If I had a nickle for every time I've heard some clueless fsck say that...
fireall != impenetrable
If there's a buffer overflow in your web server, then the firewall isn't going to do jack to prevent it. This is true of *every* service on a box. If an attacker can connect, the server can potentially be compromised. All a firewall does is limit exposure (and blind people to the shit behind the firewall.)
If you're running a modern Windows (anthing from the last 6 years), you have no choice but to run Explorer. IE has been seeded deeper and deeper into the OS until nobody can find the dividing line anymore.
Unfortunately, the MS roadmap is "just easier". Exchange and Outlook do alot of stuff (virus conduit included.) I'd love to see something other than a Microsoft OS and Microsoft (crappy) tools. However, companies just aren't going to spend the time, effort, and ultimately money on "unproven" setups. Remember: Cheap wins!
Umm, I wouldn't run to far with that... these are the same "always great engineers" who designed a highly flamable nuclear reactor. (and built a lot of them) Graphite is a great heat conductor and ok neutron barrier, however, it also burns really well. (Carbon arc lamps were used in movie projectors and light houses.)
(Ok, so we weren't thinking to far ahead either -- See also: Apollo 11)
Right. It's taken many years to get a version of regedit (regedt32) that works correctly remotely (and it still has some problems... tried saving entries from a remote host?) Most software installation requires GUI interaction -- at the very least, they pop up windows during the installation.
So, how exactly does one go about killing a process on a remote widows machine? Desktop machines typically don't have terminal server installed. And remote frame buffers like VNC are worthless if the console application won't let go of the keyboard (hence the need to kill it.)
Face it, Microsoft made some very bad design decissions years ago and they've never escaped them. (The whole mess of DLLs is horrifying.) They may openly criticize UNIX for it's age, but they are slowing incorperating parts of that aged technology.
Stop hiding behind the AC and people might pay you attention.
You appear to be equating clocking and processor speed like apples and oranges. They aren't. If we consider all of the technological advances in the modern ia32 processors vs. it's earilier brethern, then the comparision is even less favorable... Modern processors should be exceptionally faster. But they aren't. There are two primary reasons for this: increasing inefficiency, and increasing complexity. Present day programmers are far less motivated to write "good code" because they live in the falacy that the processor is fast enough to run anything. ("No one will notice the difference.") In fact, they are generally incapable of generating efficient code as they've never been taught to think that way. These people will surely spend an eternity in computing hell writing programs in BASIC on 1MHz machines that have 32x16 character console displayed on a 12" BW TV. (Any resemblance to the movie Brazil is unintentional.)
Complexity breeds more inefficiency. As the saying goes, "Make it work. Then make it fast."
As for my comments about Sparc... Unless Sun is deploying reverse engineered alien technologies, the core of the processor (ie. how it adds and subtracts) hasn't changed much. It's the clock speed (how fast it runs through the "add" proceedure) that makes it faster. The efficient adaption of code to the native 64bit environment also helps alot. (Better code + better compiler yeilds faster execution.)
Sparc hardware hasn't advanced as much. It certainly hasn't advanced at the same speed of the linux kernel complexity. (you can read that as "bloat" if you wish.)
In 1996, the fastest processor was 200MHz? Now processors are around 400MHz or 700MHz if you have really new (and expensive) hardware. So, the hardware is 2x to 4x faster and the kernel is ~10x more complex. For comparison, in 1996, my 486dx50 with 16M of 60ns FPM DRAM and a 1.2MB/s IDE drive compiled the kernel in about 5 minutes. My modern dual Athlon MP 1500 with 256M of PC2100 DDR SDRAM and 19MB/s IDE drive compiles the kernel in just under 2 minutes. So, that's 52x more cpu power, 16x more memory that's 20x faster, and a drive that's 16x faster, yet it compiles the kernel only 4 times faster.
As opposed to who's "standard"? DEC, Compaq, IBM, Kingston, Antec, etc? There's no such thing as a standard drive mounting sled. Even the AT drive mounting rails (an actual standard) were never usefull - I have thousands of those rails and in 20 years, I've yet to see a case that uses them.
Actually, they used to put their own buggy-ass microcode in there. A quick trip through DOS with a the Quantum firmware utility and they are suddenly back to being true Quantum drives.
Sun did the same thing with Seagate OEM drives. Apple did the same thing with Connor drives.
But people aren't stealing movies/music as much as the MPAA/RIAA claim to justify the SSSCA.
Indeed. They've never said it was putting them out of business. They claim repeatedly that piracy is costing them billions in lost revenue every year. To date, however, they have offered ZERO proof or statistics to back up their claims. They make sweeping generalizations based on anything from rumor to flawed market studies (polling 10 high school kids isn't very statistically valid) to extrapolations from what they think they should be making.
This kind of theft is very hard to quantify. People aren't breaking into a warehouse and taking thousands of CDs. The contents of one (paid for) CD is distributed to hundreds or thousands of people. How much revenue does that divert from sales? Likely far less than it generates. People are much more likely to purchase CDs of the music they have heard and liked. Case in point, I never would've known Gus Gus existed if WB hadn't placed one of their music videos on the jukebox -- Believe. I've bought every CD they've produced. I've bought numerous CDs from 800.com (recently defunct) beacuse they had samples of the songs.
Basically, the MPAA and RIAA are stupid and greedy. Organized piracy (factories producing bootleg CDs and DVDs) costs them a lot of money -- and that's very proven. However, they have taken no actions at all to thwart such piracy. Instead, they harass, berate, and criminalize their actual patrons who are the very foundation of their billion dollar a year industry. They draft one stupid (useless) law ontop of another. They throw one horrible, non-compliant, hack after another at us to "combat piracy" that just makes the disks useless almost everywhere.
Tivo has to pay for the guide data, so they pass that cost on to the subscribers. Just because you (or any individual average Joe) can go collect TV guide information from any number of on-line sites to be feed into your tivo doesn't mean you can offer that data ("service") to everyone for free. Tivo certainly cannot do that. (The contents of those web sites are protected by copyright for which you have no right to redistribute.)
Basically, what you do with their data in the privacy of your own home for your personal amuzement is totally your business. However, what you do with their data in the privacy of someone else's home, is very much their business.
They stopped offering "annual" a long time ago. I still have one SA on annual. I'm likely to leave it that way forever -- even tho' it spends most of it's time unplugged (it's full)
While technically possible, it's also very easy to detect. The units would be presenting different viewing habbits, season passes, etc. and downloading overlapping guide data. It's pretty easy to stop the tivo from sending "backend" data, but the overlap in guide data is a road flare the size of a nuke.
In the end, it's pretty easy to steal. It's just combersome and certainly not worth the effort.
You obviously aren't a programmer. The number of programs that pay those fields any attention is very low. No program designed in the IPv4 world will know what to do with an IPv6 address. If anything, they see h_length != 4 and abort thinking (correctly) something is very badly wrong. Otherwise, they use the first 4 bytes of the address and attempt to connect to the wrong machine.
IPv4 programs lack the capability to operate an IPv6 communications channel (read: socket) So, as I originally pointed out, unless a programmer has invested some time to add IPv6 support, it cannot use IPv6. For example, in the absence of a translator, an IPv4 telnet cannot connect to an IPv6 (only) telnetd. If it gets an IPv6 address via DNS, it'll most likely crash on the spot.
Those places with "25 smaller ranges" (which are very few) have all their address space from one ISP so they add nothing to the global route tables -- they are 100% covered by the ISP's summary announcement. When they connect to a second ISP, those address ranges have to be announced by both ISPs verbatum. Suddenly, there's the original netblock plus 25 smaller blocks being announced by the first ISP and the same 25 small blocks being announced by the second ISP. [*] Traffic flows to the most specific route, so all the smaller sub-blocks have to be annouced individually by all the ISPs.
* - The minimum agreed size for any BGP announcement is a/24. The minimum netblock for global routing is a/20 -- anything smaller may not find global coverage.
[There are companies providing products to handle multi-homing without any of the traditional hastles.]
Dude, the US has hundreds of thousands of laws. We enforce maybe less than 1% of them. And even if we did have such a law, people would end up spending years in courts holding people to it.
See, in the US, the courts don't have much to do with right and wrong, morality, ethics, common sense, or even the actual law. The courts are merely the fist(s) welded be bullies. Whomever has the most money to hire the most lawyers and argue the longest almost always wins. It's the threat of the suit that does the work -- everyone may know the case is baseless, but it'll cost thousands of dollars and years to prove it. (And if it ever does approach an actual court room, the case is magicly "settled" or dropped.)
You, sir, are seriously mistaken. You, like the vast majority of idiots in the world, mistakenly associate "the web" with "having a domain name." It was some brilliant marketing ass (at netsol probablly) that started the whole notition of "getting a web address" instead of "registering a domain name." (The concept of a domain name was too hard for most companies to understand.)
And by association, most people mistakenly believe the only reason to have a domain name is to have a web site. This has never been true. By extention, as you have proposed, most of these mistaken individuals expect to find detailed, accurate ownership and contact information at said web sites. I have enough trouble finding contact information for actual companies and you expect to be able to find contact data on any random individual's web site?
I think that all new address space should be assigned to two ISPs at a time based on places where they regionaly overlap
And there begins the stupidity of your plan. Physical location doesn't have one flying f*** to do with the internet. There is almost zero coorelation between network proximity and physical proximity.
IPv6 capability within the routing world is trivial. There's not that much to change. It'll take a lot more memory, but very little re-coding.
However, IPv6 support beyond routing is a huge undertaking. Every single network aware program in existance will have to be rewritten to deal with addresses much larger than they currently are.
It's not that Cisco has 5billion$ worth of toys in a warehouse, but that they "gave away" billions during the dot com boom for which they were never paid. I've heard stories of new hardware setting in various warehouses that were never unloaded and put to use because the company that bought them (but never fully paid for them) didn't live long enough to deploy any of it.
Cisco has had to revise many of their policies to deal with the volume of "new" hardware in the used hardware market. Cisco was never fully paid for a great deal of that hardware. It used to be trivial to get used Cisco hardware under a Cisco support contract. Now it's almost impossible.
No NAT does not. There are some problems, but they are very specific to stupidly engineered client/server programs where the server attempts to contact the client (using whatever the client thinks is it's address.) Almost every java rmi/corba based piece of shit has this problem.
Next you're going to say firewalls causes lots of problems.
If I had a nickle for every time I've heard some clueless fsck say that...
fireall != impenetrable
If there's a buffer overflow in your web server, then the firewall isn't going to do jack to prevent it. This is true of *every* service on a box. If an attacker can connect, the server can potentially be compromised. All a firewall does is limit exposure (and blind people to the shit behind the firewall.)
If you're running a modern Windows (anthing from the last 6 years), you have no choice but to run Explorer. IE has been seeded deeper and deeper into the OS until nobody can find the dividing line anymore.
Unfortunately, the MS roadmap is "just easier". Exchange and Outlook do alot of stuff (virus conduit included.) I'd love to see something other than a Microsoft OS and Microsoft (crappy) tools. However, companies just aren't going to spend the time, effort, and ultimately money on "unproven" setups. Remember: Cheap wins!
Umm, I wouldn't run to far with that... these are the same "always great engineers" who designed a highly flamable nuclear reactor. (and built a lot of them) Graphite is a great heat conductor and ok neutron barrier, however, it also burns really well. (Carbon arc lamps were used in movie projectors and light houses.)
(Ok, so we weren't thinking to far ahead either -- See also: Apollo 11)
- there are plenty of tools that connect remotely
Right. It's taken many years to get a version of regedit (regedt32) that works correctly remotely (and it still has some problems... tried saving entries from a remote host?) Most software installation requires GUI interaction -- at the very least, they pop up windows during the installation.So, how exactly does one go about killing a process on a remote widows machine? Desktop machines typically don't have terminal server installed. And remote frame buffers like VNC are worthless if the console application won't let go of the keyboard (hence the need to kill it.)
Face it, Microsoft made some very bad design decissions years ago and they've never escaped them. (The whole mess of DLLs is horrifying.) They may openly criticize UNIX for it's age, but they are slowing incorperating parts of that aged technology.
Stop hiding behind the AC and people might pay you attention.
You appear to be equating clocking and processor speed like apples and oranges. They aren't. If we consider all of the technological advances in the modern ia32 processors vs. it's earilier brethern, then the comparision is even less favorable... Modern processors should be exceptionally faster. But they aren't. There are two primary reasons for this: increasing inefficiency, and increasing complexity. Present day programmers are far less motivated to write "good code" because they live in the falacy that the processor is fast enough to run anything. ("No one will notice the difference.") In fact, they are generally incapable of generating efficient code as they've never been taught to think that way. These people will surely spend an eternity in computing hell writing programs in BASIC on 1MHz machines that have 32x16 character console displayed on a 12" BW TV. (Any resemblance to the movie Brazil is unintentional.)
Complexity breeds more inefficiency. As the saying goes, "Make it work. Then make it fast."
As for my comments about Sparc... Unless Sun is deploying reverse engineered alien technologies, the core of the processor (ie. how it adds and subtracts) hasn't changed much. It's the clock speed (how fast it runs through the "add" proceedure) that makes it faster. The efficient adaption of code to the native 64bit environment also helps alot. (Better code + better compiler yeilds faster execution.)
Sparc hardware hasn't advanced as much. It certainly hasn't advanced at the same speed of the linux kernel complexity. (you can read that as "bloat" if you wish.)
In 1996, the fastest processor was 200MHz? Now processors are around 400MHz or 700MHz if you have really new (and expensive) hardware. So, the hardware is 2x to 4x faster and the kernel is ~10x more complex. For comparison, in 1996, my 486dx50 with 16M of 60ns FPM DRAM and a 1.2MB/s IDE drive compiled the kernel in about 5 minutes. My modern dual Athlon MP 1500 with 256M of PC2100 DDR SDRAM and 19MB/s IDE drive compiles the kernel in just under 2 minutes. So, that's 52x more cpu power, 16x more memory that's 20x faster, and a drive that's 16x faster, yet it compiles the kernel only 4 times faster.
- custom hot-plug sleds
As opposed to who's "standard"? DEC, Compaq, IBM, Kingston, Antec, etc? There's no such thing as a standard drive mounting sled. Even the AT drive mounting rails (an actual standard) were never usefull - I have thousands of those rails and in 20 years, I've yet to see a case that uses them.Actually, they used to put their own buggy-ass microcode in there. A quick trip through DOS with a the Quantum firmware utility and they are suddenly back to being true Quantum drives.
Sun did the same thing with Seagate OEM drives. Apple did the same thing with Connor drives.
- But people aren't stealing movies/music as much as the MPAA/RIAA claim to justify the SSSCA.
Indeed. They've never said it was putting them out of business. They claim repeatedly that piracy is costing them billions in lost revenue every year. To date, however, they have offered ZERO proof or statistics to back up their claims. They make sweeping generalizations based on anything from rumor to flawed market studies (polling 10 high school kids isn't very statistically valid) to extrapolations from what they think they should be making.This kind of theft is very hard to quantify. People aren't breaking into a warehouse and taking thousands of CDs. The contents of one (paid for) CD is distributed to hundreds or thousands of people. How much revenue does that divert from sales? Likely far less than it generates. People are much more likely to purchase CDs of the music they have heard and liked. Case in point, I never would've known Gus Gus existed if WB hadn't placed one of their music videos on the jukebox -- Believe. I've bought every CD they've produced. I've bought numerous CDs from 800.com (recently defunct) beacuse they had samples of the songs.
Basically, the MPAA and RIAA are stupid and greedy. Organized piracy (factories producing bootleg CDs and DVDs) costs them a lot of money -- and that's very proven. However, they have taken no actions at all to thwart such piracy. Instead, they harass, berate, and criminalize their actual patrons who are the very foundation of their billion dollar a year industry. They draft one stupid (useless) law ontop of another. They throw one horrible, non-compliant, hack after another at us to "combat piracy" that just makes the disks useless almost everywhere.
Ah, but it isn't legal anymore. I just love the way we're passing laws to make it illegal to break the law (even if we aren't).
"Who are you? Where are you taking me? And why am I in this hand basket?"
Ignoring the problems of multiple copyrights and patents...
Microsoft didn't "give" you anything; you paid for it. (or stole it.)
Tivo has to pay for the guide data, so they pass that cost on to the subscribers. Just because you (or any individual average Joe) can go collect TV guide information from any number of on-line sites to be feed into your tivo doesn't mean you can offer that data ("service") to everyone for free. Tivo certainly cannot do that. (The contents of those web sites are protected by copyright for which you have no right to redistribute.)
Basically, what you do with their data in the privacy of your own home for your personal amuzement is totally your business. However, what you do with their data in the privacy of someone else's home, is very much their business.
They stopped offering "annual" a long time ago. I still have one SA on annual. I'm likely to leave it that way forever -- even tho' it spends most of it's time unplugged (it's full)
While technically possible, it's also very easy to detect. The units would be presenting different viewing habbits, season passes, etc. and downloading overlapping guide data. It's pretty easy to stop the tivo from sending "backend" data, but the overlap in guide data is a road flare the size of a nuke.
In the end, it's pretty easy to steal. It's just combersome and certainly not worth the effort.
You obviously aren't a programmer. The number of programs that pay those fields any attention is very low. No program designed in the IPv4 world will know what to do with an IPv6 address. If anything, they see h_length != 4 and abort thinking (correctly) something is very badly wrong. Otherwise, they use the first 4 bytes of the address and attempt to connect to the wrong machine.
IPv4 programs lack the capability to operate an IPv6 communications channel (read: socket) So, as I originally pointed out, unless a programmer has invested some time to add IPv6 support, it cannot use IPv6. For example, in the absence of a translator, an IPv4 telnet cannot connect to an IPv6 (only) telnetd. If it gets an IPv6 address via DNS, it'll most likely crash on the spot.
(I deal with this multi-homed crap all the time.)
/24. The minimum netblock for global routing is a /20 -- anything smaller may not find global coverage.
Those places with "25 smaller ranges" (which are very few) have all their address space from one ISP so they add nothing to the global route tables -- they are 100% covered by the ISP's summary announcement. When they connect to a second ISP, those address ranges have to be announced by both ISPs verbatum. Suddenly, there's the original netblock plus 25 smaller blocks being announced by the first ISP and the same 25 small blocks being announced by the second ISP. [*] Traffic flows to the most specific route, so all the smaller sub-blocks have to be annouced individually by all the ISPs.
* - The minimum agreed size for any BGP announcement is a
[There are companies providing products to handle multi-homing without any of the traditional hastles.]
Why on earth would they do that? They sell the whois data!
- It's a pity the US doesn't have similar laws
Dude, the US has hundreds of thousands of laws. We enforce maybe less than 1% of them. And even if we did have such a law, people would end up spending years in courts holding people to it.See, in the US, the courts don't have much to do with right and wrong, morality, ethics, common sense, or even the actual law. The courts are merely the fist(s) welded be bullies. Whomever has the most money to hire the most lawyers and argue the longest almost always wins. It's the threat of the suit that does the work -- everyone may know the case is baseless, but it'll cost thousands of dollars and years to prove it. (And if it ever does approach an actual court room, the case is magicly "settled" or dropped.)
It already is, and has been for years. Nobody pays it any attention. And absoultely noone enforces it.
It's like the DMCA -- breaking copyright is illegal but no one is stopping it, so we pass a law to make it illegal to break the law.
You, sir, are seriously mistaken. You, like the vast majority of idiots in the world, mistakenly associate "the web" with "having a domain name." It was some brilliant marketing ass (at netsol probablly) that started the whole notition of "getting a web address" instead of "registering a domain name." (The concept of a domain name was too hard for most companies to understand.)
And by association, most people mistakenly believe the only reason to have a domain name is to have a web site. This has never been true. By extention, as you have proposed, most of these mistaken individuals expect to find detailed, accurate ownership and contact information at said web sites. I have enough trouble finding contact information for actual companies and you expect to be able to find contact data on any random individual's web site?
- I think that all new address space should be assigned to two ISPs at a time based on places where they regionaly overlap
And there begins the stupidity of your plan. Physical location doesn't have one flying f*** to do with the internet. There is almost zero coorelation between network proximity and physical proximity.IPv6 capability within the routing world is trivial. There's not that much to change. It'll take a lot more memory, but very little re-coding.
However, IPv6 support beyond routing is a huge undertaking. Every single network aware program in existance will have to be rewritten to deal with addresses much larger than they currently are.
It's not that Cisco has 5billion$ worth of toys in a warehouse, but that they "gave away" billions during the dot com boom for which they were never paid. I've heard stories of new hardware setting in various warehouses that were never unloaded and put to use because the company that bought them (but never fully paid for them) didn't live long enough to deploy any of it.
Cisco has had to revise many of their policies to deal with the volume of "new" hardware in the used hardware market. Cisco was never fully paid for a great deal of that hardware. It used to be trivial to get used Cisco hardware under a Cisco support contract. Now it's almost impossible.
No NAT does not. There are some problems, but they are very specific to stupidly engineered client/server programs where the server attempts to contact the client (using whatever the client thinks is it's address.) Almost every java rmi/corba based piece of shit has this problem.
Next you're going to say firewalls causes lots of problems.
And in the modern network, one does not need kali. Almost all systems come with VPN capabilites.