Disclaimer: I am a Canadian Citizen. Our travel security provisions are laid out in public law (If memory serves, bill C-55 most recently).
I agree that as an air traveler that showing identification is probably a reasonable thing to request. I have accepted this fact for as long as I have flown. Canadians have had to show ID, and clear security with a boarding pass to get to our departure gate for as long as I've been flying.
What I cannot grasp, and cannot believe that so many of my fellow posters do not have serious issue with, is that the law requiring this is SECRET. If the contents of the law covers things that are very resonable, and common sensible as showing picture ID before boarding an aircraft, why the heck would you need to keep it a secret?
I hate to join the tinfoil hat crowd, but my security professional self is screaming. If a vendor wants to keep a crypto alg secret, I'm immediately suspicious and start looking for another vendor. I think most here would agree with this assessment.
So if your government says to you "trust us, what is inside this law is good for you. You don't need to see it." Why do you not treat this assertion with the same degree of suspicion?
To paraphrase Voltaire(1), I may not agree with his not showing ID when bording the plane, but I will defend his right to see the law requring it of him. ----- (1) I know, the quote's attribution is arguable, but until someone can tell me who actually said it, I'll go with the popular opinion and give it to Voltaire:)
Me? I hired the guys in this article. They're good.
The problem with DDOS attacks is that if they get far enough into your network that you can do anything about it, you've lost.
Consider. The company I work for has seen up to a 6 Gig-bit attack. If your pipe isn't on that scale don't even consider trying to fight it yourself. The only solution is to send the traffic somewhere else. Prolexic has a BIG pipe, multiple teir 1 providers, etc.
Having lived in the far north for 5 years, the problem with the north pole is that it's WET! Unlike antarctica, the north pole is an ocean, and as such is a lot more unstable then Antarctia. Not that the south pole is really that stable, you are still going to have to rebuild the thing every few years as it melts through the ice and sinks. Just have to do it more often in the Arctic. And well if it sinks too far there you'll need divers to get your data out:)
Capital punishment was revoked in Canada in 1976, and has seen no resulting rise in murder rate (Murders in 2001 were 554, 167 fewer then in 1975, the year prior to the absolution capital punishment)
I have been doing the IT thing for 10+ years. I'm currently employed, in spite of all the slashes in the IT undustry currently. I have one certification (in an obscure high end network managment system used by carriers) that is irrelivent to my current position, and a couple of years of college (they didn't tech networking when I went to college, so I learned to program in COBOL... guess why I bailed:)).
I've also done a couple of tech/managment split positions where I hired people in the past. It didn't matter what letters you had after your name, when you got to my desk you got to explain the difference between an interior and an exterior routing protocol (You'd be suprised how many couldn't... or maybe you wouldn't:)), and a small set of questions, including some "Tell me what's wrong with this config" ones. My favorate was the day I had a dead NT machine and pointed my applicant at it. They looked at the "press ctl-alt-delete to login" screen and froze. "Ctl-alt-delete reboots the computer, it doesn't log in!" Oops. MCSE you say... uh-huh...
The only cert that will hold any water if I'm doing the interview is CCIE, if you put your number on your resume. And that will just mean that we'll skip the "What's the difference between an interior and external routing protocol" question and skip right to the "how do you set the speed of a null modem connection on a cisco serial port and which cord do you set it on" set of questions.
Don't get me wrong, I've delt with some fine people with various certifications, but just because you can put the letters on your resume doesn't mean I'm going to assume you have the chops till you prove it. Mind you, just because you have the chops in an interview doesn't mean you're not gonna freeze when the BGP table starts to eat its own table on the production network, but it's a start:)
I'm not sure about APO/FPO addys, but Packet8 will ship to the spec of an island I'm relocating to. You might wanna check into them, seing as how they'll ship overseas, it seems that they should be able to work something out for APO/FPO addys.
The other reasons I like packet 8 over vonage are:
1) they accept non-US customers (my main reason is because my travels take me to places like the far north or the caribean where multi dollar a minute phone rates are not unheard of)
2) The bandwidth req's are such that in a pinch I can configure the laptop as a dialupLAN router and use it from the far end of nowhere to make acceptable quality toll free calls to anywhere in North Americia. This is a huge win when you're in a coms shack trying to configure equiptment for which you have handily left the manual sitting on your desk in Canada. Oops.:)
Packet8 will save me more money then it's monthly fee, easily. Hard to beat that with a stick:)
Yes, but the economic question comes down to: can you afford this structure for 10$-20$/mo/user?
Maybe, I don't know. Working out the economic bussiness case is beyond the scope of this discussion and left as an exercise to the (more bored then me:)) reader.
Microsoft has had many unudulterated failures over its history. Notably MS's attempts early to try to push aside TCP/IP in defference to a MS standard.
Also profit is not the be all and end all of measurement of a company. Enron was fantasticly profitable as a company. I don't believe that anyone will argue that it was a failure.
Microsoft is an ecologicly unfriendly company. It uses its position as a market leader to supress inovation in any markets it's in, or any markets that border it. While that makes for good profits, I don't believe it's a decision that is in Microsoft's long term best intrests. Just as in nature, competition is essential for a corporate organism to evolve and better itself.
As usual, that's my opinion and history will sooner or later prove me right or wrong.
Virtual machines? Possibly, HDD costs are a lot lower then when I did it. I looked at using chroot'd environments at the time to allow me to more reasonably partition userspace environments (realizing this was a few years back) and the extra cost in terms of having to duplicate HD space use for each individual user. (Duplicate libs, binaries etc, since you can't read them from outside the chroot'd environment). So I installed a set of cgi scripts in a public CGI directory, that covered most of the things users wanted to do at that point, after auditing them, and making any mods to allow for multiple users needing to run instances of the software (move data dirs, include a data/username structure, etc).
It would depend on how much the economics has changed over the last 7 yrs really.
I wasn't particularly refering to interception of password information in terms of security. Although a concern, looking at it from an ISP's POV, it doesn't matter much if the user who pays me is trying to leverage to root access on my box or if it's some Man in the Middle who sniffed his password or (more likely then a MitM attack in my estimation) it's some sqript kidd13 who has managed to put a backdoor on my users's windows box. My concern is that if you can run arbitary binaries from anywhere in the path it opens up a whole new realm of local security exploits that many SA's currently just say "Oh well it's not remotely exploitable."
Not saying its a GOOD security position to ignore exploits that aren't remotely exploitable, just that it appears to be the attitude put forward by the vast majority of sysadmins.
Eventually a packet has to route to M$'s DNS server, (DNS caches and such not withstanding), so routing to M$ is still involved. Aside from all that, it was intended to be amusing, not 100% technically correct:)
If I were a hosting service, I'd be visiting the creator of that with a LART. The big reason why hosting providers do not generally provide shell accounts is that its much much harder to harden a box against attempts from a non-root user to leverage their access to get root. I predict you'll see a lot of hosting providers move away from allowing CGI because of this and things like it. That was the policy at places I ran. You couldn't put up CGI without paying for one of the sysadmins to do a security check of the script.
My heart goes out to the family of the men and woman who put their lives on the line to advance our understanding of the universe around us. Those who have given their lives for the cause deserve to be held in a special place in our memories.
This is truly a loss to us all, regardless of country.
to work at the NSA. I know I cringe when I see how holywood blows it whenever they put a computer in a movie, and computers are pretty common place and easily understood when compared to the NSA and cryptography. I imagine it must make them nuts to watch someone break the code on the NSA mainframe by connecting their acoustic modem to the doorbell.:)
Then there were the miniscribe drives. Same hardware and electronics, one was an 'MFM' drive, one was an 'RLL' drive. I never saw a miniscribe of that model that wouldn't take an RLL controler. Just a couple hundred cheaper:).
Not that I don't agree with you in this case, but there have been cases, historically speaking, of companies releasing two models for marketing reasons and finding it cheaper to make a hard coded 'feature switch'. I recall a hard drive of olde that could be upgraded to twice the size. The engineers designed a drive. Marketing decided they needed one half the size too. It was cheaper and faster to do a mode switch then it was to pay the extra engineering and manufactering costs to build a second model of HDD.
See also the 'flippy discs' of the C-64 era. It was cheaper/easier for companies to use the double sided media they used on other systems, then produce new single sided floppies just for the c-64 market. You punched a second hole in the floppy, and turn it over.
Again, I don't argue that's what ATI is doing here. I personally agree with the person above who suggested they're probably using 'bin chips' that for some reason didn't make the cut for the 9700 boards.
So you pays your monies and you takes your chances. Mmmm I love the smell of newbies with solder suckers in the morning:). As for me, I know my skills do not extend into the land of hot insterments of destruction, so I'll take a pass:)
So call it a responsibility to vote. As pointed out by the original poster, in equador you are free not to vote, but by doing so you choose to forego the services that government provides for citizens of that country. You still have the freedom to not vote, but that freedom carries responsibilities and repercussions, just like the freedom of speech (you still cannot yell fire in a crowded place), the freedom of assembly (you cannot assemble in the middle of your local interstate), etc. Freedoms are never absolute, and usually carry implied responsibility. I think there are a number of reasons why Equador's policy may be ill advised, but I think throwing out the argument entirely on the grounds that it removes your freedom not to vote isn't one of them.
If you do not like any of your candidates, use your option to write in someone you do like. That's still a vote. You might also look into one of the smaller 'fringe' parties, as an alternative to the Big Two, if you're in the US. Seeing a vote for the Rhino party is a much more signifigant protest then simply not voting. The former shows positivly that a) you care, and b) you don't care for any of the main stream parties, so maybe they should pay attention. Just not voting lumps you in with the apathetic crowd, which is a much less useful protest, since noone knows you're protesting.
robot ( P ) Pronunciation Key (rbt, -bt) n. 1) A mechanical device that sometimes resembles a human and is capable of performing a variety of often complex human tasks on command or by being programmed in advance. 2) A machine or device that operates automatically or by remote control. 3) A person who works mechanically without original thought, especially one who responds automatically to the commands of others. (from The American Heritage Dictionary of the English Language, Fourth Edition)
Slashdot Mirror
Disclaimer: I am a Canadian Citizen. Our travel security provisions are laid out in public law (If memory serves, bill C-55 most recently).
:)
I agree that as an air traveler that showing identification is probably a reasonable thing to request. I have accepted this fact for as long as I have flown. Canadians have had to show ID, and clear security with a boarding pass to get to our departure gate for as long as I've been flying.
What I cannot grasp, and cannot believe that so many of my fellow posters do not have serious issue with, is that the law requiring this is SECRET. If the contents of the law covers things that are very resonable, and common sensible as showing picture ID before boarding an aircraft, why the heck would you need to keep it a secret?
I hate to join the tinfoil hat crowd, but my security professional self is screaming. If a vendor wants to keep a crypto alg secret, I'm immediately suspicious and start looking for another vendor. I think most here would agree with this assessment.
So if your government says to you "trust us, what is inside this law is good for you. You don't need to see it." Why do you not treat this assertion with the same degree of suspicion?
To paraphrase Voltaire(1), I may not agree with his not showing ID when bording the plane, but I will defend his right to see the law requring it of him.
-----
(1) I know, the quote's attribution is arguable, but until someone can tell me who actually said it, I'll go with the popular opinion and give it to Voltaire
For what it's worth the company I work for is a direct customer of prolexic. They're worth the look, they got us out of a few jams.
*disclaimer: I do not work for Prolexic, but I do work for one of their early customers*
Me? I hired the guys in this article. They're good.
The problem with DDOS attacks is that if they get far enough into your network that you can do anything about it, you've lost.
Consider. The company I work for has seen up to a 6 Gig-bit attack. If your pipe isn't on that scale don't even consider trying to fight it yourself. The only solution is to send the traffic somewhere else. Prolexic has a BIG pipe, multiple teir 1 providers, etc.
Having lived in the far north for 5 years, the problem with the north pole is that it's WET! Unlike antarctica, the north pole is an ocean, and as such is a lot more unstable then Antarctia. Not that the south pole is really that stable, you are still going to have to rebuild the thing every few years as it melts through the ice and sinks. Just have to do it more often in the Arctic. And well if it sinks too far there you'll need divers to get your data out :)
Capital punishment was revoked in Canada in 1976, and has seen no resulting rise in murder rate (Murders in 2001 were 554, 167 fewer then in 1975, the year prior to the absolution capital punishment)
Yes, and I'd also expect the Americian soldiers handling prisioners in Iraq not to abuse them. If I can be wrong, so can you.
Congrats on conquering the death planet :). Two for two. Nice job NASA/JPL!
I have been doing the IT thing for 10+ years. I'm currently employed, in spite of all the slashes in the IT undustry currently. I have one certification (in an obscure high end network managment system used by carriers) that is irrelivent to my current position, and a couple of years of college (they didn't tech networking when I went to college, so I learned to program in COBOL... guess why I bailed :)).
:)), and a small set of questions, including some "Tell me what's wrong with this config" ones. My favorate was the day I had a dead NT machine and pointed my applicant at it. They looked at the "press ctl-alt-delete to login" screen and froze. "Ctl-alt-delete reboots the computer, it doesn't log in!" Oops. MCSE you say... uh-huh...
:)
I've also done a couple of tech/managment split positions where I hired people in the past. It didn't matter what letters you had after your name, when you got to my desk you got to explain the difference between an interior and an exterior routing protocol (You'd be suprised how many couldn't... or maybe you wouldn't
The only cert that will hold any water if I'm doing the interview is CCIE, if you put your number on your resume. And that will just mean that we'll skip the "What's the difference between an interior and external routing protocol" question and skip right to the "how do you set the speed of a null modem connection on a cisco serial port and which cord do you set it on" set of questions.
Don't get me wrong, I've delt with some fine people with various certifications, but just because you can put the letters on your resume doesn't mean I'm going to assume you have the chops till you prove it. Mind you, just because you have the chops in an interview doesn't mean you're not gonna freeze when the BGP table starts to eat its own table on the production network, but it's a start
Min
I'm not sure about APO/FPO addys, but Packet8 will ship to the spec of an island I'm relocating to. You might wanna check into them, seing as how they'll ship overseas, it seems that they should be able to work something out for APO/FPO addys.
Min
The other reasons I like packet 8 over vonage are:
:)
:)
1) they accept non-US customers (my main reason is because my travels take me to places like the far north or the caribean where multi dollar a minute phone rates are not unheard of)
2) The bandwidth req's are such that in a pinch I can configure the laptop as a dialupLAN router and use it from the far end of nowhere to make acceptable quality toll free calls to anywhere in North Americia. This is a huge win when you're in a coms shack trying to configure equiptment for which you have handily left the manual sitting on your desk in Canada. Oops.
Packet8 will save me more money then it's monthly fee, easily. Hard to beat that with a stick
Min
Yes, but the economic question comes down to: can you afford this structure for 10$-20$/mo/user?
:)) reader.
Maybe, I don't know. Working out the economic bussiness case is beyond the scope of this discussion and left as an exercise to the (more bored then me
Min
Microsoft has had many unudulterated failures over its history. Notably MS's attempts early to try to push aside TCP/IP in defference to a MS standard.
Also profit is not the be all and end all of measurement of a company. Enron was fantasticly profitable as a company. I don't believe that anyone will argue that it was a failure.
Microsoft is an ecologicly unfriendly company. It uses its position as a market leader to supress inovation in any markets it's in, or any markets that border it. While that makes for good profits, I don't believe it's a decision that is in Microsoft's long term best intrests. Just as in nature, competition is essential for a corporate organism to evolve and better itself.
As usual, that's my opinion and history will sooner or later prove me right or wrong.
Min
Virtual machines? Possibly, HDD costs are a lot lower then when I did it. I looked at using chroot'd environments at the time to allow me to more reasonably partition userspace environments (realizing this was a few years back) and the extra cost in terms of having to duplicate HD space use for each individual user. (Duplicate libs, binaries etc, since you can't read them from outside the chroot'd environment). So I installed a set of cgi scripts in a public CGI directory, that covered most of the things users wanted to do at that point, after auditing them, and making any mods to allow for multiple users needing to run instances of the software (move data dirs, include a data/username structure, etc).
It would depend on how much the economics has changed over the last 7 yrs really.
Minupla
FYI: the company I 'ran' it for is still running today, unlike many of the companies from the dot com era. I moved on, my company kept on ticking :).
I wasn't particularly refering to interception of password information in terms of security. Although a concern, looking at it from an ISP's POV, it doesn't matter much if the user who pays me is trying to leverage to root access on my box or if it's some Man in the Middle who sniffed his password or (more likely then a MitM attack in my estimation) it's some sqript kidd13 who has managed to put a backdoor on my users's windows box. My concern is that if you can run arbitary binaries from anywhere in the path it opens up a whole new realm of local security exploits that many SA's currently just say "Oh well it's not remotely exploitable."
Not saying its a GOOD security position to ignore exploits that aren't remotely exploitable, just that it appears to be the attitude put forward by the vast majority of sysadmins.
Minupla
Eventually a packet has to route to M$'s DNS server, (DNS caches and such not withstanding), so routing to M$ is still involved. Aside from all that, it was intended to be amusing, not 100% technically correct :)
If I were a hosting service, I'd be visiting the creator of that with a LART. The big reason why hosting providers do not generally provide shell accounts is that its much much harder to harden a box against attempts from a non-root user to leverage their access to get root. I predict you'll see a lot of hosting providers move away from allowing CGI because of this and things like it. That was the policy at places I ran. You couldn't put up CGI without paying for one of the sysadmins to do a security check of the script.
Min
My heart goes out to the family of the men and woman who put their lives on the line to advance our understanding of the universe around us. Those who have given their lives for the cause deserve to be held in a special place in our memories.
This is truly a loss to us all, regardless of country.
*raises a glass in toast*
To the explorers, wherever they may be.
Minupla
The parent is exactly right, I wish I had some mod points!
I would expect that the system probably uses exactly that information. Ie: "she broke two lines of keys, so she's hitting something in the home row."
to work at the NSA. I know I cringe when I see how holywood blows it whenever they put a computer in a movie, and computers are pretty common place and easily understood when compared to the NSA and cryptography. I imagine it must make them nuts to watch someone break the code on the NSA mainframe by connecting their acoustic modem to the doorbell. :)
Then there were the miniscribe drives. Same hardware and electronics, one was an 'MFM' drive, one was an 'RLL' drive. I never saw a miniscribe of that model that wouldn't take an RLL controler. Just a couple hundred cheaper :).
Not that I don't agree with you in this case, but there have been cases, historically speaking, of companies releasing two models for marketing reasons and finding it cheaper to make a hard coded 'feature switch'. I recall a hard drive of olde that could be upgraded to twice the size. The engineers designed a drive. Marketing decided they needed one half the size too. It was cheaper and faster to do a mode switch then it was to pay the extra engineering and manufactering costs to build a second model of HDD.
:). As for me, I know my skills do not extend into the land of hot insterments of destruction, so I'll take a pass :)
See also the 'flippy discs' of the C-64 era. It was cheaper/easier for companies to use the double sided media they used on other systems, then produce new single sided floppies just for the c-64 market. You punched a second hole in the floppy, and turn it over.
Again, I don't argue that's what ATI is doing here. I personally agree with the person above who suggested they're probably using 'bin chips' that for some reason didn't make the cut for the 9700 boards.
So you pays your monies and you takes your chances. Mmmm I love the smell of newbies with solder suckers in the morning
So call it a responsibility to vote. As pointed out by the original poster, in equador you are free not to vote, but by doing so you choose to forego the services that government provides for citizens of that country. You still have the freedom to not vote, but that freedom carries responsibilities and repercussions, just like the freedom of speech (you still cannot yell fire in a crowded place), the freedom of assembly (you cannot assemble in the middle of your local interstate), etc. Freedoms are never absolute, and usually carry implied responsibility. I think there are a number of reasons why Equador's policy may be ill advised, but I think throwing out the argument entirely on the grounds that it removes your freedom not to vote isn't one of them.
If you do not like any of your candidates, use your option to write in someone you do like. That's still a vote. You might also look into one of the smaller 'fringe' parties, as an alternative to the Big Two, if you're in the US. Seeing a vote for the Rhino party is a much more signifigant protest then simply not voting. The former shows positivly that a) you care, and b) you don't care for any of the main stream parties, so maybe they should pay attention. Just not voting lumps you in with the apathetic crowd, which is a much less useful protest, since noone knows you're protesting.
robot ( P ) Pronunciation Key (rbt, -bt)
n.
1) A mechanical device that sometimes resembles a human and is capable of performing a variety of often complex human tasks on command or by being programmed in advance.
2) A machine or device that operates automatically or by remote control.
3) A person who works mechanically without original thought, especially one who responds automatically to the commands of others.
(from The American Heritage Dictionary of the English Language, Fourth Edition)
By definition 2 I'd say that it qualifies myself.