercial use. On one hand, it's a boon. On the other hand, advertising is a "commercial use", which makes it a bit tougher for companies charging for Internet access to argue that the behavior is improper. Thus "Al Gore legalized Spam".
... I DO recall that the first email spam I got was an advertisement for an email spamming software package.
I remember thinking "Oh, oh! There goes email!"
And sure enough I had several ads within a couple weeks, and the volume has been ramping up ever since.
I saved it all for a while. But my disk filled up and the saved spam was the big disk-eater, so I dumped it. (Probably should have saved the first few for posterity...)
The question is not how many bandwidth do you have, it is how do you use it?
QoS is the key. You can make voice work in a very congested link if you turn the right knobs.
Even without QoS-capable routers in your enterprise you can still get good VoIP service even when the LAN backbone is saturated.
Just use a separate branch of the net for the VoIP traffic, with a router or switch (rather than a hub) between that and the rest of the LAN.
Yes that means two Cat5s drops to each cube. But you probably have that anyhow - one for the net, one for the POTS phone. Just recycle the POTS drop for the new VoIP phones.
You can use wep which is almost completely useless for an added bonus.
WEP is NOT useless. It is a "NO TRESSPASSING" sign. It informs a casual passerby that you INTEND the AP to be private (perhaps saving his time trying to figure out why this particular "open" AP isn't working for him).
And if your firewall or configuration screws up, or somebody cracks it, it gives you ammunition in court to show that the guy who broke in knew he wasn't supposed to be there.
So, the way I read it is: the owner is responsible for securing the network, but its legal IF and ONLY IF you were legally granted access, would have been granted access if asked, or had no way of knowing whether or not you were allowed to use the network.
Pretty much so.
This doesn't protect wardriving at all: if you're knowingly going around looking for unsecured wireless access points, you've already failed 1 & 2. The only issue up for debate is 3: would you have known that you were not authorized? I'm sure once this hits court, the party with the better lawyer is going to win.
Nope. You pass 1. That's because some people put up open links deliberately, and flag them by such means as leaving WEP off and perhaps leaving the network name at the default.
Because the owner of a wireless computer network is responsible for securing it, and leaving the settings at the default both fails to secure it in the slightest and can be mistaken for a deliberately-open network, a reasonable and prudent person would believe that finding such a network means that the owner failed to secure it because he INTENDED it to be used.
So wardriving benign access IS protected.
Waitaminute. What you're saying -- in essence -- is that you think it should be *legal* for people to enter your house without your permission if you're too stupid/lazy to keep your door unlocked. I'm sorry, I have to disagree with you. Unlawful entry is unlawful entry, and unlawful hacking is unlawful hacking.
...)
(At the risk of putting words in his mouth
Nope.
What we're saying is "If you leave the door open and put up a sign that says 'open', don't gripe if someone walks in. Even if the door had an 'open' sign painted on it and a crowd-bar but no lock when it came from the hardware store. It's up to YOU to close the door and/or put up the no-tresspassing sign if you want a private space."
For half a century the convention on computing systems that have a permission system is that, unless otherwise flagged somehow, the permission settings are ALSO the expression of the user's intent. If it's read-all it's OK to read it, if it's read-write all it's OK to change it. If it's read only it's OK to look but not touch, etc.
If the system had a "guest" account with an open password, or a "newuser" automatic-account-generation login, or no-password do-some-function accounts or commands, it was assumed that the owners WANTED people to make SOME use of the system. If all accounts have passwords it was assumed you were supposed to ask for access.
WiFi has a perfectly good mechanism for flagging whether the user intends to let it be used: WEP. As a security measure it is TOTALLY cracked. But as an expression of intent it's perfectly usable.
If WEP is off the implied intent is that the system owner is not worried about you making non-destructive use of the access point. (Doubly so if it also is running DHCP and ACTIVELY HELPS you hook up.) If WEP is on, the implied intent is that you ask permission. Simple, no? And there are LOTS of people who WANT you to use their access points for free.
Now it's unfortunate that many of the devices are shipped in the open-sign-glowing rather than the posted-no-tresspassing state. But IMHO the government would be acting properly (and consistently with property law) to put the trivial burden of putting up the no-tresspassing sign on the access-point owner, rather than putting the burden of discovering the ower's unanounced intent on the users.